npm - @etherisc/gif-next - Versions diffs - 0.0.2-fd2113c-488 → 0.0.2-fd41099-706 - Mend

@etherisc/gif-next 0.0.2-fd2113c-488 → 0.0.2-fd41099-706

Files changed (431) hide show

package/contracts/authorization/AccessManagerCloneable.sol ADDED Viewed

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+import {AccessManagerUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagerUpgradeable.sol";
+contract AccessManagerCloneable is
+    AccessManagerUpgradeable
+{
+    function initialize(address initialAdmin)
+        external
+        initializer()
+    {
+        __AccessManager_init(initialAdmin);
+    }
+}

package/contracts/authorization/Authorization.sol ADDED Viewed

@@ -0,0 +1,218 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
+import {ObjectType, ObjectTypeLib} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
+import {SelectorLib} from "../type/Selector.sol";
+import {Str, StrLib} from "../type/String.sol";
+import {TimestampLib} from "../type/Timestamp.sol";
+import {VersionPart, VersionPartLib} from "../type/Version.sol";
+contract Authorization
+     is IAuthorization
+{
+     uint256 public constant GIF_VERSION = 3;
+     string public constant ROLE_NAME_SUFFIX = "Role";
+     string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
+     string internal _mainTargetName = "Component";
+     Str[] internal _targets;
+     mapping(Str target => RoleId roleid) internal _targetRole;
+     mapping(Str target => bool exists) internal _targetExists;
+     RoleId[] internal _roles;
+     mapping(RoleId role => RoleInfo info) internal _roleInfo;
+     mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
+     mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
+     constructor(string memory mainTargetName) {
+          _mainTargetName = mainTargetName;
+          _setupRoles();
+          _setupTargets();
+          _setupTargetAuthorizations();
+     }
+     function getRelease() public virtual pure returns(VersionPart release) {
+          return VersionPartLib.toVersionPart(GIF_VERSION);
+     }
+     function getRoles() external view returns(RoleId[] memory roles) {
+          return _roles;
+     }
+     function getServiceRole(ObjectType serviceDomain) public virtual pure returns (RoleId serviceRoleId) {
+          return RoleIdLib.roleForTypeAndVersion(
+               serviceDomain, getRelease());
+     }
+     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory info) {
+          return _roleInfo[roleId];
+     }
+     function roleExists(RoleId roleId) public view returns(bool exists) {
+          return _roleInfo[roleId].roleType != RoleType.Undefined;
+     }
+     function getTarget() public view returns(Str) {
+          if (_targets.length > 0) {
+               return _targets[0];
+          }
+          return StrLib.toStr("");
+     }
+     function getTargets() external view returns(Str[] memory targets) {
+          return _targets;
+     }
+     function targetExists(Str target) external view returns(bool exists) {
+          return _targetExists[target];
+     }
+     function getTargetRole(Str target) external view returns(RoleId roleId) {
+          return _targetRole[target];
+     }
+     function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds) {
+          return _authorizedRoles[target];
+     }
+     function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions) {
+          return _authorizedFunctions[target][roleId];
+     }
+     function getTargetName() public virtual view returns (string memory name) {
+          return _mainTargetName;
+     }
+     /// @dev Overwrite this function for a specific realease.
+     /// The first target added represents the components/module main target.
+     function _setupTargets() internal virtual { }
+     /// @dev Overwrite this function for a specific realease.
+     function _setupRoles() internal virtual {}
+     /// @dev Overwrite this function for a specific realease.
+     function _setupTargetAuthorizations() internal virtual {}
+     /// @dev Use this method to to add an authorized role.
