mirror
/
openzeppelin-contracts
mirror of https://github.com/OpenZeppelin/openzeppelin-contracts
2
1
Fork 1
Code Issues Releases Wiki Activity
mirror of openzeppelin-contracts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3506 Commits
56 Branches
139 Tags
72 MiB
 
 
 
 
 
Tag: Branch: Tree: 920225a1c7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '920225a1c7'
${ noResults }
openzeppelin-contracts/test/access/manager/AccessManager.test.js

2432 lines
104 KiB
Raw Blame History

const { ethers } = require('hardhat');
const { expect } = require('chai');
const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers');
const { impersonate } = require('../../helpers/account');
const { MAX_UINT48 } = require('../../helpers/constants');
const { selector } = require('../../helpers/methods');
const time = require('../../helpers/time');
const {
buildBaseRoles,
formatAccess,
EXPIRATION,
MINSETBACK,
EXECUTION_ID_STORAGE_SLOT,
CONSUMING_SCHEDULE_STORAGE_SLOT,
prepareOperation,
hashOperation,
} = require('../../helpers/access-manager');
const {
shouldBehaveLikeDelayedAdminOperation,
shouldBehaveLikeNotDelayedAdminOperation,
shouldBehaveLikeRoleAdminOperation,
shouldBehaveLikeAManagedRestrictedOperation,
} = require('./AccessManager.behavior');
const {
LIKE_COMMON_SCHEDULABLE,
testAsClosable,
testAsDelay,
testAsSchedulableOperation,
testAsCanCall,
testAsHasRole,
testAsGetAccess,
} = require('./AccessManager.predicate');
async function fixture() {
const [admin, roleAdmin, roleGuardian, member, user, other] = await ethers.getSigners();
// Build roles
const roles = buildBaseRoles();
// Add members
roles.ADMIN.members = [admin];
roles.SOME_ADMIN.members = [roleAdmin];
roles.SOME_GUARDIAN.members = [roleGuardian];
roles.SOME.members = [member];
roles.PUBLIC.members = [admin, roleAdmin, roleGuardian, member, user, other];
const manager = await ethers.deployContract('$AccessManager', [admin]);
const target = await ethers.deployContract('$AccessManagedTarget', [manager]);
for (const { id: roleId, admin, guardian, members } of Object.values(roles)) {
if (roleId === roles.PUBLIC.id) continue; // Every address belong to public and is locked
if (roleId === roles.ADMIN.id) continue; // Admin set during construction and is locked
// Set admin role avoiding default
if (admin.id !== roles.ADMIN.id) {
await manager.$_setRoleAdmin(roleId, admin.id);
}
// Set guardian role avoiding default
if (guardian.id !== roles.ADMIN.id) {
await manager.$_setRoleGuardian(roleId, guardian.id);
}
// Grant role to members
for (const member of members) {
await manager.$_grantRole(roleId, member, 0, 0);
}
}
return {
admin,
roleAdmin,
user,
other,
roles,
manager,
target,
};
}
// This test suite is made using the following tools:
//
// * Predicates: Functions with common conditional setups without assertions.
// * Behaviors: Functions with common assertions.
//
// The behavioral tests are built by composing predicates and are used as templates
// for testing access to restricted functions.
//
// Similarly, unit tests in this suite will use predicates to test subsets of these
// behaviors and are helped by common assertions provided for some of the predicates.
//
// The predicates can be identified by the `testAs*` prefix while the behaviors
// are prefixed with `shouldBehave*`. The common assertions for predicates are
// defined as constants.
describe('AccessManager', function () {
beforeEach(async function () {
Object.assign(this, await loadFixture(fixture));
});
describe('during construction', function () {
it('grants admin role to initialAdmin', async function () {
const manager = await ethers.deployContract('$AccessManager', [this.other]);
expect(await manager.hasRole(this.roles.ADMIN.id, this.other).then(formatAccess)).to.be.deep.equal([true, '0']);
});
it('rejects zero address for initialAdmin', async function () {
await expect(ethers.deployContract('$AccessManager', [ethers.ZeroAddress]))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerInvalidInitialAdmin')
.withArgs(ethers.ZeroAddress);
});
it('initializes setup roles correctly', async function () {
for (const { id: roleId, admin, guardian, members } of Object.values(this.roles)) {
expect(await this.manager.getRoleAdmin(roleId)).to.equal(admin.id);
expect(await this.manager.getRoleGuardian(roleId)).to.equal(guardian.id);
for (const user of this.roles.PUBLIC.members) {
expect(await this.manager.hasRole(roleId, user).then(formatAccess)).to.be.deep.equal([
members.includes(user),
'0',
]);
}
}
});
});
describe('getters', function () {
describe('#canCall', function () {
beforeEach('set calldata', function () {
this.calldata = '0x12345678';
this.role = { id: 379204n };
});
testAsCanCall({
closed() {
it('should return false and no delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.other,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(0n);
});
},
open: {
callerIsTheManager: {
executing() {
it('should return true and no delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.true;
expect(delay).to.equal(0n);
});
},
notExecuting() {
it('should return false and no delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(0n);
});
},
},
callerIsNotTheManager: {
publicRoleIsRequired() {
it('should return true and no delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.true;
expect(delay).to.equal(0n);
});
},
specificRoleIsRequired: {
requiredRoleIsGranted: {
roleGrantingIsDelayed: {
callerHasAnExecutionDelay: {
beforeGrantDelay: function self() {
self.mineDelay = true;
it('should return false and no execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(0n);
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
beforeEach('sets execution delay', function () {
this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation
});
testAsSchedulableOperation({
scheduled: {
before: function self() {
self.mineDelay = true;
it('should return false and execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(this.executionDelay);
});
},
after: function self() {
self.mineDelay = true;
it('should return false and execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(this.executionDelay);
});
},
expired: function self() {
self.mineDelay = true;
it('should return false and execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(this.executionDelay);
});
},
},
notScheduled() {
it('should return false and execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(this.executionDelay);
});
},
});
},
},
callerHasNoExecutionDelay: {
beforeGrantDelay: function self() {
self.mineDelay = true;
it('should return false and no execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(0n);
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
it('should return true and no execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.true;
expect(delay).to.equal(0n);
});
},
},
},
roleGrantingIsNotDelayed: {
callerHasAnExecutionDelay() {
it('should return false and execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(this.executionDelay);
});
},
callerHasNoExecutionDelay() {
it('should return true and no execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.true;
expect(delay).to.equal(0n);
});
},
},
},
requiredRoleIsNotGranted() {
it('should return false and no execution delay', async function () {
const { immediate, delay } = await this.manager.canCall(
this.caller,
this.target,
this.calldata.substring(0, 10),
);
expect(immediate).to.be.false;
expect(delay).to.equal(0n);
});
},
},
},
},
});
});
describe('#expiration', function () {
it('has a 7 days default expiration', async function () {
expect(await this.manager.expiration()).to.equal(EXPIRATION);
});
});
describe('#minSetback', function () {
it('has a 5 days default minimum setback', async function () {
expect(await this.manager.minSetback()).to.equal(MINSETBACK);
});
});
describe('#isTargetClosed', function () {
testAsClosable({
closed() {
it('returns true', async function () {
expect(await this.manager.isTargetClosed(this.target)).to.be.true;
});
},
open() {
it('returns false', async function () {
expect(await this.manager.isTargetClosed(this.target)).to.be.false;
});
},
});
});
describe('#getTargetFunctionRole', function () {
const methodSelector = selector('something(address,bytes)');
