@etherisc/gif-next 0.0.2-f29e479-370 → 0.0.2-f30e0eb-805

Sign up to get free protection for your applications and to get access to all the features.
Files changed (250) hide show
  1. package/artifacts/contracts/components/Component.sol/Component.dbg.json +1 -1
  2. package/artifacts/contracts/components/Component.sol/Component.json +68 -89
  3. package/artifacts/contracts/components/Distribution.sol/Distribution.dbg.json +1 -1
  4. package/artifacts/contracts/components/Distribution.sol/Distribution.json +113 -140
  5. package/artifacts/contracts/components/IComponent.sol/IComponent.dbg.json +1 -1
  6. package/artifacts/contracts/components/IComponent.sol/IComponent.json +65 -73
  7. package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.dbg.json +1 -1
  8. package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.json +91 -122
  9. package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.dbg.json +1 -1
  10. package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.json +256 -189
  11. package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.dbg.json +1 -1
  12. package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.json +69 -145
  13. package/artifacts/contracts/components/Pool.sol/Pool.dbg.json +1 -1
  14. package/artifacts/contracts/components/Pool.sol/Pool.json +279 -245
  15. package/artifacts/contracts/components/Product.sol/Product.dbg.json +1 -1
  16. package/artifacts/contracts/components/Product.sol/Product.json +73 -162
  17. package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.dbg.json +4 -0
  18. package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.json +1206 -0
  19. package/artifacts/contracts/instance/BundleManager.sol/BundleManager.dbg.json +1 -1
  20. package/artifacts/contracts/instance/BundleManager.sol/BundleManager.json +64 -50
  21. package/artifacts/contracts/instance/Cloneable.sol/Cloneable.dbg.json +1 -1
  22. package/artifacts/contracts/instance/Cloneable.sol/Cloneable.json +5 -0
  23. package/artifacts/contracts/instance/IInstance.sol/IInstance.dbg.json +1 -1
  24. package/artifacts/contracts/instance/IInstance.sol/IInstance.json +171 -308
  25. package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.dbg.json +1 -1
  26. package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.json +98 -40
  27. package/artifacts/contracts/instance/Instance.sol/Instance.dbg.json +1 -1
  28. package/artifacts/contracts/instance/Instance.sol/Instance.json +260 -379
  29. package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.dbg.json +1 -1
  30. package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.json +448 -121
  31. package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.dbg.json +1 -1
  32. package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.json +120 -227
  33. package/artifacts/contracts/instance/InstanceService.sol/InstanceService.dbg.json +1 -1
  34. package/artifacts/contracts/instance/InstanceService.sol/InstanceService.json +148 -161
  35. package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.dbg.json +1 -1
  36. package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.json +31 -23
  37. package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.dbg.json +1 -1
  38. package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.json +8 -13
  39. package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.dbg.json +1 -1
  40. package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.json +1 -1
  41. package/artifacts/contracts/instance/base/IKeyValueStore.sol/IKeyValueStore.dbg.json +1 -1
  42. package/artifacts/contracts/instance/base/ILifecycle.sol/ILifecycle.dbg.json +1 -1
  43. package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.dbg.json +1 -1
  44. package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.json +40 -10
  45. package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.dbg.json +1 -1
  46. package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.json +36 -11
  47. package/artifacts/contracts/instance/module/IAccess.sol/IAccess.dbg.json +1 -1
  48. package/artifacts/contracts/instance/module/IAccess.sol/IAccess.json +54 -71
  49. package/artifacts/contracts/instance/module/IBundle.sol/IBundle.dbg.json +1 -1
  50. package/artifacts/contracts/instance/module/IComponents.sol/IComponents.dbg.json +4 -0
  51. package/artifacts/contracts/instance/module/IComponents.sol/IComponents.json +10 -0
  52. package/artifacts/contracts/instance/module/IDistribution.sol/IDistribution.dbg.json +1 -1
  53. package/artifacts/contracts/instance/module/IPolicy.sol/IPolicy.dbg.json +1 -1
  54. package/artifacts/contracts/instance/module/IRisk.sol/IRisk.dbg.json +1 -1
  55. package/artifacts/contracts/instance/module/ISetup.sol/ISetup.dbg.json +1 -1
  56. package/artifacts/contracts/instance/module/ITreasury.sol/ITreasury.dbg.json +1 -1
  57. package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.dbg.json +1 -1
  58. package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.json +161 -62
  59. package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.dbg.json +1 -1
  60. package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.json +33 -25
  61. package/artifacts/contracts/instance/service/BundleService.sol/BundleService.dbg.json +1 -1
  62. package/artifacts/contracts/instance/service/BundleService.sol/BundleService.json +137 -140
  63. package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.dbg.json +1 -1
  64. package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.json +12 -12
  65. package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.dbg.json +1 -1
  66. package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.json +3 -3
  67. package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.dbg.json +1 -1
  68. package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.json +2 -2
  69. package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.dbg.json +1 -1
  70. package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.json +505 -91
  71. package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.dbg.json +1 -1
  72. package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.json +78 -42
  73. package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.dbg.json +1 -1
  74. package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.json +110 -27
  75. package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.dbg.json +1 -1
  76. package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.json +93 -96
