@etherisc/gif-next 0.0.2-f29e479-370 → 0.0.2-f30e0eb-805
Sign up to get free protection for your applications and to get access to all the features.
- package/artifacts/contracts/components/Component.sol/Component.dbg.json +1 -1
- package/artifacts/contracts/components/Component.sol/Component.json +68 -89
- package/artifacts/contracts/components/Distribution.sol/Distribution.dbg.json +1 -1
- package/artifacts/contracts/components/Distribution.sol/Distribution.json +113 -140
- package/artifacts/contracts/components/IComponent.sol/IComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IComponent.sol/IComponent.json +65 -73
- package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.json +91 -122
- package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.json +256 -189
- package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.json +69 -145
- package/artifacts/contracts/components/Pool.sol/Pool.dbg.json +1 -1
- package/artifacts/contracts/components/Pool.sol/Pool.json +279 -245
- package/artifacts/contracts/components/Product.sol/Product.dbg.json +1 -1
- package/artifacts/contracts/components/Product.sol/Product.json +73 -162
- package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.dbg.json +4 -0
- package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.json +1206 -0
- package/artifacts/contracts/instance/BundleManager.sol/BundleManager.dbg.json +1 -1
- package/artifacts/contracts/instance/BundleManager.sol/BundleManager.json +64 -50
- package/artifacts/contracts/instance/Cloneable.sol/Cloneable.dbg.json +1 -1
- package/artifacts/contracts/instance/Cloneable.sol/Cloneable.json +5 -0
- package/artifacts/contracts/instance/IInstance.sol/IInstance.dbg.json +1 -1
- package/artifacts/contracts/instance/IInstance.sol/IInstance.json +171 -308
- package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.dbg.json +1 -1
- package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.json +98 -40
- package/artifacts/contracts/instance/Instance.sol/Instance.dbg.json +1 -1
- package/artifacts/contracts/instance/Instance.sol/Instance.json +260 -379
- package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.json +448 -121
- package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.json +120 -227
- package/artifacts/contracts/instance/InstanceService.sol/InstanceService.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceService.sol/InstanceService.json +148 -161
- package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.json +31 -23
- package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.dbg.json +1 -1
- package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.json +8 -13
- package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.dbg.json +1 -1
- package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.json +1 -1
- package/artifacts/contracts/instance/base/IKeyValueStore.sol/IKeyValueStore.dbg.json +1 -1
- package/artifacts/contracts/instance/base/ILifecycle.sol/ILifecycle.dbg.json +1 -1
- package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.dbg.json +1 -1
- package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.json +40 -10
- package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.dbg.json +1 -1
- package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.json +36 -11
- package/artifacts/contracts/instance/module/IAccess.sol/IAccess.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IAccess.sol/IAccess.json +54 -71
- package/artifacts/contracts/instance/module/IBundle.sol/IBundle.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IComponents.sol/IComponents.dbg.json +4 -0
- package/artifacts/contracts/instance/module/IComponents.sol/IComponents.json +10 -0
- package/artifacts/contracts/instance/module/IDistribution.sol/IDistribution.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IPolicy.sol/IPolicy.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IRisk.sol/IRisk.dbg.json +1 -1
- package/artifacts/contracts/instance/module/ISetup.sol/ISetup.dbg.json +1 -1
- package/artifacts/contracts/instance/module/ITreasury.sol/ITreasury.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.json +161 -62
- package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.json +33 -25
- package/artifacts/contracts/instance/service/BundleService.sol/BundleService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/BundleService.sol/BundleService.json +137 -140
- package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.json +12 -12
- package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.json +3 -3
- package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.json +2 -2
- package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.json +505 -91
- package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.json +78 -42
- package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.json +110 -27
- package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.json +93 -96
- package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.json +350 -8
- package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.json +21 -64
- package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.json +81 -0
- package/artifacts/contracts/instance/service/IProductService.sol/IProductService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.json +58 -157
- package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.json +19 -47
- package/artifacts/contracts/instance/service/PoolService.sol/PoolService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PoolService.sol/PoolService.json +114 -17
- package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.json +17 -9
