@lazy-sol/access-control-upgradeable 1.0.2

package/.editorconfig

@@ -0,0 +1,21 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = tab
+indent_size = 2
+insert_final_newline = true
+max_line_length = 120
+
+[*.md]
+indent_size = 4
+tab_width = 4
+indent_style = space
+trim_trailing_whitespace = false
+
+[package*.json]
+indent_style = space

package/.solcover.js

@@ -0,0 +1,39 @@
+// https://hardhat.org/plugins/solidity-coverage.html
+// https://github.com/sc-forks/solidity-coverage#config-options
+module.exports = {
+	// Ganache only: ganache-core options
+	// https://github.com/trufflesuite/ganache-core/tree/master#options
+/*
+	providerOptions: {
+		host: "localhost",
+		network_id: 0xeeeb04de,
+		port: 8669,
+		default_balance_ether: 10000,
+		total_accounts: 35,
+		// gasLimit: 0xffffffff,
+		gasPrice: 1,
+	},
+*/
+	// Array of contracts or folders (with paths expressed relative to the contracts directory)
+	// that should be skipped when doing instrumentation.
+	skipFiles: [
+		"interfaces",
+		"mocks",
+	],
+
+	// Set default mocha options here, use special reporters etc.
+	mocha: {
+		// timeout: 100000,
+
+		// disable mocha timeouts:
+		// https://mochajs.org/api/mocha#enableTimeouts
+		enableTimeouts: false,
+		// https://github.com/mochajs/mocha/issues/3813
+		timeout: false,
+
+		// https://github.com/sc-forks/solidity-coverage/blob/master/docs/advanced.md#skipping-tests
+		grep: "@skip-on-coverage", // Find everything with this tag
+		invert: true               // Run the grep's inverse set.
+	},
+
+};

package/CRIBBED_CODE.txt

@@ -0,0 +1,26 @@
+Licensing inclusion for test & contract code:
+
+
+The MIT License (MIT)
+
+Copyright (c) 2016-2020 zOS Global Limited
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

package/LICENSE.txt

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2017-2024 Basil Gorin
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,18 @@
+# Role-based Access Control (RBAC) #
+An [OZ Upgradeable](https://docs.openzeppelin.com/contracts/4.x/api/proxy)
+version of the [RBAC](https://github.com/lazy-sol/access-control)
+
+A shortcut to a modular and easily pluggable dapp architecture.
+
+Enable the modular plug and play (PnP) architecture for your dapp by incorporating the role-based access control (RBAC)
+into the smart contracts.
+
+## Installation
+```
+npm i -D @lazy-sol/access-control-upgradeable
+```
+
+## Further Reading
+See RBAC [README.md](https://github.com/lazy-sol/access-control/blob/master/README.md)
+
+(c) 2017–2024 Basil Gorin

