Added missing storage backets for access folder (#141)

* added missing storage backets for access folder

* typo

* order of layout consistency

* bump version to 3.0.2

---------

Co-authored-by: Kyryl R <kyryl.ryabov@gmail.com>

Author: aritkulova

contracts/access/AMerkleWhitelisted.sol

@@ -20,7 +20,13 @@ import {MerkleProof} from "@openzeppelin/contracts/utils/cryptography/MerkleProo
 abstract contract AMerkleWhitelisted {
     using MerkleProof for bytes32[];
 
-    bytes32 private _merkleRoot;
+    struct AMerkleWhitelistedStorage {
+        bytes32 merkleRoot;
+    }
+
+    // bytes32(uint256(keccak256("solarity.contract.AMerkleWhitelisted")) - 1)
+    bytes32 private constant A_MERKLE_WHITELISTED_STORAGE =
+        0x655e174042e5ffc37fc1cb8b514e651c61ae9bb4dd4f6ce06d8f229ee9767b24;
 
     error LeafNotWhitelisted(bytes data);
     error UserNotWhitelisted(address user);
@@ -40,7 +46,9 @@ abstract contract AMerkleWhitelisted {
      * @return the current Merkle root or zero bytes if it has not been set
      */
     function getMerkleRoot() public view returns (bytes32) {
-        return _merkleRoot;
+        AMerkleWhitelistedStorage storage $ = _getAMerkleWhitelistedStorage();
+
+        return $.merkleRoot;
     }
 
     /**
@@ -53,7 +61,9 @@ abstract contract AMerkleWhitelisted {
         bytes32 leaf_,
         bytes32[] memory merkleProof_
     ) internal view returns (bool) {
-        return merkleProof_.verify(_merkleRoot, leaf_);
+        AMerkleWhitelistedStorage storage $ = _getAMerkleWhitelistedStorage();
+
+        return merkleProof_.verify($.merkleRoot, leaf_);
     }
 
     /**
@@ -74,6 +84,21 @@ abstract contract AMerkleWhitelisted {
      * @param merkleRoot_ the Merkle root to be set
      */
     function _setMerkleRoot(bytes32 merkleRoot_) internal {
-        _merkleRoot = merkleRoot_;
+        AMerkleWhitelistedStorage storage $ = _getAMerkleWhitelistedStorage();
+
+        $.merkleRoot = merkleRoot_;
+    }
+
+    /**
+     * @dev Returns a pointer to the storage namespace
+     */
+    function _getAMerkleWhitelistedStorage()
+        private
+        pure
+        returns (AMerkleWhitelistedStorage storage $)
+    {
+        assembly {
+            $.slot := A_MERKLE_WHITELISTED_STORAGE
+        }
     }
 }

contracts/access/AMultiOwnable.sol

@@ -26,7 +26,13 @@ abstract contract AMultiOwnable is IMultiOwnable, Initializable {
     using TypeCaster for address;
     using SetHelper for EnumerableSet.AddressSet;
 
-    EnumerableSet.AddressSet private _owners;
+    struct AMultiOwnableStorage {
+        EnumerableSet.AddressSet owners;
+    }
+
+    // bytes32(uint256(keccak256("solarity.contract.AMultiOwnable")) - 1)
+    bytes32 private constant A_MULTI_OWNABLE_STORAGE =
+        0x54985b7dba18117ef28d5d113b6eab9fb186b92b1987f5efdadbc365eb2a5cba;
 
     error InvalidOwner();
     error UnauthorizedAccount(address account);
@@ -83,7 +89,9 @@ abstract contract AMultiOwnable is IMultiOwnable, Initializable {
      * @return the list of current owners
      */
     function getOwners() public view override returns (address[] memory) {
-        return _owners.values();
+        AMultiOwnableStorage storage $ = _getAMultiOwnableStorage();
+
+        return $.owners.values();
     }
 
     /**
@@ -92,7 +100,9 @@ abstract contract AMultiOwnable is IMultiOwnable, Initializable {
      * @return true if address_ is owner, false otherwise
      */
     function isOwner(address address_) public view override returns (bool) {
-        return _owners.contains(address_);
+        AMultiOwnableStorage storage $ = _getAMultiOwnableStorage();
+
+        return $.owners.contains(address_);
     }
 