- package/artifacts/contracts/instance/service/ProductService.sol/ProductService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ProductService.sol/ProductService.json +7 -7
- package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.json +4 -4
- package/artifacts/contracts/registry/ChainNft.sol/ChainNft.dbg.json +1 -1
- package/artifacts/contracts/registry/ChainNft.sol/ChainNft.json +15 -2
- package/artifacts/contracts/registry/IRegistry.sol/IRegistry.dbg.json +1 -1
- package/artifacts/contracts/registry/IRegistry.sol/IRegistry.json +19 -0
- package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.dbg.json +1 -1
- package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.dbg.json +1 -1
- package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.json +18 -0
- package/artifacts/contracts/registry/Registry.sol/Registry.dbg.json +1 -1
- package/artifacts/contracts/registry/Registry.sol/Registry.json +31 -12
- package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.json +2 -2
- package/artifacts/contracts/registry/RegistryService.sol/RegistryService.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryService.sol/RegistryService.json +5 -5
- package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.json +3 -3
- package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.dbg.json +1 -1
- package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.json +7 -7
- package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.dbg.json +1 -1
- package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.json +2 -2
- package/artifacts/contracts/shared/ContractDeployerLib.sol/ContractDeployerLib.dbg.json +1 -1
- package/artifacts/contracts/shared/ERC165.sol/ERC165.dbg.json +1 -1
- package/artifacts/contracts/shared/INftOwnable.sol/INftOwnable.dbg.json +1 -1
- package/artifacts/contracts/shared/IPolicyHolder.sol/IPolicyHolder.dbg.json +1 -1
- package/artifacts/contracts/shared/IRegisterable.sol/IRegisterable.dbg.json +1 -1
- package/artifacts/contracts/shared/IRegistryLinked.sol/IRegistryLinked.dbg.json +1 -1
- package/artifacts/contracts/shared/IService.sol/IService.dbg.json +1 -1
- package/artifacts/contracts/shared/IVersionable.sol/IVersionable.dbg.json +1 -1
- package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.dbg.json +1 -1
- package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.json +2 -2
- package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.dbg.json +1 -1
- package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.json +2 -2
- package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.dbg.json +1 -1
- package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.json +2 -2
- package/artifacts/contracts/shared/Registerable.sol/Registerable.dbg.json +1 -1
- package/artifacts/contracts/shared/Registerable.sol/Registerable.json +3 -3
- package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.dbg.json +1 -1
- package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.json +2 -2
- package/artifacts/contracts/shared/Service.sol/Service.dbg.json +1 -1
- package/artifacts/contracts/shared/Service.sol/Service.json +1 -1
- package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.dbg.json +1 -1
- package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.json +2 -2
- package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +1 -1
- package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +2 -2
- package/artifacts/contracts/shared/Versionable.sol/Versionable.dbg.json +1 -1
- package/artifacts/contracts/test/TestFee.sol/TestFee.dbg.json +1 -1
- package/artifacts/contracts/test/TestFee.sol/TestFee.json +2 -2
- package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.dbg.json +1 -1
- package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.json +3 -3
- package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.dbg.json +1 -1
- package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.json +6 -6
- package/artifacts/contracts/test/TestService.sol/TestService.dbg.json +1 -1
- package/artifacts/contracts/test/TestService.sol/TestService.json +3 -3
- package/artifacts/contracts/test/TestToken.sol/TestUsdc.dbg.json +1 -1
- package/artifacts/contracts/test/TestVersion.sol/TestVersion.dbg.json +1 -1
- package/artifacts/contracts/test/TestVersion.sol/TestVersion.json +2 -2
- package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.dbg.json +1 -1
- package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.json +2 -2
- package/artifacts/contracts/test/Usdc.sol/USDC.dbg.json +1 -1
- package/artifacts/contracts/types/AddressSet.sol/LibAddressSet.dbg.json +1 -1
- package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.dbg.json +1 -1
- package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.json +2 -2
- package/artifacts/contracts/types/ChainId.sol/ChainIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/ClaimId.sol/ClaimIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.dbg.json +1 -1
- package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.json +2 -2
- package/artifacts/contracts/types/Fee.sol/FeeLib.dbg.json +1 -1
- package/artifacts/contracts/types/Fee.sol/FeeLib.json +2 -2
- package/artifacts/contracts/types/Key32.sol/Key32Lib.dbg.json +1 -1
- package/artifacts/contracts/types/Key32.sol/Key32Lib.json +2 -2
- package/artifacts/contracts/types/NftId.sol/NftIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/NftId.sol/NftIdLib.json +17 -4
- package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.dbg.json +1 -1
- package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.json +2 -2
- package/artifacts/contracts/types/NumberId.sol/NumberIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.dbg.json +1 -1
