npm - @etherisc/gif-next - Versions diffs - 0.0.2-f36fd21-685 → 0.0.2-f47f21f-178 - Mend

@etherisc/gif-next 0.0.2-f36fd21-685 → 0.0.2-f47f21f-178

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (454) hide show

package/contracts/authorization/AccessAdmin.sol CHANGED Viewed

@@ -6,11 +6,12 @@ import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet
 import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
 import {AccessManagerCloneable} from "./AccessManagerCloneable.sol";
+import {ContractLib} from "../shared/ContractLib.sol";
 import {IAccessAdmin} from "./IAccessAdmin.sol";
 import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {Selector, SelectorLib, SelectorSetLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
-import {Timestamp, TimestampLib} from "../type/Timestamp.sol";
+import {TimestampLib} from "../type/Timestamp.sol";
 /**
@@ -79,9 +80,7 @@ contract AccessAdmin is
     }
     modifier onlyRoleAdmin(RoleId roleId) {
-        if (!roleExists(roleId)) {
-            revert ErrorRoleUnknown(roleId);
-        }
+        _checkRoleExists(roleId, false);
         if (!hasAdminRole(msg.sender, roleId)) {
             revert ErrorNotAdminOfRole(_roleInfo[roleId].adminRoleId);
@@ -96,8 +95,8 @@ contract AccessAdmin is
         _;
     }
-    modifier onlyExistingRole(RoleId roleId) {
-        _checkRoleId(roleId);
+    modifier onlyExistingRole(RoleId roleId, bool onlyActiveRole) {
+        _checkRoleExists(roleId, onlyActiveRole);
         _;
     }
@@ -113,7 +112,6 @@ contract AccessAdmin is
         _setAuthority(address(_authority)); // set authority for oz access managed
         _createAdminAndPublicRoles();
-        _disableInitializers();
     }
     //--- view functions for roles ------------------------------------------//
@@ -219,18 +217,6 @@ contract AccessAdmin is
                 selector.toBytes4()));
     }
-    function isAccessManaged(address target) public view returns (bool) {
-        if (!_isContract(target)) {
-            return false;
-        }
-        (bool success, ) = target.staticcall(
-            abi.encodeWithSelector(
-                AccessManagedUpgradeable.authority.selector));
-        return success;
-    }
     function canCall(address caller, address target, Selector selector) external virtual view returns (bool can) {
         (can, ) = _authority.canCall(caller, target, selector.toBytes4());
     }
@@ -241,7 +227,8 @@ contract AccessAdmin is
             adminRoleId: adminRoleId,
             roleType: roleType,
             maxMemberCount: maxMemberCount,
-            createdAt: TimestampLib.blockTimestamp()
+            createdAt: TimestampLib.blockTimestamp(),
+            pausedAt: TimestampLib.max()
         });
     }
@@ -349,7 +336,6 @@ contract AccessAdmin is
         internal
     {
         RoleId adminRoleId = RoleIdLib.toRoleId(_authority.ADMIN_ROLE());
-        FunctionInfo[] memory functions;
         // setup admin role
         _createRoleUnchecked(
@@ -373,14 +359,6 @@ contract AccessAdmin is
                 name: PUBLIC_ROLE_NAME}));
     }
-    /// @dev check if target exists and reverts if it doesn't
-    function _checkTarget(address target)
-        internal
-    {
-        if (_targetInfo[target].createdAt.eqz()) {
-            revert ErrorTargetUnknown(target);
-        }
-    }
     /// @dev grant the specified role access to all functions in the provided selector list
     function _grantRoleAccessToFunctions(
@@ -398,22 +376,26 @@ contract AccessAdmin is
         // implizit logging: rely on OpenZeppelin log TargetFunctionRoleUpdated
     }
     /// @dev grant the specified role to the provided account
     function _grantRoleToAccount(RoleId roleId, address account)
         internal
+        onlyExistingRole(roleId, true)
     {
-        _checkRoleId(roleId);
         // check max role members will not be exceeded