  77. package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.dbg.json +1 -1
  78. package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.dbg.json +1 -1
  79. package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.json +350 -8
  80. package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.dbg.json +1 -1
  81. package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.json +21 -64
  82. package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.dbg.json +1 -1
  83. package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.json +81 -0
  84. package/artifacts/contracts/instance/service/IProductService.sol/IProductService.dbg.json +1 -1
  85. package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.dbg.json +1 -1
  86. package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.json +58 -157
  87. package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.dbg.json +1 -1
  88. package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.json +19 -47
  89. package/artifacts/contracts/instance/service/PoolService.sol/PoolService.dbg.json +1 -1
  90. package/artifacts/contracts/instance/service/PoolService.sol/PoolService.json +114 -17
  91. package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.dbg.json +1 -1
  92. package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.json +17 -9
  93. package/artifacts/contracts/instance/service/ProductService.sol/ProductService.dbg.json +1 -1
  94. package/artifacts/contracts/instance/service/ProductService.sol/ProductService.json +7 -7
  95. package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.dbg.json +1 -1
  96. package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.json +4 -4
  97. package/artifacts/contracts/registry/ChainNft.sol/ChainNft.dbg.json +1 -1
  98. package/artifacts/contracts/registry/ChainNft.sol/ChainNft.json +15 -2
  99. package/artifacts/contracts/registry/IRegistry.sol/IRegistry.dbg.json +1 -1
  100. package/artifacts/contracts/registry/IRegistry.sol/IRegistry.json +19 -0
  101. package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.dbg.json +1 -1
  102. package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.dbg.json +1 -1
  103. package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.json +18 -0
  104. package/artifacts/contracts/registry/Registry.sol/Registry.dbg.json +1 -1
  105. package/artifacts/contracts/registry/Registry.sol/Registry.json +31 -12
  106. package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.dbg.json +1 -1
  107. package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.json +2 -2
  108. package/artifacts/contracts/registry/RegistryService.sol/RegistryService.dbg.json +1 -1
  109. package/artifacts/contracts/registry/RegistryService.sol/RegistryService.json +5 -5
  110. package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.dbg.json +1 -1
  111. package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.json +3 -3
  112. package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.dbg.json +1 -1
  113. package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.json +7 -7
  114. package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.dbg.json +1 -1
  115. package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.json +2 -2
  116. package/artifacts/contracts/shared/ContractDeployerLib.sol/ContractDeployerLib.dbg.json +1 -1
  117. package/artifacts/contracts/shared/ERC165.sol/ERC165.dbg.json +1 -1
  118. package/artifacts/contracts/shared/INftOwnable.sol/INftOwnable.dbg.json +1 -1
  119. package/artifacts/contracts/shared/IPolicyHolder.sol/IPolicyHolder.dbg.json +1 -1
  120. package/artifacts/contracts/shared/IRegisterable.sol/IRegisterable.dbg.json +1 -1
  121. package/artifacts/contracts/shared/IRegistryLinked.sol/IRegistryLinked.dbg.json +1 -1
  122. package/artifacts/contracts/shared/IService.sol/IService.dbg.json +1 -1
  123. package/artifacts/contracts/shared/IVersionable.sol/IVersionable.dbg.json +1 -1
  124. package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.dbg.json +1 -1
  125. package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.json +2 -2
  126. package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.dbg.json +1 -1
  127. package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.json +2 -2
  128. package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.dbg.json +1 -1
  129. package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.json +2 -2
  130. package/artifacts/contracts/shared/Registerable.sol/Registerable.dbg.json +1 -1
  131. package/artifacts/contracts/shared/Registerable.sol/Registerable.json +3 -3
  132. package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.dbg.json +1 -1
  133. package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.json +2 -2
  134. package/artifacts/contracts/shared/Service.sol/Service.dbg.json +1 -1
  135. package/artifacts/contracts/shared/Service.sol/Service.json +1 -1
  136. package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.dbg.json +1 -1
  137. package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.json +2 -2
  138. package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +1 -1
  139. package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +2 -2
  140. package/artifacts/contracts/shared/Versionable.sol/Versionable.dbg.json +1 -1
  141. package/artifacts/contracts/test/TestFee.sol/TestFee.dbg.json +1 -1
  142. package/artifacts/contracts/test/TestFee.sol/TestFee.json +2 -2
  143. package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.dbg.json +1 -1
  144. package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.json +3 -3
  145. package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.dbg.json +1 -1
  146. package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.json +6 -6
  147. package/artifacts/contracts/test/TestService.sol/TestService.dbg.json +1 -1
  148. package/artifacts/contracts/test/TestService.sol/TestService.json +3 -3
  149. package/artifacts/contracts/test/TestToken.sol/TestUsdc.dbg.json +1 -1
  150. package/artifacts/contracts/test/TestVersion.sol/TestVersion.dbg.json +1 -1
  151. package/artifacts/contracts/test/TestVersion.sol/TestVersion.json +2 -2
  152. package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.dbg.json +1 -1
  153. package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.json +2 -2
  154. package/artifacts/contracts/test/Usdc.sol/USDC.dbg.json +1 -1
  155. package/artifacts/contracts/types/AddressSet.sol/LibAddressSet.dbg.json +1 -1
