@etherisc/gif-next 0.0.2-fd2113c-488 → 0.0.2-fd41099-706

package/contracts/instance/InstanceAdmin.sol

@@ -1,331 +1,266 @@
-// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.20;
 
-import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
-import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
-
-import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../type/RoleId.sol";
-import {TimestampLib} from "../type/Timestamp.sol";
-import {NftId} from "../type/NftId.sol";
-
-import {AccessManagerExtendedInitializeable} from "../shared/AccessManagerExtendedInitializeable.sol";
+import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
 
+import {AccessAdmin} from "../authorization/AccessAdmin.sol";
+import {AccessManagerCloneable} from "../authorization/AccessManagerCloneable.sol";
+import {IAccessAdmin} from "../authorization/IAccessAdmin.sol";
+import {IAuthorization} from "../authorization/IAuthorization.sol";
+import {IModuleAuthorization} from "../authorization/IModuleAuthorization.sol";
 import {IRegistry} from "../registry/IRegistry.sol";
-
 import {IInstance} from "./IInstance.sol";
-import {IAccess} from "./module/IAccess.sol";
+import {IService} from "../shared/IService.sol";
+import {ObjectType, ObjectTypeLib, ALL, POOL, RELEASE} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, DISTRIBUTION_OWNER_ROLE, ORACLE_OWNER_ROLE, POOL_OWNER_ROLE, PRODUCT_OWNER_ROLE} from "../type/RoleId.sol";
+import {Str, StrLib} from "../type/String.sol";
+import {VersionPart} from "../type/Version.sol";
+
 
 contract InstanceAdmin is
-    AccessManagedUpgradeable
+    AccessAdmin
 {
-    using RoleIdLib for RoleId;
-
-    string public constant INSTANCE_ROLE_NAME = "InstanceRole";
-    string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
-
+    string public constant INSTANCE_TARGET_NAME = "Instance";
+    string public constant INSTANCE_STORE_TARGET_NAME = "InstanceStore";
     string public constant INSTANCE_ADMIN_TARGET_NAME = "InstanceAdmin";
+    string public constant BUNDLE_SET_TARGET_NAME = "BundleSet";
 
     uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
-    uint32 public constant EXECUTION_DELAY = 0;
 
-    mapping(address target => IAccess.Type) _targetType;
-    mapping(RoleId roleId => IAccess.Type) _roleType;
-    uint64 _idNext;
+    error ErrorInstanceAdminNotRegistered(address target);
+    error ErrorInstanceAdminAlreadyAuthorized(address target);
+    error ErrorInstanceAdminReleaseMismatch();
+    error ErrorInstanceAdminExpectedTargetMissing(string targetName);
 
-    AccessManagerExtendedInitializeable internal _accessManager;
-    address _instance;
+    IInstance _instance;
     IRegistry internal _registry;
+    uint64 _idNext;
 
-    // instance owner role is granted upon instance nft minting in callback function
-    // assume this contract is already a member of ADMIN_ROLE, the only member
-    function initialize(address instanceAddress) external initializer 
-    {
-        IInstance instance = IInstance(instanceAddress);
-        IRegistry registry = instance.getRegistry();
-        address authority = instance.authority();
-
-        __AccessManaged_init(authority);
-
-        _accessManager = AccessManagerExtendedInitializeable(authority);
-        _instance = instanceAddress;
-        _registry = registry;
-        _idNext = CUSTOM_ROLE_ID_MIN;
-
-        // minimum configuration required for nft interception
-        _createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
-        _createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Core);
-        _grantRole(INSTANCE_ROLE(), address(instance));
-
-        _createTarget(address(this), INSTANCE_ADMIN_TARGET_NAME, IAccess.Type.Core);
-        bytes4[] memory instanceAdminInstanceSelectors = new bytes4[](1);
-        instanceAdminInstanceSelectors[0] = this.transferInstanceOwnerRole.selector;
-        _setTargetFunctionRole(address(this), instanceAdminInstanceSelectors, INSTANCE_ROLE());                
-    }
-
-    //--- Role ------------------------------------------------------//
-    // ADMIN_ROLE
-    // assume all core roles are known at deployment time
-    // assume core roles are set and granted only during instance cloning
-    // assume core roles are never revoked -> core roles admin is never active after intialization
-    function createCoreRole(RoleId roleId, string memory name) external restricted() {
-        _createRole(roleId, name, IAccess.Type.Core);
-    }
+    IModuleAuthorization _instanceAuthorization;
 
