npm - @etherisc/gif-next - Versions diffs - 0.0.2-f2b0fa2-473 → 0.0.2-f4f92b3-338 - Mend

@etherisc/gif-next 0.0.2-f2b0fa2-473 → 0.0.2-f4f92b3-338

Files changed (267) hide show

package/contracts/instance/InstanceService.sol CHANGED Viewed

@@ -3,66 +3,311 @@ pragma solidity ^0.8.20;
 import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
-import {AccessManagerSimple} from "./AccessManagerSimple.sol";
-import {InstanceAccessManager} from "./InstanceAccessManager.sol";
 import {Instance} from "./Instance.sol";
+import {IInstance} from "./IInstance.sol";
+import {InstanceAccessManager} from "./InstanceAccessManager.sol";
 import {IInstanceService} from "./IInstanceService.sol";
-import {Service} from "../shared/Service.sol";
+import {InstanceReader} from "./InstanceReader.sol";
+import {BundleManager} from "./BundleManager.sol";
 import {IRegistry} from "../registry/IRegistry.sol";
+import {IRegistryService} from "../registry/IRegistryService.sol";
+import {ChainNft} from "../registry/ChainNft.sol";
+import {Service} from "../../contracts/shared/Service.sol";
 import {IService} from "../shared/IService.sol";
-import {ContractDeployerLib} from "../shared/ContractDeployerLib.sol";
-import {NftId, NftIdLib, zeroNftId} from "../types/NftId.sol";
+import {NftId} from "../../contracts/types/NftId.sol";
+import {RoleId} from "../types/RoleId.sol";
+import {ADMIN_ROLE, DISTRIBUTION_OWNER_ROLE, POOL_OWNER_ROLE, PRODUCT_OWNER_ROLE, INSTANCE_SERVICE_ROLE, DISTRIBUTION_SERVICE_ROLE, POOL_SERVICE_ROLE, PRODUCT_SERVICE_ROLE, POLICY_SERVICE_ROLE, BUNDLE_SERVICE_ROLE} from "../types/RoleId.sol";
+import {ObjectType, INSTANCE, BUNDLE, POLICY, PRODUCT, DISTRIBUTION, REGISTRY, POOL} from "../types/ObjectType.sol";
 contract InstanceService is Service, IInstanceService {
-    address internal _registryAddress;
-    address internal _accessManagerMaster;
-    address internal _instanceAccessManagerMaster;
-    address internal _instanceMaster;
+    address internal _masterInstanceAccessManager;
+    address internal _masterInstance;
+    address internal _masterInstanceReader;
+    address internal _masterInstanceBundleManager;
     // TODO update to real hash when instance is stable
     bytes32 public constant INSTANCE_CREATION_CODE_HASH = bytes32(0);
-    string public constant NAME = "InstanceService";
+    modifier onlyInstanceOwner(NftId instanceNftId) {
+        IRegistry registry = getRegistry();
+        ChainNft chainNft = registry.getChainNft();
+        if( msg.sender != chainNft.ownerOf(instanceNftId.toInt())) {
+            revert ErrorInstanceServiceNotInstanceOwner(msg.sender, instanceNftId);
+        }
+        _;
+    }
+    modifier onlyRegisteredService() {
+        address caller = msg.sender;
+        if (! getRegistry().isRegisteredService(caller)) {
+            revert ErrorInstanceServiceRequestUnauhorized(caller);
+        }
+        _;
+    }
     function createInstanceClone()
         external
         returns (
-            AccessManagerSimple am,
-            InstanceAccessManager im,
-            Instance i
+            InstanceAccessManager clonedAccessManager,
+            Instance clonedInstance,
+            NftId clonedInstanceNftId,
+            InstanceReader clonedInstanceReader,
+            BundleManager clonedBundleManager
         )
     {
-        am = AccessManagerSimple(Clones.clone(_accessManagerMaster));
-        im = InstanceAccessManager(Clones.clone(_instanceAccessManagerMaster));
-        i = Instance(Clones.clone(_instanceMaster));
+        address instanceOwner = msg.sender;
+        IRegistry registry = getRegistry();
+        address registryAddress = address(registry);
+        NftId registryNftId = registry.getNftId(registryAddress);
+        address registryServiceAddress = registry.getServiceAddress(REGISTRY(), getMajorVersion());
+        IRegistryService registryService = IRegistryService(registryServiceAddress);
+        // initially set the authority of the access managar to this (being the instance service).
