-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathSelectorAccessControl.sol
83 lines (72 loc) · 3.44 KB
/
SelectorAccessControl.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// SPDX-License-Identifier: GPL-2.0-or-later
pragma solidity ^0.8.0;
import {ContextUpgradeable} from "openzeppelin-contracts-upgradeable/utils/ContextUpgradeable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-contracts-upgradeable/access/extensions/AccessControlEnumerableUpgradeable.sol";
import {
AccessControlUpgradeable,
IAccessControl
} from "openzeppelin-contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {EVCUtil} from "ethereum-vault-connector/utils/EVCUtil.sol";
/// @title SelectorAccessControl
/// @custom:security-contact security@euler.xyz
/// @author Euler Labs (https://www.eulerlabs.com/)
/// @notice A utility contract with the EVC support that allows for access control based on specific selectors.
abstract contract SelectorAccessControl is EVCUtil, AccessControlEnumerableUpgradeable {
/// @notice The wildcard for all selectors. A caller with this role can call any function selector.
bytes32 public constant WILD_CARD = bytes32(type(uint256).max);
/// @notice Constructor for SelectorAccessControl
/// @param evc The address of the Ethereum Vault Connector (EVC)
/// @param admin The address to be granted the DEFAULT_ADMIN_ROLE
constructor(address evc, address admin) EVCUtil(evc) {
_grantRole(DEFAULT_ADMIN_ROLE, admin);
_disableInitializers();
}
/// @notice Initializes the contract, setting up the admin role
/// @param admin The address to be granted the DEFAULT_ADMIN_ROLE
function initialize(address admin) public initializer {
_grantRole(DEFAULT_ADMIN_ROLE, admin);
}
/// @dev Grants `role` to `account`.
function grantRole(bytes32 role, address account)
public
virtual
override (AccessControlUpgradeable, IAccessControl)
onlyEVCAccountOwner
{
super.grantRole(role, account);
}
/// @dev Revokes `role` from `account`.
function revokeRole(bytes32 role, address account)
public
virtual
override (AccessControlUpgradeable, IAccessControl)
onlyEVCAccountOwner
{
super.revokeRole(role, account);
}
/// @dev Revokes `role` from the calling account.
function renounceRole(bytes32 role, address callerConfirmation)
public
virtual
override (AccessControlUpgradeable, IAccessControl)
onlyEVCAccountOwner
{
super.renounceRole(role, callerConfirmation);
}
/// @notice Authenticates the caller based on their role and the function selector called
/// @dev Checks if the caller has either the wildcard role or the specific role for the current function selector
/// @dev If the caller doesn't have the required role, it reverts with a NotAuthorized error
function _authenticateCaller() internal view virtual {
address msgSender = _msgSender();
// Don't revert if whitelisted for wildcard or specific selector
if (!hasRole(WILD_CARD, msgSender) && !hasRole(msg.sig, msgSender)) revert NotAuthorized();
}
/// @notice Retrieves the message sender in the context of the EVC.
/// @dev This function returns the account on behalf of which the current operation is being performed, which is
/// either msg.sender or the account authenticated by the EVC.
/// @return The address of the message sender.
function _msgSender() internal view virtual override (EVCUtil, ContextUpgradeable) returns (address) {
return EVCUtil._msgSender();
}
}