Diamond Access Control (#89)

* init ac

* added tests

* added require

* cosmetic

Author: dovgopoly

contracts/diamond/access/DiamondAccessControl.sol

@@ -0,0 +1,141 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.4;
+
+import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
+
+import {DiamondAccessControlStorage, IAccessControl} from "./DiamondAccessControlStorage.sol";
+
+/**
+ * @notice The Diamond standard module
+ *
+ * This is modified version of OpenZeppelin's AccessControl contract to be used as a Storage contract
+ * by the Diamond Standard.
+ */
+abstract contract DiamondAccessControl is DiamondAccessControlStorage {
+    /**
+     * @dev Modifier that checks that an account has a specific role. Reverts
+     * with a standardized message including the required role.
+     *
+     * The format of the revert reason is given by the following regular expression:
+     *
+     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
+     */
+    modifier onlyRole(bytes32 role_) {
+        _checkRole(role_);
+        _;
+    }
+
+    /**
+     * @notice Sets `DEFAULT_ADMIN_ROLE` to `msg.sender`
+     */
+    function __DiamondAccessControl_init()
+        internal
+        onlyInitializing(DIAMOND_ACCESS_CONTROL_STORAGE_SLOT)
+    {
+        _grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
+    }
+
+    /**
+     * @inheritdoc IAccessControl
+     */
+    function grantRole(
+        bytes32 role_,
+        address account_
+    ) public virtual override onlyRole(getRoleAdmin(role_)) {
+        _grantRole(role_, account_);
+    }
+
+    /**
+     * @inheritdoc IAccessControl
+     */
+    function revokeRole(
+        bytes32 role_,
+        address account_
+    ) public virtual override onlyRole(getRoleAdmin(role_)) {
+        _revokeRole(role_, account_);
+    }
+
+    /**
+     * @inheritdoc IAccessControl
+     */
+    function renounceRole(bytes32 role_, address account_) public virtual override {
+        require(account_ == msg.sender, "AccessControl: can only renounce roles for self");
+
+        _revokeRole(role_, account_);
+    }
+
+    /**
+     * @dev Sets `adminRole` as ``role``'s admin role.
+     *
+     * Emits a {RoleAdminChanged} event.
+     */
+    function _setRoleAdmin(bytes32 role_, bytes32 adminRole_) internal virtual {
+        bytes32 previousAdminRole_ = getRoleAdmin(role_);
+
+        _getAccessControlStorage().roles[role_].adminRole = adminRole_;
+
+        emit RoleAdminChanged(role_, previousAdminRole_, adminRole_);
+    }
+
+    /**
+     * @dev Grants `role` to `account`.
+     *
+     * Internal function without access restriction.
+     *
+     * May emit a {RoleGranted} event.
+     */
+    function _grantRole(bytes32 role_, address account_) internal virtual {
+        require(!hasRole(role_, account_), "AccessControl: role is granted");
+
+        _getAccessControlStorage().roles[role_].members[account_] = true;
+
+        emit RoleGranted(role_, account_, msg.sender);
+    }
+
+    /**
+     * @dev Revokes `role` from `account`.
+     *
+     * Internal function without access restriction.
+     *
+     * May emit a {RoleRevoked} event.
+     */
+    function _revokeRole(bytes32 role_, address account_) internal virtual {
+        require(hasRole(role_, account_), "AccessControl: role is not granted");
+
+        _getAccessControlStorage().roles[role_].members[account_] = false;
+
+        emit RoleRevoked(role_, account_, msg.sender);
+    }
+
+    /**
+     * @dev Revert with a standard message if `_msgSender()` is missing `role`.
+     * Overriding this function changes the behavior of the {onlyRole} modifier.
+     *
+     * Format of the revert message is described in {_checkRole}.
+     */
+    function _checkRole(bytes32 role_) internal view virtual {
+        _checkRole(role_, msg.sender);
+    }
+
+    /**_
+     * @dev Revert with a standard message if `account` is missing `role`.
+     *
+     * The format of the revert reason is given by the following regular expression:
+     *
+     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
+     */
+    function _checkRole(bytes32 role_, address account_) internal view virtual {
+        if (!hasRole(role_, account_)) {
+            revert(
+                string(
+                    abi.encodePacked(
+                        "AccessControl: account ",
+                        Strings.toHexString(account_),
+                        " is missing role ",
+                        Strings.toHexString(uint256(role_), 32)
+                    )
+                )
+            );
+        }
+    }
+}

contracts/diamond/access/DiamondAccessControlStorage.sol

@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.4;
+
+import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
+
+import {InitializableStorage} from "../utils/InitializableStorage.sol";
+
+/**
+ * @notice The Diamond standard module
+ *
+ * This is an AccessControl Storage contract with Diamond Standard support
+ */
+abstract contract DiamondAccessControlStorage is IAccessControl, InitializableStorage {
+    bytes32 public constant DIAMOND_ACCESS_CONTROL_STORAGE_SLOT =
+        keccak256("diamond.standard.diamond.access.control.storage");
+
+    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
+
+    struct RoleData {
+        mapping(address => bool) members;
+        bytes32 adminRole;
+    }
+
+    struct DACStorage {
+        mapping(bytes32 => RoleData) roles;
+    }
+
+    function _getAccessControlStorage() internal pure returns (DACStorage storage _dacStorage) {
+        bytes32 slot_ = DIAMOND_ACCESS_CONTROL_STORAGE_SLOT;
+
+        assembly {
+            _dacStorage.slot := slot_
+        }
+    }
+
+    /**
+     * @inheritdoc IAccessControl
+     */
+    function hasRole(bytes32 role_, address account_) public view virtual override returns (bool) {
+        return _getAccessControlStorage().roles[role_].members[account_];
+    }
+
+    /**
+     * @inheritdoc IAccessControl
+     */
+    function getRoleAdmin(bytes32 role_) public view virtual override returns (bytes32) {
+        return _getAccessControlStorage().roles[role_].adminRole;
+    }
+}

contracts/mock/diamond/access/DiamondAccessControlMock.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.4;
+
+import {DiamondAccessControl} from "../../../diamond/access/DiamondAccessControl.sol";
+
+contract DiamondAccessControlMock is DiamondAccessControl {
+    bytes32 public constant AGENT_ROLE = bytes32(uint256(0x01));
+
+    function __DiamondAccessControlDirect_init() external {
+        __DiamondAccessControl_init();
+    }
+
+    function __DiamondAccessControlMock_init()
+        external
+        initializer(DIAMOND_ACCESS_CONTROL_STORAGE_SLOT)
+    {
+        __DiamondAccessControl_init();
+    }
+
+    function setRoleAdmin(
+        bytes32 role_,
+        bytes32 adminRole_
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
+        _setRoleAdmin(role_, adminRole_);
+    }
+}

contracts/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solarity/solidity-lib",
-  "version": "2.6.18",
+  "version": "2.6.19",
   "license": "MIT",
   "author": "Distributed Lab",
   "readme": "README.md",

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@solarity/solidity-lib",
-  "version": "2.6.18",
+  "version": "2.6.19",
   "license": "MIT",
   "author": "Distributed Lab",
   "description": "Solidity Library by Distributed Lab",