it('returns the target function role', async function () {
const roleId = 21498n;
await this.manager.$_setTargetFunctionRole(this.target, methodSelector, roleId);
expect(await this.manager.getTargetFunctionRole(this.target, methodSelector)).to.equal(roleId);
});
it('returns the ADMIN role if not set', async function () {
expect(await this.manager.getTargetFunctionRole(this.target, methodSelector)).to.equal(this.roles.ADMIN.id);
});
});
describe('#getTargetAdminDelay', function () {
describe('when the target admin delay is setup', function () {
beforeEach('set target admin delay', async function () {
this.oldDelay = await this.manager.getTargetAdminDelay(this.target);
this.newDelay = time.duration.days(10);
await this.manager.$_setTargetAdminDelay(this.target, this.newDelay);
this.delay = MINSETBACK; // For testAsDelay
});
testAsDelay('effect', {
before: function self() {
self.mineDelay = true;
it('returns the old target admin delay', async function () {
expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(this.oldDelay);
});
},
after: function self() {
self.mineDelay = true;
it('returns the new target admin delay', async function () {
expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(this.newDelay);
});
},
});
});
it('returns the 0 if not set', async function () {
expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(0n);
});
});
describe('#getRoleAdmin', function () {
const roleId = 5234907n;
it('returns the role admin', async function () {
const adminId = 789433n;
await this.manager.$_setRoleAdmin(roleId, adminId);
expect(await this.manager.getRoleAdmin(roleId)).to.equal(adminId);
});
it('returns the ADMIN role if not set', async function () {
expect(await this.manager.getRoleAdmin(roleId)).to.equal(this.roles.ADMIN.id);
});
});
describe('#getRoleGuardian', function () {
const roleId = 5234907n;
it('returns the role guardian', async function () {
const guardianId = 789433n;
await this.manager.$_setRoleGuardian(roleId, guardianId);
expect(await this.manager.getRoleGuardian(roleId)).to.equal(guardianId);
});
it('returns the ADMIN role if not set', async function () {
expect(await this.manager.getRoleGuardian(roleId)).to.equal(this.roles.ADMIN.id);
});
});
describe('#getRoleGrantDelay', function () {
const roleId = 9248439n;
describe('when the grant admin delay is setup', function () {
beforeEach('set grant admin delay', async function () {
this.oldDelay = await this.manager.getRoleGrantDelay(roleId);
this.newDelay = time.duration.days(11);
await this.manager.$_setGrantDelay(roleId, this.newDelay);
this.delay = MINSETBACK; // For testAsDelay
});
testAsDelay('grant', {
before: function self() {
self.mineDelay = true;
it('returns the old role grant delay', async function () {
expect(await this.manager.getRoleGrantDelay(roleId)).to.equal(this.oldDelay);
});
},
after: function self() {
self.mineDelay = true;
it('returns the new role grant delay', async function () {
expect(await this.manager.getRoleGrantDelay(roleId)).to.equal(this.newDelay);
});
},
});
});
it('returns 0 if delay is not set', async function () {
expect(await this.manager.getTargetAdminDelay(this.target)).to.equal(0n);
});
});
describe('#getAccess', function () {
beforeEach('set role', function () {
this.role = { id: 9452n };
this.caller = this.user;
});
testAsGetAccess({
requiredRoleIsGranted: {
roleGrantingIsDelayed: {
callerHasAnExecutionDelay: {
beforeGrantDelay: function self() {
self.mineDelay = true;
it('role is not in effect and execution delay is set', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(this.delayEffect); // inEffectSince
expect(access[1]).to.equal(this.executionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Not in effect yet
expect(await time.clock.timestamp()).to.lt(access[0]);
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
it('access has role in effect and execution delay is set', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(this.delayEffect); // inEffectSince
expect(access[1]).to.equal(this.executionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await time.clock.timestamp()).to.equal(access[0]);
});
},
},
callerHasNoExecutionDelay: {
beforeGrantDelay: function self() {
self.mineDelay = true;
it('access has role not in effect without execution delay', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(this.delayEffect); // inEffectSince
expect(access[1]).to.equal(0n); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Not in effect yet
expect(await time.clock.timestamp()).to.lt(access[0]);
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
it('role is in effect without execution delay', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(this.delayEffect); // inEffectSince
expect(access[1]).to.equal(0n); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await time.clock.timestamp()).to.equal(access[0]);
});
},
},
},
roleGrantingIsNotDelayed: {
callerHasAnExecutionDelay() {
it('access has role in effect and execution delay is set', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(await time.clock.timestamp()); // inEffectSince
expect(access[1]).to.equal(this.executionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await time.clock.timestamp()).to.equal(access[0]);
});
},
callerHasNoExecutionDelay() {
it('access has role in effect without execution delay', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(await time.clock.timestamp()); // inEffectSince
expect(access[1]).to.equal(0n); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await time.clock.timestamp()).to.equal(access[0]);
});
},
},
},
requiredRoleIsNotGranted() {
it('has empty access', async function () {
const access = await this.manager.getAccess(this.role.id, this.caller);
expect(access[0]).to.equal(0n); // inEffectSince
expect(access[1]).to.equal(0n); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
});
},
});
});
describe('#hasRole', function () {
beforeEach('setup testAsHasRole', function () {
this.role = { id: 49832n };
this.calldata = '0x12345678';
this.caller = this.user;
});
testAsHasRole({
publicRoleIsRequired() {
it('has PUBLIC role', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.true;
expect(executionDelay).to.equal('0');
});
},
specificRoleIsRequired: {
requiredRoleIsGranted: {
roleGrantingIsDelayed: {
callerHasAnExecutionDelay: {
beforeGrantDelay: function self() {
self.mineDelay = true;
it('does not have role but execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.false;
expect(executionDelay).to.equal(this.executionDelay);
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
it('has role and execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.true;
expect(executionDelay).to.equal(this.executionDelay);
});
},
},
callerHasNoExecutionDelay: {
beforeGrantDelay: function self() {
self.mineDelay = true;
it('does not have role nor execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.false;
expect(executionDelay).to.equal('0');
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
it('has role and no execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.true;
expect(executionDelay).to.equal('0');
});
},
},
},
roleGrantingIsNotDelayed: {
callerHasAnExecutionDelay() {
it('has role and execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.true;
expect(executionDelay).to.equal(this.executionDelay);
});
},
callerHasNoExecutionDelay() {
it('has role and no execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.true;
expect(executionDelay).to.equal('0');
});
},
},
},
requiredRoleIsNotGranted() {
it('has no role and no execution delay', async function () {
const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
expect(isMember).to.be.false;
expect(executionDelay).to.equal('0');
});
},
},
});
});
describe('#getSchedule', function () {
beforeEach('set role and calldata', async function () {
const fnRestricted = this.target.fnRestricted.getFragment().selector;
this.caller = this.user;
this.role = { id: 493590n };
await this.manager.$_setTargetFunctionRole(this.target, fnRestricted, this.role.id);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay
this.calldata = this.target.interface.encodeFunctionData(fnRestricted, []);
this.scheduleIn = time.duration.days(10); // For testAsSchedulableOperation
