ACL: Multiple enhancements #584
Conversation
facuspagnuolo
force-pushed
the
acl_enhancements
branch
from
4aede0d
to
438c85b
Compare
facuspagnuolo
force-pushed
the
acl_enhancements
branch
from
438c85b
to
4141b29
Compare
facuspagnuolo
force-pushed
the
acl_enhancements
branch
from
4141b29
to
b140996
Compare
| @@ -227,8 +227,8 @@ contract ACL is IACL, TimeHelpers, AragonApp, ACLHelpers { | |||
| * @param _role Identifier for a group of actions in app | |||
| * @return address of the manager for the permission | |||
| */ | |||
| function getPermissionManager(address _app, bytes32 _role) public view returns (address) { | |||
| return permissionManager[roleHash(_app, _role)]; | |||
| function getPermissionManager(address _app, bytes32 _role) external view returns (address) { | |||
There was a problem hiding this comment.
What’s the reason for this change?
There was a problem hiding this comment.
I'm proposing to avoid having public functions and provide both external and internal functions instead so we reduce gas costs when using these
There was a problem hiding this comment.
How do you reduce gas costs? Unless the compiler with optimizations enabled decides to inline the internal method, which not only is kind of uncertain but also would increase the bytecode size, I don’t understand the gas benefit of doing it this way.
There was a problem hiding this comment.
I think in this case we don't get any gas savings; IIRC you only get them with dynamically sized calldata parameters on external interfaces.
But I don't mind forcing anything we don't use internally to be external anyway—the idea of making something easy to inherit has come and gone, I think.
There was a problem hiding this comment.
I agree if we don’t use it internally, but this function we do use it, so I don’t see the point. I don’t think there is gas saving here.
| // TODO: this should be external | ||
| // See https://github.com/ethereum/solidity/issues/4832 | ||
| function hasPermission(address who, address where, bytes32 what, bytes how) public view returns (bool); | ||
| function hasPermission(address who, address where, bytes32 what, bytes how) external view returns (bool); |
There was a problem hiding this comment.
I’m not aware of any app inheriting from here (other than ACL here), so I guess it’s fine, but this may break them.
There was a problem hiding this comment.
I think this will be released as a major version so I think we can introduce breaking changes
| @@ -15,27 +15,27 @@ contract ACLHelper { | |||
|
|
|||
|
|
|||
| contract AcceptOracle is IACLOracle { | |||
| function canPerform(address, address, bytes32, uint256[]) external view returns (bool) { | |||
| function canPerform(address, address, address, bytes32, uint256[]) external view returns (bool) { | |||
There was a problem hiding this comment.
I wonder, does it make sense to assign an ACL Oracle with anything else than ANY_ENTITY? Because otherwise we could keep only one param and send the real sender instead of ANY_ENTITY in _hasPermission.
There was a problem hiding this comment.
does it make sense to assign an ACL Oracle with anything else than
ANY_ENTITY?
Probably it doesn't, but I wouldn't assume that.
There was a problem hiding this comment.
Contrived, but you could assign a specific entity (e.g. an Agent) from not performing something via the ACL Oracle.
This could, for example, be used to disallow the AN DAO from changing court values too steeply.
There was a problem hiding this comment.
I don’t get it: so would you assign the permission to the Agent instead of ANY_ENTITY? Then only the agent would be able to call the function protected by the ACL Oracle, right?
There was a problem hiding this comment.
But if you assign the role to a particular entity (Agent for instance), what do you want the new address param for?
There was a problem hiding this comment.
Right, attending to the initial question:
Because otherwise we could keep only one param and send the real sender
It is contrived, but I consider the old behaviour as "not a bug" specifically because your ACL Oracle could behave differently if it was defined to be completely open for ANY_ADDRESS vs. specific to an address.
There was a problem hiding this comment.
Hm, that makes ACL Oracles even more complex and harder to understand.
There was a problem hiding this comment.
Agreed—in this case, it was a couple of different concerns:
- This information about the
ANY_ENTITYgrantee was available in the old version - We needed a different function signature so any combination of ACLv1, ACLv2, ACLOracleV1, and ACLOracleV2 could work together (assuming the app implemented both)
| @@ -227,8 +227,8 @@ contract ACL is IACL, TimeHelpers, AragonApp, ACLHelpers { | |||
| * @param _role Identifier for a group of actions in app | |||
| * @return address of the manager for the permission | |||
| */ | |||
| function getPermissionManager(address _app, bytes32 _role) public view returns (address) { | |||
| return permissionManager[roleHash(_app, _role)]; | |||
| function getPermissionManager(address _app, bytes32 _role) external view returns (address) { | |||
There was a problem hiding this comment.
I think in this case we don't get any gas savings; IIRC you only get them with dynamically sized calldata parameters on external interfaces.
But I don't mind forcing anything we don't use internally to be external anyway—the idea of making something easy to inherit has come and gone, I think.
Co-authored-by: Brett Sun <qisheng.brett.sun@gmail.com>
|
@sohkai addressed your comments! Let me know your thoughts! |
This reverts commit a70d806.
Fixes #582
This PR includes:
external+internaloverpublicfunctionsANY_ENTITY