Merge pull request #4 from Kolektivo/feat/badge-based-permissioning

Feat: Badge based permissioning
Kolektivo · Jun 8, 2022 · 6e8009c · 6e8009c
2 parents 82ea0de + cd63606
commit 6e8009c
Show file tree

Hide file tree

Showing 13 changed files with 1,341 additions and 1,450 deletions.
diff --git a/contracts/IBadger.sol b/contracts/IBadger.sol
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2021 PrimeDao
+
+pragma solidity ^0.8.6;
+
+interface IBadger {
+    function balanceOf(address account, uint256 id)
+        external
+        view
+        returns (uint256);
+
+    function mintBatch(
+        address to,
+        uint256[] memory ids,
+        uint256[] memory amounts
+    ) external view returns (uint256);
+
+    function mint(
+        address account,
+        uint256 id,
+        uint256 amount
+    ) external;
+}
diff --git a/contracts/Permissions.sol b/contracts/Permissions.sol
@@ -2,6 +2,7 @@
 pragma solidity ^0.8.6;
 
 import "@gnosis.pm/safe-contracts/contracts/common/Enum.sol";
+import "./IBadger.sol";
 
 enum ParameterType {
     Static,
@@ -35,7 +36,6 @@ struct TargetAddress {
 }
 
 struct Role {
-    mapping(address => bool) members;
     mapping(address => TargetAddress) targets;
     mapping(bytes32 => uint256) functions;
     mapping(bytes32 => bytes32) compValues;
@@ -46,27 +46,27 @@ library Permissions {
     uint256 internal constant SCOPE_MAX_PARAMS = 48;
 
     event AllowTarget(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         ExecutionOptions options
     );
-    event RevokeTarget(uint16 role, address targetAddress);
-    event ScopeTarget(uint16 role, address targetAddress);
+    event RevokeTarget(uint256 badgeId, address targetAddress);
+    event ScopeTarget(uint256 badgeId, address targetAddress);
     event ScopeAllowFunction(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 selector,
         ExecutionOptions options,
         uint256 resultingScopeConfig
     );
     event ScopeRevokeFunction(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 selector,
         uint256 resultingScopeConfig
     );
     event ScopeFunction(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         bool[] isParamScoped,
@@ -77,14 +77,14 @@ library Permissions {
         uint256 resultingScopeConfig
     );
     event ScopeFunctionExecutionOptions(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         ExecutionOptions options,
         uint256 resultingScopeConfig
     );
     event ScopeParameter(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         uint256 index,
@@ -94,7 +94,7 @@ library Permissions {
         uint256 resultingScopeConfig
     );
     event ScopeParameterAsOneOf(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         uint256 index,
@@ -103,7 +103,7 @@ library Permissions {
         uint256 resultingScopeConfig
     );
     event UnscopeParameter(
-        uint16 role,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         uint256 index,
@@ -179,9 +179,11 @@ library Permissions {
         address to,
         uint256 value,
         bytes calldata data,
-        Enum.Operation operation
+        Enum.Operation operation,
+        IBadger badger,
+        uint256 badgeId
     ) public view {
-        if (!role.members[msg.sender]) {
+        if ((badger.balanceOf(msg.sender, badgeId)) == 0) {
             revert NoMembership();
         }
         if (multisend == to) {
@@ -377,41 +379,41 @@ library Permissions {
 
     function allowTarget(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         ExecutionOptions options
     ) external {
         role.targets[targetAddress] = TargetAddress(Clearance.Target, options);
-        emit AllowTarget(roleId, targetAddress, options);
+        emit AllowTarget(badgeId, targetAddress, options);
     }
 
     function revokeTarget(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress
     ) external {
         role.targets[targetAddress] = TargetAddress(
             Clearance.None,
             ExecutionOptions.None
         );
-        emit RevokeTarget(roleId, targetAddress);
+        emit RevokeTarget(badgeId, targetAddress);
     }
 
     function scopeTarget(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress
     ) external {
         role.targets[targetAddress] = TargetAddress(
             Clearance.Function,
             ExecutionOptions.None
         );
-        emit ScopeTarget(roleId, targetAddress);
+        emit ScopeTarget(badgeId, targetAddress);
     }
 
     function scopeAllowFunction(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         ExecutionOptions options
@@ -428,8 +430,9 @@ library Permissions {
         role.functions[
             keyForFunctions(targetAddress, functionSig)
         ] = scopeConfig;
+
         emit ScopeAllowFunction(
-            roleId,
+            badgeId,
             targetAddress,
             functionSig,
             options,
@@ -439,17 +442,17 @@ library Permissions {
 
     function scopeRevokeFunction(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig
     ) external {
         role.functions[keyForFunctions(targetAddress, functionSig)] = 0;
-        emit ScopeRevokeFunction(roleId, targetAddress, functionSig, 0);
+        emit ScopeRevokeFunction(badgeId, targetAddress, functionSig, 0);
     }
 
     function scopeFunction(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         bool[] memory isScoped,
@@ -510,7 +513,7 @@ library Permissions {
             ] = compressCompValue(paramType[i], compValue[i]);
         }
         emit ScopeFunction(
-            roleId,
+            badgeId,
             targetAddress,
             functionSig,
             isScoped,
@@ -524,7 +527,7 @@ library Permissions {
 
     function scopeFunctionExecutionOptions(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         ExecutionOptions options
@@ -539,7 +542,7 @@ library Permissions {
         ] = scopeConfig;
 
         emit ScopeFunctionExecutionOptions(
-            roleId,
+            badgeId,
             targetAddress,
             functionSig,
             options,
@@ -549,7 +552,7 @@ library Permissions {
 
     function scopeParameter(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         uint256 index,
@@ -581,7 +584,7 @@ library Permissions {
         ] = compressCompValue(paramType, compValue);
 
         emit ScopeParameter(
-            roleId,
+            badgeId,
             targetAddress,
             functionSig,
             index,
@@ -594,7 +597,7 @@ library Permissions {
 
     function scopeParameterAsOneOf(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         uint256 index,
@@ -635,7 +638,7 @@ library Permissions {
         }
 
         emit ScopeParameterAsOneOf(
-            roleId,
+            badgeId,
             targetAddress,
             functionSig,
             index,
@@ -647,7 +650,7 @@ library Permissions {
 
     function unscopeParameter(
         Role storage role,
-        uint16 roleId,
+        uint256 badgeId,
         address targetAddress,
         bytes4 functionSig,
         uint256 index
@@ -668,7 +671,7 @@ library Permissions {
         role.functions[key] = scopeConfig;
 
         emit UnscopeParameter(
-            roleId,
+            badgeId,
             targetAddress,
             functionSig,
             index,
@@ -981,4 +984,13 @@ library Permissions {
                 ? bytes32(compValue)
                 : keccak256(compValue);
     }
+
+    function getTransactionHash(
+        address to,
+        uint256 value,
+        bytes memory data,
+        Enum.Operation operation
+    ) internal pure returns (bytes32) {
+        return keccak256(abi.encodePacked(to, value, data, operation));
+    }
 }