+        // This will allow the instance service to bootstrap the authorizations of the instance
+        // and then transfer the ownership of the access manager to the instance owner once everything is setup
+        clonedAccessManager = InstanceAccessManager(Clones.clone(_masterInstanceAccessManager));
+        clonedAccessManager.initialize(address(this));
+        clonedInstance = Instance(Clones.clone(_masterInstance));
+        clonedInstance.initialize(address(clonedAccessManager), registryAddress, registryNftId, msg.sender);
+        clonedInstanceReader = InstanceReader(Clones.clone(address(_masterInstanceReader)));
+        clonedInstanceReader.initialize(registryAddress, address(clonedInstance));
+        clonedInstance.setInstanceReader(clonedInstanceReader);
+        clonedBundleManager = BundleManager(Clones.clone(_masterInstanceBundleManager));
+        clonedBundleManager.initialize(address(clonedAccessManager), registryAddress, address(clonedInstance));
+        clonedInstance.setBundleManager(clonedBundleManager);
+        // TODO amend setters with instance specific , policy manager ...
+        _grantInitialAuthorizations(clonedAccessManager, clonedInstance, clonedBundleManager);
+        // to complete setup switch instance ownership to the instance owner
+        // TODO: use a role less powerful than admin, maybe INSTANCE_ADMIN (does not exist yet)
+        clonedAccessManager.grantRole(ADMIN_ROLE(), instanceOwner);
+        clonedAccessManager.revokeRole(ADMIN_ROLE(), address(this));
+        IRegistry.ObjectInfo memory info = registryService.registerInstance(clonedInstance, instanceOwner);
+        clonedInstanceNftId = info.nftId;
+        // clonedInstance.linkToRegisteredNftId();
+        emit LogInstanceCloned(address(clonedAccessManager), address(clonedInstance), address(clonedInstanceReader), clonedInstanceNftId);
     }
-    function setAccessManagerMaster(address accessManager) external {
-        _accessManagerMaster = accessManager;
+    function _grantInitialAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance, BundleManager clonedBundleManager) internal {
+        _createGifRoles(clonedAccessManager);
+        _createGifTargets(clonedAccessManager, clonedInstance, clonedBundleManager);
+        _grantDistributionServiceAuthorizations(clonedAccessManager, clonedInstance);
+        _grantPoolServiceAuthorizations(clonedAccessManager, clonedInstance);
+        _grantProductServiceAuthorizations(clonedAccessManager, clonedInstance);
+        _grantPolicyServiceAuthorizations(clonedAccessManager, clonedInstance);
+        _grantBundleServiceAuthorizations(clonedAccessManager, clonedInstance, clonedBundleManager);
+        _grantInstanceServiceAuthorizations(clonedAccessManager, clonedInstance);
     }
-    function setInstanceAccessManagerMaster(address instanceAccessManager) external {
-        _instanceAccessManagerMaster = instanceAccessManager;
+    function _createGifRoles(InstanceAccessManager clonedAccessManager) internal {
+        clonedAccessManager.createGifRole(DISTRIBUTION_OWNER_ROLE(), "DistributionOwnerRole");
+        clonedAccessManager.createGifRole(POOL_OWNER_ROLE(), "PoolOwnerRole");
+        clonedAccessManager.createGifRole(PRODUCT_OWNER_ROLE(), "ProductOwnerRole");
+        clonedAccessManager.createGifRole(DISTRIBUTION_SERVICE_ROLE(), "DistributionServiceRole");
+        clonedAccessManager.createGifRole(POOL_SERVICE_ROLE(), "PoolServiceRole");
+        clonedAccessManager.createGifRole(PRODUCT_SERVICE_ROLE(), "ProductServiceRole");
+        clonedAccessManager.createGifRole(POLICY_SERVICE_ROLE(), "PolicyServiceRole");