+     function _addRole(RoleId roleId, RoleInfo memory info) internal {
+          _roles.push(roleId);
+          _roleInfo[roleId] = info;
+     }
+     /// @dev Add a contract role for the provided role id and name.
+     function _addContractRole(RoleId roleId, string memory name) internal {
+          _addRole(
+               roleId,
+               _toRoleInfo(
+                    ADMIN_ROLE(),
+                    RoleType.Contract,
+                    1,
+                    name));
+     }
+     /// @dev Add the versioned service role for the specified service domain
+     function _addServiceRole(ObjectType serviceDomain) internal {
+          _addContractRole(
+               getServiceRole(serviceDomain),
+               ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    SERVICE_ROLE_NAME_SUFFIX,
+                    getRelease().toInt()));
+     }
+     function _addComponentTargetWithRole(ObjectType componentType) internal {
+          _addTargetWithRole(
+               getTargetName(),
+               RoleIdLib.toComponentRoleId(componentType, 0),
+               _toTargetRoleName(
+                    getTargetName()));
+     }
+     /// @dev Add a contract role for the provided role id and name.
+     function _addCustomRole(RoleId roleId, RoleId adminRoleId, uint32 maxMemberCount, string memory name) internal {
+          _addRole(
+               roleId,
+               _toRoleInfo(
+                    adminRoleId,
+                    RoleType.Custom,
+                    maxMemberCount,
+                    name));
+     }
+     /// @dev Use this method to to add an authorized target together with its target role.
+     function _addTargetWithRole(
+          string memory targetName,
+          RoleId roleId,
+          string memory roleName
+     )
+          internal
+     {
+          // add target
+          Str target = StrLib.toStr(targetName);
+          _targets.push(target);
+          _targetExists[target] = true;
+          // link role to target if defined
+          if (roleId != RoleIdLib.zero()) {
+               // add role if new
+               if (!roleExists(roleId)) {
+                    _addContractRole(roleId, roleName);
+               }
+               // link target to role
+               _targetRole[target] = roleId;
+          }
+     }
+     /// @dev Use this method to to add an authorized target.
+     function _addTarget(string memory name) internal {
+          _addTargetWithRole(name, RoleIdLib.zero(), "");
+     }
+     /// @dev Use this method to authorize the specified role to access the target.
+     function _authorizeForTarget(string memory target, RoleId authorizedRoleId)
+          internal
+          returns (IAccess.FunctionInfo[] storage authorizatedFunctions)
+     {
+          Str targetStr = StrLib.toStr(target);
+          _authorizedRoles[targetStr].push(authorizedRoleId);
+          return _authorizedFunctions[targetStr][authorizedRoleId];
+     }
+     /// @dev Use this method to authorize a specific function authorization
+     function _authorize(IAccess.FunctionInfo[] storage functions, bytes4 selector, string memory name) internal {
+          functions.push(
+               IAccess.FunctionInfo({
+                    selector: SelectorLib.toSelector(selector),
+                    name: StrLib.toStr(name),
+                    createdAt: TimestampLib.blockTimestamp()}));
+     }
+     function _toTargetRoleName(string memory targetName) internal view returns (string memory) {
+          return string(
+               abi.encodePacked(
+                    targetName,
+                    ROLE_NAME_SUFFIX));
+     }
+     /// @dev creates a role info object from the provided parameters
+     function _toRoleInfo(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) internal view returns (RoleInfo memory info) {
+          return RoleInfo({
+               name: StrLib.toStr(name),
+               adminRoleId: adminRoleId,
+               roleType: roleType,
+               maxMemberCount: maxMemberCount,
+               createdAt: TimestampLib.blockTimestamp()});
+     }
+}

