Merge pull request #553 from JoinColony/feature/domain-permissions

Domain-level permissions

Author: kronosapiens

.circleci/config.yml

@@ -73,6 +73,9 @@ jobs:
       - run:
           name: "Checking contract recovery modifiers"
           command: yarn run check:recoverymods
+      - run:
+          name: "Checking contract authDomain modifiers"
+          command: yarn run check:auth
       - run:
           name: "Running unit tests"
           command: yarn run test:contracts

contracts/Colony.sol

@@ -28,30 +28,56 @@ contract Colony is ColonyStorage, PatriciaTreeProofs {
   // Version number should be upped with every change in Colony or its dependency contracts or libraries.
   function version() public pure returns (uint256 colonyVersion) { return 1; }
 
-  function setFounderRole(address _user) public stoppable auth {
-    // To allow only one address to have founder role at a time, we have to remove current founder from their role
+  function setRootRole(address _user, bool _setTo) public stoppable auth {
+    ColonyAuthority(address(authority)).setUserRole(_user, uint8(ColonyRole.Root), _setTo);
+
+    emit ColonyRootRoleSet(_user, _setTo);
+  }
+
+  function setArchitectureRole(
+    uint256 _permissionDomainId,
+    uint256 _childSkillIndex,
+    address _user,
+    uint256 _domainId,
+    bool _setTo
+  ) public stoppable authDomain(_permissionDomainId, _childSkillIndex, _domainId)
+  {
+    // Because this permission has some restrictions on domains of action, we transparently implement it as two roles
     ColonyAuthority colonyAuthority = ColonyAuthority(address(authority));
-    colonyAuthority.setUserRole(msg.sender, uint8(ColonyRole.Founder), false);
-    colonyAuthority.setUserRole(_user, uint8(ColonyRole.Founder), true);
+    colonyAuthority.setUserRole(_user, _domainId, uint8(ColonyRole.Architecture), _setTo);
+    colonyAuthority.setUserRole(_user, _domainId, uint8(ColonyRole.ArchitectureSubdomain), _setTo);
 
-    emit ColonyFounderRoleSet(msg.sender, _user);
+    emit ColonyArchitectureRoleSet(_user, _setTo);
   }
 
-  function setAdminRole(address _user) public stoppable auth {
-    ColonyAuthority(address(authority)).setUserRole(_user, uint8(ColonyRole.Admin), true);
+  function setFundingRole(
+    uint256 _permissionDomainId,
+    uint256 _childSkillIndex,
+    address _user,
+    uint256 _domainId,
+    bool _setTo
+  ) public stoppable authDomain(_permissionDomainId, _childSkillIndex, _domainId)
+  {
+    ColonyAuthority(address(authority)).setUserRole(_user, _domainId, uint8(ColonyRole.Funding), _setTo);
 
-    emit ColonyAdminRoleSet(_user);
+    emit ColonyFundingRoleSet(_user, _setTo);
   }
 
-  // Can only be called by the founder role.
-  function removeAdminRole(address _user) public stoppable auth {
-    ColonyAuthority(address(authority)).setUserRole(_user, uint8(ColonyRole.Admin), false);
+  function setAdministrationRole(
+    uint256 _permissionDomainId,
+    uint256 _childSkillIndex,
+    address _user,
+    uint256 _domainId,
+    bool _setTo
+  ) public stoppable authDomain(_permissionDomainId, _childSkillIndex, _domainId)
+  {
+    ColonyAuthority(address(authority)).setUserRole(_user, _domainId, uint8(ColonyRole.Administration), _setTo);
 
-    emit ColonyAdminRoleRemoved(_user);
+    emit ColonyAdministrationRoleSet(_user, _setTo);
   }
 
-  function hasUserRole(address _user, ColonyRole _role) public view returns (bool) {
-    return ColonyAuthority(address(authority)).hasUserRole(_user, uint8(_role));
+  function hasUserRole(address _user, uint256 _domainId, ColonyRole _role) public view returns (bool) {
+    return ColonyAuthority(address(authority)).hasUserRole(_user, _domainId, uint8(_role));
   }
 
   function getColonyNetwork() public view returns (address) {
@@ -81,7 +107,7 @@ contract Colony is ColonyStorage, PatriciaTreeProofs {
     setFunctionReviewers(bytes4(keccak256("removeTaskWorkerRole(uint256)")), TaskRole.Manager, TaskRole.Worker);
     setFunctionReviewers(bytes4(keccak256("cancelTask(uint256)")), TaskRole.Manager, TaskRole.Worker);
 