     /**
@@ -101,9 +111,11 @@ abstract contract AMultiOwnable is IMultiOwnable, Initializable {
      * @param newOwners_ the array of addresses to add to _owners
      */
     function _addOwners(address[] memory newOwners_) private {
-        _owners.add(newOwners_);
+        AMultiOwnableStorage storage $ = _getAMultiOwnableStorage();
+
+        $.owners.add(newOwners_);
 
-        if (_owners.contains(address(0))) revert InvalidOwner();
+        if ($.owners.contains(address(0))) revert InvalidOwner();
 
         emit OwnersAdded(newOwners_);
     }
@@ -118,7 +130,9 @@ abstract contract AMultiOwnable is IMultiOwnable, Initializable {
      * @param oldOwners_ the array of addresses to remove from _owners
      */
     function _removeOwners(address[] memory oldOwners_) private {
-        _owners.remove(oldOwners_);
+        AMultiOwnableStorage storage $ = _getAMultiOwnableStorage();
+
+        $.owners.remove(oldOwners_);
 
         emit OwnersRemoved(oldOwners_);
     }
@@ -129,4 +143,13 @@ abstract contract AMultiOwnable is IMultiOwnable, Initializable {
     function _checkOwner() private view {
         if (!isOwner(msg.sender)) revert UnauthorizedAccount(msg.sender);
     }
+
+    /**
+     * @dev Returns a pointer to the storage namespace
+     */
+    function _getAMultiOwnableStorage() private pure returns (AMultiOwnableStorage storage $) {
+        assembly {
+            $.slot := A_MULTI_OWNABLE_STORAGE
+        }
+    }
 }

contracts/access/ARBAC.sol

@@ -35,6 +35,12 @@ abstract contract ARBAC is IRBAC, Initializable {
     using SetHelper for DynamicSet.StringSet;
     using TypeCaster for string;
 
+    struct ARBACStorage {
+        mapping(string => mapping(bool => mapping(string => DynamicSet.StringSet))) rolePermissions;
+        mapping(string => mapping(bool => DynamicSet.StringSet)) roleResources;
+        mapping(address => DynamicSet.StringSet) userRoles;
+    }
+
     string public constant MASTER_ROLE = "MASTER";
 
     string public constant ALL_RESOURCE = "*";
@@ -47,11 +53,9 @@ abstract contract ARBAC is IRBAC, Initializable {
 
     string public constant RBAC_RESOURCE = "RBAC_RESOURCE";
 
-    mapping(string => mapping(bool => mapping(string => DynamicSet.StringSet)))
-        private _rolePermissions;
-    mapping(string => mapping(bool => DynamicSet.StringSet)) private _roleResources;
-
-    mapping(address => DynamicSet.StringSet) private _userRoles;
+    // bytes32(uint256(keccak256("solarity.contract.ARBAC")) - 1)
+    bytes32 private constant A_RBAC_STORAGE =
+        0xf2ad3663acdafb41a6feebdd394e5d1d04767a13f9432491d7491e61819b106e;
 
     error EmptyRoles();
     error NoPermissionForResource(address account, string permission, string resource);
@@ -145,7 +149,9 @@ abstract contract ARBAC is IRBAC, Initializable {
      * @return roles_ the roles of the user
      */
     function getUserRoles(address who_) public view override returns (string[] memory roles_) {
-        return _userRoles[who_].values();
+        ARBACStorage storage $ = _getARBACStorage();
+
+        return $.userRoles[who_].values();
     }
 
     /**
@@ -165,13 +171,15 @@ abstract contract ARBAC is IRBAC, Initializable {
             ResourceWithPermissions[] memory disallowed_
         )
     {
-        DynamicSet.StringSet storage _allowedResources = _roleResources[role_][true];
-        DynamicSet.StringSet storage _disallowedResources = _roleResources[role_][false];
+        ARBACStorage storage $ = _getARBACStorage();
+
+        DynamicSet.StringSet storage _allowedResources = $.roleResources[role_][true];
+        DynamicSet.StringSet storage _disallowedResources = $.roleResources[role_][false];
 