         if (_roleMembers[roleId].length() >= _roleInfo[roleId].maxMemberCount) {
             revert ErrorRoleMembersLimitReached(roleId, _roleInfo[roleId].maxMemberCount);
         }
         // check account is contract for contract role
-        // TODO implement
-        if (_roleInfo[roleId].roleType == RoleType.Contract) {
+        if (
+            _roleInfo[roleId].roleType == RoleType.Contract &&
+            !ContractLib.isContract(account) // will fail in account's constructor
+        ) {
+            revert ErrorRoleMemberNotContract(roleId, account);
         }
+        // TODO check account already have roleId
         _roleMembers[roleId].add(account);
         _authority.grantRole(
             RoleId.unwrap(roleId),
@@ -426,14 +408,15 @@ contract AccessAdmin is
     /// @dev revoke the specified role from the provided account
     function _revokeRoleFromAccount(RoleId roleId, address account)
         internal
+        onlyExistingRole(roleId, false)
     {
-        _checkRoleId(roleId);
         // check role removal is permitted
         if (_roleInfo[roleId].roleType == RoleType.Contract) {
-            revert ErrorRoleRemovalDisabled(roleId);
+            revert ErrorRoleMemberRemovalDisabled(roleId, account);
         }
+        // TODO check account have roleId?
         _roleMembers[roleId].remove(account);
         _authority.revokeRole(
             RoleId.unwrap(roleId),
@@ -443,21 +426,6 @@ contract AccessAdmin is
     }
-    function _checkRoleId(RoleId roleId)
-        internal
-    {
-        if (_roleInfo[roleId].createdAt.eqz()) {
-            revert ErrorRoleUnknown(roleId);
-        }
-        uint64 roleIdInt = RoleId.unwrap(roleId);
-        if (roleIdInt == _authority.ADMIN_ROLE()
-            || roleIdInt == _authority.PUBLIC_ROLE())
-        {
-            revert ErrorRoleIsLocked(roleId);
-        }
-    }
     /// @dev Creates a role based on the provided parameters.
     /// Checks that the provided role and role id and role name not already used.
     function _createRole(
@@ -548,7 +516,7 @@ contract AccessAdmin is
         }
         // check target is an access managed contract
-        if (!isAccessManaged(target)) {
+        if (!ContractLib.isAccessManaged(target)) {
             revert ErrorTargetNotAccessManaged(target);
         }
@@ -576,16 +544,53 @@ contract AccessAdmin is
         emit LogTargetCreated(target, targetName);
     }
-    function _isContract(address target)
+    function _setTargetClosed(address target, bool locked)
+        internal
+    {
+        _checkTarget(target);
+        // target locked/unlocked already
+        if(_authority.isTargetClosed(target) == locked) {
+            revert ErrorTargetAlreadyLocked(target, locked);
+        }
+        _authority.setTargetClosed(target, locked);
+    }
+    function _checkRoleExists(
+        RoleId roleId,
+        bool onlyActiveRole
+    )
         internal
-        view
-        returns (bool)
+        view
     {
-        uint256 size;
-        assembly {
-            size := extcodesize(target)
+        if (!roleExists(roleId)) {
+            revert ErrorRoleUnknown(roleId);
+        }
+        uint64 roleIdInt = RoleId.unwrap(roleId);
+        if (roleIdInt == _authority.ADMIN_ROLE()
+            || roleIdInt == _authority.PUBLIC_ROLE())
+        {
+            revert ErrorRoleIsLocked(roleId);
+        }
+        // check if role is disabled
+        if (onlyActiveRole && _roleInfo[roleId].pausedAt <= TimestampLib.blockTimestamp()) {
+            revert ErrorRoleIsPaused(roleId);
+        }
+    }
+    /// @dev check if target exists and reverts if it doesn't
+    function _checkTarget(address target)
+        internal
+        view
+    {
+        if (!targetExists(target)) {
+            revert ErrorTargetUnknown(target);
         }
-        return size > 0;
     }
 }