-    // ADMIN_ROLE
-    // assume gif roles can be revoked
-    // assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
-    function createGifRole(RoleId roleId, string memory name, RoleId admin) external restricted() {
-        _createRole(roleId, name, IAccess.Type.Gif);
-        _setRoleAdmin(roleId, admin);
+    /// @dev Only used for master instance admin.
+    /// Contracts created via constructor come with disabled initializers.
+    constructor(
+        IModuleAuthorization instanceAuthorization
+    )
+        AccessAdmin()
+    {
+        _instanceAuthorization = instanceAuthorization;
     }
 
-    // INSTANCE_ROLE
-    // TODO specify how many owners role can have -> many roles MUST have exactly 1 member?
-    function createRole(string memory roleName, string memory adminName)
+    /// @dev Initializes this instance admin with the provided instances authorization specification.
+    /// Internally the function creates an instance specific OpenZeppelin AccessManager that is used as the authority
+    /// for the inststance authorizatios.
+    /// Important: Initialization of this instance admin is only complete after calling function initializeInstance. 
+    function initialize(
+        AccessManagerCloneable accessManager,
+        IModuleAuthorization instanceAuthorization
+    )
         external
-        restricted()
-        returns(RoleId roleId, RoleId admin)
+        initializer() 
     {
-        (roleId, admin) = _getNextCustomRoleId();
-
-        _createRole(roleId, roleName, IAccess.Type.Custom);
-        _createRole(admin, adminName, IAccess.Type.Custom);
+        // create new access manager for this instance admin
+        _initializeAuthority(address(accessManager));
 
-        _setRoleAdmin(roleId, admin);
-        _setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
-    }
+        // create basic instance independent setup
+        _createAdminAndPublicRoles();
 
-    // ADMIN_ROLE
-    // assume used by instance service only during instance cloning
-    // assume used only by this.createRole(), this.createGifRole() afterwards
-    function setRoleAdmin(RoleId roleId, RoleId admin) public restricted() {
-        _setRoleAdmin(roleId, admin);
+        // store instance authorization specification
+        _instanceAuthorization = IModuleAuthorization(instanceAuthorization);
     }
 
-    // INSTANCE_ROLE
-    function transferInstanceOwnerRole(address from, address to) external restricted() {
-        // temp pre transfer checks
-        assert(_getRoleMembers(INSTANCE_ROLE()) == 1);
-        assert(_hasRole(INSTANCE_ROLE(), _instance));
-        assert(_getRoleAdmin(INSTANCE_OWNER_ROLE()).toInt() == ADMIN_ROLE().toInt());
-        if(from != address(0)) { // nft transfer
-            assert(_getRoleMembers(INSTANCE_OWNER_ROLE()) == 1);
-        } else { // nft minting 
-            assert(_getRoleMembers(INSTANCE_OWNER_ROLE()) == 0);            
+    function _checkTargetIsReadyForAuthorization(address target)
+        internal
+        view
+    {
+        if (address(_registry) != address(0) && !_registry.isRegistered(target)) {
+            revert ErrorInstanceAdminNotRegistered(target);
         }
 
-        // transfer
-        assert(from != to);
-        _grantRole(INSTANCE_OWNER_ROLE(), to);
-        if(from != address(0)) { // nft transfer
-            _revokeRole(INSTANCE_OWNER_ROLE(), from);
+        if (targetExists(target)) {
+            revert ErrorInstanceAdminAlreadyAuthorized(target);
         }
-
-        // temp post transfer checks
-        assert(_getRoleMembers(INSTANCE_OWNER_ROLE()) == 1);// temp
-        assert(_hasRole(INSTANCE_OWNER_ROLE(), to));
     }
 
