npm - @lazy-sol/access-control-upgradeable - Versions diffs - 1.1.0 → 1.1.2 - Mend

@lazy-sol/access-control-upgradeable 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md +2 -0
package/README.md +38 -13
package/contracts/InitializableAccessControlCore.sol +5 -2
package/package.json +6 -7
package/test/include/rbac.behaviour.js +18 -9

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,5 @@
+v1.1.2: do not enable full privileges to zero address on contract initialization
 v1.1.0: Contact Size Optimizations
 - __Breaking Change:__ Solidity 0.8.4 is now required to compile the contracts (previously was 0.8.2).

package/README.md CHANGED Viewed

@@ -68,7 +68,7 @@ features and roles. Usually, smart contracts use different values for all the fe
 next section).
 Access manager may revoke its own permissions, including the bit 255. Eventually that allows an access manager to let
-the smart contract “float freely” and be controlled only by the community (via DAO) or by no one at all.
+the smart contract “float freely” and be controlled only by the community (via the DAO) or by no one at all.
 ## Comparing with OpenZeppelin
@@ -76,7 +76,7 @@ Both our and OpenZeppelin Access Control implementations feature a similar API t
 thing".
 Zeppelin implementation is more flexible:
-* it allows setting unlimited number of roles, while current is limited to 256 different roles
+* it allows setting an unlimited number of roles, while current is limited to 256 different roles
 * it allows setting an admin for each role, while current allows having only one global admin
 Our implementation is more lightweight:
@@ -120,11 +120,11 @@ npm i -D @lazy-sol/access-control-upgradeable
 Restricted function is a function with a `public` Solidity modifier access to which is restricted
 so that only a pre-configured set of accounts can execute it.
-1. Enable role-based access control (RBAC) in a new smart contract
-   by inheriting the RBAC contract from the [AccessControl](./contracts/UpgradeableAccessControl.sol) contract:
+1.  Enable role-based access control (RBAC) in a new smart contract
+    by inheriting the RBAC contract from the [UpgradeableAccessControlCore](./contracts/UpgradeableAccessControlCore.sol) contract:
     ```solidity
     import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
-    import "@lazy-sol/access-control/contracts/UpgradeableAccessControl.sol";
+    import "@lazy-sol/access-control/contracts/UpgradeableAccessControlCore.sol";
     /**
      * @title Simple ERC20 Implementation (Upgreadable)
@@ -133,29 +133,29 @@ so that only a pre-configured set of accounts can execute it.
      *
      * @author Lazy So[u]l
      */
-    contract MyUpgradeableERC20Token is ERC20Upgradeable, UpgradeableAccessControl {
+    contract MyUpgradeableERC20Token is ERC20Upgradeable, UpgradeableAccessControlCore {
         ...
     }
     ```
-2. Define an access control role with the unique integer value:
+2.  Define an access control role with the unique integer value:
     ```solidity
         ...
         /**
          * @notice Token creator is responsible for creating (minting)
-         tokens to an arbitrary address
+         *      tokens to an arbitrary address
          * @dev Role ROLE_TOKEN_CREATOR allows minting tokens
-         (calling `mint` function)
+         *      (calling `mint` function)
          */
         uint32 public constant ROLE_TOKEN_CREATOR = 0x0001_0000;
         ...
     ```
-3. Add the `require(isSenderInRole(ROLE_TOKEN_CREATOR), "access denied")"` check into the function body:
+3.  Add the `_requireSenderInRole(ROLE_TOKEN_CREATOR)` check into the function body:
     ```solidity
         ...
@@ -164,7 +164,7 @@ so that only a pre-configured set of accounts can execute it.
          */
         function _mint(address _to, uint256 _value) internal virtual override {
             // check if caller has sufficient permissions to mint tokens
-            require(isSenderInRole(ROLE_TOKEN_CREATOR), "access denied");
+            _requireSenderInRole(ROLE_TOKEN_CREATOR);
             // delegate to super implementation
             super._mint(_to, _value);
@@ -173,8 +173,8 @@ so that only a pre-configured set of accounts can execute it.
         ...
     ```
-   Note: you could also use the `restrictedTo` modifier in the function declaration instead of the `require`
-   in the function body if you don't need a custom error message:
+    Note: it is also possible to use the `restrictedTo` modifier in the function declaration instead of the `require`
+    in the function body if this better suits the coding style:
     ```solidity
         ...
@@ -189,6 +189,31 @@ so that only a pre-configured set of accounts can execute it.
         ...
     ```
+### Customizing the Error Message
+Modifier `restrictedTo()`, internal functions `_requireSenderInRole()` and `_requireAccessCondition()` throw the
+`AccessDenied` denied error when access check fails.
+It is also possible to use your own custom errors or string messages if needed by leveraging a lower level boolean
+functions `_isSenderInRole()` and `_isOperatorInRole()`:
+```solidity
+    ...
+    /**
+     * @inheritdoc ERC20Upgradeable
+     */
+    function _mint(address _to, uint256 _value) internal virtual override {
+        // check if caller has sufficient permissions to mint tokens
+        require(_isSenderInRole(ROLE_TOKEN_CREATOR), "access denied");
+        // delegate to super implementation
+        super._mint(_to, _value);
+    }
+    ...
+```
 Examples:
 [AdvancedERC20](https://raw.githubusercontent.com/lazy-sol/advanced-erc20/master/contracts/token/AdvancedERC20.sol),
 [ERC20v1](https://raw.githubusercontent.com/vgorin/solidity-template/master/contracts/token/upgradeable/ERC20v1.sol),

