Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/add missing instance functions #585 #645

Merged
merged 21 commits into from
Sep 3, 2024
Merged

Feature/add missing instance functions #585 #645

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
79b7e53
instance no longer nft interceptor
matthiaszimmermann Aug 27, 2024
7bbcf92
add custom role creation
matthiaszimmermann Aug 27, 2024
ad0d5ed
add custom role (de)activation
matthiaszimmermann Aug 28, 2024
9292db0
add role granting
matthiaszimmermann Aug 28, 2024
f4dc0f2
add role revoking
matthiaszimmermann Aug 28, 2024
69709f7
add custom target creation
matthiaszimmermann Aug 28, 2024
27a4521
Merge branch 'develop' into feature/add-missing-instance-functions-585
matthiaszimmermann Aug 28, 2024
528b9f6
reduce InstanceReader size
matthiaszimmermann Aug 28, 2024
440c9e5
refactor (I)(Service)Authorization
matthiaszimmermann Aug 29, 2024
f377053
Merge branch 'develop' into feature/add-missing-instance-functions-585
matthiaszimmermann Aug 30, 2024
df3c77c
all custom targets are created with associated contract roles
matthiaszimmermann Aug 30, 2024
6f2d241
cleanups
matthiaszimmermann Sep 1, 2024
118ba5f
unify *Admin.completeSetup() functions
matthiaszimmermann Sep 1, 2024
e2e958f
fix hh deploy script
matthiaszimmermann Sep 1, 2024
a06f24d
complete custom target locking test cases
matthiaszimmermann Sep 1, 2024
b4e09b3
add IInstance.authorizeFunctions
matthiaszimmermann Sep 2, 2024
260bddf
more develop into feature branch
matthiaszimmermann Sep 2, 2024
44a4322
add unauthorizeFunctions
matthiaszimmermann Sep 2, 2024
2f7bd1b
restructure and comment InstanceReader
matthiaszimmermann Sep 3, 2024
9294f09
amend hh deploy script
matthiaszimmermann Sep 3, 2024
a28dfa0
amend function (un)authorization tests
matthiaszimmermann Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
446 changes: 261 additions & 185 deletions contracts/authorization/AccessAdmin.sol
View file
Open in desktop

Large diffs are not rendered by default.

227 changes: 220 additions & 7 deletions contracts/authorization/AccessAdminLib.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,57 @@ import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/acce
import {IAccess} from "./IAccess.sol";
import {IAccessAdmin} from "./IAccessAdmin.sol";
import {IAuthorization} from "./IAuthorization.sol";
import {IComponent} from "../shared/IComponent.sol";
import {IRegistry} from "../registry/IRegistry.sol";
import {IService} from "../shared/IService.sol";
import {IServiceAuthorization} from "./IServiceAuthorization.sol";

import {ContractLib} from "../shared/ContractLib.sol";
import {ObjectType} from "../type/ObjectType.sol";
import {RoleId} from "../type/RoleId.sol";
import {RoleId, RoleIdLib} from "../type/RoleId.sol";
import {SelectorLib} from "../type/Selector.sol";
import {Str, StrLib} from "../type/String.sol";
import {TimestampLib} from "../type/Timestamp.sol";
import {VersionPart} from "../type/Version.sol";
import {VersionPart, VersionPartLib} from "../type/Version.sol";


library AccessAdminLib { // ACCESS_ADMIN_LIB

string public constant TOKEN_HANDLER_SUFFIX = "Th";
string public constant ROLE_SUFFIX = "_Role";

uint64 public constant SERVICE_DOMAIN_ROLE_FACTOR = 100;
uint64 public constant COMPONENT_ROLE_FACTOR = 1000;
uint64 public constant COMPONENT_ROLE_MAX = 19000;

uint64 public constant CORE_ROLE_MIN = 100;
uint64 public constant SERVICE_ROLE_MIN = 1000; // + service domain * SERVICE_ROLE_FACTOR + release
uint64 public constant SERVICE_ROLE_FACTOR = 1000;
uint64 public constant INSTANCE_ROLE_MIN = 100000;

// MUST match with Authorization.COMPONENT_ROLE_MIN
uint64 public constant COMPONENT_ROLE_MIN = 110000;

uint64 public constant CUSTOM_ROLE_MIN = 1000000;


function getSelectors(
IAccess.FunctionInfo[] memory functions
)
public
pure
returns (
bytes4[] memory selectors
)
{
uint256 n = functions.length;
selectors = new bytes4[](n);
for (uint256 i = 0; i < n; i++) {
selectors[i] = functions[i].selector.toBytes4();
}
}


function checkRoleCreation(
IAccessAdmin accessAdmin,
RoleId roleId,
Expand Down Expand Up @@ -54,6 +92,7 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
}
}


function checkTargetCreation(
IAccessAdmin accessAdmin,
address target,
Expand Down Expand Up @@ -97,7 +136,6 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
revert IAccessAdmin.ErrorAccessAdminTargetAuthorityMismatch(accessAdmin.authority(), targetAuthority);
}
}

}


Expand All @@ -106,6 +144,7 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
address authorization,
ObjectType expectedDomain,
VersionPart expectedRelease,
bool expectServiceAuthorization,
bool checkAlreadyInitialized
)
public
Expand All @@ -118,8 +157,14 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
}