-    //--- Target ------------------------------------------------------//
-    // ADMIN_ROLE
-    // assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
-    function createCoreTarget(address target, string memory name) external restricted() {
-        _createTarget(target, name, IAccess.Type.Core);
-    }
-
-    // INSTANCE_SERVICE_ROLE
-    function createGifTarget(address target, string memory name) external restricted() 
+    /// @dev Completes the initialization of this instance admin using the provided instance.
+    /// Important: The instance MUST be registered and all instance supporting contracts must be wired to this instance.
+    function initializeInstanceAuthorization(address instanceAddress)
+        external
     {
-        if(!_registry.isRegistered(target)) {
-            revert IAccess.ErrorIAccessTargetNotRegistered(target);
-        }
+        _checkTargetIsReadyForAuthorization(instanceAddress);
 
-        NftId targetParentNftId = _registry.getObjectInfo(target).parentNftId;
-        NftId instanceNftId = _registry.getObjectInfo(_instance).nftId;
-        if(targetParentNftId != instanceNftId) {
-            revert IAccess.ErrorIAccessTargetInstanceMismatch(target, targetParentNftId, instanceNftId);
-        }
-
-        _createTarget(target, name, IAccess.Type.Gif);
-    }
+        _idNext = CUSTOM_ROLE_ID_MIN;
+        _instance = IInstance(instanceAddress);
+        _registry = _instance.getRegistry();
 
-    // INSTANCE_ROLE
-    // assume custom target.authority() is constant -> target MUST not be used with different instance access manager
-    // assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
-    // assume custom target can not be registered as instance or service -> why?
-    // TODO check target associated with instance owner or instance or instance components or components helpers
-    function createTarget(address target, string memory name) external restricted() {
-        _createTarget(target, name, IAccess.Type.Custom);
-    }
+        // check matching releases
+        if (_instanceAuthorization.getRelease() != _instance.getMajorVersion()) {
+            revert ErrorInstanceAdminReleaseMismatch();
+        }
 
-    // TODO instance owner locks component instead of revoking it access to the instance...
-    // INSTANCE_SERVICE_ROLE
-    function setTargetLockedByService(address target, bool locked) external restricted {
-        _setTargetLocked(target, locked);
-    }
+        // add instance authorization
+        _createRoles(_instanceAuthorization);
+        _createModuleTargetsWithRoles();
+        _createTargetAuthorizations(_instanceAuthorization);
 
-    // INSTANCE_ROLE
-    function setTargetLockedByInstance(address target, bool locked) external restricted {
-        _setTargetLocked(target, locked);
+        // grant component owner roles to instance owner
+        _grantComponentOwnerRoles();
     }
 
 
-    // allowed combinations of roles and targets:
-    //1) set core role for core target 
-    //2) set gif role for gif target  
-    //3) set custom role for gif target
-    //4) set custom role for custom target
-
-    // ADMIN_ROLE if used only during initialization, works with:
-    //      any roles for any targets
-    // INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
-    //      core roles for core targets
-    //      gif roles for gif targets
-    function setTargetFunctionRoleByService(
-        string memory targetName,
-        bytes4[] calldata selectors,
-        RoleId roleId
-    ) 
-        public 
-        virtual 
-        restricted
+    /// @dev Initializes the authorization for the specified component.
+    /// Important: The component MUST be registered.
+    function initializeComponentAuthorization(
+        address componentAddress,
+        IAuthorization authorization
+    )
+        external
     {
-        address target = _accessManager.getTargetAddress(targetName);
-        // not custom target
-        if(_targetType[target] == IAccess.Type.Custom) {
-            revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Custom);
-        }
-
-        // not custom role
-        if(_roleType[roleId] == IAccess.Type.Custom) {
-            revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
-        }
-
-        _setTargetFunctionRole(target, selectors, roleId);
+        _checkTargetIsReadyForAuthorization(componentAddress);
+
+        _createRoles(authorization);
+
+        // create component target
+        _createTarget(
+            componentAddress, 
+            authorization.getTargetName(), 
+            true, // checkAuthority
+            false); // custom
+
+        _grantRoleToAccount(
+            authorization.getTargetRole(
+                authorization.getTarget()), 
+            componentAddress);
+        
+        _createTargetAuthorizations(authorization);
     }
 