package/contracts/InitializableAccessControl.sol

@@ -0,0 +1,360 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.2;
+
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+
+/**
+ * @title Initializable Role-based Access Control (RBAC) // ERC1967Proxy
+ *
+ * @notice Access control smart contract provides an API to check
+ *      if a specific operation is permitted globally and/or
+ *      if a particular user has a permission to execute it.
+ *
+ * @notice This contract is inherited by other contracts requiring the role-based access control (RBAC)
+ *      protection for the restricted access functions
+ *
+ * @notice It deals with two main entities: features and roles.
+ *
+ * @notice Features are designed to be used to enable/disable public functions
+ *      of the smart contract (used by a wide audience).
+ * @notice User roles are designed to control the access to restricted functions
+ *      of the smart contract (used by a limited set of maintainers).
+ *
+ * @notice Terms "role", "permissions" and "set of permissions" have equal meaning
+ *      in the documentation text and may be used interchangeably.
+ * @notice Terms "permission", "single permission" implies only one permission bit set.
+ *
+ * @notice Access manager is a special role which allows to grant/revoke other roles.
+ *      Access managers can only grant/revoke permissions which they have themselves.
+ *      As an example, access manager with no other roles set can only grant/revoke its own
+ *      access manager permission and nothing else.
+ *
+ * @notice Access manager permission should be treated carefully, as a super admin permission:
+ *      Access manager with even no other permission can interfere with another account by
+ *      granting own access manager permission to it and effectively creating more powerful
+ *      permission set than its own.
+ *
+ * @dev Both current and OpenZeppelin AccessControl implementations feature a similar API
+ *      to check/know "who is allowed to do this thing".
+ * @dev Zeppelin implementation is more flexible:
+ *      - it allows setting unlimited number of roles, while current is limited to 256 different roles
+ *      - it allows setting an admin for each role, while current allows having only one global admin
+ * @dev Current implementation is more lightweight:
+ *      - it uses only 1 bit per role, while Zeppelin uses 256 bits
+ *      - it allows setting up to 256 roles at once, in a single transaction, while Zeppelin allows
+ *        setting only one role in a single transaction
+ *
+ * @dev This smart contract is designed to be inherited by other
+ *      smart contracts which require access control management capabilities.
+ *
+ * @dev Access manager permission has a bit 255 set.
+ *      This bit must not be used by inheriting contracts for any other permissions/features.
+ *
+ * @dev This is an initializable version of the RBAC, based on Zeppelin implementation,
+ *      it can be used for ERC1967 proxies, as well as for EIP-1167 minimal proxies
+ *      see https://docs.openzeppelin.com/contracts/4.x/upgradeable
+ *      see https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable
+ *      see https://forum.openzeppelin.com/t/uups-proxies-tutorial-solidity-javascript/7786
+ *      see https://eips.ethereum.org/EIPS/eip-1167
+ *      see https://docs.openzeppelin.com/contracts/4.x/api/proxy#Clones
+ *
+ * @author Basil Gorin
+ */
+abstract contract InitializableAccessControl is Initializable {
+	/**
+	 * @dev Privileged addresses with defined roles/permissions
+	 * @dev In the context of ERC20/ERC721 tokens these can be permissions to
+	 *      allow minting or burning tokens, transferring on behalf and so on
+	 *
+	 * @dev Maps user address to the permissions bitmask (role), where each bit
+	 *      represents a permission
+	 * @dev Bitmask 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+	 *      represents all possible permissions
+	 * @dev 'This' address mapping represents global features of the smart contract
+	 *
+	 * @dev We keep the mapping private to prevent direct writes to it from the inheriting
+	 *      contracts, `getRole()` and `updateRole()` functions should be used instead
+	 */
+	mapping(address => uint256) private userRoles;
+
+	/**
+	 * @dev Empty reserved space in storage. The size of the __gap array is calculated so that
+	 *      the amount of storage used by a contract always adds up to the 50.
+	 *      See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+	 */
+	uint256[49] private __gap;
+
+	/**
+	 * @notice Access manager is responsible for assigning the roles to users,
+	 *      enabling/disabling global features of the smart contract
+	 * @notice Access manager can add, remove and update user roles,
+	 *      remove and update global features
+	 *
+	 * @dev Role ROLE_ACCESS_MANAGER allows modifying user roles and global features
+	 * @dev Role ROLE_ACCESS_MANAGER has single bit at position 255 enabled
+	 */
+	uint256 public constant ROLE_ACCESS_MANAGER = 0x8000000000000000000000000000000000000000000000000000000000000000;
+
+	/**
+	 * @notice Upgrade manager is responsible for smart contract upgrades,
+	 *      see https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable
+	 *      see https://docs.openzeppelin.com/contracts/4.x/upgradeable
+	 *