  156. package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.dbg.json +1 -1
  157. package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.json +2 -2
  158. package/artifacts/contracts/types/ChainId.sol/ChainIdLib.dbg.json +1 -1
  159. package/artifacts/contracts/types/ClaimId.sol/ClaimIdLib.dbg.json +1 -1
  160. package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.dbg.json +1 -1
  161. package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.json +2 -2
  162. package/artifacts/contracts/types/Fee.sol/FeeLib.dbg.json +1 -1
  163. package/artifacts/contracts/types/Fee.sol/FeeLib.json +2 -2
  164. package/artifacts/contracts/types/Key32.sol/Key32Lib.dbg.json +1 -1
  165. package/artifacts/contracts/types/Key32.sol/Key32Lib.json +2 -2
  166. package/artifacts/contracts/types/NftId.sol/NftIdLib.dbg.json +1 -1
  167. package/artifacts/contracts/types/NftId.sol/NftIdLib.json +17 -4
  168. package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.dbg.json +1 -1
  169. package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.json +2 -2
  170. package/artifacts/contracts/types/NumberId.sol/NumberIdLib.dbg.json +1 -1
  171. package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.dbg.json +1 -1
  172. package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.json +2 -2
  173. package/artifacts/contracts/types/PayoutId.sol/PayoutIdLib.dbg.json +1 -1
  174. package/artifacts/contracts/types/Referral.sol/ReferralLib.dbg.json +1 -1
  175. package/artifacts/contracts/types/Referral.sol/ReferralLib.json +23 -4
  176. package/artifacts/contracts/types/RiskId.sol/RiskIdLib.dbg.json +1 -1
  177. package/artifacts/contracts/types/RiskId.sol/RiskIdLib.json +2 -2
  178. package/artifacts/contracts/types/RoleId.sol/RoleIdLib.dbg.json +1 -1
  179. package/artifacts/contracts/types/RoleId.sol/RoleIdLib.json +2 -2
  180. package/artifacts/contracts/types/Seconds.sol/SecondsLib.dbg.json +4 -0
  181. package/artifacts/contracts/types/Seconds.sol/SecondsLib.json +124 -0
  182. package/artifacts/contracts/types/StateId.sol/StateIdLib.dbg.json +1 -1
  183. package/artifacts/contracts/types/StateId.sol/StateIdLib.json +2 -2
  184. package/artifacts/contracts/types/Timestamp.sol/TimestampLib.dbg.json +1 -1
  185. package/artifacts/contracts/types/Timestamp.sol/TimestampLib.json +25 -7
  186. package/artifacts/contracts/types/UFixed.sol/MathLib.dbg.json +1 -1
  187. package/artifacts/contracts/types/UFixed.sol/MathLib.json +2 -2
  188. package/artifacts/contracts/types/UFixed.sol/UFixedLib.dbg.json +1 -1
  189. package/artifacts/contracts/types/UFixed.sol/UFixedLib.json +2 -2
  190. package/artifacts/contracts/types/Version.sol/VersionLib.dbg.json +1 -1
  191. package/artifacts/contracts/types/Version.sol/VersionLib.json +2 -2
  192. package/artifacts/contracts/types/Version.sol/VersionPartLib.dbg.json +1 -1
  193. package/artifacts/contracts/types/Version.sol/VersionPartLib.json +2 -2
  194. package/contracts/components/Component.sol +95 -85
  195. package/contracts/components/Distribution.sol +12 -19
  196. package/contracts/components/IComponent.sol +37 -17
  197. package/contracts/components/IDistributionComponent.sol +1 -22
  198. package/contracts/components/IPoolComponent.sol +73 -47
  199. package/contracts/components/IProductComponent.sol +3 -2
  200. package/contracts/components/Pool.sol +171 -126
  201. package/contracts/components/Product.sol +26 -18
  202. package/contracts/instance/AccessManagerUpgradeableInitializeable.sol +13 -0
  203. package/contracts/instance/BundleManager.sol +7 -5
  204. package/contracts/instance/Cloneable.sol +7 -2
  205. package/contracts/instance/IInstance.sol +16 -10
  206. package/contracts/instance/IInstanceService.sol +18 -5
  207. package/contracts/instance/Instance.sol +45 -9
  208. package/contracts/instance/InstanceAccessManager.sol +382 -157
  209. package/contracts/instance/InstanceReader.sol +7 -10
  210. package/contracts/instance/InstanceService.sol +174 -155
  211. package/contracts/instance/ObjectManager.sol +6 -8
  212. package/contracts/instance/base/ComponentService.sol +5 -5
  213. package/contracts/instance/base/KeyValueStore.sol +5 -2
  214. package/contracts/instance/base/Lifecycle.sol +11 -2
  215. package/contracts/instance/module/IAccess.sol +20 -13
  216. package/contracts/instance/module/IBundle.sol +2 -1
  217. package/contracts/instance/module/IComponents.sol +35 -0
  218. package/contracts/instance/module/IDistribution.sol +2 -1
  219. package/contracts/instance/module/IPolicy.sol +26 -1
  220. package/contracts/instance/module/ISetup.sol +7 -22
  221. package/contracts/instance/service/ApplicationService.sol +123 -41
  222. package/contracts/instance/service/BundleService.sol +76 -38
  223. package/contracts/instance/service/DistributionService.sol +139 -47
  224. package/contracts/instance/service/IApplicationService.sol +7 -7
  225. package/contracts/instance/service/IBundleService.sol +19 -11
  226. package/contracts/instance/service/IDistributionService.sol +19 -4
  227. package/contracts/instance/service/IPolicyService.sol +3 -20
  228. package/contracts/instance/service/IPoolService.sol +17 -2
  229. package/contracts/instance/service/PolicyService.sol +59 -132
  230. package/contracts/instance/service/PoolService.sol +128 -17
  231. package/contracts/instance/service/ProductService.sol +10 -2
  232. package/contracts/registry/ChainNft.sol +8 -0
  233. package/contracts/registry/IRegistry.sol +2 -0
  234. package/contracts/registry/ITransferInterceptor.sol +1 -0
  235. package/contracts/registry/Registry.sol +23 -20
  236. package/contracts/registry/RegistryService.sol +5 -5
  237. package/contracts/shared/Registerable.sol +2 -2
  238. package/contracts/shared/TokenHandler.sol +11 -5
  239. package/contracts/types/Blocknumber.sol +1 -0
  240. package/contracts/types/Fee.sol +1 -0
  241. package/contracts/types/NftId.sol +8 -0
  242. package/contracts/types/ObjectType.sol +1 -0
  243. package/contracts/types/Referral.sol +4 -0
  244. package/contracts/types/RoleId.sol +13 -6
  245. package/contracts/types/Seconds.sol +54 -0
  246. package/contracts/types/StateId.sol +1 -0
  247. package/contracts/types/Timestamp.sol +13 -13
  248. package/contracts/types/UFixed.sol +1 -0
  249. package/contracts/types/Version.sol +1 -0
  250. package/package.json +1 -1
@@ -1,290 +1,515 @@
1
1
  // SPDX-License-Identifier: Apache-2.0
2
2
  pragma solidity ^0.8.20;
3
3
 
