/
Permissions.sol
214 lines (189 loc) · 6.37 KB
/
Permissions.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.8.4;
import "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
import "./IPermissions.sol";
/// @title Access control module for Core
/// @author Fei Protocol
contract Permissions is IPermissions, AccessControlEnumerable {
bytes32 public constant override BURNER_ROLE = keccak256("BURNER_ROLE");
bytes32 public constant override MINTER_ROLE = keccak256("MINTER_ROLE");
bytes32 public constant override PCV_CONTROLLER_ROLE =
keccak256("PCV_CONTROLLER_ROLE");
bytes32 public constant override GOVERN_ROLE = keccak256("GOVERN_ROLE");
bytes32 public constant override GUARDIAN_ROLE = keccak256("GUARDIAN_ROLE");
constructor() {
// Appointed as a governor so guardian can have indirect access to revoke ability
_setupGovernor(address(this));
_setRoleAdmin(MINTER_ROLE, GOVERN_ROLE);
_setRoleAdmin(BURNER_ROLE, GOVERN_ROLE);
_setRoleAdmin(PCV_CONTROLLER_ROLE, GOVERN_ROLE);
_setRoleAdmin(GOVERN_ROLE, GOVERN_ROLE);
_setRoleAdmin(GUARDIAN_ROLE, GOVERN_ROLE);
}
modifier onlyGovernor() {
require(
isGovernor(msg.sender),
"Permissions: Caller is not a governor"
);
_;
}
modifier onlyGuardian() {
require(
isGuardian(msg.sender),
"Permissions: Caller is not a guardian"
);
_;
}
/// @notice creates a new role to be maintained
/// @param role the new role id
/// @param adminRole the admin role id for `role`
/// @dev can also be used to update admin of existing role
function createRole(bytes32 role, bytes32 adminRole)
external
override
onlyGovernor
{
_setRoleAdmin(role, adminRole);
}
/// @notice grants minter role to address
/// @param minter new minter
function grantMinter(address minter) external override onlyGovernor {
grantRole(MINTER_ROLE, minter);
}
/// @notice grants burner role to address
/// @param burner new burner
function grantBurner(address burner) external override onlyGovernor {
grantRole(BURNER_ROLE, burner);
}
/// @notice grants controller role to address
/// @param pcvController new controller
function grantPCVController(address pcvController)
external
override
onlyGovernor
{
grantRole(PCV_CONTROLLER_ROLE, pcvController);
}
/// @notice grants governor role to address
/// @param governor new governor
function grantGovernor(address governor) external override onlyGovernor {
grantRole(GOVERN_ROLE, governor);
}
/// @notice grants guardian role to address
/// @param guardian new guardian
function grantGuardian(address guardian) external override onlyGovernor {
grantRole(GUARDIAN_ROLE, guardian);
}
/// @notice revokes minter role from address
/// @param minter ex minter
function revokeMinter(address minter) external override onlyGovernor {
revokeRole(MINTER_ROLE, minter);
}
/// @notice revokes burner role from address
/// @param burner ex burner
function revokeBurner(address burner) external override onlyGovernor {
revokeRole(BURNER_ROLE, burner);
}
/// @notice revokes pcvController role from address
/// @param pcvController ex pcvController
function revokePCVController(address pcvController)
external
override
onlyGovernor
{
revokeRole(PCV_CONTROLLER_ROLE, pcvController);
}
/// @notice revokes governor role from address
/// @param governor ex governor
function revokeGovernor(address governor) external override onlyGovernor {
revokeRole(GOVERN_ROLE, governor);
}
/// @notice revokes guardian role from address
/// @param guardian ex guardian
function revokeGuardian(address guardian) external override onlyGovernor {
revokeRole(GUARDIAN_ROLE, guardian);
}
/// @notice revokes a role from address
/// @param role the role to revoke
/// @param account the address to revoke the role from
function revokeOverride(bytes32 role, address account)
external
override
onlyGuardian
{
require(
role != GOVERN_ROLE,
"Permissions: Guardian cannot revoke governor"
);
// External call because this contract is appointed as a governor and has access to revoke
this.revokeRole(role, account);
}
/// @notice checks if address is a minter
/// @param _address address to check
/// @return true _address is a minter
// only virtual for testing mock override
function isMinter(address _address)
external
view
virtual
override
returns (bool)
{
return hasRole(MINTER_ROLE, _address);
}
/// @notice checks if address is a burner
/// @param _address address to check
/// @return true _address is a burner
// only virtual for testing mock override
function isBurner(address _address)
external
view
virtual
override
returns (bool)
{
return hasRole(BURNER_ROLE, _address);
}
/// @notice checks if address is a controller
/// @param _address address to check
/// @return true _address is a controller
// only virtual for testing mock override
function isPCVController(address _address)
external
view
virtual
override
returns (bool)
{
return hasRole(PCV_CONTROLLER_ROLE, _address);
}
/// @notice checks if address is a governor
/// @param _address address to check
/// @return true _address is a governor
// only virtual for testing mock override
function isGovernor(address _address)
public
view
virtual
override
returns (bool)
{
return hasRole(GOVERN_ROLE, _address);
}
/// @notice checks if address is a guardian
/// @param _address address to check
/// @return true _address is a guardian
// only virtual for testing mock override
function isGuardian(address _address)
public
view
virtual
override
returns (bool)
{
return hasRole(GUARDIAN_ROLE, _address);
}
function _setupGovernor(address governor) internal {
_setupRole(GOVERN_ROLE, governor);
}
}