+	 * @dev Role ROLE_UPGRADE_MANAGER allows passing the _authorizeUpgrade() check
+	 * @dev Role ROLE_UPGRADE_MANAGER has single bit at position 254 enabled
+	 */
+	uint256 public constant ROLE_UPGRADE_MANAGER = 0x4000000000000000000000000000000000000000000000000000000000000000;
+
+	/**
+	 * @dev Bitmask representing all the possible permissions (super admin role)
+	 * @dev Has all the bits are enabled (2^256 - 1 value)
+	 */
+	uint256 private constant FULL_PRIVILEGES_MASK = type(uint256).max; // before 0.8.0: uint256(-1) overflows to 0xFFFF...
+
+	/**
+	 * @dev Fired in updateRole() and updateFeatures()
+	 *
+	 * @param operator address which was granted/revoked permissions
+	 * @param requested permissions requested
+	 * @param assigned permissions effectively set
+	 */
+	event RoleUpdated(address indexed operator, uint256 requested, uint256 assigned);
+
+	/**
+	 * @notice Function modifier making a function defined as public behave as restricted
+	 *      (so that only a pre-configured set of accounts can execute it)
+	 *
+	 * @param role the role transaction executor is required to have;
+	 *      the function throws an "access denied" exception if this condition is not met
+	 */
+	modifier restrictedTo(uint256 role) {
+		// verify the access permission
+		require(isSenderInRole(role), "access denied");
+
+		// execute the rest of the function
+		_;
+	}
+
+	/**
+	 * @dev Creates/deploys the RBAC implementation to be used in a proxy
+	 *
+	 * @dev Note:
+	 *      the implementation is already initialized and
+	 *      `_postConstruct` is not executable on the implementation
+	 *      `_postConstruct` is still available in the context of a proxy
+	 *      and should be executed on the proxy deployment (in the same tx)
+	 */
+	constructor() initializer {}
+
+	/**
+	 * @dev Contract initializer, sets the contract owner to have full privileges
+	 *
+	 * @dev Can be executed only once, reverts when executed second time
+	 *
+	 * @dev IMPORTANT:
+	 *      this function SHOULD be executed during proxy deployment (in the same transaction)
+	 *
+	 * @param _owner smart contract owner having full privileges, can be zero
+	 * @param _features initial features mask of the contract, can be zero
+	 */
+	function _postConstruct(address _owner, uint256 _features) internal virtual onlyInitializing {
+		// grant owner full privileges
+		__setRole(_owner, FULL_PRIVILEGES_MASK, FULL_PRIVILEGES_MASK);
+		// update initial features bitmask
+		__setRole(address(this), _features, _features);
+	}
+
+	/**
+	 * @dev Highest version that has been initialized.
+	 *      Non-zero value means contract was already initialized.
+	 * @dev see {Initializable}, {reinitializer}.
+	 *
+	 * @return highest version that has been initialized
+	 */
+	function getInitializedVersion() public view returns(uint64) {
+		// delegate to `_getInitializedVersion`
+		return _getInitializedVersion();
+	}
+
+	/**
+	 * @notice Retrieves globally set of features enabled
+	 *
+	 * @dev Effectively reads userRoles role for the contract itself
+	 *
+	 * @return 256-bit bitmask of the features enabled
+	 */
+	function features() public view returns (uint256) {
+		// features are stored in 'this' address mapping of `userRoles`
+		return getRole(address(this));
+	}
+
+	/**
+	 * @notice Updates set of the globally enabled features (`features`),
+	 *      taking into account sender's permissions
+	 *
+	 * @dev Requires transaction sender to have `ROLE_ACCESS_MANAGER` permission
+	 * @dev Function is left for backward compatibility with older versions
+	 *
+	 * @param _mask bitmask representing a set of features to enable/disable
+	 */
+	function updateFeatures(uint256 _mask) public {
+		// delegate call to `updateRole`
+		updateRole(address(this), _mask);
+	}
+
+	/**
+	 * @notice Reads the permissions (role) for a given user from the `userRoles` mapping
+	 *      (privileged addresses with defined roles/permissions)
+	 * @notice In the context of ERC20/ERC721 tokens these can be permissions to
+	 *      allow minting or burning tokens, transferring on behalf and so on
+	 *
+	 * @dev Having a simple getter instead of making the mapping public
+	 *      allows enforcing the encapsulation of the mapping and protects from
+	 *      writing to it directly in the inheriting smart contracts
+	 *
+	 * @param operator address of a user to read permissions for,
+	 *      or self address to read global features of the smart contract
+	 */
+	function getRole(address operator) public view returns(uint256) {
+		// read the value from `userRoles` and return
+		return userRoles[operator];
+	}
+
+	/**
+	 * @notice Updates set of permissions (role) for a given user,
+	 *      taking into account sender's permissions.
+	 *
+	 * @dev Setting role to zero is equivalent to removing an all permissions
+	 * @dev Setting role to `FULL_PRIVILEGES_MASK` is equivalent to
+	 *      copying senders' permissions (role) to the user
+	 * @dev Requires transaction sender to have `ROLE_ACCESS_MANAGER` permission
+	 *
+	 * @param operator address of a user to alter permissions for,
+	 *       or self address to alter global features of the smart contract
+	 * @param role bitmask representing a set of permissions to
+	 *      enable/disable for a user specified
+	 */
+	function updateRole(address operator, uint256 role) public {
+		// caller must have a permission to update user roles