- package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.json +2 -2
- package/artifacts/contracts/types/PayoutId.sol/PayoutIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/Referral.sol/ReferralLib.dbg.json +1 -1
- package/artifacts/contracts/types/Referral.sol/ReferralLib.json +23 -4
- package/artifacts/contracts/types/RiskId.sol/RiskIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/RiskId.sol/RiskIdLib.json +2 -2
- package/artifacts/contracts/types/RoleId.sol/RoleIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/RoleId.sol/RoleIdLib.json +2 -2
- package/artifacts/contracts/types/Seconds.sol/SecondsLib.dbg.json +4 -0
- package/artifacts/contracts/types/Seconds.sol/SecondsLib.json +124 -0
- package/artifacts/contracts/types/StateId.sol/StateIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/StateId.sol/StateIdLib.json +2 -2
- package/artifacts/contracts/types/Timestamp.sol/TimestampLib.dbg.json +1 -1
- package/artifacts/contracts/types/Timestamp.sol/TimestampLib.json +25 -7
- package/artifacts/contracts/types/UFixed.sol/MathLib.dbg.json +1 -1
- package/artifacts/contracts/types/UFixed.sol/MathLib.json +2 -2
- package/artifacts/contracts/types/UFixed.sol/UFixedLib.dbg.json +1 -1
- package/artifacts/contracts/types/UFixed.sol/UFixedLib.json +2 -2
- package/artifacts/contracts/types/Version.sol/VersionLib.dbg.json +1 -1
- package/artifacts/contracts/types/Version.sol/VersionLib.json +2 -2
- package/artifacts/contracts/types/Version.sol/VersionPartLib.dbg.json +1 -1
- package/artifacts/contracts/types/Version.sol/VersionPartLib.json +2 -2
- package/contracts/components/Component.sol +95 -85
- package/contracts/components/Distribution.sol +12 -19
- package/contracts/components/IComponent.sol +37 -17
- package/contracts/components/IDistributionComponent.sol +1 -22
- package/contracts/components/IPoolComponent.sol +73 -47
- package/contracts/components/IProductComponent.sol +3 -2
- package/contracts/components/Pool.sol +171 -126
- package/contracts/components/Product.sol +26 -18
- package/contracts/instance/AccessManagerUpgradeableInitializeable.sol +13 -0
- package/contracts/instance/BundleManager.sol +7 -5
- package/contracts/instance/Cloneable.sol +7 -2
- package/contracts/instance/IInstance.sol +16 -10
- package/contracts/instance/IInstanceService.sol +18 -5
- package/contracts/instance/Instance.sol +45 -9
- package/contracts/instance/InstanceAccessManager.sol +382 -157
- package/contracts/instance/InstanceReader.sol +7 -10
- package/contracts/instance/InstanceService.sol +174 -155
- package/contracts/instance/ObjectManager.sol +6 -8
- package/contracts/instance/base/ComponentService.sol +5 -5
- package/contracts/instance/base/KeyValueStore.sol +5 -2
- package/contracts/instance/base/Lifecycle.sol +11 -2
- package/contracts/instance/module/IAccess.sol +20 -13
- package/contracts/instance/module/IBundle.sol +2 -1
- package/contracts/instance/module/IComponents.sol +35 -0
- package/contracts/instance/module/IDistribution.sol +2 -1
- package/contracts/instance/module/IPolicy.sol +26 -1
- package/contracts/instance/module/ISetup.sol +7 -22
- package/contracts/instance/service/ApplicationService.sol +123 -41
- package/contracts/instance/service/BundleService.sol +76 -38
- package/contracts/instance/service/DistributionService.sol +139 -47
- package/contracts/instance/service/IApplicationService.sol +7 -7
- package/contracts/instance/service/IBundleService.sol +19 -11
- package/contracts/instance/service/IDistributionService.sol +19 -4
- package/contracts/instance/service/IPolicyService.sol +3 -20
- package/contracts/instance/service/IPoolService.sol +17 -2
- package/contracts/instance/service/PolicyService.sol +59 -132
- package/contracts/instance/service/PoolService.sol +128 -17
- package/contracts/instance/service/ProductService.sol +10 -2
- package/contracts/registry/ChainNft.sol +8 -0
- package/contracts/registry/IRegistry.sol +2 -0
- package/contracts/registry/ITransferInterceptor.sol +1 -0
- package/contracts/registry/Registry.sol +23 -20
- package/contracts/registry/RegistryService.sol +5 -5
- package/contracts/shared/Registerable.sol +2 -2
- package/contracts/shared/TokenHandler.sol +11 -5
- package/contracts/types/Blocknumber.sol +1 -0
- package/contracts/types/Fee.sol +1 -0
- package/contracts/types/NftId.sol +8 -0
- package/contracts/types/ObjectType.sol +1 -0
- package/contracts/types/Referral.sol +4 -0
- package/contracts/types/RoleId.sol +13 -6
- package/contracts/types/Seconds.sol +54 -0
- package/contracts/types/StateId.sol +1 -0
- package/contracts/types/Timestamp.sol +13 -13
- package/contracts/types/UFixed.sol +1 -0
- package/contracts/types/Version.sol +1 -0
- package/package.json +1 -1
@@ -1,290 +1,515 @@
|
|
1
1
|
// SPDX-License-Identifier: Apache-2.0
|
2
2
|
pragma solidity ^0.8.20;
|
3
3
|
|
4
|
-
import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
|
5
4
|
import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
|
6
5
|
import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
|
7
6
|
import {ShortString, ShortStrings} from "@openzeppelin/contracts/utils/ShortStrings.sol";
|
8
7
|
|
9
|
-
import {RoleId, RoleIdLib } from "../types/RoleId.sol";
|
8
|
+
import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../types/RoleId.sol";
|
10
9
|
import {TimestampLib} from "../types/Timestamp.sol";
|
10
|
+
import {NftId} from "../types/NftId.sol";
|
11
|
+
|
12
|
+
import {AccessManagerUpgradeableInitializeable} from "./AccessManagerUpgradeableInitializeable.sol";
|
13
|
+
|
14
|
+
import {IRegistry} from "../registry/IRegistry.sol";