+        clonedAccessManager.createGifRole(BUNDLE_SERVICE_ROLE(), "BundleServiceRole");
+        clonedAccessManager.createGifRole(INSTANCE_SERVICE_ROLE(), "InstanceServiceRole");
+    }
+    function _createGifTargets(InstanceAccessManager clonedAccessManager, Instance clonedInstance, BundleManager clonedBundleManager) internal {
+        clonedAccessManager.createGifTarget(address(clonedInstance), "Instance");
+        clonedAccessManager.createGifTarget(address(clonedBundleManager), "BundleManager");
+    }
+    function _grantDistributionServiceAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance) internal {
+        // configure authorization for distribution service on instance
+        IRegistry registry = getRegistry();
+        address distributionServiceAddress = registry.getServiceAddress(DISTRIBUTION(), getMajorVersion());
+        clonedAccessManager.grantRole(DISTRIBUTION_SERVICE_ROLE(), distributionServiceAddress);
+        bytes4[] memory instanceDistributionServiceSelectors = new bytes4[](2);
+        instanceDistributionServiceSelectors[0] = clonedInstance.createDistributionSetup.selector;
+        instanceDistributionServiceSelectors[1] = clonedInstance.updateDistributionSetup.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "Instance",
+            instanceDistributionServiceSelectors,
+            DISTRIBUTION_SERVICE_ROLE());
+    }
+    function _grantPoolServiceAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance) internal {
+        // configure authorization for pool service on instance
+        address poolServiceAddress = _registry.getServiceAddress(POOL(), getMajorVersion());
+        clonedAccessManager.grantRole(POOL_SERVICE_ROLE(), address(poolServiceAddress));
+        bytes4[] memory instancePoolServiceSelectors = new bytes4[](4);
+        instancePoolServiceSelectors[0] = clonedInstance.createPoolSetup.selector;
+        instancePoolServiceSelectors[1] = clonedInstance.updatePoolSetup.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "Instance",
+            instancePoolServiceSelectors,
+            POOL_SERVICE_ROLE());
+    }
+    function _grantProductServiceAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance) internal {
+        // configure authorization for product service on instance
+        address productServiceAddress = _registry.getServiceAddress(PRODUCT(), getMajorVersion());
+        clonedAccessManager.grantRole(PRODUCT_SERVICE_ROLE(), address(productServiceAddress));
+        bytes4[] memory instanceProductServiceSelectors = new bytes4[](5);
+        instanceProductServiceSelectors[0] = clonedInstance.createProductSetup.selector;
+        instanceProductServiceSelectors[1] = clonedInstance.updateProductSetup.selector;
+        instanceProductServiceSelectors[2] = clonedInstance.createRisk.selector;
+        instanceProductServiceSelectors[3] = clonedInstance.updateRisk.selector;
+        instanceProductServiceSelectors[4] = clonedInstance.updateRiskState.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "Instance",
+            instanceProductServiceSelectors,
+            PRODUCT_SERVICE_ROLE());
     }
-    function setInstanceMaster(address instance) external {
-        _instanceMaster = instance;
+    function _grantPolicyServiceAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance) internal {
+        // configure authorization for policy service on instance
+        address policyServiceAddress = _registry.getServiceAddress(POLICY(), getMajorVersion());
+        clonedAccessManager.grantRole(POLICY_SERVICE_ROLE(), address(policyServiceAddress));
+        bytes4[] memory instancePolicyServiceSelectors = new bytes4[](3);
+        instancePolicyServiceSelectors[0] = clonedInstance.createPolicy.selector;