});
testAsSchedulableOperation({
scheduled: {
before: function self() {
self.mineDelay = true;
it('returns schedule in the future', async function () {
const schedule = await this.manager.getSchedule(this.operationId);
expect(schedule).to.equal(this.scheduledAt + this.scheduleIn);
expect(schedule).to.gt(await time.clock.timestamp());
});
},
after: function self() {
self.mineDelay = true;
it('returns schedule', async function () {
const schedule = await this.manager.getSchedule(this.operationId);
expect(schedule).to.equal(this.scheduledAt + this.scheduleIn);
expect(schedule).to.equal(await time.clock.timestamp());
});
},
expired: function self() {
self.mineDelay = true;
it('returns 0', async function () {
expect(await this.manager.getSchedule(this.operationId)).to.equal(0n);
});
},
},
notScheduled() {
it('defaults to 0', async function () {
expect(await this.manager.getSchedule(this.operationId)).to.equal(0n);
});
},
});
});
describe('#getNonce', function () {
describe('when operation is scheduled', function () {
beforeEach('schedule operation', async function () {
const fnRestricted = this.target.fnRestricted.getFragment().selector;
this.caller = this.user;
this.role = { id: 4209043n };
await this.manager.$_setTargetFunctionRole(this.target, fnRestricted, this.role.id);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay
this.calldata = this.target.interface.encodeFunctionData(fnRestricted, []);
this.delay = time.duration.days(10);
const { operationId, schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await schedule();
this.operationId = operationId;
});
it('returns nonce', async function () {
expect(await this.manager.getNonce(this.operationId)).to.equal(1n);
});
});
describe('when is not scheduled', function () {
it('returns default 0', async function () {
expect(await this.manager.getNonce(ethers.id('operation'))).to.equal(0n);
});
});
});
describe('#hashOperation', function () {
it('returns an operationId', async function () {
const args = [this.user, this.other, '0x123543'];
expect(await this.manager.hashOperation(...args)).to.equal(hashOperation(...args));
});
});
});
describe('admin operations', function () {
beforeEach('set required role', function () {
this.role = this.roles.ADMIN;
});
describe('subject to a delay', function () {
describe('#labelRole', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [123443, 'TEST'];
const method = this.manager.interface.getFunction('labelRole(uint64,string)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeDelayedAdminOperation();
});
it('emits an event with the label', async function () {
await expect(this.manager.connect(this.admin).labelRole(this.roles.SOME.id, 'Some label'))
.to.emit(this.manager, 'RoleLabel')
.withArgs(this.roles.SOME.id, 'Some label');
});
it('updates label on a second call', async function () {
await this.manager.connect(this.admin).labelRole(this.roles.SOME.id, 'Some label');
await expect(this.manager.connect(this.admin).labelRole(this.roles.SOME.id, 'Updated label'))
.to.emit(this.manager, 'RoleLabel')
.withArgs(this.roles.SOME.id, 'Updated label');
});
it('reverts labeling PUBLIC_ROLE', async function () {
await expect(this.manager.connect(this.admin).labelRole(this.roles.PUBLIC.id, 'Some label'))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
it('reverts labeling ADMIN_ROLE', async function () {
await expect(this.manager.connect(this.admin).labelRole(this.roles.ADMIN.id, 'Some label'))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.ADMIN.id);
});
});
describe('#setRoleAdmin', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [93445, 84532];
const method = this.manager.interface.getFunction('setRoleAdmin(uint64,uint64)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeDelayedAdminOperation();
});
it("sets any role's admin if called by an admin", async function () {
expect(await this.manager.getRoleAdmin(this.roles.SOME.id)).to.equal(this.roles.SOME_ADMIN.id);
await expect(this.manager.connect(this.admin).setRoleAdmin(this.roles.SOME.id, this.roles.ADMIN.id))
.to.emit(this.manager, 'RoleAdminChanged')
.withArgs(this.roles.SOME.id, this.roles.ADMIN.id);
expect(await this.manager.getRoleAdmin(this.roles.SOME.id)).to.equal(this.roles.ADMIN.id);
});
it('reverts setting PUBLIC_ROLE admin', async function () {
await expect(this.manager.connect(this.admin).setRoleAdmin(this.roles.PUBLIC.id, this.roles.ADMIN.id))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
it('reverts setting ADMIN_ROLE admin', async function () {
await expect(this.manager.connect(this.admin).setRoleAdmin(this.roles.ADMIN.id, this.roles.ADMIN.id))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.ADMIN.id);
});
});
describe('#setRoleGuardian', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [93445, 84532];
const method = this.manager.interface.getFunction('setRoleGuardian(uint64,uint64)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeDelayedAdminOperation();
});
it("sets any role's guardian if called by an admin", async function () {
expect(await this.manager.getRoleGuardian(this.roles.SOME.id)).to.equal(this.roles.SOME_GUARDIAN.id);
await expect(this.manager.connect(this.admin).setRoleGuardian(this.roles.SOME.id, this.roles.ADMIN.id))
.to.emit(this.manager, 'RoleGuardianChanged')
.withArgs(this.roles.SOME.id, this.roles.ADMIN.id);
expect(await this.manager.getRoleGuardian(this.roles.SOME.id)).to.equal(this.roles.ADMIN.id);
});
it('reverts setting PUBLIC_ROLE admin', async function () {
await expect(this.manager.connect(this.admin).setRoleGuardian(this.roles.PUBLIC.id, this.roles.ADMIN.id))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
it('reverts setting ADMIN_ROLE admin', async function () {
await expect(this.manager.connect(this.admin).setRoleGuardian(this.roles.ADMIN.id, this.roles.ADMIN.id))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.ADMIN.id);
});
});
describe('#setGrantDelay', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [984910, time.duration.days(2)];
const method = this.manager.interface.getFunction('setGrantDelay(uint64,uint32)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeDelayedAdminOperation();
});
it('reverts setting grant delay for the PUBLIC_ROLE', function () {
expect(this.manager.connect(this.admin).setGrantDelay(this.roles.PUBLIC.id, 69n))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
describe('when increasing the delay', function () {
const oldDelay = 10n;
const newDelay = 100n;
beforeEach('sets old delay', async function () {
this.role = this.roles.SOME;
await this.manager.$_setGrantDelay(this.role.id, oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay);
});
it('increases the delay after minsetback', async function () {
const txResponse = await this.manager.connect(this.admin).setGrantDelay(this.role.id, newDelay);
const setGrantDelayAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'RoleGrantDelayChanged')
.withArgs(this.role.id, newDelay, setGrantDelayAt + MINSETBACK);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(newDelay);
});
});
describe('when reducing the delay', function () {
const oldDelay = time.duration.days(10);
beforeEach('sets old delay', async function () {
this.role = this.roles.SOME;
await this.manager.$_setGrantDelay(this.role.id, oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay);
});
describe('when the delay difference is shorter than minimum setback', function () {
const newDelay = oldDelay - 1n;
it('increases the delay after minsetback', async function () {
const txResponse = await this.manager.connect(this.admin).setGrantDelay(this.role.id, newDelay);
const setGrantDelayAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'RoleGrantDelayChanged')
.withArgs(this.role.id, newDelay, setGrantDelayAt + MINSETBACK);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(newDelay);
});
});
describe('when the delay difference is longer than minimum setback', function () {
const newDelay = 1n;
beforeEach('assert delay difference is higher than minsetback', function () {
expect(oldDelay - newDelay).to.gt(MINSETBACK);
});
it('increases the delay after delay difference', async function () {
const setback = oldDelay - newDelay;