package/contracts/InitializableAccessControlCore.sol CHANGED Viewed

@@ -174,8 +174,11 @@ abstract contract InitializableAccessControlCore is Initializable {
 	 * @param _features initial features mask of the contract, can be zero
 	 */
 	function _postConstruct(address _owner, uint256 _features) internal virtual onlyInitializing {
-		// grant owner full privileges
-		__setRole(_owner, FULL_PRIVILEGES_MASK, FULL_PRIVILEGES_MASK);
+		// if there is a request to set owner (zero address owner means no owner)
+		if(_owner != address(0)) {
+			// grant owner full privileges
+			__setRole(_owner, FULL_PRIVILEGES_MASK, FULL_PRIVILEGES_MASK);
+		}
 		// update initial features bitmask
 		__setRole(address(this), _features, _features);
 	}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lazy-sol/access-control-upgradeable",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "description": "Enable the modular plug and play (PnP) architecture for your dapp by incorporating the role-based access control (RBAC) into the smart contracts",
   "main": "index.js",
   "scripts": {
@@ -22,15 +22,14 @@
   "author": "Basil Gorin",
   "license": "MIT",
   "dependencies": {
-    "@lazy-sol/a-missing-gem": "^1.0.9",
-    "@nomiclabs/hardhat-truffle5": "^2.0.7",
-    "@openzeppelin/contracts-upgradeable": "^4.9.6",
-    "hardhat": "^2.22.9",
-    "hardhat-deploy": "^0.11.45"
+    "@openzeppelin/contracts-upgradeable": "4.9.6"
   },
   "devDependencies": {
+    "@lazy-sol/a-missing-gem": "^1.0.11",
     "@lazy-sol/zeppelin-test-helpers": "^1.0.5",
-    "@openzeppelin/contracts": "^4.9.6",
+    "@nomiclabs/hardhat-truffle5": "^2.0.7",
+    "@openzeppelin/contracts": "4.9.6",
+    "hardhat": "^2.22.13",
     "hardhat-dependency-injector": "^1.0.1",
     "hardhat-gas-reporter": "^1.0.10",
     "solidity-coverage": "^0.8.13"

package/test/include/rbac.behaviour.js CHANGED Viewed

@@ -59,13 +59,15 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 			beforeEach(async function() {
 				access_control = await deployment_fn.call(this, a0, owner, features);
 			});
-			it('"RoleUpdated(owner)" event is emitted correctly', async function() {
-				await expectEvent.inConstruction(access_control, "RoleUpdated", {
-					operator: owner,
-					requested: FULL_PRIVILEGES_MASK,
-					assigned: FULL_PRIVILEGES_MASK,
+			if(owner !== ZERO_ADDRESS) {
+				it('"RoleUpdated(owner)" event is emitted correctly', async function() {
+					await expectEvent.inConstruction(access_control, "RoleUpdated", {
+						operator: owner,
+						requested: FULL_PRIVILEGES_MASK,
+						assigned: FULL_PRIVILEGES_MASK,
+					});
 				});
-			});
+			}
 			it('"RoleUpdated(this)" event is emitted correctly', async function() {
 				await expectEvent.inConstruction(access_control, "RoleUpdated", {
 					operator: access_control.address,
@@ -73,9 +75,16 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 					assigned: features,
 				});
 			});
-			it("owners' role is set correctly", async function() {
-				expect(await access_control.getRole(owner)).to.be.bignumber.that.equals(FULL_PRIVILEGES_MASK);
-			});
+			if(owner !== ZERO_ADDRESS) {
+				it("owners' role is set correctly", async function() {
+					expect(await access_control.getRole(owner)).to.be.bignumber.that.equals(FULL_PRIVILEGES_MASK);
+				});
+			}
+			else {
+				it("owners' role is not set", async function() {
+					expect(await access_control.getRole(owner)).to.be.bignumber.that.equals("0");
+				});
+			}
 			it("features are set correctly", async function() {
 				expect(await access_control.features()).to.be.bignumber.that.equals(features);
 			});