+        instancePolicyServiceSelectors[1] = clonedInstance.updatePolicy.selector;
+        instancePolicyServiceSelectors[2] = clonedInstance.updatePolicyState.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "Instance",
+            instancePolicyServiceSelectors,
+            POLICY_SERVICE_ROLE());
     }
-    function getAccessManagerMaster() external view returns (address) { return address(_accessManagerMaster); }
-    function getInstanceAccessManagerMaster() external view returns (address) { return address(_instanceAccessManagerMaster); }
-    function getInstanceMaster() external view returns (address) { return address(_instanceMaster); }
+    function _grantBundleServiceAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance, BundleManager clonedBundleManager) internal {
+        // configure authorization for bundle service on instance
+        address bundleServiceAddress = _registry.getServiceAddress(BUNDLE(), getMajorVersion());
+        clonedAccessManager.grantRole(BUNDLE_SERVICE_ROLE(), address(bundleServiceAddress));
+        bytes4[] memory instanceBundleServiceSelectors = new bytes4[](2);
+        instanceBundleServiceSelectors[0] = clonedInstance.createBundle.selector;
+        instanceBundleServiceSelectors[1] = clonedInstance.updateBundle.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "Instance",
+            instanceBundleServiceSelectors,
+            BUNDLE_SERVICE_ROLE());
+        // configure authorization for bundle service on bundle manager
+        bytes4[] memory bundleManagerBundleServiceSelectors = new bytes4[](5);
+        bundleManagerBundleServiceSelectors[0] = clonedBundleManager.linkPolicy.selector;
+        bundleManagerBundleServiceSelectors[1] = clonedBundleManager.unlinkPolicy.selector;
+        bundleManagerBundleServiceSelectors[2] = clonedBundleManager.add.selector;
+        bundleManagerBundleServiceSelectors[3] = clonedBundleManager.lock.selector;
+        bundleManagerBundleServiceSelectors[4] = clonedBundleManager.unlock.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "BundleManager",
+            bundleManagerBundleServiceSelectors,
+            BUNDLE_SERVICE_ROLE());
+    }
+    function _grantInstanceServiceAuthorizations(InstanceAccessManager clonedAccessManager, Instance clonedInstance) internal {
+// configure authorization for instance service on instance
+        address instanceServiceAddress = _registry.getServiceAddress(INSTANCE(), getMajorVersion());
+        clonedAccessManager.grantRole(INSTANCE_SERVICE_ROLE(), instanceServiceAddress);
+        bytes4[] memory instanceInstanceServiceSelectors = new bytes4[](1);
+        instanceInstanceServiceSelectors[0] = clonedInstance.setInstanceReader.selector;
+        clonedAccessManager.setTargetFunctionRole(
+            "Instance",
+            instanceInstanceServiceSelectors,
+            INSTANCE_SERVICE_ROLE());
+    }
+    function setAndRegisterMasterInstance(
+        address accessManagerAddress,
+        address instanceAddress,
+        address instanceReaderAddress,
+        address bundleManagerAddress)
+            external
+            onlyOwner
+            returns(NftId masterInstanceNftId)
+    {
+        require(_masterInstanceAccessManager == address(0), "ERROR:CRD-001:ACCESS_MANAGER_MASTER_ALREADY_SET");
+        require(_masterInstance == address(0), "ERROR:CRD-002:INSTANCE_MASTER_ALREADY_SET");
+        require(_masterInstanceBundleManager == address(0), "ERROR:CRD-004:BUNDLE_MANAGER_MASTER_ALREADY_SET");
+        require (accessManagerAddress != address(0), "ERROR:CRD-005:ACCESS_MANAGER_ZERO");