const txResponse = await this.manager.connect(this.admin).setGrantDelay(this.role.id, newDelay);
const setGrantDelayAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'RoleGrantDelayChanged')
.withArgs(this.role.id, newDelay, setGrantDelayAt + setback);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(oldDelay);
await time.increaseBy.timestamp(setback);
expect(await this.manager.getRoleGrantDelay(this.role.id)).to.equal(newDelay);
});
});
});
});
describe('#setTargetAdminDelay', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [this.other.address, time.duration.days(3)];
const method = this.manager.interface.getFunction('setTargetAdminDelay(address,uint32)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeDelayedAdminOperation();
});
describe('when increasing the delay', function () {
const oldDelay = time.duration.days(10);
const newDelay = time.duration.days(11);
beforeEach('sets old delay', async function () {
await this.manager.$_setTargetAdminDelay(this.other, oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay);
});
it('increases the delay after minsetback', async function () {
const txResponse = await this.manager.connect(this.admin).setTargetAdminDelay(this.other, newDelay);
const setTargetAdminDelayAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'TargetAdminDelayUpdated')
.withArgs(this.other, newDelay, setTargetAdminDelayAt + MINSETBACK);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(newDelay);
});
});
describe('when reducing the delay', function () {
const oldDelay = time.duration.days(10);
beforeEach('sets old delay', async function () {
await this.manager.$_setTargetAdminDelay(this.other, oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay);
});
describe('when the delay difference is shorter than minimum setback', function () {
const newDelay = oldDelay - 1n;
it('increases the delay after minsetback', async function () {
const txResponse = await this.manager.connect(this.admin).setTargetAdminDelay(this.other, newDelay);
const setTargetAdminDelayAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'TargetAdminDelayUpdated')
.withArgs(this.other, newDelay, setTargetAdminDelayAt + MINSETBACK);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay);
await time.increaseBy.timestamp(MINSETBACK);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(newDelay);
});
});
describe('when the delay difference is longer than minimum setback', function () {
const newDelay = 1n;
beforeEach('assert delay difference is higher than minsetback', function () {
expect(oldDelay - newDelay).to.gt(MINSETBACK);
});
it('increases the delay after delay difference', async function () {
const setback = oldDelay - newDelay;
const txResponse = await this.manager.connect(this.admin).setTargetAdminDelay(this.other, newDelay);
const setTargetAdminDelayAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'TargetAdminDelayUpdated')
.withArgs(this.other, newDelay, setTargetAdminDelayAt + setback);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(oldDelay);
await time.increaseBy.timestamp(setback);
expect(await this.manager.getTargetAdminDelay(this.other)).to.equal(newDelay);
});
});
});
});
});
describe('not subject to a delay', function () {
describe('#updateAuthority', function () {
beforeEach('create a target and a new authority', async function () {
this.newAuthority = await ethers.deployContract('$AccessManager', [this.admin]);
this.newManagedTarget = await ethers.deployContract('$AccessManagedTarget', [this.manager]);
});
describe('restrictions', function () {
beforeEach('set method and args', function () {
this.calldata = this.manager.interface.encodeFunctionData('updateAuthority(address,address)', [
this.newManagedTarget.target,
this.newAuthority.target,
]);
});
shouldBehaveLikeNotDelayedAdminOperation();
});
it('changes the authority', async function () {
expect(await this.newManagedTarget.authority()).to.equal(this.manager);
await expect(this.manager.connect(this.admin).updateAuthority(this.newManagedTarget, this.newAuthority))
.to.emit(this.newManagedTarget, 'AuthorityUpdated') // Managed contract is responsible of notifying the change through an event
.withArgs(this.newAuthority);
expect(await this.newManagedTarget.authority()).to.equal(this.newAuthority);
});
});
describe('#setTargetClosed', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [this.other.address, true];
const method = this.manager.interface.getFunction('setTargetClosed(address,bool)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeNotDelayedAdminOperation();
});
it('closes and opens a target', async function () {
await expect(this.manager.connect(this.admin).setTargetClosed(this.target, true))
.to.emit(this.manager, 'TargetClosed')
.withArgs(this.target, true);
expect(await this.manager.isTargetClosed(this.target)).to.be.true;
await expect(this.manager.connect(this.admin).setTargetClosed(this.target, false))
.to.emit(this.manager, 'TargetClosed')
.withArgs(this.target, false);
expect(await this.manager.isTargetClosed(this.target)).to.be.false;
});
it('reverts if closing the manager', async function () {
await expect(this.manager.connect(this.admin).setTargetClosed(this.manager, true))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedAccount')
.withArgs(this.manager);
});
});
describe('#setTargetFunctionRole', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [this.other.address, ['0x12345678'], 443342];
const method = this.manager.interface.getFunction('setTargetFunctionRole(address,bytes4[],uint64)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeNotDelayedAdminOperation();
});
const sigs = ['someFunction()', 'someOtherFunction(uint256)', 'oneMoreFunction(address,uint8)'].map(selector);
it('sets function roles', async function () {
for (const sig of sigs) {
expect(await this.manager.getTargetFunctionRole(this.target, sig)).to.equal(this.roles.ADMIN.id);
}
const allowRole = await this.manager
.connect(this.admin)
.setTargetFunctionRole(this.target, sigs, this.roles.SOME.id);
for (const sig of sigs) {
expect(allowRole)
.to.emit(this.manager, 'TargetFunctionRoleUpdated')
.withArgs(this.target, sig, this.roles.SOME.id);
expect(await this.manager.getTargetFunctionRole(this.target, sig)).to.equal(this.roles.SOME.id);
}
await expect(
this.manager.connect(this.admin).setTargetFunctionRole(this.target, [sigs[1]], this.roles.SOME_ADMIN.id),
)
.to.emit(this.manager, 'TargetFunctionRoleUpdated')
.withArgs(this.target, sigs[1], this.roles.SOME_ADMIN.id);
for (const sig of sigs) {
expect(await this.manager.getTargetFunctionRole(this.target, sig)).to.equal(
sig == sigs[1] ? this.roles.SOME_ADMIN.id : this.roles.SOME.id,
);
}
});
});
describe('role admin operations', function () {
const ANOTHER_ADMIN = 0xdeadc0de1n;
const ANOTHER_ROLE = 0xdeadc0de2n;
beforeEach('set required role', async function () {
// Make admin a member of ANOTHER_ADMIN
await this.manager.$_grantRole(ANOTHER_ADMIN, this.admin, 0, 0);
await this.manager.$_setRoleAdmin(ANOTHER_ROLE, ANOTHER_ADMIN);
this.role = { id: ANOTHER_ADMIN };
await this.manager.$_grantRole(this.role.id, this.user, 0, 0);
});
describe('#grantRole', function () {
describe('restrictions', function () {
beforeEach('set method and args', function () {
const args = [ANOTHER_ROLE, this.other.address, 0];
const method = this.manager.interface.getFunction('grantRole(uint64,address,uint32)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
});
shouldBehaveLikeRoleAdminOperation(ANOTHER_ADMIN);
});
it('reverts when granting PUBLIC_ROLE', async function () {
await expect(this.manager.connect(this.admin).grantRole(this.roles.PUBLIC.id, this.user, 0))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
describe('when the user is not a role member', function () {
describe('with grant delay', function () {
beforeEach('set grant delay and grant role', async function () {
// Delay granting
this.grantDelay = time.duration.weeks(2);
await this.manager.$_setGrantDelay(ANOTHER_ROLE, this.grantDelay);
await time.increaseBy.timestamp(MINSETBACK);
// Grant role
this.executionDelay = time.duration.days(3);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
this.txResponse = await this.manager
.connect(this.admin)
.grantRole(ANOTHER_ROLE, this.user, this.executionDelay);
