/
AccessManagementSystem.sol
96 lines (78 loc) · 3.67 KB
/
AccessManagementSystem.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.21;
import { System } from "../../../System.sol";
import { AccessControl } from "../../../AccessControl.sol";
import { ResourceId } from "../../../WorldResourceId.sol";
import { ResourceAccess } from "../../../codegen/tables/ResourceAccess.sol";
import { NamespaceOwner } from "../../../codegen/tables/NamespaceOwner.sol";
import { validateNamespace } from "../../../validateNamespace.sol";
import { LimitedCallContext } from "../LimitedCallContext.sol";
/**
* @title Access Management System
* @dev This contract manages the granting and revoking of access from/to resources.
*/
contract AccessManagementSystem is System, LimitedCallContext {
/**
* @notice Grant access to the resource at the given resource ID.
* @dev Requires the caller to own the namespace.
* @param resourceId The ID of the resource to grant access to.
* @param grantee The address to which access should be granted.
*/
function grantAccess(ResourceId resourceId, address grantee) public virtual onlyDelegatecall {
// Require the resource to exist
AccessControl.requireExistence(resourceId);
// Require the caller to own the namespace
AccessControl.requireOwner(resourceId, _msgSender());
// Grant access to the given resource
ResourceAccess._set(resourceId, grantee, true);
}
/**
* @notice Revoke access from the resource at the given resource ID.
* @dev Requires the caller to own the namespace.
* @param resourceId The ID of the resource to revoke access from.
* @param grantee The address from which access should be revoked.
*/
function revokeAccess(ResourceId resourceId, address grantee) public virtual onlyDelegatecall {
// Require the caller to own the namespace
AccessControl.requireOwner(resourceId, _msgSender());
// Revoke access from the given resource
ResourceAccess._deleteRecord(resourceId, grantee);
}
/**
* @notice Transfer ownership of the given namespace to newOwner and manages the access.
* @dev Requires the caller to own the namespace. Revoke ResourceAccess for previous owner and grant to newOwner.
* @param namespaceId The ID of the namespace to transfer ownership.
* @param newOwner The address to which ownership should be transferred.
*/
function transferOwnership(ResourceId namespaceId, address newOwner) public virtual onlyDelegatecall {
// Require the namespace ID to be a valid namespace
validateNamespace(namespaceId);
// Require the namespace to exist
AccessControl.requireExistence(namespaceId);
// Require the caller to own the namespace
AccessControl.requireOwner(namespaceId, _msgSender());
// Set namespace new owner
NamespaceOwner._set(namespaceId, newOwner);
// Revoke access from old owner
ResourceAccess._deleteRecord(namespaceId, _msgSender());
// Grant access to new owner
ResourceAccess._set(namespaceId, newOwner, true);
}
/**
* @notice Renounces ownership of the given namespace
* @dev Requires the caller to own the namespace. Revoke ResourceAccess for previous owner
* @param namespaceId The ID of the namespace to transfer ownership.
*/
function renounceOwnership(ResourceId namespaceId) public virtual onlyDelegatecall {
// Require the namespace ID to be a valid namespace
validateNamespace(namespaceId);
// Require the namespace to exist
AccessControl.requireExistence(namespaceId);
// Require the caller to own the namespace
AccessControl.requireOwner(namespaceId, _msgSender());
// Delete namespace owner
NamespaceOwner._deleteRecord(namespaceId);
// Revoke access from old owner
ResourceAccess._deleteRecord(namespaceId, _msgSender());
}
}