@lazy-sol/access-control 1.0.6 → 1.1.1

package/contracts/mocks/AccessControlMock.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity >=0.4.22;
+pragma solidity >=0.8.4;
 
 import "../AccessControl.sol";
 
@@ -11,4 +11,10 @@ contract AccessControlMock is AccessControl {
 	function restricted() public restrictedTo(RESTRICTED_ROLE) {
 		emit Restricted();
 	}
+	function requireSenderInRole(uint256 required) public view {
+		_requireSenderInRole(required);
+	}
+	function requireAccessCondition(bool condition) public pure {
+		_requireAccessCondition(condition);
+	}
 }

package/hardhat.config.js

@@ -453,12 +453,12 @@ function get_endpoint_url(network_name) {
 	// create a key: https://www.alchemy.com/
 	if(process.env.ALCHEMY_KEY) {
 		switch(network_name) {
-			case "mainnet": return "https://eth-mainnet.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
-			case "ropsten": return "https://eth-ropsten.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
-			case "rinkeby": return "https://eth-rinkeby.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
-			case "kovan": return "https://eth-kovan.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
-			case "goerli": return "https://eth-goerli.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
-			case "sepolia": return "https://eth-sepolia.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
+			case "mainnet": return "https://eth-mainnet.g.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
+			case "ropsten": return "https://eth-ropsten.g.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
+			case "rinkeby": return "https://eth-rinkeby.g.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
+			case "kovan": return "https://eth-kovan.g.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
+			case "goerli": return "https://eth-goerli.g.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
+			case "sepolia": return "https://eth-sepolia.g.alchemyapi.io/v2/" + process.env.ALCHEMY_KEY;
 			case "polygon": return "https://polygon-mainnet.g.alchemy.com/v2/" + process.env.ALCHEMY_KEY;
 			case "mumbai": return "https://polygon-mumbai.g.alchemy.com/v2/" + process.env.ALCHEMY_KEY;
 			case "base_mainnet": return "https://base-mainnet.g.alchemy.com/v2/" + process.env.ALCHEMY_KEY;

package/index.js

@@ -9,6 +9,9 @@ const {
 	not,
 } = require("./scripts/include/features_roles");
 
+// RBAC behaviours
+const {behavesLikeRBAC} = require("./test/include/rbac.behaviour");
+
 // Re-export the functions
 module.exports = {
 	ROLE_ACCESS_MANAGER,
@@ -16,4 +19,5 @@ module.exports = {
 	FULL_PRIVILEGES_MASK,
 	or,
 	not,
+	behavesLikeRBAC,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazy-sol/access-control",
-  "version": "1.0.6",
+  "version": "1.1.1",
   "description": "Enable the modular plug and play (PnP) architecture for your dapp by incorporating the role-based access control (RBAC) into the smart contracts",
   "main": "index.js",
   "scripts": {
@@ -21,19 +21,21 @@
   ],
   "author": "Basil Gorin",
   "license": "MIT",
-  "dependencies": {
-    "@lazy-sol/a-missing-gem": "^1.0.9",
-    "@nomiclabs/hardhat-truffle5": "^2.0.7",
-    "hardhat": "^2.22.6",
-    "hardhat-deploy": "^0.11.45"
-  },
   "devDependencies": {
-    "@lazy-sol/zeppelin-test-helpers": "^1.0.1",
+    "@lazy-sol/a-missing-gem": "^1.0.10",
+    "@lazy-sol/zeppelin-test-helpers": "^1.0.5",
+    "@nomiclabs/hardhat-truffle5": "^2.0.7",
+    "hardhat": "^2.22.13",
+    "hardhat-deploy": "^0.11.45",
     "hardhat-gas-reporter": "^1.0.10",
-    "solidity-coverage": "^0.8.12"
+    "solidity-coverage": "^0.8.13"
   },
   "overrides": {
+    "axios": ">=1.7.5",
+    "micromatch": "^4.0.8",
+    "tar": "^6.2.1",
     "tough-cookie": "^4.1.3",
-    "yargs-parser": "^5.0.1"
+    "yargs-parser": "^5.0.1",
+    "ws": "^8.0.0"
   }
 }

package/test/include/deployment_routines.js

@@ -3,23 +3,14 @@
  * (doesn't return any value on successful operation)
  *
  * @param a0 smart contract owner
- * @param H0 initial token holder address
  * @returns USDT ERC20 instance
  */
-async function deploy_usdt(a0, H0 = a0) {
+async function deploy_usdt(a0) {
 	// smart contracts required
 	const USDTContract = artifacts.require("TetherToken");
 
-	// deploy the token
-	const token = await USDTContract.new(0, "Tether USD", "USDT", 6, {from: a0});
-
-	// move the initial supply if required
-	if(H0 !== a0) {
-		await token.transfer(H0, S0, {from: a0});
-	}
-
-	// return the reference
-	return token;
+	// deploy the token and return the reference
+	return await USDTContract.new(0, "Tether USD", "USDT", 6, {from: a0});
 }
 
 /**

package/test/include/rbac.behaviour.js

@@ -15,16 +15,17 @@ const {
 	MAX_UINT256,
 } = constants;
 
-// BN utils
+// BN constants and utilities
 const {
 	random_bn255,
 	random_bn256,
-} = require("@lazy-sol/a-missing-gem/bn_utils");
+} = require("@lazy-sol/a-missing-gem");
 