4
- import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
5
4
  import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
6
5
  import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
7
6
  import {ShortString, ShortStrings} from "@openzeppelin/contracts/utils/ShortStrings.sol";
8
7
 
9
- import {RoleId, RoleIdLib } from "../types/RoleId.sol";
8
+ import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../types/RoleId.sol";
10
9
  import {TimestampLib} from "../types/Timestamp.sol";
10
+ import {NftId} from "../types/NftId.sol";
11
+
12
+ import {AccessManagerUpgradeableInitializeable} from "./AccessManagerUpgradeableInitializeable.sol";
13
+
14
+ import {IRegistry} from "../registry/IRegistry.sol";
15
+
16
+ import {IInstance} from "./IInstance.sol";
11
17
  import {IAccess} from "./module/IAccess.sol";
12
18
 
13
19
  contract InstanceAccessManager is
14
20
  AccessManagedUpgradeable
15
21
  {
22
+ event LogRoleCreation(RoleId roleId, ShortString name, IAccess.Type rtype);
23
+ event LogTargetCreation(address target, ShortString name, IAccess.Type ttype, bool isLocked);
24
+
16
25
  using RoleIdLib for RoleId;
17
26
 
18
27
  string public constant ADMIN_ROLE_NAME = "AdminRole";
19
28
  string public constant PUBLIC_ROLE_NAME = "PublicRole";
29
+ string public constant INSTANCE_ROLE_NAME = "InstanceRole";
30
+ string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
20
31
 
21
- uint64 public constant CUSTOM_ROLE_ID_MIN = 10000;
32
+ uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
22
33
  uint32 public constant EXECUTION_DELAY = 0;
23
34
 
24
35
  // role specific state
25
- mapping(RoleId roleId => IAccess.RoleInfo info) internal _role;
36
+ mapping(RoleId roleId => IAccess.RoleInfo info) internal _roleInfo;
26
37
  mapping(RoleId roleId => EnumerableSet.AddressSet roleMembers) internal _roleMembers;
27
- mapping(ShortString name => RoleId roleId) internal _roleForName;
28
- RoleId [] internal _roles;
38
+ mapping(ShortString name => RoleId roleId) internal _roleIdForName;
39
+ RoleId [] internal _roleIds;
40
+ uint64 _idNext;
29
41
 
30
42
  // target specific state
31
- mapping(address target => IAccess.TargetInfo info) internal _target;
32
- mapping(ShortString name => address target) internal _targetForName;
43
+ mapping(address target => IAccess.TargetInfo info) internal _targetInfo;
44
+ mapping(ShortString name => address target) internal _targetAddressForName;
33
45
  address [] internal _targets;
34
46
 
35
- AccessManager internal _accessManager;
47
+ AccessManagerUpgradeableInitializeable internal _accessManager;
48
+ IRegistry internal _registry;
36
49
 
37
- function initialize(address initialAdmin) external initializer
50
+ modifier restrictedToRoleAdmin(RoleId roleId) {
51
+ RoleId admin = getRoleAdmin(roleId);
52
+ (bool inRole, uint32 executionDelay) = _accessManager.hasRole(admin.toInt(), _msgSender());
53
+ assert(executionDelay == 0); // to be sure no delayed execution functionality is used
54
+ if (!inRole) {
55
+ revert IAccess.ErrorIAccessCallerIsNotRoleAdmin(_msgSender(), roleId);
56
+ }
57
+ _;
58
+ }
59
+
60
+ // instance owner is granted upon instance nft minting in callback function
61
+ function initialize(address instanceAddress) external initializer
38
62
  {
39
- // if size of the contract gets too large, this can be externalized which will reduce the contract size considerably
40
- _accessManager = new AccessManager(address(this));
41
- // this service required admin rights to access manager to be able to grant/revoke roles
42
- _accessManager.grantRole(_accessManager.ADMIN_ROLE(), initialAdmin, 0);
63
+ IInstance instance = IInstance(instanceAddress);
64
+ IRegistry registry = instance.getRegistry();
65
+ address authority = instance.authority();
66
+
67
+ __AccessManaged_init(authority);
68
+
69
+ _accessManager = AccessManagerUpgradeableInitializeable(authority);
70
+ _registry = registry;
71
+ _idNext = CUSTOM_ROLE_ID_MIN;
43
72
 
44
- __AccessManaged_init(address(_accessManager));
73
+ _createRole(ADMIN_ROLE(), ADMIN_ROLE_NAME, IAccess.Type.Core);
74
+ _createRole(PUBLIC_ROLE(), PUBLIC_ROLE_NAME, IAccess.Type.Core);
75
+ _createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
76
+ _createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Gif);
45
77
 
46
- _createRole(RoleIdLib.toRoleId(_accessManager.ADMIN_ROLE()), ADMIN_ROLE_NAME, false, false);
47
- _createRole(RoleIdLib.toRoleId(_accessManager.PUBLIC_ROLE()), PUBLIC_ROLE_NAME, false, false);
78
+ // assume `this` is already a member of ADMIN_ROLE
79
+ EnumerableSet.add(_roleMembers[ADMIN_ROLE()], address(this));
80
+
81
+ grantRole(INSTANCE_ROLE(), instanceAddress);
82
+ setRoleAdmin(INSTANCE_OWNER_ROLE(), INSTANCE_ROLE());
48
83
  }
49
84
 