-        mapping(string => DynamicSet.StringSet) storage _allowedPermissions = _rolePermissions[
+        mapping(string => DynamicSet.StringSet) storage _allowedPermissions = $.rolePermissions[
             role_
         ][true];
-        mapping(string => DynamicSet.StringSet) storage _disallowedPermissions = _rolePermissions[
+        mapping(string => DynamicSet.StringSet) storage _disallowedPermissions = $.rolePermissions[
             role_
         ][false];
 
@@ -224,7 +232,9 @@ abstract contract ARBAC is IRBAC, Initializable {
      * @param rolesToGrant_ the roles to grant
      */
     function _grantRoles(address to_, string[] memory rolesToGrant_) internal {
-        _userRoles[to_].add(rolesToGrant_);
+        ARBACStorage storage $ = _getARBACStorage();
+
+        $.userRoles[to_].add(rolesToGrant_);
 
         emit GrantedRoles(to_, rolesToGrant_);
     }
@@ -235,7 +245,9 @@ abstract contract ARBAC is IRBAC, Initializable {
      * @param rolesToRevoke_ the roles to revoke
      */
     function _revokeRoles(address from_, string[] memory rolesToRevoke_) internal {
-        _userRoles[from_].remove(rolesToRevoke_);
+        ARBACStorage storage $ = _getARBACStorage();
+
+        $.userRoles[from_].remove(rolesToRevoke_);
 
         emit RevokedRoles(from_, rolesToRevoke_);
     }
@@ -253,8 +265,10 @@ abstract contract ARBAC is IRBAC, Initializable {
         string[] memory permissionsToAdd_,
         bool allowed_
     ) internal {
-        DynamicSet.StringSet storage _resources = _roleResources[role_][allowed_];
-        DynamicSet.StringSet storage _permissions = _rolePermissions[role_][allowed_][
+        ARBACStorage storage $ = _getARBACStorage();
+
+        DynamicSet.StringSet storage _resources = $.roleResources[role_][allowed_];
+        DynamicSet.StringSet storage _permissions = $.rolePermissions[role_][allowed_][
             resourceToAdd_
         ];
 
@@ -277,8 +291,10 @@ abstract contract ARBAC is IRBAC, Initializable {
         string[] memory permissionsToRemove_,
         bool allowed_
     ) internal {
-        DynamicSet.StringSet storage _resources = _roleResources[role_][allowed_];
-        DynamicSet.StringSet storage _permissions = _rolePermissions[role_][allowed_][
+        ARBACStorage storage $ = _getARBACStorage();
+
+        DynamicSet.StringSet storage _resources = $.roleResources[role_][allowed_];
+        DynamicSet.StringSet storage _permissions = $.rolePermissions[role_][allowed_][
             resourceToRemove_
         ];
 
@@ -303,7 +319,11 @@ abstract contract ARBAC is IRBAC, Initializable {
         string memory resource_,
         string memory permission_
     ) internal view returns (bool) {
-        mapping(string => DynamicSet.StringSet) storage _resources = _rolePermissions[role_][true];
+        ARBACStorage storage $ = _getARBACStorage();
+
+        mapping(string => DynamicSet.StringSet) storage _resources = $.rolePermissions[role_][
+            true
+        ];
 
         DynamicSet.StringSet storage _allAllowed = _resources[ALL_RESOURCE];
         DynamicSet.StringSet storage _allowed = _resources[resource_];
@@ -326,7 +346,9 @@ abstract contract ARBAC is IRBAC, Initializable {
         string memory resource_,
         string memory permission_
     ) internal view returns (bool) {
-        mapping(string => DynamicSet.StringSet) storage _resources = _rolePermissions[role_][
+        ARBACStorage storage $ = _getARBACStorage();
+
+        mapping(string => DynamicSet.StringSet) storage _resources = $.rolePermissions[role_][
             false
         ];
 
@@ -338,4 +360,13 @@ abstract contract ARBAC is IRBAC, Initializable {
             _disallowed.contains(ALL_PERMISSION) ||
             _disallowed.contains(permission_));
     }
+
+    /**
+     * @dev Returns a pointer to the storage namespace
+     */
+    function _getARBACStorage() private pure returns (ARBACStorage storage $) {
+        assembly {
+            $.slot := A_RBAC_STORAGE
+        }
+    }
 }