+		require(isSenderInRole(ROLE_ACCESS_MANAGER), "access denied");
+
+		// evaluate the role and reassign it
+		__setRole(operator, role, _evaluateBy(msg.sender, getRole(operator), role));
+	}
+
+	/**
+	 * @notice Determines the permission bitmask an operator can set on the
+	 *      target permission set
+	 * @notice Used to calculate the permission bitmask to be set when requested
+	 *     in `updateRole` and `updateFeatures` functions
+	 *
+	 * @dev Calculated based on:
+	 *      1) operator's own permission set read from userRoles[operator]
+	 *      2) target permission set - what is already set on the target
+	 *      3) desired permission set - what do we want set target to
+	 *
+	 * @dev Corner cases:
+	 *      1) Operator is super admin and its permission set is `FULL_PRIVILEGES_MASK`:
+	 *        `desired` bitset is returned regardless of the `target` permission set value
+	 *        (what operator sets is what they get)
+	 *      2) Operator with no permissions (zero bitset):
+	 *        `target` bitset is returned regardless of the `desired` value
+	 *        (operator has no authority and cannot modify anything)
+	 *
+	 * @dev Example:
+	 *      Consider an operator with the permissions bitmask     00001111
+	 *      is about to modify the target permission set          01010101
+	 *      Operator wants to set that permission set to          00110011
+	 *      Based on their role, an operator has the permissions
+	 *      to update only lowest 4 bits on the target, meaning that
+	 *      high 4 bits of the target set in this example is left
+	 *      unchanged and low 4 bits get changed as desired:      01010011
+	 *
+	 * @param operator address of the contract operator which is about to set the permissions
+	 * @param target input set of permissions to operator is going to modify
+	 * @param desired desired set of permissions operator would like to set
+	 * @return resulting set of permissions given operator will set
+	 */
+	function _evaluateBy(address operator, uint256 target, uint256 desired) internal view returns (uint256) {
+		// read operator's permissions
+		uint256 p = getRole(operator);
+
+		// taking into account operator's permissions,
+		// 1) enable the permissions desired on the `target`
+		target |= p & desired;
+		// 2) disable the permissions desired on the `target`
+		target &= FULL_PRIVILEGES_MASK ^ (p & (FULL_PRIVILEGES_MASK ^ desired));
+
+		// return calculated result
+		return target;
+	}
+
+	/**
+	 * @notice Checks if requested set of features is enabled globally on the contract
+	 *
+	 * @param required set of features to check against
+	 * @return true if all the features requested are enabled, false otherwise
+	 */
+	function isFeatureEnabled(uint256 required) public view returns (bool) {
+		// delegate call to `__hasRole`, passing `features` property
+		return __hasRole(features(), required);
+	}
+
+	/**
+	 * @notice Checks if transaction sender `msg.sender` has all the permissions required
+	 *
+	 * @param required set of permissions (role) to check against
+	 * @return true if all the permissions requested are enabled, false otherwise
+	 */
+	function isSenderInRole(uint256 required) public view returns (bool) {
+		// delegate call to `isOperatorInRole`, passing transaction sender
+		return isOperatorInRole(msg.sender, required);
+	}
+
+	/**
+	 * @notice Checks if operator has all the permissions (role) required
+	 *
+	 * @param operator address of the user to check role for
+	 * @param required set of permissions (role) to check
+	 * @return true if all the permissions requested are enabled, false otherwise
+	 */
+	function isOperatorInRole(address operator, uint256 required) public view returns (bool) {
+		// delegate call to `__hasRole`, passing operator's permissions (role)
+		return __hasRole(getRole(operator), required);
+	}
+
+	/**
+	 * @dev Sets the `assignedRole` role to the operator, logs both `requestedRole` and `actualRole`
+	 *
+	 * @dev Unsafe:
+	 *      provides direct write access to `userRoles` mapping without any security checks,
+	 *      doesn't verify the executor (msg.sender) permissions,
+	 *      must be kept private at all times
+	 *
+	 * @param operator address of a user to alter permissions for,
+	 *       or self address to alter global features of the smart contract
+	 * @param requestedRole bitmask representing a set of permissions requested
+	 *      to be enabled/disabled for a user specified, used only to be logged into event
+	 * @param assignedRole bitmask representing a set of permissions to
+	 *      enable/disable for a user specified, used to update the mapping and to be logged into event
+	 */
+	function __setRole(address operator, uint256 requestedRole, uint256 assignedRole) private {
+		// assign the role to the operator
+		userRoles[operator] = assignedRole;
+
+		// fire an event
+		emit RoleUpdated(operator, requestedRole, assignedRole);
+	}
+
+	/**
+	 * @dev Checks if role `actual` contains all the permissions required `required`
+	 *
+	 * @param actual existent role
+	 * @param required required role
+	 * @return true if actual has required role (all permissions), false otherwise
+	 */
+	function __hasRole(uint256 actual, uint256 required) private pure returns (bool) {
+		// check the bitmask for the role required and return the result
+		return actual & required == required;
+	}
+}