package/contracts/authorization/Authorization.sol CHANGED Viewed

@@ -11,60 +11,74 @@ import {TimestampLib} from "../type/Timestamp.sol";
 import {VersionPart, VersionPartLib} from "../type/Version.sol";
 contract Authorization
-     is IAuthorization
+    is IAuthorization
 {
-     uint256 public constant GIF_VERSION = 3;
-     string public constant ROLE_NAME_SUFFIX = "Role";
-     string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
+    uint256 public constant GIF_RELEASE = 3;
-     string internal _mainTargetName = "Component";
-     Str[] internal _targets;
+    string public constant ROLE_NAME_SUFFIX = "Role";
+    string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
-     mapping(Str target => RoleId roleid) internal _targetRole;
-     mapping(Str target => bool exists) internal _targetExists;
+    ObjectType[] internal _serviceDomains;
+    mapping(ObjectType domain => Str target) internal _serviceTarget;
-     RoleId[] internal _roles;
-     mapping(RoleId role => RoleInfo info) internal _roleInfo;
+    string internal _mainTargetName = "Component";
+    Str[] internal _targets;
-     mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
-     mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
+    mapping(Str target => RoleId roleid) internal _targetRole;
+    mapping(Str target => bool exists) internal _targetExists;
+    RoleId[] internal _roles;
+    mapping(RoleId role => RoleInfo info) internal _roleInfo;
-     constructor(string memory mainTargetName) {
-          _mainTargetName = mainTargetName;
+    mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
+    mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
-          _setupRoles();
-          _setupTargets();
-          _setupTargetAuthorizations();
+    constructor(string memory mainTargetName) {
+        _mainTargetName = mainTargetName;
+        _setupServiceTargets();
+        _setupRoles();
+        _setupTargets();
+        _setupTargetAuthorizations();
+    }
+     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains) {
+          return _serviceDomains;
+     }
+     function getServiceRole(ObjectType serviceDomain) public virtual pure returns (RoleId serviceRoleId) {
+          return RoleIdLib.roleForTypeAndVersion(
+               serviceDomain,
+               getRelease());
      }
-     function getRelease() public virtual pure returns(VersionPart release) {
-          return VersionPartLib.toVersionPart(GIF_VERSION);
+     function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget) {
+          return _serviceTarget[serviceDomain];
      }
      function getRoles() external view returns(RoleId[] memory roles) {
           return _roles;
      }
-     function getServiceRole(ObjectType serviceDomain) public virtual pure returns (RoleId serviceRoleId) {
-          return RoleIdLib.roleForTypeAndVersion(
-               serviceDomain, getRelease());
+     function roleExists(RoleId roleId) public view returns(bool exists) {
+          return _roleInfo[roleId].roleType != RoleType.Undefined;
      }
      function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory info) {
           return _roleInfo[roleId];
      }
-     function roleExists(RoleId roleId) public view returns(bool exists) {
-          return _roleInfo[roleId].roleType != RoleType.Undefined;
+     function getTargetName() public virtual view returns (string memory name) {
+          return _mainTargetName;
      }
-     function getTarget() public view returns(Str) {
-          if (_targets.length > 0) {
-               return _targets[0];
-          }
+     function getMainTarget() public view returns(Str) {
+          return getTarget(_mainTargetName);
+     }
-          return StrLib.toStr("");
+     function getTarget(string memory targetName) public view returns(Str target) {
+          return StrLib.toStr(targetName);
      }
      function getTargets() external view returns(Str[] memory targets) {
@@ -87,26 +101,60 @@ contract Authorization
           return _authorizedFunctions[target][roleId];
      }
-     function getTargetName() public virtual view returns (string memory name) {
-          return _mainTargetName;
-     }
+    function getRelease() public virtual pure returns(VersionPart release) {
+        return VersionPartLib.toVersionPart(GIF_RELEASE);
+    }
+     /// @dev Sets up the relevant service targets for the component.
+     /// Overwrite this function for a specific component.
+     function _setupServiceTargets() internal virtual { }
-     /// @dev Overwrite this function for a specific realease.
-     /// The first target added represents the components/module main target.
+     /// @dev Sets up the relevant (non-service) targets for the component.
+     /// Overwrite this function for a specific component.
      function _setupTargets() internal virtual { }