package/contracts/authorization/IAccess.sol ADDED Viewed

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+import {RoleId} from "../type/RoleId.sol";
+import {Selector} from "../type/Selector.sol";
+import {Str} from "../type/String.sol";
+import {Timestamp} from "../type/Timestamp.sol";
+interface IAccess {
+    enum RoleType {
+        Undefined, // no role must have this type
+        Contract, // roles assigned to contracts, cannot be revoked
+        Gif, // framework roles that may be freely assigned and revoked
+        Custom // use case specific rules for components
+    }
+    struct RoleInfo {
+        RoleId adminRoleId;
+        RoleType roleType;
+        uint32 maxMemberCount;
+        Str name;
+        Timestamp createdAt;
+    }
+    struct TargetInfo {
+        Str name;
+        bool isCustom;
+        Timestamp createdAt;
+    }
+    struct FunctionInfo {
+        Str name; // function name
+        Selector selector; // function selector
+        Timestamp createdAt;
+    }
+    struct RoleNameInfo {
+        RoleId roleId;
+        bool exists;
+    }
+    struct TargeNameInfo {
+        address target;
+        bool exists;
+    }
+}

package/contracts/{shared → authorization}/IAccessAdmin.sol RENAMED Viewed

@@ -3,18 +3,19 @@ pragma solidity ^0.8.20;
 import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
+import {IAccess} from "./IAccess.sol";
 import {RoleId} from "../type/RoleId.sol";
 import {Selector} from "../type/Selector.sol";
 import {Str} from "../type/String.sol";
 import {Timestamp} from "../type/Timestamp.sol";
 interface IAccessAdmin is
-    IAccessManaged
+    IAccessManaged,
+    IAccess
 {
     // roles
-    event LogRoleCreated(RoleId roleId, RoleId roleAdminId, string name);
-    event LogRoleDisabled(RoleId roleId, bool disabled, Timestamp disabledAtOld);
+    event LogRoleCreated(RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
     event LogTargetCreated(address target, string name);
     event LogFunctionCreated(address target, Selector selector, string name);
@@ -60,94 +61,60 @@ interface IAccessAdmin is
     // check target
     error ErrorTargetUnknown(address target);
-    struct RoleInfo {
-        RoleId adminRoleId;
-        Str name;
-        uint256 maxMemberCount;
-        bool memberRemovalDisabled;
-        Timestamp disabledAt;
-        bool exists;
-    }
-    struct RoleNameInfo {
-        RoleId roleId;
-        bool exists;
-    }
-    struct TargetInfo {
-        Str name;
-        Timestamp createdAt;
-    }
-    struct Function {
-        Selector selector; // function selector
-        Str name; // function name
-    }
-    /// @dev Create a new named role using the specified parameters.
-    /// The adminRoleId refers to the required role to grant/revoke the newly created role.
-    /// permissioned: the caller must have the manager role (getManagerRole).
-    function createRole(
-        RoleId roleId,
-        RoleId adminRoleId,
-        string memory name,
-        uint256 maxMemberCount,
-        bool memberRemovalDisabled
-    )
-        external;
     /// @dev Set the disabled status of the speicified role.
     /// Role disabling only prevents the role from being granted to new accounts.
     /// Existing role members may still execute functions that are authorized for that role.
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function setRoleDisabled(RoleId roleId, bool disabled) external;
+    // TODO move to instance admin
+    // function setRoleDisabled(RoleId roleId, bool disabled) external;
     /// @dev Grant the specified account the provided role.
     /// Permissioned: the caller must have the roles admin role.
-    function grantRole(address account, RoleId roleId) external;
+    // TODO move to instance admin
+    // function grantRole(address account, RoleId roleId) external;
     /// @dev Revoke the provided role from the specified account.
     /// Permissioned: the caller must have the roles admin role.
-    function revokeRole(address account, RoleId roleId) external;
+    // TODO move to instance admin
+    // function revokeRole(address account, RoleId roleId) external;
     /// @dev Removes the provided role from the caller
-    function renounceRole(RoleId roleId) external;
-    /// @dev Create a new named target.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    function createTarget(address target, string memory name) external;
+    // TODO move to instance admin
+    // function renounceRole(RoleId roleId) external;
     /// @dev Set the locked status of the speicified contract.
     /// IMPORTANT: using this function the AccessManager might itself be put into locked state from which it cannot be unlocked again.
     /// Overwrite this function if a different use case specific behaviour is required.
     /// Alternatively, add specific function to just unlock this contract without a restricted() modifier.
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function setTargetLocked(address target, bool locked) external;
+    // TODO move to instance admin
+    // function setTargetLocked(address target, bool locked) external;
     /// @dev Specifies which functions of the target can be accessed by the provided role.
     /// Previously existing authorizations will be overwritten.
     /// Authorizing the admin role is not allowed, use function unauthorizedFunctions for this.
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function authorizeFunctions(address target, RoleId roleId, Function[] memory functions) external;
+    // TODO move to instance admin
+    // function authorizeFunctions(address target, RoleId roleId, FunctionInfo[] memory functions) external;
     /// @dev Specifies for which functionss to remove any previous authorization
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function unauthorizeFunctions(address target, Function[] memory functions) external;
+    // TODO move to instance admin
+    // function unauthorizeFunctions(address target, FunctionInfo[] memory functions) external;
     //--- view functions ----------------------------------------------------//
     function roles() external view returns (uint256 numberOfRoles);
     function getRoleId(uint256 idx) external view returns (RoleId roleId);
     function getAdminRole() external view returns (RoleId roleId);
-    function getManagerRole() external view returns (RoleId roleId);
     function getPublicRole() external view returns (RoleId roleId);
     function roleExists(RoleId roleId) external view returns (bool exists);
-    function isRoleDisabled(RoleId roleId) external view returns (bool roleIsActive);
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
     function getRoleForName(Str name) external view returns (RoleNameInfo memory);
     function hasRole(address account, RoleId roleId) external view returns (bool);
+    function hasAdminRole(address account, RoleId roleId) external view returns (bool);
     function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers);
     function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account);
@@ -159,10 +126,11 @@ interface IAccessAdmin is
     function getTargetForName(Str name) external view returns (address target);
     function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions);
-    function getAuthorizedFunction(address target, uint256 idx) external view returns (Function memory func, RoleId roleId);
+    function getAuthorizedFunction(address target, uint256 idx) external view returns (FunctionInfo memory func, RoleId roleId);
     function canCall(address caller, address target, Selector selector) external view returns (bool can);
-    function toFunction(bytes4 selector, string memory name) external pure returns (Function memory);
+    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) external view returns (RoleInfo memory);
+    function toFunction(bytes4 selector, string memory name) external view returns (FunctionInfo memory);
     function isAccessManaged(address target) external view returns (bool);
     function deployer() external view returns (address);
 }

