Permission Manager + Gen. Improvements

TogetherCrew · Aug 30, 2024 · 5f56b9c · 5f56b9c
1 parent 49232d1
commit 5f56b9c
Show file tree

Hide file tree

Showing 27 changed files with 307,755 additions and 260 deletions.
diff --git a/contracts/IOIDPermissionManager.sol b/contracts/IOIDPermissionManager.sol
@@ -2,15 +2,14 @@
 pragma solidity 0.8.26;
 
 interface IOIDPermissionManager {
-    event PermissionUpdated(string hash, address account, bool granted);
-    event PermissionDeleted(string hash, address account, bool granted);
+    event PermissionUpdated(bytes32 uid, address account, bool granted);
 
-    function grantPermission(string memory hash, address account) external;
+    function grantPermission(bytes32 uid, address account) external;
 
-    function revokePermission(string memory hash, address account) external;
+    function revokePermission(bytes32 uid, address account) external;
 
     function hasPermission(
-        string memory hash,
+        bytes32 uid,
         address account
     ) external view returns (bool);
 }
diff --git a/contracts/OIDPermissionManager.sol b/contracts/OIDPermissionManager.sol
@@ -2,25 +2,73 @@
 pragma solidity 0.8.26;
 
 import {IOIDPermissionManager} from "./IOIDPermissionManager.sol";
+import {AccessManaged} from "@openzeppelin/contracts/access/manager/AccessManaged.sol";
+import {IEAS} from "@ethereum-attestation-service/eas-contracts/contracts/IEAS.sol";
+import {Attestation} from "@ethereum-attestation-service/eas-contracts/contracts/Common.sol";
+import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
 
-contract OIDPermissionManager is IOIDPermissionManager {
-    mapping(string => mapping(address => bool)) private permissions;
+contract OIDPermissionManager is IOIDPermissionManager, AccessManaged {
+    error UnauthorizedAccess(address caller);
 
-    function grantPermission(string memory hash, address account) external {
-        permissions[hash][account] = true;
+    IEAS internal immutable _eas;
+
+    mapping(bytes32 => mapping(address => bool)) private permissions;
+
+    constructor(
+        address initialAuthority,
+        IEAS initialEAS
+    ) AccessManaged(initialAuthority) {
+        _eas = initialEAS;
     }
 
-    function revokePermission(
-        string memory hash,
-        address account
-    ) external override {
-        permissions[hash][account] = false;
+    function grantPermission(bytes32 uid, address account) external {
+        _checkValid(uid);
+        permissions[uid][account] = true;
+        emit PermissionUpdated(uid, account, true);
+    }
+
+    function revokePermission(bytes32 uid, address account) external override {
+        _checkValid(uid);
+        permissions[uid][account] = false;
+        emit PermissionUpdated(uid, account, false);
     }
 
     function hasPermission(
-        string memory hash,
+        bytes32 uid,
         address account
     ) external view override returns (bool) {
-        return permissions[hash][account];
+        Attestation memory attestation = _eas.getAttestation(uid);
+
+        if (attestation.revocationTime == 0) {
+            return permissions[uid][account];
+        } else {
+            return false;
+        }
+    }
+
+    function eas() external view returns (IEAS) {
+        return _eas;
     }
+
+    function _checkValid(bytes32 uid) internal view {
+        bool valid = _isAttestationRecipient(uid) || _isPermissionManager();
+
+        if (!valid) {
+            revert UnauthorizedAccess(msg.sender);
+        }
+    }
+
+    function _isAttestationRecipient(bytes32 uid) internal view returns (bool) {
+        Attestation memory attestation = _eas.getAttestation(uid);
+        return attestation.recipient == msg.sender;
+    }
+
+    function _isPermissionManager() internal view returns (bool) {
+        (bool isMember, ) = IAccessManager(authority()).hasRole(3, msg.sender);
+        return isMember;
+    }
+
+    // function _isApplication(address account) internal view returns (bool) {
+    //     return msg.sender == account;
+    // }
 }
diff --git a/contracts/OIDResolver.sol b/contracts/OIDResolver.sol
@@ -47,7 +47,7 @@ contract OIDResolver is SchemaResolver, AccessManagedUpgradeable {
     }
 
     function _checkAttester(address attester) internal virtual {
-        (bool isMember, ) = IAccessManager(authority()).hasRole(1, attester);
+        (bool isMember, ) = IAccessManager(authority()).hasRole(2, attester);
         if (!isMember) {
             revert UnauthorizedAttester(attester);
         }

diff --git a/hardhat.config.ts b/hardhat.config.ts
@@ -1,7 +1,10 @@
-import type { HardhatUserConfig } from "hardhat/config";
+import { type HardhatUserConfig, vars } from "hardhat/config";
 import "@nomicfoundation/hardhat-toolbox-viem";
 import "@nomiclabs/hardhat-solhint";
 
+const PRIVATE_KEY = vars.get("PRIVATE_KEY");
+const ETHERSCAN_API_KEY = vars.get("ETHERSCAN_API_KEY");
+
 const config: HardhatUserConfig = {
 	solidity: {
 		version: "0.8.26",
@@ -12,6 +15,17 @@ const config: HardhatUserConfig = {
 			},
 		},
 	},
+	networks: {
+		sepolia: {
+			accounts: [PRIVATE_KEY],
+			url: "https://ethereum-sepolia-rpc.publicnode.com",
+		},
+	},
+	etherscan: {
+		apiKey: {
+			sepolia: ETHERSCAN_API_KEY,
+		},
+	},
 };
 
 export default config;
diff --git a/ignition/deployments/chain-11155111/artifacts/ApplicationManager#ApplicationManager.dbg.json b/ignition/deployments/chain-11155111/artifacts/ApplicationManager#ApplicationManager.dbg.json
@@ -0,0 +1,4 @@
+{
+  "_format": "hh-sol-dbg-1",
+  "buildInfo": "../build-info/5d1461235de972b5fe7fd5bc1d8b2915.json"
+}