|
15
|
+
|
16
|
+
import {IInstance} from "./IInstance.sol";
|
11
17
|
import {IAccess} from "./module/IAccess.sol";
|
12
18
|
|
13
19
|
contract InstanceAccessManager is
|
14
20
|
AccessManagedUpgradeable
|
15
21
|
{
|
22
|
+
event LogRoleCreation(RoleId roleId, ShortString name, IAccess.Type rtype);
|
23
|
+
event LogTargetCreation(address target, ShortString name, IAccess.Type ttype, bool isLocked);
|
24
|
+
|
16
25
|
using RoleIdLib for RoleId;
|
17
26
|
|
18
27
|
string public constant ADMIN_ROLE_NAME = "AdminRole";
|
19
28
|
string public constant PUBLIC_ROLE_NAME = "PublicRole";
|
29
|
+
string public constant INSTANCE_ROLE_NAME = "InstanceRole";
|
30
|
+
string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
|
20
31
|
|
21
|
-
uint64 public constant CUSTOM_ROLE_ID_MIN = 10000;
|
32
|
+
uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
|
22
33
|
uint32 public constant EXECUTION_DELAY = 0;
|
23
34
|
|
24
35
|
// role specific state
|
25
|
-
mapping(RoleId roleId => IAccess.RoleInfo info) internal
|
36
|
+
mapping(RoleId roleId => IAccess.RoleInfo info) internal _roleInfo;
|
26
37
|
mapping(RoleId roleId => EnumerableSet.AddressSet roleMembers) internal _roleMembers;
|
27
|
-
mapping(ShortString name => RoleId roleId) internal
|
28
|
-
RoleId [] internal
|
38
|
+
mapping(ShortString name => RoleId roleId) internal _roleIdForName;
|
39
|
+
RoleId [] internal _roleIds;
|
40
|
+
uint64 _idNext;
|
29
41
|
|
30
42
|
// target specific state
|
31
|
-
mapping(address target => IAccess.TargetInfo info) internal
|
32
|
-
mapping(ShortString name => address target) internal
|
43
|
+
mapping(address target => IAccess.TargetInfo info) internal _targetInfo;
|
44
|
+
mapping(ShortString name => address target) internal _targetAddressForName;
|
33
45
|
address [] internal _targets;
|
34
46
|
|
35
|
-
|
47
|
+
AccessManagerUpgradeableInitializeable internal _accessManager;
|
48
|
+
IRegistry internal _registry;
|
36
49
|
|
37
|
-
|
50
|
+
modifier restrictedToRoleAdmin(RoleId roleId) {
|
51
|
+
RoleId admin = getRoleAdmin(roleId);
|
52
|
+
(bool inRole, uint32 executionDelay) = _accessManager.hasRole(admin.toInt(), _msgSender());
|
53
|
+
assert(executionDelay == 0); // to be sure no delayed execution functionality is used
|
54
|
+
if (!inRole) {
|
55
|
+
revert IAccess.ErrorIAccessCallerIsNotRoleAdmin(_msgSender(), roleId);
|
56
|
+
}
|
57
|
+
_;
|
58
|
+
}
|
59
|
+
|
60
|
+
// instance owner is granted upon instance nft minting in callback function
|
61
|
+
function initialize(address instanceAddress) external initializer
|
38
62
|
{
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
63
|
+
IInstance instance = IInstance(instanceAddress);
|
64
|
+
IRegistry registry = instance.getRegistry();
|
65
|
+
address authority = instance.authority();
|
66
|
+
|
67
|
+
__AccessManaged_init(authority);
|
68
|
+
|
69
|
+
_accessManager = AccessManagerUpgradeableInitializeable(authority);
|
70
|
+
_registry = registry;
|
71
|
+
_idNext = CUSTOM_ROLE_ID_MIN;
|
43
72
|
|
44
|
-
|
73
|
+
_createRole(ADMIN_ROLE(), ADMIN_ROLE_NAME, IAccess.Type.Core);
|
74
|
+
_createRole(PUBLIC_ROLE(), PUBLIC_ROLE_NAME, IAccess.Type.Core);
|
75
|
+
_createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
|
76
|
+
_createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Gif);
|
45
77
|
|
46
|
-
|
47
|
-
|
78
|
+
// assume `this` is already a member of ADMIN_ROLE
|
79
|
+
EnumerableSet.add(_roleMembers[ADMIN_ROLE()], address(this));
|
80
|
+
|
81
|
+
grantRole(INSTANCE_ROLE(), instanceAddress);
|
82
|
+
setRoleAdmin(INSTANCE_OWNER_ROLE(), INSTANCE_ROLE());
|
48
83
|
}
|
49
84
|
|
50
85
|
//--- Role ------------------------------------------------------//
|
51
|
-
|
52
|
-
|
86
|
+
// ADMIN_ROLE
|
87
|
+
// assume all core roles are know at deployment time
|
88
|
+
// assume core roles are set and granted only during instance cloning
|
89
|
+
// assume core roles are never revoked -> core roles admin is never active after intialization
|
90
|
+
function createCoreRole(RoleId roleId, string memory name)
|
91
|
+
external
|
92
|
+
restricted()
|
93
|
+
{
|
94
|
+
_createRole(roleId, name, IAccess.Type.Core);
|
53
95
|
}
|
54
|
-
|
55
|
-
|
56
|
-
|
96
|
+
// ADMIN_ROLE
|
97
|
+
// assume gif roles can be revoked
|
98
|
+
// assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
|
99
|
+
function createGifRole(RoleId roleId, string memory name, RoleId admin)
|
100
|
+
external
|
101
|
+
restricted()
|
102
|
+
{
|
103
|
+
_createRole(roleId, name, IAccess.Type.Gif);
|
104
|
+
setRoleAdmin(roleId, admin);
|
57
105
|
}
|
58
106
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
107
|
+
// INSTANCE_OWNER_ROLE
|
108
|
+
function createRole(string memory roleName, string memory adminName)
|
109
|
+
external
|
110
|
+
restricted()
|
111
|
+
returns(RoleId roleId, RoleId admin)
|
112
|
+
{
|
113
|
+
(roleId, admin) = _getNextCustomRoleId();
|
63
114
|
|
64
|
-
|
65
|
-
|
66
|
-
}
|
115
|
+
_createRole(roleId, roleName, IAccess.Type.Custom);
|
116
|
+
_createRole(admin, adminName, IAccess.Type.Custom);
|
67
117
|
|
68
|
-
|
69
|
-
|
118
|
+
// TODO works without this -> why?
|
119
|
+
setRoleAdmin(roleId, admin);
|
120
|
+
setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
|
70
121
|
}
|
71
122
|
|
72
|
-
|
123
|
+
// ADMIN_ROLE
|
124
|
+
// assume used by instance service only during instance cloning
|
125
|
+
// assume used only by this.createRole(), this.createGifRole() afterwards
|
126
|
+
function setRoleAdmin(RoleId roleId, RoleId admin)
|
127
|
+
public
|
128
|
+
restricted()
|
129
|
+
{
|
73
130
|
if (!roleExists(roleId)) {
|
74
|
-
revert IAccess.