+        require (instanceAddress != address(0), "ERROR:CRD-006:INSTANCE_ZERO");
+        require (instanceReaderAddress != address(0), "ERROR:CRD-007:INSTANCE_READER_ZERO");
+        require (bundleManagerAddress != address(0), "ERROR:CRD-008:BUNDLE_MANAGER_ZERO");
+        IInstance instance = IInstance(instanceAddress);
+        InstanceReader instanceReader = InstanceReader(instanceReaderAddress);
+        BundleManager bundleManager = BundleManager(bundleManagerAddress);
+        require(instance.authority() == accessManagerAddress, "ERROR:CRD-009:INSTANCE_AUTHORITY_MISMATCH");
+        require(instanceReader.getInstance() == instance, "ERROR:CRD-010:INSTANCE_READER_INSTANCE_MISMATCH");
+        require(bundleManager.getInstance() == instance, "ERROR:CRD-011:BUNDLE_MANAGER_INSTANCE_MISMATCH");
+        _masterInstanceAccessManager = accessManagerAddress;
+        _masterInstance = instanceAddress;
+        _masterInstanceReader = instanceReaderAddress;
+        _masterInstanceBundleManager = bundleManagerAddress;
+        IRegistryService registryService = IRegistryService(getRegistry().getServiceAddress(REGISTRY(), getMajorVersion()));
+        IInstance masterInstance = IInstance(_masterInstance);
+        IRegistry.ObjectInfo memory info = registryService.registerInstance(masterInstance, getOwner());
+        masterInstanceNftId = info.nftId;
+        // masterInstance.linkToRegisteredNftId();
+    }
+    function setMasterInstanceReader(address instanceReaderAddress) external onlyOwner {
+        require(_masterInstanceReader != address(0), "ERROR:CRD-003:INSTANCE_READER_MASTER_NOT_SET");
+        require (instanceReaderAddress != address(0), "ERROR:CRD-012:INSTANCE_READER_ZERO");
+        require(instanceReaderAddress != _masterInstanceReader, "ERROR:CRD-014:INSTANCE_READER_MASTER_SAME_AS_NEW");
+        InstanceReader instanceReader = InstanceReader(instanceReaderAddress);
+        require(instanceReader.getInstance() == IInstance(_masterInstance), "ERROR:CRD-015:INSTANCE_READER_INSTANCE_MISMATCH");
+        _masterInstanceReader = instanceReaderAddress;
+    }
+    // TODO access restriction
+    function upgradeInstanceReader(NftId instanceNftId) external {
+        IRegistry registry = getRegistry();
+        IRegistry.ObjectInfo memory instanceInfo = registry.getObjectInfo(instanceNftId);
+        Instance instance = Instance(instanceInfo.objectAddress);
+        address owner = instance.getOwner();
+        if (msg.sender != owner) {
+            revert ErrorInstanceServiceRequestUnauhorized(msg.sender);
+        }
+        InstanceReader upgradedInstanceReaderClone = InstanceReader(Clones.clone(address(_masterInstanceReader)));
+        upgradedInstanceReaderClone.initialize(address(registry), address(instance));
+        instance.setInstanceReader(upgradedInstanceReaderClone);
+    }
+    function getMasterInstanceReader() external view returns (address) {
+        return _masterInstanceReader;
+    }
+    function getMasterInstance() external view returns (address) {
+        return _masterInstance;
+    }
+    function getMasterInstanceAccessManager() external view returns (address) {
+        return _masterInstanceAccessManager;
+    }
+    function getMasterInstanceBundleManager() external view returns (address) {
+        return _masterInstanceBundleManager;
+    }
     // From IService
-    function getName() public pure override(IService, Service) returns(string memory) {
-        return NAME;
+    function getDomain() public pure override(Service, IService) returns(ObjectType) {
+        return INSTANCE();
     }
     /// @dev top level initializer
-    // 1) registry is non upgradeable -> don't need a proxy and uses constructor !