package/contracts/UpgradeableAccessControl.sol

@@ -0,0 +1,80 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.2;
+
+import "./InitializableAccessControl.sol";
+import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
+
+/**
+ * @title Upgradeable Role-based Access Control (RBAC) // ERC1967Proxy
+ *
+ * @notice Access control smart contract provides an API to check
+ *      if a specific operation is permitted globally and/or
+ *      if a particular user has a permission to execute it.
+ *
+ * @notice This contract is inherited by other contracts requiring the role-based access control (RBAC)
+ *      protection for the restricted access functions
+ *
+ * @notice It deals with two main entities: features and roles.
+ *
+ * @notice Features are designed to be used to enable/disable public functions
+ *      of the smart contract (used by a wide audience).
+ * @notice User roles are designed to control the access to restricted functions
+ *      of the smart contract (used by a limited set of maintainers).
+ *
+ * @notice Terms "role", "permissions" and "set of permissions" have equal meaning
+ *      in the documentation text and may be used interchangeably.
+ * @notice Terms "permission", "single permission" implies only one permission bit set.
+ *
+ * @notice Access manager is a special role which allows to grant/revoke other roles.
+ *      Access managers can only grant/revoke permissions which they have themselves.
+ *      As an example, access manager with no other roles set can only grant/revoke its own
+ *      access manager permission and nothing else.
+ *
+ * @notice Access manager permission should be treated carefully, as a super admin permission:
+ *      Access manager with even no other permission can interfere with another account by
+ *      granting own access manager permission to it and effectively creating more powerful
+ *      permission set than its own.
+ *
+ * @dev Both current and OpenZeppelin AccessControl implementations feature a similar API
+ *      to check/know "who is allowed to do this thing".
+ * @dev Zeppelin implementation is more flexible:
+ *      - it allows setting unlimited number of roles, while current is limited to 256 different roles
+ *      - it allows setting an admin for each role, while current allows having only one global admin
+ * @dev Current implementation is more lightweight:
+ *      - it uses only 1 bit per role, while Zeppelin uses 256 bits
+ *      - it allows setting up to 256 roles at once, in a single transaction, while Zeppelin allows
+ *        setting only one role in a single transaction
+ *
+ * @dev This smart contract is designed to be inherited by other
+ *      smart contracts which require access control management capabilities.
+ *
+ * @dev Access manager permission has a bit 255 set.
+ *      This bit must not be used by inheriting contracts for any other permissions/features.
+ *
+ * @dev This is an upgradeable version of the RBAC, based on Zeppelin implementation for ERC1967,
+ *      see https://docs.openzeppelin.com/contracts/4.x/upgradeable
+ *      see https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable
+ *      see https://forum.openzeppelin.com/t/uups-proxies-tutorial-solidity-javascript/7786
+ *
+ * @author Basil Gorin
+ */
+abstract contract UpgradeableAccessControl is InitializableAccessControl, UUPSUpgradeable {
+	/**
+	 * @notice Returns an address of the implementation smart contract,
+	 *      see ERC1967Upgrade._getImplementation()
+	 *
+	 * @return the current implementation address
+	 */
+	function getImplementation() public view virtual returns (address) {
+		// delegate to `ERC1967Upgrade._getImplementation()`
+		return _getImplementation();
+	}
+
+	/**
+	 * @inheritdoc UUPSUpgradeable
+	 */
+	function _authorizeUpgrade(address) internal virtual override {
+		// caller must have a permission to upgrade the contract
+		require(isSenderInRole(ROLE_UPGRADE_MANAGER), "access denied");
+	}
+}