|
131
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
75
132
|
}
|
76
133
|
|
77
|
-
if
|
78
|
-
revert IAccess.
|
134
|
+
if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
|
135
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
|
79
136
|
}
|
80
137
|
|
81
|
-
if (!
|
82
|
-
|
83
|
-
|
84
|
-
return true;
|
85
|
-
}
|
138
|
+
if (!roleExists(admin)) {
|
139
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(admin);
|
140
|
+
}
|
86
141
|
|
87
|
-
|
142
|
+
_roleInfo[roleId].admin = admin;
|
88
143
|
}
|
89
144
|
|
90
|
-
function
|
145
|
+
function grantRole(RoleId roleId, address member)
|
146
|
+
public
|
147
|
+
restrictedToRoleAdmin(roleId)
|
148
|
+
returns (bool granted)
|
149
|
+
{
|
91
150
|
if (!roleExists(roleId)) {
|
92
|
-
revert IAccess.
|
93
|
-
}
|
94
|
-
|
95
|
-
if (EnumerableSet.contains(_roleMembers[roleId], member)) {
|
96
|
-
_accessManager.revokeRole(roleId.toInt(), member);
|
97
|
-
EnumerableSet.remove(_roleMembers[roleId], member);
|
98
|
-
return true;
|
151
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
99
152
|
}
|
100
153
|
|
101
|
-
|
154
|
+
granted = EnumerableSet.add(_roleMembers[roleId], member);
|
155
|
+
if(granted) {
|
156
|
+
_accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
|
157
|
+
}
|
102
158
|
}
|
103
159
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
160
|
+
function revokeRole(RoleId roleId, address member)
|
161
|
+
external
|
162
|
+
restrictedToRoleAdmin(roleId)
|
163
|
+
returns (bool)
|
164
|
+
{
|
165
|
+
return _revokeRole(roleId, member);
|
166
|
+
}
|
108
167
|
|
168
|
+
// INSTANCE_OWNER_ROLE
|
169
|
+
// IMPORTANT: unbounded function, revoke all or revert
|
170
|
+
// Instance owner role decides what to do in case of custom role admin bening revoked, e.g.:
|
171
|
+
// 1) revoke custom role from ALL members
|
172
|
+
// 2) revoke custom role admin from ALL members
|
173
|
+
// 3) 1) + 2)
|
174
|
+
// 4) revoke only 1 member of custom role admin
|
175
|
+
function revokeRoleAllMembers(RoleId roleId)
|
176
|
+
external
|
177
|
+
restrictedToRoleAdmin(roleId)
|
178
|
+
returns (bool revoked)
|
179
|
+
{
|
109
180
|
if (!roleExists(roleId)) {
|
110
|
-
revert IAccess.
|
181
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
111
182
|
}
|
112
183
|
|
113
|
-
|
114
|
-
|
115
|
-
|
184
|
+
uint memberCount = EnumerableSet.length(_roleMembers[roleId]);
|
185
|
+
for(uint memberIdx = 0; memberIdx < memberCount; memberIdx++)
|
186
|
+
{
|
187
|
+
address member = EnumerableSet.at(_roleMembers[roleId], memberIdx);
|
116
188
|
EnumerableSet.remove(_roleMembers[roleId], member);
|
117
|
-
|
189
|
+
_accessManager.revokeRole(roleId.toInt(), member);
|
190
|
+
}
|
191
|
+
}
|
192
|
+
|
193
|
+
/// @dev not restricted function by intention
|
194
|
+
/// the restriction to role members is already enforced by the call to the access manager
|
195
|
+
function renounceRole(RoleId roleId)
|
196
|
+
external
|
197
|
+
returns (bool)
|
198
|
+
{
|
199
|
+
IAccess.Type rtype = _roleInfo[roleId].rtype;
|
200
|
+
if(rtype == IAccess.Type.Core || rtype == IAccess.Type.Gif) {
|
201
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, rtype);
|
118
202
|
}
|
119
203
|
|
120
|
-
|
204
|
+
address member = msg.sender;
|
205
|
+
// cannot use accessManger.renounce as it directly checks against msg.sender
|
206
|
+
return _revokeRole(roleId, member);
|
121
207
|
}
|
122
208
|
|
123
|
-
function
|
124
|
-
return
|
209
|
+
function roleExists(RoleId roleId) public view returns (bool exists) {
|
210
|
+
return _roleInfo[roleId].createdAt.gtz();
|
211
|
+
}
|
212
|
+
// TODO returns ADMIN_ROLE id for non existent roleId
|
213
|
+
function getRoleAdmin(RoleId roleId) public view returns(RoleId admin) {
|
214
|
+
return _roleInfo[roleId].admin;
|
215
|
+
}
|
216
|
+
|
217
|
+
function getRoleInfo(RoleId roleId) external view returns (IAccess.RoleInfo memory info) {
|
218
|
+
return _roleInfo[roleId];
|
219
|
+
}
|
220
|
+
|
221
|
+
function roleMembers(RoleId roleId) public view returns (uint256 numberOfMembers) {
|
222
|
+
return EnumerableSet.length(_roleMembers[roleId]);
|
125
223
|
}
|
126
224
|
|
127
225
|
function getRoleId(uint256 idx) external view returns (RoleId roleId) {
|
128
|
-
return
|
226
|
+
return _roleIds[idx];
|
129
227
|
}
|