50
85
  //--- Role ------------------------------------------------------//
51
- function createGifRole(RoleId roleId, string memory name) external restricted() {
52
- _createRole(roleId, name, false, true);
86
+ // ADMIN_ROLE
87
+ // assume all core roles are know at deployment time
88
+ // assume core roles are set and granted only during instance cloning
89
+ // assume core roles are never revoked -> core roles admin is never active after intialization
90
+ function createCoreRole(RoleId roleId, string memory name)
91
+ external
92
+ restricted()
93
+ {
94
+ _createRole(roleId, name, IAccess.Type.Core);
53
95
  }
54
-
55
- function createRole(RoleId roleId, string memory name) external restricted() {
56
- _createRole(roleId, name, true, true);
96
+ // ADMIN_ROLE
97
+ // assume gif roles can be revoked
98
+ // assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
99
+ function createGifRole(RoleId roleId, string memory name, RoleId admin)
100
+ external
101
+ restricted()
102
+ {
103
+ _createRole(roleId, name, IAccess.Type.Gif);
104
+ setRoleAdmin(roleId, admin);
57
105
  }
58
106
 
59
- function setRoleLocked(RoleId roleId, bool locked) external restricted() {
60
- if (!roleExists(roleId)) {
61
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
62
- }
107
+ // INSTANCE_OWNER_ROLE
108
+ function createRole(string memory roleName, string memory adminName)
109
+ external
110
+ restricted()
111
+ returns(RoleId roleId, RoleId admin)
112
+ {
113
+ (roleId, admin) = _getNextCustomRoleId();
63
114
 
64
- _role[roleId].isLocked = locked;
65
- _role[roleId].updatedAt = TimestampLib.blockTimestamp();
66
- }
115
+ _createRole(roleId, roleName, IAccess.Type.Custom);
116
+ _createRole(admin, adminName, IAccess.Type.Custom);
67
117
 
68
- function roleExists(RoleId roleId) public view returns (bool exists) {
69
- return _role[roleId].createdAt.gtz();
118
+ // TODO works without this -> why?
119
+ setRoleAdmin(roleId, admin);
120
+ setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
70
121
  }
71
122
 
72
- function grantRole(RoleId roleId, address member) external restricted() returns (bool granted) {
123
+ // ADMIN_ROLE
124
+ // assume used by instance service only during instance cloning
125
+ // assume used only by this.createRole(), this.createGifRole() afterwards
126
+ function setRoleAdmin(RoleId roleId, RoleId admin)
127
+ public
128
+ restricted()
129
+ {
73
130
  if (!roleExists(roleId)) {
74
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
131
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
75
132
  }
76
133
 
77
- if (_role[roleId].isLocked) {
78
- revert IAccess.ErrorIAccessRoleIdNotActive(roleId);
134
+ if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
135
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
79
136
  }
80
137
 
81
- if (!EnumerableSet.contains(_roleMembers[roleId], member)) {
82
- _accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
83
- EnumerableSet.add(_roleMembers[roleId], member);
84
- return true;
85
- }
138
+ if (!roleExists(admin)) {
139
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(admin);
140
+ }
86
141
 
87
- return false;
142
+ _roleInfo[roleId].admin = admin;
88
143
  }
89
144
 
90
- function revokeRole(RoleId roleId, address member) external restricted() returns (bool revoked) {
145
+ function grantRole(RoleId roleId, address member)
146
+ public
147
+ restrictedToRoleAdmin(roleId)
148
+ returns (bool granted)
149
+ {
91
150
  if (!roleExists(roleId)) {
92
- revert IAccess.ErrorIAccessRevokeNonexstentRole(roleId);
93
- }
94
-
95
- if (EnumerableSet.contains(_roleMembers[roleId], member)) {
96
- _accessManager.revokeRole(roleId.toInt(), member);
97
- EnumerableSet.remove(_roleMembers[roleId], member);
98
- return true;
151
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
99
152
  }
100
153
 
101
- return false;
154
+ granted = EnumerableSet.add(_roleMembers[roleId], member);
155
+ if(granted) {
156
+ _accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
157
+ }
102
158
  }
103
159
 
104
- /// @dev not restricted function by intention
105
- /// the restriction to role members is already enforced by the call to the access manger
106
- function renounceRole(RoleId roleId) external returns (bool revoked) {
107
- address member = msg.sender;
160
+ function revokeRole(RoleId roleId, address member)
161
+ external
162
+ restrictedToRoleAdmin(roleId)
163
+ returns (bool)
164
+ {
165
+ return _revokeRole(roleId, member);
166
+ }
108
167
 
168
+ // INSTANCE_OWNER_ROLE
169
+ // IMPORTANT: unbounded function, revoke all or revert
170
+ // Instance owner role decides what to do in case of custom role admin bening revoked, e.g.:
171
+ // 1) revoke custom role from ALL members
172
+ // 2) revoke custom role admin from ALL members
173
+ // 3) 1) + 2)
174
+ // 4) revoke only 1 member of custom role admin
175
+ function revokeRoleAllMembers(RoleId roleId)
176
+ external
177
+ restrictedToRoleAdmin(roleId)
178
+ returns (bool revoked)
179
+ {
109
180
  if (!roleExists(roleId)) {
110
- revert IAccess.ErrorIAccessRenounceNonexstentRole(roleId);
181
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
111
182
  }
112
183
 
113
- if (EnumerableSet.contains(_roleMembers[roleId], member)) {
114
- // cannot use accessManger.renounce as it directly checks against msg.sender
115
- _accessManager.revokeRole(roleId.toInt(), member);
184
+ uint memberCount = EnumerableSet.length(_roleMembers[roleId]);
185
+ for(uint memberIdx = 0; memberIdx < memberCount; memberIdx++)
186
+ {
187
+ address member = EnumerableSet.at(_roleMembers[roleId], memberIdx);
116
188
  EnumerableSet.remove(_roleMembers[roleId], member);
117
- return true;
189
+ _accessManager.revokeRole(roleId.toInt(), member);
190
+ }
191
+ }
192
+
193
+ /// @dev not restricted function by intention
194
+ /// the restriction to role members is already enforced by the call to the access manager
195
+ function renounceRole(RoleId roleId)
196
+ external
197
+ returns (bool)
198
+ {
199
+ IAccess.Type rtype = _roleInfo[roleId].rtype;
200
+ if(rtype == IAccess.Type.Core || rtype == IAccess.Type.Gif) {
201
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, rtype);
118
202
  }
119
203
 