 // RBAC core features and roles
 const {
 	not,
-	ROLE_ACCESS_MANAGER, FULL_PRIVILEGES_MASK,
+	ROLE_ACCESS_MANAGER,
+	FULL_PRIVILEGES_MASK,
 } = require("../../scripts/include/features_roles");
 
 /**
@@ -40,6 +41,18 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 	const by = a1;
 	const to = a2;
 
+	describe("requireAccessCondition(condition) pure function", function() {
+		let access_control;
+		beforeEach(async function() {
+			access_control = await deployment_fn.call(this, a0, ZERO_ADDRESS, 0);
+		});
+		it("throws if condition is false", async function() {
+			await expectRevert(access_control.requireAccessCondition(false, {from: a0}), "AccessDenied()");
+		});
+		it("succeeds if condition is true", async function() {
+			await access_control.requireAccessCondition(true, {from: a0});
+		});
+	});
 	describe("deployment and initial state", function() {
 		function deploy_and_check(owner, features) {
 			let access_control;
@@ -81,7 +94,7 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 			deploy_and_check(a1, random_bn256());
 		});
 	});
-	describe("when deployed with not initial features", function() {
+	describe("when deployed with no initial features", function() {
 		let access_control;
 		beforeEach(async function() {
 			access_control = await deployment_fn.call(this, a0);
@@ -92,7 +105,7 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 				beforeEach(async function() {
 					await access_control.updateRole(by, ROLE_ACCESS_MANAGER, {from: a0});
 				});
-				describe("when ACCESS_MANAGER has full set of permissions", function() {
+				describe("when ACCESS_MANAGER has the full set of permissions", function() {
 					beforeEach(async function() {
 						await access_control.updateRole(by, MAX_UINT256, {from: a0});
 					});
@@ -271,6 +284,7 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 					it("operator becomes an ACCESS_MANAGER", async function() {
 						expect(await access_control.isOperatorInRole(to, ROLE_ACCESS_MANAGER), "operator").to.be.true;
 						expect(await access_control.isSenderInRole(ROLE_ACCESS_MANAGER, {from: to}), "sender").to.be.true;
+						await access_control.requireSenderInRole(ROLE_ACCESS_MANAGER, {from: to});
 					});
 				});
 				describe("when ACCESS_MANAGER revokes ACCESS_MANAGER permission from itself", function() {
@@ -280,15 +294,16 @@ function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
 					it("operator ceases to be an ACCESS_MANAGER", async function() {
 						expect(await access_control.isOperatorInRole(by, ROLE_ACCESS_MANAGER), "operator").to.be.false;
 						expect(await access_control.isSenderInRole(ROLE_ACCESS_MANAGER, {from: by}), "sender").to.be.false;
+						await expectRevert(access_control.requireSenderInRole(ROLE_ACCESS_MANAGER, {from: to}), "AccessDenied()");
 					});
 				});
 			});
 			describe("otherwise (no ACCESS_MANAGER permission)", function() {
 				it("updateFeatures reverts", async function() {
-					await expectRevert(access_control.updateFeatures(1, {from: by}), "access denied");
+					await expectRevert(access_control.updateFeatures(1, {from: by}), "AccessDenied()");
 				});
 				it("updateRole reverts", async function() {
-					await expectRevert(access_control.updateRole(to, 1, {from: by}), "access denied");
+					await expectRevert(access_control.updateRole(to, 1, {from: by}), "AccessDenied()");
 				});
 			});
 		}

package/test/ownable_to_rbac_adapter.js

@@ -72,7 +72,7 @@ contract("OwnableToAccessControlAdapter tests", function(accounts) {
 					from: a1,
 					to: adapter.address,
 					data: target.contract.methods.transferOwnership(a2).encodeABI(),
-				}), "access denied");
+				}), "AccessDenied()");
 			});
 			describe("once an account has authorization to execute transferOwnership function", function() {
 				beforeEach(async function() {

package/test/ownable_to_rbac_adapter_rbac.js

@@ -43,12 +43,12 @@ contract("OwnableToAccessControlAdapter: RBAC tests", function(accounts) {
 			({target, adapter} = await deploy_ownable_to_ac_adapter(a0));
 		});
 
-		it("it is impossible to configure the access role from unauthorized account", async function() {
+		it("it is impossible to configure the access role from an unauthorized account", async function() {
 			const operator = a1;
 			await adapter.updateRole(operator, not(ROLE_ACCESS_ROLES_MANAGER), {from: a0});
-			await expectRevert(adapter.updateAccessRole("1", 1, {from: operator}), "access denied");
+			await expectRevert(adapter.updateAccessRole("1", 1, {from: operator}), "AccessDenied()");
 		});
-		it("it is possible to configure the access role from authorized account", async function() {
+		it("it is possible to configure the access role from the authorized account", async function() {
 			const operator = a1;
 			await adapter.updateRole(operator, ROLE_ACCESS_ROLES_MANAGER, {from: a0});
 			adapter.updateAccessRole("1", 1, {from: operator});

package/test/rbac_modifier.js

@@ -38,7 +38,7 @@ contract('AccessControl (RBAC) "restrictedTo" Modifier tests', function(accounts
 			access_control = await deploy_access_control(a0);
 		});
 		it("function protected with restrictedTo modifier fails when run not by an admin", async function() {
-			await expectRevert(access_control.restricted({from: a1}), "access denied");
+			await expectRevert(access_control.restricted({from: a1}), "AccessDenied()");
 		});
 		describe("function protected with restrictedTo modifier succeeds when run by admin", async function() {
 			let receipt;