this.delay = this.grantDelay; // For testAsDelay
});
testAsDelay('grant', {
before: function self() {
self.mineDelay = true;
it('does not grant role to the user yet', async function () {
const timestamp = await time.clockFromReceipt.timestamp(this.txResponse);
expect(this.txResponse)
.to.emit(this.manager, 'RoleGranted')
.withArgs(ANOTHER_ROLE, this.user, timestamp + this.grantDelay, this.executionDelay, true);
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(timestamp + this.grantDelay); // inEffectSince
expect(access[1]).to.equal(this.executionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Not in effect yet
const currentTimestamp = await time.clock.timestamp();
expect(currentTimestamp).to.be.lt(access[0]);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
false,
this.executionDelay.toString(),
]);
});
},
after: function self() {
self.mineDelay = true;
it('grants role to the user', async function () {
const timestamp = await time.clockFromReceipt.timestamp(this.txResponse);
expect(this.txResponse)
.to.emit(this.manager, 'RoleAccessRequested')
.withArgs(ANOTHER_ROLE, this.user, timestamp + this.grantDelay, this.executionDelay, true);
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(timestamp + this.grantDelay); // inEffectSince
expect(access[1]).to.equal(this.executionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
const currentTimestamp = await time.clock.timestamp();
expect(currentTimestamp).to.equal(access[0]);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.executionDelay.toString(),
]);
});
},
});
});
describe('without grant delay', function () {
beforeEach('set granting delay', async function () {
// Delay granting
this.grantDelay = 0;
await this.manager.$_setGrantDelay(ANOTHER_ROLE, this.grantDelay);
await time.increaseBy.timestamp(MINSETBACK);
});
it('immediately grants the role to the user', async function () {
const executionDelay = time.duration.days(6);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
const txResponse = await this.manager
.connect(this.admin)
.grantRole(ANOTHER_ROLE, this.user, executionDelay);
const grantedAt = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'RoleGranted')
.withArgs(ANOTHER_ROLE, this.user, executionDelay, grantedAt, true);
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(grantedAt); // inEffectSince
expect(access[1]).to.equal(executionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
const currentTimestamp = await time.clock.timestamp();
expect(currentTimestamp).to.equal(access[0]);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
executionDelay.toString(),
]);
});
});
});
describe('when the user is already a role member', function () {
beforeEach('make user role member', async function () {
this.previousExecutionDelay = time.duration.days(6);
await this.manager.$_grantRole(ANOTHER_ROLE, this.user, 0, this.previousExecutionDelay);
this.oldAccess = await this.manager.getAccess(ANOTHER_ROLE, this.user);
});
describe('with grant delay', function () {
beforeEach('set granting delay', async function () {
// Delay granting
const grantDelay = time.duration.weeks(2);
await this.manager.$_setGrantDelay(ANOTHER_ROLE, grantDelay);
await time.increaseBy.timestamp(MINSETBACK);
});
describe('when increasing the execution delay', function () {
beforeEach('set increased new execution delay', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
this.newExecutionDelay = this.previousExecutionDelay + time.duration.days(4);
});
it('emits event and immediately changes the execution delay', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
const txResponse = await this.manager
.connect(this.admin)
.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay);
const timestamp = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'RoleGranted')
.withArgs(ANOTHER_ROLE, this.user, timestamp, this.newExecutionDelay, false);
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince
expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.newExecutionDelay.toString(),
]);
});
});
describe('when decreasing the execution delay', function () {
beforeEach('decrease execution delay', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
this.newExecutionDelay = this.previousExecutionDelay - time.duration.days(4);
this.txResponse = await this.manager
.connect(this.admin)
.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay);
this.grantTimestamp = await time.clockFromReceipt.timestamp(this.txResponse);
this.delay = this.previousExecutionDelay - this.newExecutionDelay; // For testAsDelay
});
it('emits event', function () {
expect(this.txResponse)
.to.emit(this.manager, 'RoleGranted')
.withArgs(ANOTHER_ROLE, this.user, this.grantTimestamp + this.delay, this.newExecutionDelay, false);
});
testAsDelay('execution delay effect', {
before: function self() {
self.mineDelay = true;
it('does not change the execution delay yet', async function () {
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince
expect(access[1]).to.equal(this.previousExecutionDelay); // currentDelay
expect(access[2]).to.equal(this.newExecutionDelay); // pendingDelay
expect(access[3]).to.equal(this.grantTimestamp + this.delay); // pendingDelayEffect
// Not in effect yet
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
});
},
after: function self() {
self.mineDelay = true;
it('changes the execution delay', async function () {
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince
expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.newExecutionDelay.toString(),
]);
});
},
});
});
});
describe('without grant delay', function () {
beforeEach('set granting delay', async function () {
// Delay granting
const grantDelay = 0;
await this.manager.$_setGrantDelay(ANOTHER_ROLE, grantDelay);
await time.increaseBy.timestamp(MINSETBACK);
});
describe('when increasing the execution delay', function () {
beforeEach('set increased new execution delay', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
this.newExecutionDelay = this.previousExecutionDelay + time.duration.days(4);
});
it('emits event and immediately changes the execution delay', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
const txResponse = await this.manager
.connect(this.admin)
.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay);
const timestamp = await time.clockFromReceipt.timestamp(txResponse);
expect(txResponse)
.to.emit(this.manager, 'RoleGranted')
.withArgs(ANOTHER_ROLE, this.user, timestamp, this.newExecutionDelay, false);
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince
expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.newExecutionDelay.toString(),
]);
});
});
describe('when decreasing the execution delay', function () {
beforeEach('decrease execution delay', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
this.newExecutionDelay = this.previousExecutionDelay - time.duration.days(4);
this.txResponse = await this.manager
.connect(this.admin)
.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay);
this.grantTimestamp = await time.clockFromReceipt.timestamp(this.txResponse);
this.delay = this.previousExecutionDelay - this.newExecutionDelay; // For testAsDelay
});
it('emits event', function () {
expect(this.txResponse)
.to.emit(this.manager, 'RoleGranted')
.withArgs(ANOTHER_ROLE, this.user, this.grantTimestamp + this.delay, this.newExecutionDelay, false);
});
testAsDelay('execution delay effect', {
before: function self() {
self.mineDelay = true;
it('does not change the execution delay yet', async function () {
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince
expect(access[1]).to.equal(this.previousExecutionDelay); // currentDelay
expect(access[2]).to.equal(this.newExecutionDelay); // pendingDelay
expect(access[3]).to.equal(this.grantTimestamp + this.delay); // pendingDelayEffect
// Not in effect yet
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.previousExecutionDelay.toString(),
]);
});
},
after: function self() {
self.mineDelay = true;
it('changes the execution delay', async function () {
// Access is correctly stored
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(this.oldAccess[0]); // inEffectSince
expect(access[1]).to.equal(this.newExecutionDelay); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // pendingDelayEffect