package/contracts/mocks/UpgradeableAccessControlMocks.sol

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.2;
+
+import "../UpgradeableAccessControl.sol";
+
+// Used in UpgradeableAccessControl tests to check if `isSenderInRole` works through the `restrictedTo` modifier
+contract UpgradeableAccessControlMock is UpgradeableAccessControl {
+	uint32 public constant RESTRICTED_ROLE = 1;
+	event Restricted();
+	function restricted() public restrictedTo(RESTRICTED_ROLE) {
+		emit Restricted();
+	}
+}
+
+contract UpgradeableAccessControl1 is UpgradeableAccessControlMock {
+	string public version1;
+
+	function postConstruct(address _owner, uint256 _features) public virtual initializer {
+		_postConstruct(_owner, _features);
+		version1 = "1";
+	}
+}
+
+contract UpgradeableAccessControl2 is UpgradeableAccessControlMock {
+	string public version2;
+
+	function postConstruct(address _owner, uint256 _features) public virtual initializer {
+		_postConstruct(_owner, _features);
+		version2 = "2";
+	}
+}

package/hardhat.config.js

@@ -0,0 +1,82 @@
+/**
+ * default Hardhat configuration which uses account mnemonic to derive accounts
+ */
+
+// Enable Truffle 5 plugin for tests
+// https://hardhat.org/guides/truffle-testing.html
+require("@nomiclabs/hardhat-truffle5");
+
+// enable Solidity-coverage
+// https://hardhat.org/plugins/solidity-coverage.html
+require("solidity-coverage");
+
+// enable hardhat-gas-reporter
+// https://hardhat.org/plugins/hardhat-gas-reporter.html
+require("hardhat-gas-reporter");
+
+// copy compiled Solidity bytecode directly from the NPM dependencies.
+// https://github.com/vgorin/hardhat-dependency-injector
+require("hardhat-dependency-injector");
+
+/**
+ * @type import('hardhat/config').HardhatUserConfig
+ */
+module.exports = {
+	defaultNetwork: "hardhat",
+	networks: {
+		// https://hardhat.org/hardhat-network/
+		hardhat: {
+			// set networkId to 0xeeeb04de as for all local networks
+			chainId: 0xeeeb04de,
+			// set the gas price to one for convenient tx costs calculations in tests
+			// gasPrice: 1,
+			// London hard fork fix: impossible to set gas price lower than baseFeePerGas (875,000,000)
+			initialBaseFeePerGas: 0,
+			accounts: {
+				count: 35,
+			},
+		},
+	},
+
+	// Configure Solidity compiler
+	solidity: {
+		// https://hardhat.org/guides/compile-contracts.html
+		compilers: [
+			{
+				version: "0.8.2",
+				settings: {
+					optimizer: {
+						enabled: true,
+						runs: 200
+					}
+				}
+			},
+		]
+	},
+
+	// Set default mocha options here, use special reporters etc.
+	mocha: {
+		// timeout: 100000,
+
+		// disable mocha timeouts:
+		// https://mochajs.org/api/mocha#enableTimeouts
+		enableTimeouts: false,
+		// https://github.com/mochajs/mocha/issues/3813
+		timeout: false,
+	},
+
+	// hardhat-gas-reporter will be disabled by default, use REPORT_GAS environment variable to enable it
+	// https://hardhat.org/plugins/hardhat-gas-reporter.html
+	gasReporter: {
+		enabled: !!(process.env.REPORT_GAS)
+	},
+
+	// copy compiled Solidity bytecode directly from NPM dependencies
+	// https://github.com/vgorin/hardhat-dependency-injector
+	dependencyInjector: {
+		paths: [
+			// ERC1967 is used to deploy upgradeable contracts
+			"@openzeppelin/contracts/build/contracts/ERC1967Proxy.json",
+		],
+	},
+}