package/contracts/authorization/IAuthorization.sol ADDED Viewed

@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {IAccess} from "../authorization/IAccess.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {RoleId} from "../type/RoleId.sol";
+import {Str} from "../type/String.sol";
+import {VersionPart} from "../type/Version.sol";
+interface IAuthorization is
+     IAccess
+{
+     /// @dev Returns the release (VersionPart) for which the authorizations are defined by this contract.
+     /// Matches with the release returned by the linked service authorization.
+     function getRelease() external view returns(VersionPart release);
+     /// @dev Returns the list of involved roles.
+     function getRoles() external view returns(RoleId[] memory roles);
+     /// @dev Returns the service role for the specified service domain.
+     function getServiceRole(ObjectType serviceDomain) external pure returns (RoleId serviceRoleId);
+     /// @dev Returns the name for the provided role id.
+     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
+     /// @dev Returns true iff the specified role id exists.
+     function roleExists(RoleId roleId) external view returns(bool exists);
+     /// @dev Returns the main target id name as string.
+     /// This name is used to derive the target id and a corresponding target role name
+     /// Overwrite this function to change the basic pool target name.
+     function getTargetName() external view returns (string memory name);
+     /// @dev Returns the main target.
+     function getTarget() external view returns(Str target);
+     /// @dev Returns the complete list of targets.
+     function getTargets() external view returns(Str[] memory targets);
+     /// @dev Returns true iff the specified target exists.
+     function targetExists(Str target) external view returns(bool exists);
+     /// @dev Returns the role id associated with the target.
+     /// If no role is associated with the target the zero role id is returned.
+     function getTargetRole(Str target) external view returns(RoleId roleId);
+     /// @dev For the given target the list of authorized role ids is returned
+     function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds);
+     /// @dev For the given target and role id the list of authorized functions is returned
+     function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(FunctionInfo[] memory authorizatedFunctions);
+}

package/contracts/authorization/IModuleAuthorization.sol ADDED Viewed

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {RoleId} from "../type/RoleId.sol";
+import {Str} from "../type/String.sol";
+interface IModuleAuthorization is
+     IAccess,
+     IAuthorization
+{
+     /// @dev Returns the list of service targets.
+     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains);
+     /// @dev Returns the service target for the specified domain.
+     function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget);
+}

package/contracts/{registry → authorization}/IServiceAuthorization.sol RENAMED Viewed