// check contract type matches
if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {
revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
if (expectServiceAuthorization) {
if (!ContractLib.supportsInterface(authorization, type(IServiceAuthorization).interfaceId)) {
revert IAccessAdmin.ErrorAccessAdminNotServiceAuthorization(authorization);
}
} else {
if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {
revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
}
}

// check domain matches
Expand All @@ -144,6 +189,8 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
public
view
{
checkRegistry(registry);

ObjectType tagetType = IRegistry(registry).getObjectInfo(target).objectType;
if (tagetType.eqz()) {
revert IAccessAdmin.ErrorAccessAdminNotRegistered(target);
Expand All @@ -154,7 +201,161 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
}
}

function toRole(RoleId adminRoleId, IAccessAdmin.RoleType roleType, uint32 maxMemberCount, string memory name)

function checkRegistry(
address registry
)
public
view
{
if (!ContractLib.isRegistry(registry)) {
revert IAccessAdmin.ErrorAccessAdminNotRegistry(registry);
}
}


function getServiceRoleId(
address serviceAddress,
IAccess.TargetType serviceTargetType
)
public
view
returns (RoleId serviceRoleId)
{
IService service = IService(serviceAddress);

if (serviceTargetType == IAccess.TargetType.Service) {
return RoleIdLib.toServiceRoleId(service.getDomain(), service.getRelease());
} else if (serviceTargetType == IAccess.TargetType.GenericService) {
return RoleIdLib.toGenericServiceRoleId(service.getDomain());
}

revert IAccessAdmin.ErrorAccessAdminInvalidServiceType(serviceAddress, serviceTargetType);
}


function getVersionedServiceRoleId(
ObjectType serviceDomain,
VersionPart release
)
public
pure
returns (RoleId serviceRoleId)
{
return RoleIdLib.toRoleId(
SERVICE_ROLE_MIN + SERVICE_ROLE_FACTOR * serviceDomain.toInt() + release.toInt());
}


function getGenericServiceRoleId(
ObjectType serviceDomain
)
public
pure
returns (RoleId serviceRoleId)
{
return RoleIdLib.toRoleId(
SERVICE_ROLE_MIN + SERVICE_ROLE_FACTOR * serviceDomain.toInt() + VersionPartLib.releaseMax().toInt());
}


function getCustomRoleId(uint64 index)
public
pure
returns (RoleId customRoleId)
{
return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
}


function isCustomRole(RoleId roleId)
public
pure
returns (bool)
{
return roleId.toInt() >= CUSTOM_ROLE_MIN;
}


function getTargetRoleId(
address target,
IAccess.TargetType targetType,
uint64 index
)
public
view
returns (RoleId targetRoleId)
{
if (targetType == IAccess.TargetType.Core) {
return RoleIdLib.toRoleId(CORE_ROLE_MIN + index);
}

if (targetType == IAccess.TargetType.Service || targetType == IAccess.TargetType.GenericService ) {
return getServiceRoleId(target, targetType);
}

if (targetType == IAccess.TargetType.Instance) {
return RoleIdLib.toRoleId(INSTANCE_ROLE_MIN + index);
}

if (targetType == IAccess.TargetType.Component) {
return RoleIdLib.toRoleId(COMPONENT_ROLE_MIN + index);
}

if (targetType == IAccess.TargetType.Custom) {
return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
}

revert IAccessAdmin.ErrorAccessAdminInvalidTargetType(target, targetType);
}


function getTokenHandler(
address target,
string memory targetName,
IAccess.TargetType targetType
)
public
view
returns (
address tokenHandler,
string memory tokenHandlerName
)
{
// not component or core (we need to check core because of staking)
if (targetType != IAccess.TargetType.Component && targetType != IAccess.TargetType.Core) {
return (address(0), "");
}

// not contract
if (!ContractLib.isContract(target)) {
return (address(0), "");
}

// not component
if (!ContractLib.supportsInterface(target, type(IComponent).interfaceId)) {
return (address(0), "");
}

tokenHandler = address(IComponent(target).getTokenHandler());
tokenHandlerName = string(abi.encodePacked(targetName, TOKEN_HANDLER_SUFFIX));
}


function toRoleName(string memory name) public pure returns (string memory) {
return string(
abi.encodePacked(
name,
ROLE_SUFFIX));
}


function toRole(
RoleId adminRoleId,
IAccessAdmin.RoleType roleType,
uint32 maxMemberCount,
string memory name
)
public
view
returns (IAccess.RoleInfo memory)
Expand All @@ -169,11 +370,23 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
});
}

function toFunction(bytes4 selector, string memory name)

function toFunction(
bytes4 selector,
string memory name
)
public
view
returns (IAccess.FunctionInfo memory)
{
if(selector == bytes4(0)) {
revert IAccessAdmin.ErrorAccessAdminSelectorZero();
}

if(bytes(name).length == 0) {
revert IAccessAdmin.ErrorAccessAdminFunctionNameEmpty();
}

return IAccess.FunctionInfo({
name: StrLib.toStr(name),
selector: SelectorLib.toSelector(selector),
Expand Down
Loading
Loading