-    // 2) deploy registry service first -> from its initialization func it is easier to deploy registry then vice versa
-    // 3) deploy registry -> pass registry service address as constructor argument
-    // registry is getting instantiated and locked to registry service address forever
     function _initialize(
         address owner,
         bytes memory data
@@ -71,32 +316,47 @@ contract InstanceService is Service, IInstanceService {
         initializer
         virtual override
     {
-        // bytes memory encodedConstructorArguments = abi.encode(
-        //     _registryAddress);
+        address initialOwner;
+        address registryAddress;
+        (registryAddress, initialOwner) = abi.decode(data, (address, address));
+        // TODO while InstanceService is not deployed in InstanceServiceManager constructor
+        //      owner is InstanceServiceManager deployer
+        _initializeService(registryAddress, owner);
+        _registerInterface(type(IInstanceService).interfaceId);
+    }
-        // bytes memory instanceCreationCode = ContractDeployerLib.getCreationCode(
-        //     instanceByteCodeWithInitCode,
-        //     encodedConstructorArguments);
+    function hasRole(address account, RoleId role, address instanceAddress) public view returns (bool) {
+        Instance instance = Instance(instanceAddress);
+        InstanceAccessManager accessManager = InstanceAccessManager(instance.authority());
+        return accessManager.hasRole(role, account);
+    }
-        // address instanceAddress = ContractDeployerLib.deploy(
-        //     instanceCreationCode,
-        //     INSTANCE_CREATION_CODE_HASH);
+    function createTarget(NftId instanceNftId, address targetAddress, string memory targetName) external onlyRegisteredService {
+        IRegistry registry = getRegistry();
+        IRegistry.ObjectInfo memory instanceInfo = registry.getObjectInfo(instanceNftId);
+        Instance instance = Instance(instanceInfo.objectAddress);
+        InstanceAccessManager accessManager = InstanceAccessManager(instance.authority());
+        accessManager.createTarget(targetAddress, targetName);
+    }
-        address initialOwner = address(0);
-        (_registryAddress, initialOwner) = abi.decode(data, (address, address));
+    function setTargetLocked(string memory targetName, bool locked) external {
+        address componentAddress = msg.sender;
+        IRegistry registry = getRegistry();
+        IRegistry.ObjectInfo memory componentInfo = registry.getObjectInfo(componentAddress);
+        if (componentInfo.nftId.eqz()) {
+            revert ErrorInstanceServiceComponentNotRegistered(componentAddress);
+        }
-        // // TODO register instance in registry
-        IRegistry registry = IRegistry(_registryAddress);
-        NftId registryNftId = registry.getNftId(_registryAddress);
+        // TODO validate component type
-        _initializeService(_registryAddress, initialOwner);
-        _registerInterface(type(IService).interfaceId);
-        _registerInterface(type(IInstanceService).interfaceId);
-    }
-    function getInstance() external view returns (Instance) {
-        return Instance(address(this));
+        address instanceAddress = registry.getObjectInfo(componentInfo.parentNftId).objectAddress;
+        IInstance instance = IInstance(instanceAddress);
+        InstanceAccessManager accessManager = InstanceAccessManager(instance.authority());
+        accessManager.setTargetClosed(targetName, locked);
     }
 }

package/contracts/instance/InstanceServiceManager.sol CHANGED Viewed

@@ -7,7 +7,7 @@ import {ProxyManager} from "../shared/ProxyManager.sol";
 import {InstanceService} from "./InstanceService.sol";
 import {Registry} from "../registry/Registry.sol";
 import {RegistryService} from "../registry/RegistryService.sol";
-import {VersionLib} from "../types/Version.sol";
+import {REGISTRY} from "../types/ObjectType.sol";
 contract InstanceServiceManager is ProxyManager {
@@ -28,20 +28,18 @@ contract InstanceServiceManager is ProxyManager {
         _instanceService = InstanceService(address(versionable));
-        Registry registry = Registry(registryAddress);
-        address registryServiceAddress = registry.getServiceAddress("RegistryService", VersionLib.toVersion(3, 0, 0).toMajorPart());
-        RegistryService registryService = RegistryService(registryServiceAddress);
-        registryService.registerService(_instanceService);
+        // TODO `this` must have a role or own nft to register service
+        //Registry registry = Registry(registryAddress);
+        //address registryServiceAddress = registry.getServiceAddress(REGISTRY(), _instanceService.getMajorVersion());