-    // INSTANCE_ROLE
-    // gif role for gif target
-    // gif role for custom target
-    // custom role for gif target -> need to prohibit
-    // custom role for custom target
-    // TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
-    function setTargetFunctionRoleByInstance(
-        string memory targetName,
-        bytes4[] calldata selectors,
-        RoleId roleId// string memory roleName
-    ) 
-        public 
-        virtual 
-        restricted() 
-    {
-        address target = _accessManager.getTargetAddress(targetName);
 
-        // not core target
-        if(_targetType[target] == IAccess.Type.Core) {
-            revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Core);
-        }
-
-        // not core role
-        if(_roleType[roleId] == IAccess.Type.Core) {
-            revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
-        }
-
-        _setTargetFunctionRole(target, selectors, roleId);
+    function _grantComponentOwnerRoles()
+        internal
+    {
+        address instanceOwner = _registry.ownerOf(_instance.getNftId());
+        _grantRoleToAccount(DISTRIBUTION_OWNER_ROLE(), instanceOwner);
+        _grantRoleToAccount(ORACLE_OWNER_ROLE(), instanceOwner);
+        _grantRoleToAccount(POOL_OWNER_ROLE(), instanceOwner);
+        _grantRoleToAccount(PRODUCT_OWNER_ROLE(), instanceOwner);
     }
 
-    //--- Role internal view/pure functions --------------------------------------//
-    function _createRole(RoleId roleId, string memory name, IAccess.Type rtype) internal {
-        _validateRole(roleId, rtype);
+    /// @dev Creates a custom role
+    // TODO implement
+    // function createRole()
+    //     external
+    //     restricted()
+    // {
 
-        _roleType[roleId] = rtype;
-        _accessManager.createRole(roleId.toInt(), name);
-    }
+    // }
 
-    function _validateRole(RoleId roleId, IAccess.Type rtype) internal pure
+    /// @dev Grants the provided role to the specified account
+    function grantRole(
+        RoleId roleId, 
+        address account)
+        external
+        restricted()
     {
-        uint roleIdInt = roleId.toInt();
-        if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
-            revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
-        }
-
-        if(
-            rtype != IAccess.Type.Custom && 
-            roleIdInt >= CUSTOM_ROLE_ID_MIN && 
-            roleIdInt != PUBLIC_ROLE().toInt()) 
-        {
-            revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
-        }
+        _grantRoleToAccount(roleId, account);
     }
 
-    function _grantRole(RoleId roleId, address account) internal {
-        _accessManager.grantRole(roleId.toInt(), account, EXECUTION_DELAY);
+    /// @dev Returns the instance authorization specification used to set up this instance admin.
+    function getInstanceAuthorization()
+        external
+        view
+        returns (IModuleAuthorization instanceAuthorizaion)
+    {
+        return _instanceAuthorization;
     }
 
-    function _revokeRole(RoleId roleId, address member) internal {
-        _accessManager.revokeRole(roleId.toInt(), member);
-    }
 
-    function _setRoleAdmin(RoleId roleId, RoleId admin) internal {
-        if(_roleType[roleId] == IAccess.Type.Core) {
-            revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
+    function _createRoles(IAuthorization authorization)
+        internal
+    {
+        RoleId[] memory roles = authorization.getRoles();
+        RoleId roleId;
+        RoleInfo memory roleInfo;
+
+        for(uint256 i = 0; i < roles.length; i++) {
+            roleId = roles[i];
+            _createRole(
+                roleId,
+                authorization.getRoleInfo(roleId));
         }
-
-        _accessManager.setRoleAdmin(roleId.toInt(), admin.toInt());
     }
 
-    function _getRoleAdmin(RoleId roleId) internal view returns (RoleId admin) {
-        return RoleIdLib.toRoleId(_accessManager.getRoleAdmin(roleId.toInt()));
-    }
-
-    function _hasRole(RoleId roleId, address account) internal view returns (bool accountHasRole) {
-        uint32 executionDelay;
-        (accountHasRole, executionDelay) = _accessManager.hasRole(roleId.toInt(), account);
-        assert(executionDelay == 0);
-    }
-
-    function _getRoleMembers(RoleId roleId) internal view returns (uint) {
-        return _accessManager.getRoleMembers(roleId.toInt());
-    }
-
-    function _getNextCustomRoleId() internal returns(RoleId roleId, RoleId admin) {
-        uint64 roleIdInt = _idNext;
-        uint64 adminInt = roleIdInt + 1;
-
-        _idNext = roleIdInt + 2;
 