130
228
|
|
229
|
+
// TODO now: for non existent name returns ADMIN_ROLE id
|
131
230
|
function getRoleIdForName(string memory name) external view returns (RoleId roleId) {
|
132
|
-
return
|
231
|
+
return _roleIdForName[ShortStrings.toShortString(name)];
|
133
232
|
}
|
134
233
|
|
135
|
-
function
|
136
|
-
return
|
234
|
+
function roleMember(RoleId roleId, uint256 idx) external view returns (address member) {
|
235
|
+
return EnumerableSet.at(_roleMembers[roleId], idx);
|
137
236
|
}
|
138
237
|
|
139
238
|
function hasRole(RoleId roleId, address account) external view returns (bool accountHasRole) {
|
140
239
|
(accountHasRole, ) = _accessManager.hasRole(roleId.toInt(), account);
|
141
240
|
}
|
142
241
|
|
143
|
-
function
|
144
|
-
return
|
145
|
-
}
|
146
|
-
|
147
|
-
function getRoleMember(RoleId roleId, uint256 idx) external view returns (address roleMember) {
|
148
|
-
return EnumerableSet.at(_roleMembers[roleId], idx);
|
242
|
+
function roles() external view returns (uint256 numberOfRoles) {
|
243
|
+
return _roleIds.length;
|
149
244
|
}
|
150
245
|
|
151
246
|
//--- Target ------------------------------------------------------//
|
152
|
-
|
153
|
-
|
247
|
+
// ADMIN_ROLE
|
248
|
+
// assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
|
249
|
+
function createCoreTarget(address target, string memory name) external restricted() {
|
250
|
+
_createTarget(target, name, IAccess.Type.Core);
|
154
251
|
}
|
252
|
+
// INSTANCE_SERVICE_ROLE
|
253
|
+
// assume gif target is registered and belongs to the same instance as instance access manager
|
254
|
+
function createGifTarget(address target, string memory name) external restricted()
|
255
|
+
{
|
256
|
+
if(!_registry.isRegistered(target)) {
|
257
|
+
revert IAccess.ErrorIAccessTargetNotRegistered(target);
|
258
|
+
}
|
155
259
|
|
156
|
-
|
157
|
-
_createTarget(target, name, true, true);
|
260
|
+
_createTarget(target, name, IAccess.Type.Gif);
|
158
261
|
}
|
159
|
-
|
160
|
-
|
161
|
-
|
262
|
+
// INSTANCE_OWNER_ROLE
|
263
|
+
// assume custom target.authority() is constant -> target MUST not be used with different instance access manager
|
264
|
+
// assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
|
265
|
+
// assume custom target can not be registered as instance or service -> why?
|
266
|
+
// TODO check target associated with instance owner or instance or instance components or components helpers
|
267
|
+
function createTarget(address target, string memory name) external restricted()
|
268
|
+
{
|
269
|
+
_createTarget(target, name, IAccess.Type.Custom);
|
270
|
+
}
|
271
|
+
// INSTANCE_SERVICE_ROLE
|
272
|
+
// IMPORTANT: instance access manager MUST be of Core type -> otherwise will be locked forever
|
273
|
+
function setTargetLocked(string memory targetName, bool locked)
|
274
|
+
external
|
275
|
+
restricted()
|
276
|
+
{
|
277
|
+
ShortString nameShort = ShortStrings.toShortString(targetName);
|
278
|
+
address target = _targetAddressForName[nameShort];
|
162
279
|
|
163
280
|
if (target == address(0)) {
|
164
|
-
revert IAccess.ErrorIAccessTargetDoesNotExist(
|
281
|
+
revert IAccess.ErrorIAccessTargetDoesNotExist(nameShort);
|
165
282
|
}
|
166
283
|
|
167
|
-
|
284
|
+
if(_targetInfo[target].ttype == IAccess.Type.Core) {
|
285
|
+
revert IAccess.ErrorIAccessTargetTypeInvalid(nameShort, _targetInfo[target].ttype);
|
286
|
+
}
|
287
|
+
// TODO isLocked is redundant but makes getTargetInfo() faster
|
288
|
+
_targetInfo[target].isLocked = locked;
|
168
289
|
_accessManager.setTargetClosed(target, locked);
|
169
290
|
}
|
170
291
|
|
171
|
-
|
172
|
-
|
292
|
+
// allowed combinations of roles and targets:
|
293
|
+
//1) set core role for core target
|
294
|
+
//2) set gif role for gif target
|
295
|
+
//3) set custom role for gif target
|
296
|
+
//4) set custom role for custom target
|
297
|
+
|
298
|
+
// ADMIN_ROLE if used only during initialization, works with:
|
299
|
+
// any roles for any targets
|
300
|
+
// INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
|
301
|
+
// core roles for core targets
|
302
|
+
// gif roles for gif targets
|
303
|
+
function setCoreTargetFunctionRole(
|
304
|
+
string memory targetName,
|
305
|
+
bytes4[] calldata selectors,
|
306
|
+
RoleId roleId
|
307
|
+
)
|
308
|
+