+        //RegistryService registryService = RegistryService(registryServiceAddress);
+        //registryService.registerService(_instanceService);
         // RegistryService registryService = _instanceService.getRegistryService();
+        // TODO no nft to link yet
         // link ownership of instance service manager ot nft owner of instance service
-        _linkToNftOwnable(
-            address(registryAddress),
-            address(_instanceService));
-        // implies that after this constructor call only upgrade functionality is available
-        _isDeployed = true;
+        //_linkToNftOwnable(
+        //    address(registryAddress),
+        //    address(_instanceService));
     }
     //--- view functions ----------------------------------------------------//

package/contracts/instance/ObjectManager.sol ADDED Viewed

@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {Cloneable} from "./Cloneable.sol";
+import {IInstance} from "./IInstance.sol";
+import {INSTANCE} from "../types/ObjectType.sol";
+import {InstanceReader} from "./InstanceReader.sol";
+import {IRegistry} from "../registry/IRegistry.sol";
+import {LibNftIdSet} from "../types/NftIdSet.sol";
+import {NftId} from "../types/NftId.sol";
+contract ObjectManager is
+    Cloneable
+{
+    event LogObjectManagerInitialized(address instance);
+    error ErrorObjectManagerNftIdInvalid(NftId instanceNftId);
+    error ErrorObjectManagerAlreadyAdded(NftId componentNftId, NftId objectNftId);
+    mapping(NftId compnentNftId => LibNftIdSet.Set objects) internal _activeObjects;
+    mapping(NftId compnentNftId => LibNftIdSet.Set objects) internal _allObjects;
+    IInstance internal _instance; // store instance address -> more flexible, instance may not be registered during ObjectManager initialization
+    /// @dev call to initialize MUST be made in the same transaction as cloning of the contract
+    function initialize(
+        address authority,
+        address registry,
+        address instance
+    )
+        external
+    {
+        initialize(authority, registry);
+        _instance = IInstance(instance);
+        emit LogObjectManagerInitialized(instance);
+    }
+    function getInstance() external view returns (IInstance) {
+        return _instance;
+    }
+    function _add(NftId componentNftId, NftId objectNftId) internal {
+        LibNftIdSet.Set storage allSet = _allObjects[componentNftId];
+        LibNftIdSet.Set storage activeSet = _activeObjects[componentNftId];
+        LibNftIdSet.add(allSet, objectNftId);
+        LibNftIdSet.add(activeSet, objectNftId);
+    }
+    function _activate(NftId componentNftId, NftId objectNftId) internal {
+        LibNftIdSet.add(_activeObjects[componentNftId], objectNftId);
+    }
+    function _deactivate(NftId componentNftId, NftId objectNftId) internal {
+        LibNftIdSet.remove(_activeObjects[componentNftId], objectNftId);
+    }
+    function _objects(NftId componentNftId) internal view returns (uint256) {
+        return LibNftIdSet.size(_allObjects[componentNftId]);
+    }
+    function _contains(NftId componentNftId, NftId objectNftId) internal view returns (bool) {
+        return LibNftIdSet.contains(_allObjects[componentNftId], objectNftId);
+    }
+    function _getObject(NftId componentNftId, uint256 idx) internal view returns (NftId) {
+        return LibNftIdSet.getElementAt(_allObjects[componentNftId], idx);
+    }
+    function _activeObjs(NftId componentNftId) internal view returns (uint256)  {
+        return LibNftIdSet.size(_activeObjects[componentNftId]);
+    }
+    function _isActive(NftId componentNftId, NftId objectNftId) internal view returns (bool) {
+        return LibNftIdSet.contains(_activeObjects[componentNftId], objectNftId);
+    }
+    function _getActiveObject(NftId componentNftId, uint256 idx) internal view returns (NftId) {
+        return LibNftIdSet.getElementAt(_activeObjects[componentNftId], idx);
+    }
+}

package/contracts/instance/base/ComponentService.sol ADDED Viewed

@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.19;
+import {IComponent} from "../../components/IComponent.sol";
+import {IRegistry} from "../../registry/IRegistry.sol";
+import {IRegistryService} from "../../registry/IRegistryService.sol";
+import {IInstance} from "../../instance/IInstance.sol";
+import {IAccess} from "../module/IAccess.sol";
+import {ObjectType, INSTANCE, REGISTRY} from "../../types/ObjectType.sol";
+import {NftId} from "../../types/NftId.sol";
+import {RoleId} from "../../types/RoleId.sol";
+import {Service} from "../../shared/Service.sol";
+import {InstanceService} from "../InstanceService.sol";