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
-import {IAccessAdmin} from "../shared/IAccessAdmin.sol";
-import {ObjectType} from "../../contracts/type/ObjectType.sol";
-import {VersionPart} from "../../contracts/type/Version.sol";
+import {IAccess} from "../authorization/IAccess.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {VersionPart} from "../type/Version.sol";
 interface IServiceAuthorization {
@@ -17,7 +17,10 @@ interface IServiceAuthorization {
      function getRelease()
           external
           view
-          returns(VersionPart release, uint domainsCount);
+          returns(VersionPart release);
+     /// @dev Returns the service domain for the provided index.
+     function getServiceDomain(uint idx) external view returns(ObjectType serviceDomain);
      /// @dev Returns the full list of service domains for this release.
      /// Services need to be registered for the release in revers order of this list.
@@ -30,6 +33,6 @@ interface IServiceAuthorization {
      function getAuthorizedDomains(ObjectType serviceDomain) external view returns(ObjectType[] memory authorizatedDomains);
      /// @dev For the given service domain and authorized domain the function returns the list of authorized functions
-     function getAuthorizedFunctions(ObjectType serviceDomain, ObjectType authorizedDomain) external view returns(IAccessAdmin.Function[] memory authorizatedFunctions);
+     function getAuthorizedFunctions(ObjectType serviceDomain, ObjectType authorizedDomain) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions);
 }

package/contracts/authorization/ModuleAuthorization.sol ADDED Viewed

@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {Authorization} from "./Authorization.sol";
+import {IAccess} from "./IAccess.sol";
+import {IModuleAuthorization} from "./IModuleAuthorization.sol";
+import {ObjectType, ObjectTypeLib} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
+import {SelectorLib} from "../type/Selector.sol";
+import {Str, StrLib} from "../type/String.sol";
+import {TimestampLib} from "../type/Timestamp.sol";
+import {VersionPart} from "../type/Version.sol";
+contract ModuleAuthorization is
+     Authorization,
+     IModuleAuthorization
+{
+     ObjectType[] internal _serviceDomains;
+     mapping(ObjectType domain => Str target) internal _serviceTarget;
+     constructor(string memory moduleName)
+          Authorization(moduleName)
+     { }
+     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains) {
+          return _serviceDomains;
+     }
+     function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget) {
+          return _serviceTarget[serviceDomain];
+     }
+     /// @dev Add a GIF role for the provided role id and name.
+     function _addGifRole(RoleId roleId, string memory name) internal returns (RoleInfo memory info) {
+          _addRole(
+               roleId,
+               _toRoleInfo(
+                    ADMIN_ROLE(),
+                    RoleType.Gif,
+                    type(uint32).max,
+                    name));
+     }
+     /// @dev Add the service target role for the specified service domain
+     function _addServiceTargetWithRole(ObjectType serviceDomain) internal {
+          // add service domain
+          _serviceDomains.push(serviceDomain);
+          // get versioned target name
+          string memory serviceTargetName = ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    "Service",
+                    getRelease().toInt());
+          _serviceTarget[serviceDomain] = StrLib.toStr(serviceTargetName);
+          RoleId serviceRoleId = getServiceRole(serviceDomain);
+          string memory serviceRoleName = ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    "ServiceRole",
+                    getRelease().toInt());
+          _addTargetWithRole(
+               serviceTargetName,
+               serviceRoleId,
+               serviceRoleName);
+     }
+     /// @dev role id for targets registry, staking and instance
+     function _getTargetRoleId(ObjectType targetDomain)
+          internal
+          returns (RoleId targetRoleId)
+     {
+          return RoleIdLib.roleForType(targetDomain);
+     }
+}