120
- return false;
204
+ address member = msg.sender;
205
+ // cannot use accessManger.renounce as it directly checks against msg.sender
206
+ return _revokeRole(roleId, member);
121
207
  }
122
208
 
123
- function roles() external view returns (uint256 numberOfRoles) {
124
- return _roles.length;
209
+ function roleExists(RoleId roleId) public view returns (bool exists) {
210
+ return _roleInfo[roleId].createdAt.gtz();
211
+ }
212
+ // TODO returns ADMIN_ROLE id for non existent roleId
213
+ function getRoleAdmin(RoleId roleId) public view returns(RoleId admin) {
214
+ return _roleInfo[roleId].admin;
215
+ }
216
+
217
+ function getRoleInfo(RoleId roleId) external view returns (IAccess.RoleInfo memory info) {
218
+ return _roleInfo[roleId];
219
+ }
220
+
221
+ function roleMembers(RoleId roleId) public view returns (uint256 numberOfMembers) {
222
+ return EnumerableSet.length(_roleMembers[roleId]);
125
223
  }
126
224
 
127
225
  function getRoleId(uint256 idx) external view returns (RoleId roleId) {
128
- return _roles[idx];
226
+ return _roleIds[idx];
129
227
  }
130
228
 
229
+ // TODO now: for non existent name returns ADMIN_ROLE id
131
230
  function getRoleIdForName(string memory name) external view returns (RoleId roleId) {
132
- return _roleForName[ShortStrings.toShortString(name)];
231
+ return _roleIdForName[ShortStrings.toShortString(name)];
133
232
  }
134
233
 
135
- function getRole(RoleId roleId) external view returns (IAccess.RoleInfo memory role) {
136
- return _role[roleId];
234
+ function roleMember(RoleId roleId, uint256 idx) external view returns (address member) {
235
+ return EnumerableSet.at(_roleMembers[roleId], idx);
137
236
  }
138
237
 
139
238
  function hasRole(RoleId roleId, address account) external view returns (bool accountHasRole) {
140
239
  (accountHasRole, ) = _accessManager.hasRole(roleId.toInt(), account);
141
240
  }
142
241
 
143
- function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
144
- return EnumerableSet.length(_roleMembers[roleId]);
145
- }
146
-
147
- function getRoleMember(RoleId roleId, uint256 idx) external view returns (address roleMember) {
148
- return EnumerableSet.at(_roleMembers[roleId], idx);
242
+ function roles() external view returns (uint256 numberOfRoles) {
243
+ return _roleIds.length;
149
244
  }
150
245
 
151
246
  //--- Target ------------------------------------------------------//
152
- function createGifTarget(address target, string memory name) external restricted() {
153
- _createTarget(target, name, false, true);
247
+ // ADMIN_ROLE
248
+ // assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
249
+ function createCoreTarget(address target, string memory name) external restricted() {
250
+ _createTarget(target, name, IAccess.Type.Core);
154
251
  }
252
+ // INSTANCE_SERVICE_ROLE
253
+ // assume gif target is registered and belongs to the same instance as instance access manager
254
+ function createGifTarget(address target, string memory name) external restricted()
255
+ {
256
+ if(!_registry.isRegistered(target)) {
257
+ revert IAccess.ErrorIAccessTargetNotRegistered(target);
258
+ }
155
259
 
156
- function createTarget(address target, string memory name) external restricted() {
157
- _createTarget(target, name, true, true);
260
+ _createTarget(target, name, IAccess.Type.Gif);
158
261
  }
159
-
160
- function setTargetLocked(string memory targetName, bool locked) external restricted() {
161
- address target = _targetForName[ShortStrings.toShortString(targetName)];
262
+ // INSTANCE_OWNER_ROLE
263
+ // assume custom target.authority() is constant -> target MUST not be used with different instance access manager
264
+ // assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
265
+ // assume custom target can not be registered as instance or service -> why?
266
+ // TODO check target associated with instance owner or instance or instance components or components helpers
267
+ function createTarget(address target, string memory name) external restricted()
268
+ {
269
+ _createTarget(target, name, IAccess.Type.Custom);
270
+ }
271
+ // INSTANCE_SERVICE_ROLE
272
+ // IMPORTANT: instance access manager MUST be of Core type -> otherwise will be locked forever
273
+ function setTargetLocked(string memory targetName, bool locked)
274
+ external
275
+ restricted()
276
+ {
277
+ ShortString nameShort = ShortStrings.toShortString(targetName);
278
+ address target = _targetAddressForName[nameShort];
162
279
 
163
280
  if (target == address(0)) {
164
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
281
+ revert IAccess.ErrorIAccessTargetDoesNotExist(nameShort);
165
282
  }
166
283
 
167
- _target[target].isLocked = locked;
284
+ if(_targetInfo[target].ttype == IAccess.Type.Core) {
285
+ revert IAccess.ErrorIAccessTargetTypeInvalid(nameShort, _targetInfo[target].ttype);
286
+ }
287
+ // TODO isLocked is redundant but makes getTargetInfo() faster
288
+ _targetInfo[target].isLocked = locked;
168
289
  _accessManager.setTargetClosed(target, locked);
169
290
  }
170
291
 