public
|
309
|
+
virtual
|
310
|
+
restricted()
|
311
|
+
{
|
312
|
+
ShortString nameShort = ShortStrings.toShortString(targetName);
|
313
|
+
address target = _targetAddressForName[nameShort];
|
314
|
+
|
315
|
+
// not custom target
|
316
|
+
if(_targetInfo[target].ttype == IAccess.Type.Custom) {
|
317
|
+
revert IAccess.ErrorIAccessTargetTypeInvalid(nameShort, IAccess.Type.Custom);
|
318
|
+
}
|
319
|
+
|
320
|
+
// not custom role
|
321
|
+
if(_roleInfo[roleId].rtype == IAccess.Type.Custom) {
|
322
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
|
323
|
+
}
|
324
|
+
|
325
|
+
_setTargetFunctionRole(target, nameShort, selectors, roleId);
|
173
326
|
}
|
174
327
|
|
175
|
-
|
328
|
+
// INSTANCE_OWNER_ROLE
|
329
|
+
// gif role for gif target
|
330
|
+
// gif role for custom target
|
331
|
+
// custom role for gif target
|
332
|
+
// custom role for custom target
|
333
|
+
// TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
|
334
|
+
function setTargetFunctionRole(
|
335
|
+
string memory targetName,
|
336
|
+
bytes4[] calldata selectors,
|
337
|
+
RoleId roleId
|
338
|
+
)
|
339
|
+
public
|
340
|
+
virtual
|
341
|
+
restricted()
|
342
|
+
{
|
343
|
+
ShortString nameShort = ShortStrings.toShortString(targetName);
|
344
|
+
address target = _targetAddressForName[nameShort];
|
176
345
|
|
177
|
-
|
178
|
-
if
|
179
|
-
|
346
|
+
// not core target
|
347
|
+
if(_targetInfo[target].ttype == IAccess.Type.Core) {
|
348
|
+
revert IAccess.ErrorIAccessTargetTypeInvalid(nameShort, IAccess.Type.Core);
|
180
349
|
}
|
181
350
|
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
351
|
+
// not core role
|
352
|
+
if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
|
353
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
|
354
|
+
}
|
355
|
+
|
356
|
+
_setTargetFunctionRole(target, nameShort, selectors, roleId);
|
357
|
+
}
|
358
|
+
|
359
|
+
function isTargetLocked(address target) public view returns (bool locked) {
|
360
|
+
return _accessManager.isTargetClosed(target);
|
361
|
+
}
|
362
|
+
|
363
|
+
function targetExists(address target) public view returns (bool exists) {
|
364
|
+
return _targetInfo[target].createdAt.gtz();
|
365
|
+
}
|
188
366
|
|
189
|
-
|
190
|
-
|
191
|
-
_roles.push(roleId);
|
367
|
+
function getTargetInfo(address target) public view returns (IAccess.TargetInfo memory) {
|
368
|
+
return _targetInfo[target];
|
192
369
|
}
|
193
370
|
|
194
|
-
|
195
|
-
|
196
|
-
string memory name,
|
197
|
-
bool isCustom
|
198
|
-
)
|
371
|
+
//--- Role internal view/pure functions --------------------------------------//
|
372
|
+
function _createRole(RoleId roleId, string memory roleName, IAccess.Type rtype)
|
199
373
|
internal
|
200
|
-
view
|
201
|
-
returns (IAccess.RoleInfo memory existingRole)
|
202
374
|
{
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
375
|
+
ShortString name = ShortStrings.toShortString(roleName);
|
376
|
+
_validateRole(roleId, name, rtype);
|
377
|
+
|
378
|
+
if(roleExists(roleId)) {
|
379
|
+
revert IAccess.ErrorIAccessRoleIdExists(roleId);
|
207
380
|
}
|
208
381
|
|
209
|
-
|
210
|
-
|
382
|
+
if (_roleIdForName[name].gtz()) {
|
383
|
+
revert IAccess.ErrorIAccessRoleNameExists(roleId, _roleIdForName[name], name);
|
384
|
+
}
|
385
|
+
|
386
|
+
_roleInfo[roleId] = IAccess.RoleInfo(
|
387
|
+
name,
|
388
|
+
rtype,
|
389
|
+
ADMIN_ROLE(),
|
390
|
+
TimestampLib.blockTimestamp(),
|
391
|
+
TimestampLib.blockTimestamp()
|
392
|
+
);
|
393
|
+
_roleIdForName[name] = roleId;
|
394
|
+
_roleIds.push(roleId);
|
395
|
+
|
396
|
+
emit LogRoleCreation(roleId, name, rtype);
|
397
|
+
}
|
211
398
|
|
212
|
-
|
213
|
-
|
399
|
+
function _validateRole(RoleId roleId, ShortString name, IAccess.Type rtype)
|
400
|
+
internal
|
401
|
+
view
|
402
|
+
{
|
403
|
+
uint roleIdInt = roleId.toInt();
|
404
|
+
if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
|
405
|
+
revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
|
214
406
|
}
|
215
407
|
|
216
|
-
if
|
217
|
-
|
218
|
-
|
219
|
-
|
408
|
+
if(
|
409
|
+
rtype != IAccess.Type.Custom &&
|
410
|
+
roleIdInt >= CUSTOM_ROLE_ID_MIN &&
|
411
|
+
roleIdInt != PUBLIC_ROLE().toInt())
|
412
|
+
{
|
413
|
+
revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
|
220
414
|
}
|
221
415
|
|
222
416
|