// Already in effect
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
this.newExecutionDelay.toString(),
]);
});
},
});
});
});
});
});
describe('#revokeRole', function () {
describe('restrictions', function () {
beforeEach('set method and args', async function () {
const args = [ANOTHER_ROLE, this.other.address];
const method = this.manager.interface.getFunction('revokeRole(uint64,address)');
this.calldata = this.manager.interface.encodeFunctionData(method, args);
// Need to be set before revoking
await this.manager.$_grantRole(...args, 0, 0);
});
shouldBehaveLikeRoleAdminOperation(ANOTHER_ADMIN);
});
describe('when role has been granted', function () {
beforeEach('grant role with grant delay', async function () {
this.grantDelay = time.duration.weeks(1);
await this.manager.$_grantRole(ANOTHER_ROLE, this.user, this.grantDelay, 0);
this.delay = this.grantDelay; // For testAsDelay
});
testAsDelay('grant', {
before: function self() {
self.mineDelay = true;
it('revokes a granted role that will take effect in the future', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
await expect(this.manager.connect(this.admin).revokeRole(ANOTHER_ROLE, this.user))
.to.emit(this.manager, 'RoleRevoked')
.withArgs(ANOTHER_ROLE, this.user);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(0n); // inRoleSince
expect(access[1]).to.equal(0n); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // effect
});
},
after: function self() {
self.mineDelay = true;
it('revokes a granted role that already took effect', async function () {
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
true,
'0',
]);
await expect(this.manager.connect(this.admin).revokeRole(ANOTHER_ROLE, this.user))
.to.emit(this.manager, 'RoleRevoked')
.withArgs(ANOTHER_ROLE, this.user);
expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
const access = await this.manager.getAccess(ANOTHER_ROLE, this.user);
expect(access[0]).to.equal(0n); // inRoleSince
expect(access[1]).to.equal(0n); // currentDelay
expect(access[2]).to.equal(0n); // pendingDelay
expect(access[3]).to.equal(0n); // effect
});
},
});
});
describe('when role has not been granted', function () {
it('has no effect', async function () {
expect(await this.manager.hasRole(this.roles.SOME.id, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
await expect(this.manager.connect(this.roleAdmin).revokeRole(this.roles.SOME.id, this.user)).to.not.emit(
this.manager,
'RoleRevoked',
);
expect(await this.manager.hasRole(this.roles.SOME.id, this.user).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
});
});
it('reverts revoking PUBLIC_ROLE', async function () {
await expect(this.manager.connect(this.admin).revokeRole(this.roles.PUBLIC.id, this.user))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
});
});
describe('self role operations', function () {
describe('#renounceRole', function () {
beforeEach('grant role', async function () {
this.role = { id: 783164n };
this.caller = this.user;
await this.manager.$_grantRole(this.role.id, this.caller, 0, 0);
});
it('renounces a role', async function () {
expect(await this.manager.hasRole(this.role.id, this.caller).then(formatAccess)).to.be.deep.equal([
true,
'0',
]);
await expect(this.manager.connect(this.caller).renounceRole(this.role.id, this.caller))
.to.emit(this.manager, 'RoleRevoked')
.withArgs(this.role.id, this.caller);
expect(await this.manager.hasRole(this.role.id, this.caller).then(formatAccess)).to.be.deep.equal([
false,
'0',
]);
});
it('reverts if renouncing the PUBLIC_ROLE', async function () {
await expect(this.manager.connect(this.caller).renounceRole(this.roles.PUBLIC.id, this.caller))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerLockedRole')
.withArgs(this.roles.PUBLIC.id);
});
it('reverts if renouncing with bad caller confirmation', async function () {
await expect(
this.manager.connect(this.caller).renounceRole(this.role.id, this.other),
).to.be.revertedWithCustomError(this.manager, 'AccessManagerBadConfirmation');
});
});
});
});
});
describe('access managed target operations', function () {
describe('when calling a restricted target function', function () {
beforeEach('set required role', function () {
this.method = this.target.fnRestricted.getFragment();
this.role = { id: 3597243n };
this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id);
});
describe('restrictions', function () {
beforeEach('set method and args', function () {
this.calldata = this.target.interface.encodeFunctionData(this.method, []);
this.caller = this.user;
});
shouldBehaveLikeAManagedRestrictedOperation();
});
it('succeeds called by a role member', async function () {
await this.manager.$_grantRole(this.role.id, this.user, 0, 0);
await expect(
this.target.connect(this.user)[this.method.selector]({
data: this.calldata,
}),
)
.to.emit(this.target, 'CalledRestricted')
.withArgs(this.user);
});
});
describe('when calling a non-restricted target function', function () {
const method = 'fnUnrestricted()';
beforeEach('set required role', async function () {
this.role = { id: 879435n };
await this.manager.$_setTargetFunctionRole(
this.target,
this.target[method].getFragment().selector,
this.role.id,
);
});
it('succeeds called by anyone', async function () {
await expect(
this.target.connect(this.user)[method]({
data: this.calldata,
}),
)
.to.emit(this.target, 'CalledUnrestricted')
.withArgs(this.user);
});
});
});
describe('#schedule', function () {
beforeEach('set target function role', async function () {
this.method = this.target.fnRestricted.getFragment();
this.role = { id: 498305n };
this.caller = this.user;
await this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay
this.calldata = this.target.interface.encodeFunctionData(this.method, []);
this.delay = time.duration.weeks(2);
});
describe('restrictions', function () {
testAsCanCall({
closed() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
const { schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(schedule())
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
open: {
callerIsTheManager: {
executing() {
it.skip('is not reachable because schedule is not restrictable');
},
notExecuting() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
const { schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(schedule())
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
},
callerIsNotTheManager: {
publicRoleIsRequired() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
// prepareOperation is not used here because it alters the next block timestamp
await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
specificRoleIsRequired: {
requiredRoleIsGranted: {
roleGrantingIsDelayed: {
callerHasAnExecutionDelay: {
beforeGrantDelay() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
// prepareOperation is not used here because it alters the next block timestamp
await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
afterGrantDelay() {
it('succeeds', async function () {
// prepareOperation is not used here because it alters the next block timestamp
await this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48);
});
},
},
callerHasNoExecutionDelay: {
beforeGrantDelay() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
// prepareOperation is not used here because it alters the next block timestamp
await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
afterGrantDelay() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
// prepareOperation is not used here because it alters the next block timestamp
await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
},
},
roleGrantingIsNotDelayed: {
callerHasAnExecutionDelay() {
it('succeeds', async function () {
const { schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await schedule();
});
},
callerHasNoExecutionDelay() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
// prepareOperation is not used here because it alters the next block timestamp
await expect(this.manager.connect(this.caller).schedule(this.target, this.calldata, MAX_UINT48))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
},
},
requiredRoleIsNotGranted() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
const { schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(schedule())
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
},
},
},
});
});
it('schedules an operation at the specified execution date if it is larger than caller execution delay', async function () {
const { operationId, scheduledAt, schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
const txResponse = await schedule();
expect(await this.manager.getSchedule(operationId)).to.equal(scheduledAt + this.delay);
expect(txResponse)
.to.emit(this.manager, 'OperationScheduled')
.withArgs(operationId, '1', scheduledAt + this.delay, this.target, this.calldata);
});
it('schedules an operation at the minimum execution date if no specified execution date (when == 0)', async function () {
const executionDelay = await time.duration.hours(72);
await this.manager.$_grantRole(this.role.id, this.caller, 0, executionDelay);
const txResponse = await this.manager.connect(this.caller).schedule(this.target, this.calldata, 0);
const scheduledAt = await time.clockFromReceipt.timestamp(txResponse);
const operationId = await this.manager.hashOperation(this.caller, this.target, this.calldata);
expect(await this.manager.getSchedule(operationId)).to.equal(scheduledAt + executionDelay);
expect(txResponse)
.to.emit(this.manager, 'OperationScheduled')
.withArgs(operationId, '1', scheduledAt + executionDelay, this.target, this.calldata);
});
it('increases the nonce of an operation scheduled more than once', async function () {
// Setup and check initial nonce
const expectedOperationId = hashOperation(this.caller, this.target, this.calldata);
expect(await this.manager.getNonce(expectedOperationId)).to.equal('0');
// Schedule
const op1 = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(op1.schedule())
.to.emit(this.manager, 'OperationScheduled')
.withArgs(op1.operationId, 1n, op1.scheduledAt + this.delay, this.caller, this.target, this.calldata);
expect(expectedOperationId).to.equal(op1.operationId);
// Consume
await time.increaseBy.timestamp(this.delay);
await this.manager.$_consumeScheduledOp(expectedOperationId);
// Check nonce
expect(await this.manager.getNonce(expectedOperationId)).to.equal('1');
// Schedule again
const op2 = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(op2.schedule())
.to.emit(this.manager, 'OperationScheduled')
.withArgs(op2.operationId, 2n, op2.scheduledAt + this.delay, this.caller, this.target, this.calldata);
expect(expectedOperationId).to.equal(op2.operationId);
// Check final nonce
expect(await this.manager.getNonce(expectedOperationId)).to.equal('2');
});
it('reverts if the specified execution date is before the current timestamp + caller execution delay', async function () {
const executionDelay = time.duration.weeks(1) + this.delay;
await this.manager.$_grantRole(this.role.id, this.caller, 0, executionDelay);
const { schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(schedule())
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
it('reverts if an operation is already schedule', async function () {
const op1 = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await op1.schedule();
const op2 = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.delay,
});
await expect(op2.schedule())
.to.be.revertedWithCustomError(this.manager, 'AccessManagerAlreadyScheduled')
.withArgs(op1.operationId);
});
it('panics scheduling calldata with less than 4 bytes', async function () {
const calldata = '0x1234'; // 2 bytes
// Managed contract
const op1 = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: calldata,
delay: this.delay,
});
await expect(op1.schedule()).to.be.revertedWithoutReason();
// Manager contract
const op2 = await prepareOperation(this.manager, {
caller: this.caller,
target: this.manager,
calldata: calldata,
delay: this.delay,
});
await expect(op2.schedule()).to.be.revertedWithoutReason();
});
it('reverts scheduling an unknown operation to the manager', async function () {
const calldata = '0x12345678';
const { schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.manager,
calldata,
delay: this.delay,
});
await expect(schedule())
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.manager, calldata);
});
});
describe('#execute', function () {
beforeEach('set target function role', async function () {
this.method = this.target.fnRestricted.getFragment();
this.role = { id: 9825430n };
this.caller = this.user;
await this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 0);
this.calldata = this.target.interface.encodeFunctionData(this.method, []);
});
describe('restrictions', function () {
testAsCanCall({
closed() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
open: {
callerIsTheManager: {
executing() {
it('succeeds', async function () {
await this.manager.connect(this.caller).execute(this.target, this.calldata);
});
},
notExecuting() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
},
callerIsNotTheManager: {
publicRoleIsRequired() {
it('succeeds', async function () {
await this.manager.connect(this.caller).execute(this.target, this.calldata);
});
},
specificRoleIsRequired: {
requiredRoleIsGranted: {
roleGrantingIsDelayed: {
callerHasAnExecutionDelay: {
beforeGrantDelay() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
beforeEach('define schedule delay', function () {
this.scheduleIn = time.duration.days(21); // For testAsSchedulableOperation
});
testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE);
},
},
callerHasNoExecutionDelay: {
beforeGrantDelay() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
afterGrantDelay: function self() {
self.mineDelay = true;
it('succeeds', async function () {
await this.manager.connect(this.caller).execute(this.target, this.calldata);
});
},
},
},
roleGrantingIsNotDelayed: {
callerHasAnExecutionDelay() {
beforeEach('define schedule delay', function () {
this.scheduleIn = time.duration.days(15); // For testAsSchedulableOperation
});
testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE);
},
callerHasNoExecutionDelay() {
it('succeeds', async function () {
await this.manager.connect(this.caller).execute(this.target, this.calldata);
});
},
},
},
requiredRoleIsNotGranted() {
it('reverts as AccessManagerUnauthorizedCall', async function () {
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.caller, this.target, this.calldata.substring(0, 10));
});
},
},
},
},
});
});
it('executes with a delay consuming the scheduled operation', async function () {
const delay = time.duration.hours(4);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // Execution delay is needed so the operation is consumed
const { operationId, schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay,
});
await schedule();
await time.increaseBy.timestamp(delay);
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.emit(this.manager, 'OperationExecuted')
.withArgs(operationId, 1n);
expect(await this.manager.getSchedule(operationId)).to.equal(0n);
});
it('executes with no delay consuming a scheduled operation', async function () {
const delay = time.duration.hours(4);
// give caller an execution delay
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1);
const { operationId, schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay,
});
await schedule();
// remove the execution delay
await this.manager.$_grantRole(this.role.id, this.caller, 0, 0);
await time.increaseBy.timestamp(delay);
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.emit(this.manager, 'OperationExecuted')
.withArgs(operationId, 1n);
expect(await this.manager.getSchedule(operationId)).to.equal(0n);
});
it('keeps the original _executionId after finishing the call', async function () {
const executionIdBefore = await ethers.provider.getStorage(this.manager, EXECUTION_ID_STORAGE_SLOT);
await this.manager.connect(this.caller).execute(this.target, this.calldata);
const executionIdAfter = await ethers.provider.getStorage(this.manager, EXECUTION_ID_STORAGE_SLOT);
expect(executionIdBefore).to.equal(executionIdAfter);
});
it('reverts executing twice', async function () {
const delay = time.duration.hours(2);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // Execution delay is needed so the operation is consumed
const { operationId, schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay,
