Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amend TokenHandler Authz #612

Merged
merged 5 commits into from
Aug 21, 2024
Merged

Amend TokenHandler Authz #612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
227e43e
refactor (I)Authorization and depending contracts
matthiaszimmermann Aug 19, 2024
d34631f
TokenHandler token push/pull function refactoring
matthiaszimmermann Aug 19, 2024
74dc552
initialize token handler approval to amount max at component registra…
matthiaszimmermann Aug 20, 2024
cb8b9fe
enable tokenhandler authorization for setWallet, approve, pullToken
matthiaszimmermann Aug 20, 2024
e70e16c
enable tokenhandler authorization for pushToken, fix #505
matthiaszimmermann Aug 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 47 additions & 17 deletions contracts/authorization/AccessAdmin.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@
}


function __AccessAdmin_init(

Check warning on line 136 in contracts/authorization/AccessAdmin.sol

View workflow job for this annotation

GitHub Actions / Build and test (Hardhat) 

Function name must be in mixedCase
AccessManagerCloneable authority
)
internal
Expand Down Expand Up @@ -199,7 +199,7 @@
internal
virtual
onlyInitializing()
{ }

Check warning on line 202 in contracts/authorization/AccessAdmin.sol

View workflow job for this annotation

GitHub Actions / Build and test (Hardhat) 

Code contains empty blocks

//--- view functions for roles ------------------------------------------//

Expand Down Expand Up @@ -344,15 +344,18 @@
revert ErrorAuthorizeForAdminRoleInvalid(target);
}

bool addFunctions = true;
bytes4[] memory functionSelectors = _processFunctionSelectors(target, functions, addFunctions);
(
bytes4[] memory functionSelectors,
string[] memory functionNames
) = _processFunctionSelectors(target, functions, true);

// apply authz via access manager
_grantRoleAccessToFunctions(
target,
roleId,
functionSelectors,
false); // allowLockedRoles
functionSelectors,
functionNames,
false); // allow locked roles
}

function _unauthorizeTargetFunctions(
Expand All @@ -361,14 +364,17 @@
)
internal
{
bool addFunctions = false;
bytes4[] memory functionSelectors = _processFunctionSelectors(target, functions, addFunctions);
(
bytes4[] memory functionSelectors,
string[] memory functionNames
) = _processFunctionSelectors(target, functions, false);

_grantRoleAccessToFunctions(
target,
getAdminRole(),
functionSelectors,
true); // allowLockedRoles
functionNames,
true); // allowLockedRoles
}

function _processFunctionSelectors(
Expand All @@ -379,11 +385,13 @@
internal
onlyExistingTarget(target)
returns (
bytes4[] memory functionSelectors
bytes4[] memory functionSelectors,
string[] memory functionNames
)
{
uint256 n = functions.length;
functionSelectors = new bytes4[](n);
functionNames = new string[](n);
FunctionInfo memory func;
Selector selector;

Expand All @@ -400,6 +408,7 @@

// add bytes4 selector to function selector array
functionSelectors[i] = selector.toBytes4();
functionNames[i] = func.name.toString();
}
}

Expand All @@ -408,18 +417,27 @@
address target,
RoleId roleId,
bytes4[] memory functionSelectors,
string[] memory functionNames,
bool allowLockedRoles // admin and public roles are locked
)
internal
onlyExistingTarget(target)
onlyExistingRole(roleId, true, allowLockedRoles)
{

_authority.setTargetFunctionRole(
target,
functionSelectors,
RoleId.unwrap(roleId));

// implizit logging: rely on OpenZeppelin log TargetFunctionRoleUpdated
for (uint256 i = 0; i < functionSelectors.length; i++) {
emit LogAccessAdminFunctionGranted(
target,
// _getAccountName(target),
// string(abi.encodePacked("", functionSelectors[i])),
functionNames[i],
_getRoleName(roleId));
}
}


Expand Down Expand Up @@ -448,7 +466,7 @@
account,
0);

// indirect logging: rely on OpenZeppelin log RoleGranted
emit LogAccessAdminRoleGranted(account, _getRoleName(roleId));
}

/// @dev revoke the specified role from the provided account
Expand All @@ -468,7 +486,7 @@
RoleId.unwrap(roleId),
account);

// indirect logging: rely on OpenZeppelin log RoleGranted
emit LogAccessAdminRoleRevoked(account, _roleInfo[roleId].name.toString());
}


Expand Down Expand Up @@ -527,7 +545,7 @@
// add role to list of roles
_roleIds.push(roleId);

emit LogRoleCreated(roleId, info.roleType, info.adminRoleId, info.name.toString());
emit LogAccessAdminRoleCreated(roleId, info.roleType, info.adminRoleId, info.name.toString());
}


Expand Down Expand Up @@ -586,7 +604,7 @@
// add role to list of roles
_targets.push(target);

emit LogTargetCreated(target, targetName);
emit LogAccessAdminTargetCreated(target, targetName);
}


Expand Down Expand Up @@ -620,6 +638,21 @@
_authority.setTargetClosed(target, locked);
}

function _getAccountName(address account) internal view returns (string memory) {
if (targetExists(account)) {
return _targetInfo[account].name.toString();
}
return "<unknown-account>";
}


function _getRoleName(RoleId roleId) internal view returns (string memory) {
if (roleExists(roleId)) {
return _roleInfo[roleId].name.toString();
}
return "<unknown-role>";
}


function _checkRoleExists(
RoleId roleId,
Expand All @@ -633,10 +666,7 @@
}

uint64 roleIdInt = RoleId.unwrap(roleId);
if (roleIdInt == _authority.ADMIN_ROLE())
// TODO cleanup
//|| roleIdInt == _authority.PUBLIC_ROLE()) prevents granting of public role
{
if (roleIdInt == _authority.ADMIN_ROLE()) {
revert ErrorRoleIsLocked(roleId);
}

Expand Down
Loading
Loading