-     /// @dev Overwrite this function for a specific realease.
+     /// @dev Sets up the relevant roles for the component.
+     /// Overwrite this function for a specific component.
      function _setupRoles() internal virtual {}
-     /// @dev Overwrite this function for a specific realease.
+     /// @dev Sets up the relevant target authorizations for the component.
+     /// Overwrite this function for a specific realease.
      function _setupTargetAuthorizations() internal virtual {}
+     /// @dev Add the service target role for the specified service domain
+     function _addServiceTargetWithRole(ObjectType serviceDomain) internal {
+          // add service domain
+          _serviceDomains.push(serviceDomain);
+          // get versioned target name
+          string memory serviceTargetName = ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    "Service",
+                    getRelease().toInt());
+          _serviceTarget[serviceDomain] = StrLib.toStr(serviceTargetName);
+          RoleId serviceRoleId = getServiceRole(serviceDomain);
+          string memory serviceRoleName = ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    "ServiceRole",
+                    getRelease().toInt());
+          _addTargetWithRole(
+               serviceTargetName,
+               serviceRoleId,
+               serviceRoleName);
+     }
      /// @dev Use this method to to add an authorized role.
      function _addRole(RoleId roleId, RoleInfo memory info) internal {
           _roles.push(roleId);
           _roleInfo[roleId] = info;
      }
      /// @dev Add a contract role for the provided role id and name.
      function _addContractRole(RoleId roleId, string memory name) internal {
           _addRole(
@@ -118,6 +166,7 @@ contract Authorization
                     name));
      }
      /// @dev Add the versioned service role for the specified service domain
      function _addServiceRole(ObjectType serviceDomain) internal {
           _addContractRole(
@@ -128,15 +177,21 @@ contract Authorization
                     getRelease().toInt()));
      }
      function _addComponentTargetWithRole(ObjectType componentType) internal {
+          _addComponentTargetWithRole(componentType, 0);
+     }
+     function _addComponentTargetWithRole(ObjectType componentType, uint64 index) internal {
           _addTargetWithRole(
                getTargetName(),
-               RoleIdLib.toComponentRoleId(componentType, 0),
+               RoleIdLib.toComponentRoleId(componentType, index),
                _toTargetRoleName(
                     getTargetName()));
      }
      /// @dev Add a contract role for the provided role id and name.
      function _addCustomRole(RoleId roleId, RoleId adminRoleId, uint32 maxMemberCount, string memory name) internal {
           _addRole(
@@ -174,11 +229,13 @@ contract Authorization
           }
      }
      /// @dev Use this method to to add an authorized target.
      function _addTarget(string memory name) internal {
           _addTargetWithRole(name, RoleIdLib.zero(), "");
      }
      /// @dev Use this method to authorize the specified role to access the target.
      function _authorizeForTarget(string memory target, RoleId authorizedRoleId)
           internal
@@ -189,6 +246,7 @@ contract Authorization
           return _authorizedFunctions[targetStr][authorizedRoleId];
      }
      /// @dev Use this method to authorize a specific function authorization
      function _authorize(IAccess.FunctionInfo[] storage functions, bytes4 selector, string memory name) internal {
           functions.push(
@@ -198,13 +256,25 @@ contract Authorization
                     createdAt: TimestampLib.blockTimestamp()}));
      }
-     function _toTargetRoleName(string memory targetName) internal view returns (string memory) {
+     /// @dev role id for targets registry, staking and instance
+     function _toTargetRoleId(ObjectType targetDomain)
+          internal
+          pure
+          returns (RoleId targetRoleId)
+     {
+          return RoleIdLib.roleForType(targetDomain);
+     }
+     function _toTargetRoleName(string memory targetName) internal pure returns (string memory) {
           return string(
                abi.encodePacked(
                     targetName,
                     ROLE_NAME_SUFFIX));
      }
      /// @dev creates a role info object from the provided parameters
      function _toRoleInfo(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) internal view returns (RoleInfo memory info) {
           return RoleInfo({
@@ -212,7 +282,8 @@ contract Authorization
                adminRoleId: adminRoleId,
                roleType: roleType,
                maxMemberCount: maxMemberCount,
-               createdAt: TimestampLib.blockTimestamp()});
+               createdAt: TimestampLib.blockTimestamp(),
+               pausedAt: TimestampLib.max()});
      }
 }