171
- function targetExists(address target) public view returns (bool exists) {
172
- return _target[target].createdAt.gtz();
292
+ // allowed combinations of roles and targets:
293
+ //1) set core role for core target
294
+ //2) set gif role for gif target
295
+ //3) set custom role for gif target
296
+ //4) set custom role for custom target
297
+
298
+ // ADMIN_ROLE if used only during initialization, works with:
299
+ // any roles for any targets
300
+ // INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
301
+ // core roles for core targets
302
+ // gif roles for gif targets
303
+ function setCoreTargetFunctionRole(
304
+ string memory targetName,
305
+ bytes4[] calldata selectors,
306
+ RoleId roleId
307
+ )
308
+ public
309
+ virtual
310
+ restricted()
311
+ {
312
+ ShortString nameShort = ShortStrings.toShortString(targetName);
313
+ address target = _targetAddressForName[nameShort];
314
+
315
+ // not custom target
316
+ if(_targetInfo[target].ttype == IAccess.Type.Custom) {
317
+ revert IAccess.ErrorIAccessTargetTypeInvalid(nameShort, IAccess.Type.Custom);
318
+ }
319
+
320
+ // not custom role
321
+ if(_roleInfo[roleId].rtype == IAccess.Type.Custom) {
322
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
323
+ }
324
+
325
+ _setTargetFunctionRole(target, nameShort, selectors, roleId);
173
326
  }
174
327
 
175
- //--- internal view/pure functions --------------------------------------//
328
+ // INSTANCE_OWNER_ROLE
329
+ // gif role for gif target
330
+ // gif role for custom target
331
+ // custom role for gif target
332
+ // custom role for custom target
333
+ // TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
334
+ function setTargetFunctionRole(
335
+ string memory targetName,
336
+ bytes4[] calldata selectors,
337
+ RoleId roleId
338
+ )
339
+ public
340
+ virtual
341
+ restricted()
342
+ {
343
+ ShortString nameShort = ShortStrings.toShortString(targetName);
344
+ address target = _targetAddressForName[nameShort];
176
345
 
177
- function _createRole(RoleId roleId, string memory name, bool isCustom, bool validateParameters) internal {
178
- if (validateParameters) {
179
- _validateRoleParameters(roleId, name, isCustom);
346
+ // not core target
347
+ if(_targetInfo[target].ttype == IAccess.Type.Core) {
348
+ revert IAccess.ErrorIAccessTargetTypeInvalid(nameShort, IAccess.Type.Core);
180
349
  }
181
350
 
182
- IAccess.RoleInfo memory role = IAccess.RoleInfo(
183
- ShortStrings.toShortString(name),
184
- isCustom,
185
- false, // role un-locked,
186
- TimestampLib.blockTimestamp(),
187
- TimestampLib.blockTimestamp());
351
+ // not core role
352
+ if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
353
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
354
+ }
355
+
356
+ _setTargetFunctionRole(target, nameShort, selectors, roleId);
357
+ }
358
+
359
+ function isTargetLocked(address target) public view returns (bool locked) {
360
+ return _accessManager.isTargetClosed(target);
361
+ }
362
+
363
+ function targetExists(address target) public view returns (bool exists) {
364
+ return _targetInfo[target].createdAt.gtz();
365
+ }
188
366
 
189
- _role[roleId] = role;
190
- _roleForName[role.name] = roleId;
191
- _roles.push(roleId);
367
+ function getTargetInfo(address target) public view returns (IAccess.TargetInfo memory) {
368
+ return _targetInfo[target];
192
369
  }
193
370
 
194
- function _validateRoleParameters(
195
- RoleId roleId,
196
- string memory name,
197
- bool isCustom
198
- )
371
+ //--- Role internal view/pure functions --------------------------------------//
372
+ function _createRole(RoleId roleId, string memory roleName, IAccess.Type rtype)
199
373
  internal
200
- view
201
- returns (IAccess.RoleInfo memory existingRole)
202
374
  {
203
- // check role id
204
- uint64 roleIdInt = RoleId.unwrap(roleId);
205
- if(roleIdInt == _accessManager.ADMIN_ROLE() || roleIdInt == _accessManager.PUBLIC_ROLE()) {
206
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
375
+ ShortString name = ShortStrings.toShortString(roleName);
376
+ _validateRole(roleId, name, rtype);
377
+
378
+ if(roleExists(roleId)) {
379
+ revert IAccess.ErrorIAccessRoleIdExists(roleId);
207
380
  }
208
381
 
209
- // prevent changing isCustom for existing roles
210
- existingRole = _role[roleId];
382
+ if (_roleIdForName[name].gtz()) {
383
+ revert IAccess.ErrorIAccessRoleNameExists(roleId, _roleIdForName[name], name);
384
+ }
385
+
386
+ _roleInfo[roleId] = IAccess.RoleInfo(
387
+ name,
388
+ rtype,
389
+ ADMIN_ROLE(),
390
+ TimestampLib.blockTimestamp(),
391
+ TimestampLib.blockTimestamp()
392
+ );
393
+ _roleIdForName[name] = roleId;
394
+ _roleIds.push(roleId);
395
+
396
+ emit LogRoleCreation(roleId, name, rtype);
397
+ }
211
398
 
212
- if (existingRole.createdAt.gtz() && isCustom != existingRole.isCustom) {
213
- revert IAccess.ErrorIAccessRoleIsCustomIsImmutable(roleId, isCustom, existingRole.isCustom);
399
+ function _validateRole(RoleId roleId, ShortString name, IAccess.Type rtype)
400
+ internal
401
+ view
402
+ {
403
+ uint roleIdInt = roleId.toInt();
404
+ if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
405
+ revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
214
406
  }
215
407
 
216
- if (isCustom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
217
- revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
218
- } else if (!isCustom && roleIdInt >= CUSTOM_ROLE_ID_MIN) {
219
- revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
408
+ if(
409
+ rtype != IAccess.Type.Custom &&
410
+ roleIdInt >= CUSTOM_ROLE_ID_MIN &&
411
+ roleIdInt != PUBLIC_ROLE().toInt())
412
+ {
413
+ revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
220
414
  }
221
415
 