-        roleId = RoleIdLib.toRoleId(roleIdInt);
-        admin = RoleIdLib.toRoleId(adminInt);
-    }
-
-    //--- Target internal view/pure functions --------------------------------------//
-    function _createTarget(address target, string memory name, IAccess.Type ttype) 
-        internal 
+    function _createTargetAuthorizations(IAuthorization authorization)
+        internal
     {
-        _validateTarget(target, ttype);
-        _targetType[target] = ttype;
-        _accessManager.createTarget(target, name);
+        Str[] memory targets = authorization.getTargets();
+        Str target;
+
+        for(uint256 i = 0; i < targets.length; i++) {
+            target = targets[i];
+            RoleId[] memory authorizedRoles = authorization.getAuthorizedRoles(target);
+            RoleId authorizedRole;
+
+            for(uint256 j = 0; j < authorizedRoles.length; j++) {
+                authorizedRole = authorizedRoles[j];
+
+                _authorizeTargetFunctions(
+                    getTargetForName(target),
+                    authorizedRole,
+                    authorization.getAuthorizedFunctions(
+                        target, 
+                        authorizedRole));
+            }
+        }
     }
 
-    function _validateTarget(address target, IAccess.Type ttype) 
-        internal 
-        view 
-    {}
-
-    // IMPORTANT: instance admin MUST be of Core type -> otherwise can be locked forever
-    // TODO: consider locking gif targets in a separate function?
-    function _setTargetLocked(address target, bool locked) internal
+    function _checkAndCreateTargetWithRole(
+        address target,
+        string memory targetName
+    )
+        internal
     {
-        IAccess.Type targetType = _targetType[target];
-
-        if(targetType == IAccess.Type.Core) {
-            revert IAccess.ErrorIAccessTargetTypeInvalid(target, targetType);
+        // check that target name is defined in authorization specification
+        Str name = StrLib.toStr(targetName);
+        if (!_instanceAuthorization.targetExists(name)) {
+            revert ErrorInstanceAdminExpectedTargetMissing(targetName);
         }
 
-        _accessManager.setTargetClosed(target, locked);
+        // create named target
+        _createTarget(
+            target, 
+            targetName, 
+            false, // check authority TODO check normal targets, don't check service targets (they share authority with registry admin)
+            false);
+
+        // assign target role if defined
+        RoleId targetRoleId = _instanceAuthorization.getTargetRole(name);
+        if (targetRoleId != RoleIdLib.zero()) {
+            _grantRoleToAccount(targetRoleId, target);
+        }
     }
 
-    function _setTargetFunctionRole(address target, bytes4[] memory selectors, RoleId roleId) internal {
-        _accessManager.setTargetFunctionRole(target, selectors, roleId.toInt());
+    function _createModuleTargetsWithRoles()
+        internal
+    {
+        // create module targets
+        _checkAndCreateTargetWithRole(address(_instance), INSTANCE_TARGET_NAME);
+        _checkAndCreateTargetWithRole(address(_instance.getInstanceStore()), INSTANCE_STORE_TARGET_NAME);
+        _checkAndCreateTargetWithRole(address(_instance.getInstanceAdmin()), INSTANCE_ADMIN_TARGET_NAME);
+        _checkAndCreateTargetWithRole(address(_instance.getBundleSet()), BUNDLE_SET_TARGET_NAME);
+
+        // create targets for services that need to access the module targets
+        ObjectType[] memory serviceDomains = _instanceAuthorization.getServiceDomains();
+        VersionPart release = _instanceAuthorization.getRelease();
+        ObjectType serviceDomain;
+
+        for (uint256 i = 0; i < serviceDomains.length; i++) {
+            serviceDomain = serviceDomains[i];
+
+            _checkAndCreateTargetWithRole(
+                _registry.getServiceAddress(serviceDomain, release),
+                _instanceAuthorization.getServiceTarget(serviceDomain).toString());
+        }
     }
-}
+}