Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: use context-based role assignments to implement the permission model #19

Draft
wants to merge 19 commits into
base: main
Choose a base branch
from
Draft

feat: use context-based role assignments to implement the permission model #19

Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
8d429e3
feat: more powerful access control base contract
hiddentao Feb 23, 2025
2fa2d2e
refactor: port existing code over to using new access control base
hiddentao Feb 23, 2025
d473e38
feat: name wrapper registry utilising new ACL system
hiddentao Feb 23, 2025
ae0012b
refactor: better method names
hiddentao Feb 23, 2025
67ed76d
feat: generate token id context so that we can keep role assignments …
hiddentao Feb 23, 2025
6b722d0
refactor: use a flag for transfer locks instead
hiddentao Feb 23, 2025
13fd262
test: grantRole return value
hiddentao Feb 23, 2025
8a76088
fix: allowOwnerToRenew is to be called by the emancipator
hiddentao Feb 23, 2025
8739269
refactor: improvements based on review feedback
hiddentao Feb 25, 2025
33b75e4
refactor: updates based on feedback
hiddentao Feb 25, 2025
1f15b51
refactor: simplify roles by introducing role groups
hiddentao Feb 26, 2025
e9d4c9e
refactor: renamed context to resource
hiddentao Feb 28, 2025
4f0cb04
refactor: acl roles are now a 256-bit bitmap and set against context
hiddentao Mar 5, 2025
8bbed09
feat: can revoke all roles for user within a context and copy roles f…
hiddentao Mar 5, 2025
be3a052
chore: work towards new acl system
hiddentao Mar 5, 2025
28c9213
fix: tests for new acl
hiddentao Mar 6, 2025
9610d25
refactor: simplify acl to allow for easy role bitmap construction
hiddentao Mar 6, 2025
74c865b
refactor: eth registry now works with new roles arch
hiddentao Mar 7, 2025
c55304e
chore: rewrote name wrapper for new scheme
hiddentao Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
refactor: use a flag for transfer locks instead
  • Loading branch information
@hiddentao
hiddentao committed Feb 23, 2025
commit 6b722d0497bb218b307be4854e5bacef1707d5bc
21 changes: 13 additions & 8 deletions contracts/src/registry/NameWrapperRegistry.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,21 @@ contract NameWrapperRegistry is PermissionedRegistry, EnhancedAccessControl {
bytes32 public constant REGISTRAR_ROLE = keccak256("REGISTRAR_ROLE");
bytes32 public constant EMANCIPATOR_ROLE = keccak256("EMANCIPATOR_ROLE");
bytes32 public constant EMANCIPATED_OWNER_ROLE = keccak256("EMANCIPATED_OWNER_ROLE");
bytes32 public constant TRANSFER_ROLE = keccak256("TRANSFER_ROLE");
bytes32 public constant RENEW_ROLE = keccak256("RENEW_ROLE");

error NameAlreadyRegistered(string label);
error NameExpired(uint256 tokenId);
error CannotReduceExpiration(uint64 oldExpiration, uint64 newExpiration);
event NameRenewed(uint256 indexed tokenId, uint64 newExpiration, address renewedBy);
error NameTransferLocked(uint256 tokenId);

/**
* @dev Prevents a name from being transferred.
*
* We use a boolean for this instead of roles due to the added complexity of dealing with
* ERC1155 approved operators if we were to use roles instead.
*/
mapping(bytes32 tokenIdContext => bool locked) private transferLock;

constructor(IRegistryDatastore _datastore) PermissionedRegistry(_datastore) {
_grantRole(ROOT_CONTEXT, DEFAULT_ADMIN_ROLE, msg.sender);
Expand Down Expand Up @@ -71,7 +79,6 @@ contract NameWrapperRegistry is PermissionedRegistry, EnhancedAccessControl {
bytes32 tokenIdContext = _tokenIdContext(tokenId);
_grantRole(tokenIdContext, RENEW_ROLE, msg.sender);
_grantRole(tokenIdContext, EMANCIPATOR_ROLE, msg.sender);
_grantRole(tokenIdContext, TRANSFER_ROLE, owner); // allow the owner to transfer the name

emit NewSubname(label);
return tokenId;
Expand Down Expand Up @@ -132,7 +139,7 @@ contract NameWrapperRegistry is PermissionedRegistry, EnhancedAccessControl {
*/
function lockTransfers(uint256 tokenId) public onlyRole(_tokenIdContext(tokenId), EMANCIPATED_OWNER_ROLE) {
bytes32 tokenIdContext = _tokenIdContext(tokenId);
_revokeRoleAssignments(tokenIdContext, TRANSFER_ROLE);
transferLock[tokenIdContext] = true;
}

/**
Expand Down Expand Up @@ -207,11 +214,9 @@ contract NameWrapperRegistry is PermissionedRegistry, EnhancedAccessControl {
// if it's not a mint or burn, check that transfer is possible
if (to != address(0) && from != address(0)) {
for (uint256 i = 0; i < ids.length; i++) {
_checkRole(_tokenIdContext(ids[i]), TRANSFER_ROLE, operator);

// TODO: transfer all roles to the new owner if operator is current owner
// we probably need to do this at the ERC1155 base class level since we also need to do this for
// batch approvals etc.
if (transferLock[_tokenIdContext(ids[i])]) {
revert NameTransferLocked(ids[i]);
}
}
}

Expand Down
Loading