});
await schedule();
await time.increaseBy.timestamp(delay);
await this.manager.connect(this.caller).execute(this.target, this.calldata);
await expect(this.manager.connect(this.caller).execute(this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled')
.withArgs(operationId);
});
});
describe('#consumeScheduledOp', function () {
beforeEach('define scheduling parameters', async function () {
const method = this.target.fnRestricted.getFragment();
this.caller = await ethers.getSigner(this.target.target);
await impersonate(this.caller.address);
this.calldata = this.target.interface.encodeFunctionData(method, []);
this.role = { id: 9834983n };
await this.manager.$_setTargetFunctionRole(this.target, method.selector, this.role.id);
await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay
this.scheduleIn = time.duration.hours(10); // For testAsSchedulableOperation
});
describe('when caller is not consuming scheduled operation', function () {
beforeEach('set consuming false', async function () {
await this.target.setIsConsumingScheduledOp(false, ethers.toBeHex(CONSUMING_SCHEDULE_STORAGE_SLOT, 32));
});
it('reverts as AccessManagerUnauthorizedConsume', async function () {
await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedConsume')
.withArgs(this.caller);
});
});
describe('when caller is consuming scheduled operation', function () {
beforeEach('set consuming true', async function () {
await this.target.setIsConsumingScheduledOp(true, ethers.toBeHex(CONSUMING_SCHEDULE_STORAGE_SLOT, 32));
});
testAsSchedulableOperation({
scheduled: {
before() {
it('reverts as AccessManagerNotReady', async function () {
await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerNotReady')
.withArgs(this.operationId);
});
},
after() {
it('consumes the scheduled operation and resets timepoint', async function () {
expect(await this.manager.getSchedule(this.operationId)).to.equal(this.scheduledAt + this.scheduleIn);
await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata))
.to.emit(this.manager, 'OperationExecuted')
.withArgs(this.operationId, 1n);
expect(await this.manager.getSchedule(this.operationId)).to.equal(0n);
});
},
expired() {
it('reverts as AccessManagerExpired', async function () {
await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerExpired')
.withArgs(this.operationId);
});
},
},
notScheduled() {
it('reverts as AccessManagerNotScheduled', async function () {
await expect(this.manager.connect(this.caller).consumeScheduledOp(this.caller, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled')
.withArgs(this.operationId);
});
},
});
});
});
describe('#cancelScheduledOp', function () {
beforeEach('setup scheduling', async function () {
this.method = this.target.fnRestricted.getFragment();
this.caller = this.roles.SOME.members[0];
await this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.roles.SOME.id);
await this.manager.$_grantRole(this.roles.SOME.id, this.caller, 0, 1); // nonzero execution delay
this.calldata = this.target.interface.encodeFunctionData(this.method, []);
this.scheduleIn = time.duration.days(10); // For testAsSchedulableOperation
});
testAsSchedulableOperation({
scheduled: {
before() {
describe('when caller is the scheduler', function () {
it('succeeds', async function () {
await this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata);
});
});
describe('when caller is an admin', function () {
it('succeeds', async function () {
await this.manager.connect(this.roles.ADMIN.members[0]).cancel(this.caller, this.target, this.calldata);
});
});
describe('when caller is the role guardian', function () {
it('succeeds', async function () {
await this.manager
.connect(this.roles.SOME_GUARDIAN.members[0])
.cancel(this.caller, this.target, this.calldata);
});
});
describe('when caller is any other account', function () {
it('reverts as AccessManagerUnauthorizedCancel', async function () {
await expect(this.manager.connect(this.other).cancel(this.caller, this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCancel')
.withArgs(this.other, this.caller, this.target, this.method.selector);
});
});
},
after() {
it('succeeds', async function () {
await this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata);
});
},
expired() {
it('succeeds', async function () {
await this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata);
});
},
},
notScheduled() {
it('reverts as AccessManagerNotScheduled', async function () {
await expect(this.manager.cancel(this.caller, this.target, this.calldata))
.to.be.revertedWithCustomError(this.manager, 'AccessManagerNotScheduled')
.withArgs(this.operationId);
});
},
});
it('cancels an operation and resets schedule', async function () {
const { operationId, schedule } = await prepareOperation(this.manager, {
caller: this.caller,
target: this.target,
calldata: this.calldata,
delay: this.scheduleIn,
});
await schedule();
await expect(this.manager.connect(this.caller).cancel(this.caller, this.target, this.calldata))
.to.emit(this.manager, 'OperationCanceled')
.withArgs(operationId, 1n);
expect(await this.manager.getSchedule(operationId)).to.equal('0');
});
});
describe('with Ownable target contract', function () {
const roleId = 1n;
beforeEach(async function () {
this.ownable = await ethers.deployContract('$Ownable', [this.manager]);
// add user to role
await this.manager.$_grantRole(roleId, this.user, 0, 0);
});
it('initial state', async function () {
expect(await this.ownable.owner()).to.equal(this.manager);
});
describe('Contract is closed', function () {
beforeEach(async function () {
await this.manager.$_setTargetClosed(this.ownable, true);
});
it('directly call: reverts', async function () {
await expect(this.ownable.connect(this.user).$_checkOwner())
.to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount')
.withArgs(this.user);
});
it('relayed call (with role): reverts', async function () {
await expect(
this.manager.connect(this.user).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector),
)
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.user, this.ownable, this.ownable.$_checkOwner.getFragment().selector);
});
it('relayed call (without role): reverts', async function () {
await expect(
this.manager.connect(this.other).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector),
)
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.other, this.ownable, this.ownable.$_checkOwner.getFragment().selector);
});
});
describe('Contract is managed', function () {
describe('function is open to specific role', function () {
beforeEach(async function () {
await this.manager.$_setTargetFunctionRole(
this.ownable,
this.ownable.$_checkOwner.getFragment().selector,
roleId,
);
});
it('directly call: reverts', async function () {
await expect(this.ownable.connect(this.user).$_checkOwner())
.to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount')
.withArgs(this.user);
});
it('relayed call (with role): success', async function () {
await this.manager.connect(this.user).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector);
});
it('relayed call (without role): reverts', async function () {
await expect(
this.manager.connect(this.other).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector),
)
.to.be.revertedWithCustomError(this.manager, 'AccessManagerUnauthorizedCall')
.withArgs(this.other, this.ownable, this.ownable.$_checkOwner.getFragment().selector);
});
});
describe('function is open to public role', function () {
beforeEach(async function () {
await this.manager.$_setTargetFunctionRole(
this.ownable,
this.ownable.$_checkOwner.getFragment().selector,
this.roles.PUBLIC.id,
);
});
it('directly call: reverts', async function () {
await expect(this.ownable.connect(this.user).$_checkOwner())
.to.be.revertedWithCustomError(this.ownable, 'OwnableUnauthorizedAccount')
.withArgs(this.user);
});
it('relayed call (with role): success', async function () {
await this.manager.connect(this.user).execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector);
});
it('relayed call (without role): success', async function () {
await this.manager
.connect(this.other)
.execute(this.ownable, this.ownable.$_checkOwner.getFragment().selector);
});
});
});
});
});