// role name checks
|
223
|
-
|
224
|
-
if (ShortStrings.byteLength(nameShort) == 0) {
|
417
|
+
if (ShortStrings.byteLength(name) == 0) {
|
225
418
|
revert IAccess.ErrorIAccessRoleNameEmpty(roleId);
|
226
419
|
}
|
420
|
+
}
|
227
421
|
|
228
|
-
|
229
|
-
|
422
|
+
function _revokeRole(RoleId roleId, address member)
|
423
|
+
internal
|
424
|
+
returns(bool revoked)
|
425
|
+
{
|
426
|
+
if (!roleExists(roleId)) {
|
427
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
230
428
|
}
|
231
|
-
}
|
232
429
|
|
233
|
-
|
234
|
-
if
|
235
|
-
|
430
|
+
revoked = EnumerableSet.remove(_roleMembers[roleId], member);
|
431
|
+
if(revoked) {
|
432
|
+
_accessManager.revokeRole(roleId.toInt(), member);
|
236
433
|
}
|
434
|
+
}
|
435
|
+
|
436
|
+
function _getNextCustomRoleId()
|
437
|
+
internal
|
438
|
+
returns(RoleId roleId, RoleId admin)
|
439
|
+
{
|
440
|
+
uint64 roleIdInt = _idNext;
|
441
|
+
uint64 adminInt = roleIdInt + 1;
|
237
442
|
|
238
|
-
|
239
|
-
|
443
|
+
_idNext = roleIdInt + 2;
|
444
|
+
|
445
|
+
roleId = RoleIdLib.toRoleId(roleIdInt);
|
446
|
+
admin = RoleIdLib.toRoleId(adminInt);
|
447
|
+
}
|
448
|
+
|
449
|
+
//--- Target internal view/pure functions --------------------------------------//
|
450
|
+
function _createTarget(address target, string memory targetName, IAccess.Type ttype)
|
451
|
+
internal
|
452
|
+
{
|
453
|
+
ShortString name = ShortStrings.toShortString(targetName);
|
454
|
+
_validateTarget(target, name, ttype);
|
455
|
+
|
456
|
+
if (_targetInfo[target].createdAt.gtz()) {
|
457
|
+
revert IAccess.ErrorIAccessTargetExists(target, _targetInfo[target].name);
|
240
458
|
}
|
241
|
-
|
242
|
-
|
459
|
+
|
460
|
+
if (_targetAddressForName[name] != address(0)) {
|
461
|
+
revert IAccess.ErrorIAccessTargetNameExists(
|
462
|
+
target,
|
463
|
+
_targetAddressForName[name],
|
464
|
+
name);
|
243
465
|
}
|
244
466
|
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
467
|
+
bool isLocked = _accessManager.isTargetClosed(target);// sync with state in access manager
|
468
|
+
_targetInfo[target] = IAccess.TargetInfo(
|
469
|
+
name,
|
470
|
+
ttype,
|
471
|
+
isLocked,
|
249
472
|
TimestampLib.blockTimestamp(),
|
250
|
-
TimestampLib.blockTimestamp()
|
251
|
-
|
252
|
-
|
253
|
-
_targetForName[info.name] = target;
|
473
|
+
TimestampLib.blockTimestamp()
|
474
|
+
);
|
475
|
+
_targetAddressForName[name] = target;
|
254
476
|
_targets.push(target);
|
477
|
+
|
478
|
+
emit LogTargetCreation(target, name, ttype, isLocked);
|
255
479
|
}
|
256
480
|
|
257
|
-
function
|
258
|
-
|
481
|
+
function _validateTarget(address target, ShortString name, IAccess.Type ttype)
|
482
|
+
internal
|
483
|
+
view
|
484
|
+
{
|
485
|
+
address targetAuthority = AccessManagedUpgradeable(target).authority();
|
486
|
+
if(targetAuthority != authority()) {
|
487
|
+
revert IAccess.ErrorIAccessTargetAuthorityInvalid(target, targetAuthority);
|
488
|
+
}
|
489
|
+
|
490
|
+
if (ShortStrings.byteLength(name) == 0) {
|
491
|
+
revert IAccess.ErrorIAccessTargetNameEmpty(target);
|
492
|
+
}
|
259
493
|
}
|
260
494
|
|
261
|
-
function
|
262
|
-
|
495
|
+
function _setTargetFunctionRole(
|
496
|
+
address target,
|
497
|
+
ShortString name,
|
263
498
|
bytes4[] calldata selectors,
|
264
499
|
RoleId roleId
|
265
|
-
)
|
266
|
-
|
267
|
-
|
500
|
+
)
|
501
|
+
internal
|
502
|
+
{
|
268
503
|
if (target == address(0)) {
|
269
|
-
revert IAccess.ErrorIAccessTargetDoesNotExist(
|
270
|
-
}
|
271
|
-
if (! roleExists(roleId)) {
|
272
|
-
revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
|
504
|
+
revert IAccess.ErrorIAccessTargetDoesNotExist(name);
|
273
505
|
}
|
274
|
-
uint64 roleIdInt = RoleId.unwrap(roleId);
|
275
|
-
_accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
|
276
|
-
}
|
277
506
|
|
278
|
-
|
279
|
-
|
280
|
-
if (target == address(0)) {
|
281
|
-
revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
|
507
|
+
if (!roleExists(roleId)) {
|
508
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
282
509
|
}
|
283
|
-
_accessManager.setTargetClosed(target, closed);
|
284
|
-
}
|
285
510
|
|
286
|
-
|
287
|
-
|
511
|
+
uint64 roleIdInt = RoleId.unwrap(roleId);
|
512
|
+
_accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
|
288
513
|
}
|
289
514
|
|
290
515
|
function canCall(
|