222
416
  // role name checks
223
- ShortString nameShort = ShortStrings.toShortString(name);
224
- if (ShortStrings.byteLength(nameShort) == 0) {
417
+ if (ShortStrings.byteLength(name) == 0) {
225
418
  revert IAccess.ErrorIAccessRoleNameEmpty(roleId);
226
419
  }
420
+ }
227
421
 
228
- if (_roleForName[nameShort] != RoleIdLib.zero() && _roleForName[nameShort] != roleId) {
229
- revert IAccess.ErrorIAccessRoleNameNotUnique(_roleForName[nameShort], nameShort);
422
+ function _revokeRole(RoleId roleId, address member)
423
+ internal
424
+ returns(bool revoked)
425
+ {
426
+ if (!roleExists(roleId)) {
427
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
230
428
  }
231
- }
232
429
 
233
- function _createTarget(address target, string memory name, bool isCustom, bool validateParameters) internal {
234
- if (validateParameters) {
235
- _validateTargetParameters(target, name, isCustom);
430
+ revoked = EnumerableSet.remove(_roleMembers[roleId], member);
431
+ if(revoked) {
432
+ _accessManager.revokeRole(roleId.toInt(), member);
236
433
  }
434
+ }
435
+
436
+ function _getNextCustomRoleId()
437
+ internal
438
+ returns(RoleId roleId, RoleId admin)
439
+ {
440
+ uint64 roleIdInt = _idNext;
441
+ uint64 adminInt = roleIdInt + 1;
237
442
 
238
- if (_target[target].createdAt.gtz()) {
239
- revert IAccess.ErrorIAccessTargetExists(target, _target[target].name);
443
+ _idNext = roleIdInt + 2;
444
+
445
+ roleId = RoleIdLib.toRoleId(roleIdInt);
446
+ admin = RoleIdLib.toRoleId(adminInt);
447
+ }
448
+
449
+ //--- Target internal view/pure functions --------------------------------------//
450
+ function _createTarget(address target, string memory targetName, IAccess.Type ttype)
451
+ internal
452
+ {
453
+ ShortString name = ShortStrings.toShortString(targetName);
454
+ _validateTarget(target, name, ttype);
455
+
456
+ if (_targetInfo[target].createdAt.gtz()) {
457
+ revert IAccess.ErrorIAccessTargetExists(target, _targetInfo[target].name);
240
458
  }
241
- if (_targetForName[ShortStrings.toShortString(name)] != address(0)) {
242
- revert IAccess.ErrorIAccessTargetNameExists(target, _targetForName[ShortStrings.toShortString(name)], ShortStrings.toShortString(name));
459
+
460
+ if (_targetAddressForName[name] != address(0)) {
461
+ revert IAccess.ErrorIAccessTargetNameExists(
462
+ target,
463
+ _targetAddressForName[name],
464
+ name);
243
465
  }
244
466
 
245
- IAccess.TargetInfo memory info = IAccess.TargetInfo(
246
- ShortStrings.toShortString(name),
247
- isCustom,
248
- _accessManager.isTargetClosed(target), // sync with state in access manager
467
+ bool isLocked = _accessManager.isTargetClosed(target);// sync with state in access manager
468
+ _targetInfo[target] = IAccess.TargetInfo(
469
+ name,
470
+ ttype,
471
+ isLocked,
249
472
  TimestampLib.blockTimestamp(),
250
- TimestampLib.blockTimestamp());
251
-
252
- _target[target] = info;
253
- _targetForName[info.name] = target;
473
+ TimestampLib.blockTimestamp()
474
+ );
475
+ _targetAddressForName[name] = target;
254
476
  _targets.push(target);
477
+
478
+ emit LogTargetCreation(target, name, ttype, isLocked);
255
479
  }
256
480
 
257
- function _validateTargetParameters(address target, string memory name, bool isCustom) internal view {
258
- // TODO: implement
481
+ function _validateTarget(address target, ShortString name, IAccess.Type ttype)
482
+ internal
483
+ view
484
+ {
485
+ address targetAuthority = AccessManagedUpgradeable(target).authority();
486
+ if(targetAuthority != authority()) {
487
+ revert IAccess.ErrorIAccessTargetAuthorityInvalid(target, targetAuthority);
488
+ }
489
+
490
+ if (ShortStrings.byteLength(name) == 0) {
491
+ revert IAccess.ErrorIAccessTargetNameEmpty(target);
492
+ }
259
493
  }
260
494
 
261
- function setTargetFunctionRole(
262
- string memory targetName,
495
+ function _setTargetFunctionRole(
496
+ address target,
497
+ ShortString name,
263
498
  bytes4[] calldata selectors,
264
499
  RoleId roleId
265
- ) public virtual restricted() {
266
- address target = _targetForName[ShortStrings.toShortString(targetName)];
267
-
500
+ )
501
+ internal
502
+ {
268
503
  if (target == address(0)) {
269
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
270
- }
271
- if (! roleExists(roleId)) {
272
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
504
+ revert IAccess.ErrorIAccessTargetDoesNotExist(name);
273
505
  }
274
- uint64 roleIdInt = RoleId.unwrap(roleId);
275
- _accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
276
- }
277
506
 
278
- function setTargetClosed(string memory targetName, bool closed) public restricted() {
279
- address target = _targetForName[ShortStrings.toShortString(targetName)];
280
- if (target == address(0)) {
281
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
507
+ if (!roleExists(roleId)) {
508
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
282
509
  }
283
- _accessManager.setTargetClosed(target, closed);
284
- }
285
510
 
286
- function isTargetLocked(address target) public view returns (bool locked) {
287
- return _accessManager.isTargetClosed(target);
511
+ uint64 roleIdInt = RoleId.unwrap(roleId);
512
+ _accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
288
513
  }
289
514
 
290
515
  function canCall(