package/contracts/authorization/IAccess.sol CHANGED Viewed

@@ -21,6 +21,7 @@ interface IAccess {
         uint32 maxMemberCount;
         Str name;
         Timestamp createdAt;
+        Timestamp pausedAt;
     }
     struct TargetInfo {

package/contracts/authorization/IAccessAdmin.sol CHANGED Viewed

@@ -41,9 +41,10 @@ interface IAccessAdmin is
     // grant/revoke/renounce role
     error ErrorRoleUnknown(RoleId roleId);
     error ErrorRoleIsLocked(RoleId roleId);
-    error ErrorRoleIsDisabled(RoleId roleId);
+    error ErrorRoleIsPaused(RoleId roleId);
     error ErrorRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
-    error ErrorRoleRemovalDisabled(RoleId roleId);
+    error ErrorRoleMemberNotContract(RoleId roleId, address notContract);
+    error ErrorRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
     // create target
     error ErrorTargetAlreadyCreated(address target, string name);
@@ -54,6 +55,7 @@ interface IAccessAdmin is
     // lock target
     error ErrorTagetNotLockable();
+    error ErrorTargetAlreadyLocked(address target, bool isLocked);
     // authorize target functions
     error ErrorAuthorizeForAdminRoleInvalid(address target);
@@ -131,6 +133,5 @@ interface IAccessAdmin is
     function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) external view returns (RoleInfo memory);
     function toFunction(bytes4 selector, string memory name) external view returns (FunctionInfo memory);
-    function isAccessManaged(address target) external view returns (bool);
     function deployer() external view returns (address);
 }

package/contracts/authorization/IAuthorization.sol CHANGED Viewed

@@ -11,16 +11,18 @@ interface IAuthorization is
      IAccess
 {
-     /// @dev Returns the release (VersionPart) for which the authorizations are defined by this contract.
-     /// Matches with the release returned by the linked service authorization.
-     function getRelease() external view returns(VersionPart release);
-     /// @dev Returns the list of involved roles.
-     function getRoles() external view returns(RoleId[] memory roles);
+     /// @dev Returns the list of service targets.
+     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains);
      /// @dev Returns the service role for the specified service domain.
      function getServiceRole(ObjectType serviceDomain) external pure returns (RoleId serviceRoleId);
+     /// @dev Returns the service target for the specified domain.
+     function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget);
+     /// @dev Returns the list of involved roles.
+     function getRoles() external view returns(RoleId[] memory roles);
      /// @dev Returns the name for the provided role id.
      function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
@@ -33,7 +35,7 @@ interface IAuthorization is
      function getTargetName() external view returns (string memory name);
      /// @dev Returns the main target.
-     function getTarget() external view returns(Str target);
+     function getMainTarget() external view returns(Str target);
      /// @dev Returns the complete list of targets.
      function getTargets() external view returns(Str[] memory targets);
@@ -50,5 +52,9 @@ interface IAuthorization is
      /// @dev For the given target and role id the list of authorized functions is returned
      function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(FunctionInfo[] memory authorizatedFunctions);
+     /// @dev Returns the release (VersionPart) for which the authorizations are defined by this contract.
+     /// Matches with the release returned by the linked service authorization.
+     function getRelease() external view returns(VersionPart release);
 }

package/contracts/authorization/IServiceAuthorization.sol CHANGED Viewed

@@ -1,11 +1,13 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
 import {IAccess} from "../authorization/IAccess.sol";
 import {ObjectType} from "../type/ObjectType.sol";
 import {VersionPart} from "../type/Version.sol";
-interface IServiceAuthorization {
+interface IServiceAuthorization is IERC165 {
      /// @dev Returns the commit hash representing the deployed release
      function getCommitHash()

package/contracts/authorization/ReleaseAccessManager.sol ADDED Viewed

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
+abstract contract ReleaseAccessManager is
+    AccessManager
+{
+    bool private _releaseIsLocked;
+    function setReleaseLocked(bool locked)
+        external
+        onlyAuthorized()
+    {
+        _releaseIsLocked = locked;
+    }
+    function isReleaseLocked()
+        external
+        view
+        returns (bool isLocked)
+    {
+        return _releaseIsLocked;
+    }
+    function isTargetClosed(address target)
+        public
+        virtual override
+        view
+        returns (bool)
+    {
+        if (_releaseIsLocked) {
+            return true;
+        }
+        return super.isTargetClosed(target);
+    }
+}