+import {InstanceAccessManager} from "../InstanceAccessManager.sol";
+abstract contract ComponentService is Service {
+    error ErrorComponentServiceAlreadyRegistered(address component, NftId nftId);
+    error ErrorComponentServiceNotComponent(address component);
+    error ErrorComponentServiceInvalidType(address component, ObjectType requiredType, ObjectType componentType);
+    error ErrorComponentServiceSenderNotOwner(address component, address initialOwner, address sender);
+    error ErrorComponentServiceExpectedRoleMissing(NftId instanceNftId, RoleId requiredRole, address sender);
+    error ErrorComponentServiceComponentLocked(address component);
+    /// @dev modifier to check if caller is a registered service
+    modifier onlyService() {
+        address caller = msg.sender;
+        require(getRegistry().isRegisteredService(caller), "ERROR_NOT_SERVICE");
+        _;
+    }
+    // view functions
+    function getRegistryService() public view virtual returns (IRegistryService) {
+        address service = getRegistry().getServiceAddress(REGISTRY(), getMajorVersion());
+        return IRegistryService(service);
+    }
+    function getInstanceService() public view returns (InstanceService) {
+        address service = getRegistry().getServiceAddress(INSTANCE(), getMajorVersion());
+        return InstanceService(service);
+    }
+    // internal functions
+    function _checkComponentForRegistration(
+        address componentAddress,
+        ObjectType requiredType,
+        RoleId requiredRole
+    )
+        internal
+        view
+        returns (
+            IComponent component,
+            address owner,
+            IInstance instance,
+            NftId instanceNftId
+        )
+    {
+        // component may only be registerd by initial owner of component
+        owner = msg.sender;
+        // check component has not already been registerd
+        NftId compoentNftId = _registry.getNftId(componentAddress);
+        if(compoentNftId.gtz()) {
+            revert ErrorComponentServiceAlreadyRegistered(componentAddress, compoentNftId);
+        }
+        // check this is a component
+        component = IComponent(componentAddress);
+        if(!component.supportsInterface(type(IComponent).interfaceId)) {
+            revert ErrorComponentServiceNotComponent(componentAddress);
+        }
+        // check component is of required type
+        IRegistry.ObjectInfo memory componentInfo = component.getInitialInfo();
+        if(componentInfo.objectType != requiredType) {
+            revert ErrorComponentServiceInvalidType(componentAddress, requiredType, componentInfo.objectType);
+        }
+        // check msg.sender is component owner
+        address initialOwner = componentInfo.initialOwner;
+        if(owner != initialOwner) {
+            revert ErrorComponentServiceSenderNotOwner(componentAddress, componentInfo.initialOwner, owner);
+        }
+        // check instance has assigned required role to owner
+        instanceNftId = componentInfo.parentNftId;
+        instance = _getInstance(instanceNftId);
+        bool hasRole = getInstanceService().hasRole(
+            owner,
+            requiredRole,
+            address(instance));
+        if(!hasRole) {
+            revert ErrorComponentServiceExpectedRoleMissing(instanceNftId, requiredRole, owner);
+        }
+    }
+    // internal view functions
+    function _getInstance(NftId instanceNftId) internal view returns (IInstance) {
+        IRegistry.ObjectInfo memory instanceInfo = getRegistry().getObjectInfo(instanceNftId);
+        return IInstance(instanceInfo.objectAddress);
+    }
+    function _getAndVerifyComponentInfoAndInstance(
+        //address component,
+        ObjectType expectedType
+    )
+        internal
+        view
+        returns(
+            IRegistry.ObjectInfo memory info,
+            IInstance instance
+        )
+    {
+        IRegistry registry = getRegistry();
+        //TODO redundant check -> just check type
+        //NftId componentNftId = registry.getNftId(component);
+        //require(componentNftId.gtz(), "ERROR_COMPONENT_UNKNOWN");
+        info = registry.getObjectInfo(msg.sender);
+        require(info.objectType == expectedType, "OBJECT_TYPE_INVALID");
+        address instanceAddress = registry.getObjectInfo(info.parentNftId).objectAddress;
+        instance = IInstance(instanceAddress);
+        InstanceAccessManager accessManager = InstanceAccessManager(instance.authority());
+        if (accessManager.isTargetLocked(info.objectAddress)) {
+            revert IAccess.ErrorIAccessTargetLocked(info.objectAddress);
+        }
+    }
+}