-    setRoleAssignmentFunction(bytes4(keccak256("setTaskManagerRole(uint256,address)")));
+    setRoleAssignmentFunction(bytes4(keccak256("setTaskManagerRole(uint256,address,uint256,uint256)")));
     setRoleAssignmentFunction(bytes4(keccak256("setTaskEvaluatorRole(uint256,address)")));
     setRoleAssignmentFunction(bytes4(keccak256("setTaskWorkerRole(uint256,address)")));
 
@@ -165,10 +191,9 @@ contract Colony is ColonyStorage, PatriciaTreeProofs {
     return colonyNetwork.addColonyVersion(_version, _resolver);
   }
 
-  function addDomain(uint256 _parentDomainId) public
+  function addDomain(uint256 _permissionDomainId, uint256 _childSkillIndex, uint256 _parentDomainId) public
   stoppable
-  auth
-  domainExists(_parentDomainId)
+  authDomain(_permissionDomainId, _childSkillIndex, _parentDomainId)
   {
     // Note: Remove when we want to allow more domain hierarchy levels
     require(_parentDomainId == 1, "colony-parent-domain-not-root");

contracts/ColonyAuthority.sol

@@ -17,85 +17,64 @@
 
 pragma solidity >=0.5.3;
 
-import "./CommonAuthority.sol";
 import "./ColonyDataTypes.sol";
+import "./CommonAuthority.sol";
 
 
 contract ColonyAuthority is CommonAuthority {
-  uint8 founderRole = uint8(ColonyDataTypes.ColonyRole.Founder);
-  uint8 adminRole = uint8(ColonyDataTypes.ColonyRole.Admin);
-
-  constructor(address colony) public CommonAuthority(colony) {
-    // Bootstrap colony
-    setFounderRoleCapability(colony, "bootstrapColony(address[],int256[])");
-    // Mint tokens
-    setFounderRoleCapability(colony, "mintTokens(uint256)");
-    // Add global skill
-    setFounderRoleCapability(colony, "addGlobalSkill(uint256)");
-    // Transfer founder role
-    setFounderRoleCapability(colony, "setFounderRole(address)");
-    // Remove admin role
-    setFounderRoleCapability(colony, "removeAdminRole(address)");
-    // Set recovery role
-    setFounderRoleCapability(colony, "setRecoveryRole(address)");
-    // Remove recovery role
-    setFounderRoleCapability(colony, "removeRecoveryRole(address)");
-    // Upgrade colony
-    setFounderRoleCapability(colony, "upgrade(uint256)");
-    // Claim colony ENS label
-    setFounderRoleCapability(colony, "registerColonyLabel(string,string)");
-    // Set Network fee inverse
-    setFounderRoleCapability(colony, "setNetworkFeeInverse(uint256)");
-    // Set Reward fee inverse
-    setFounderRoleCapability(colony, "setRewardInverse(uint256)");
-    // Add colony version to the network
-    setFounderRoleCapability(colony, "addNetworkColonyVersion(uint256,address)");
-
-    // Allocate funds
-    setAdminRoleCapability(colony, "moveFundsBetweenPots(uint256,uint256,uint256,address)");
-    setFounderRoleCapability(colony, "moveFundsBetweenPots(uint256,uint256,uint256,address)");
-    // Add domain
-    setAdminRoleCapability(colony, "addDomain(uint256)");
-    setFounderRoleCapability(colony, "addDomain(uint256)");
-    
-    // Add task
-    setAdminRoleCapability(colony, "makeTask(bytes32,uint256,uint256,uint256)");
-    setFounderRoleCapability(colony, "makeTask(bytes32,uint256,uint256,uint256)");
-
-    // Add payment
-    setAdminRoleCapability(colony, "addPayment(address,address,uint256,uint256,uint256)");
-    setFounderRoleCapability(colony, "addPayment(address,address,uint256,uint256,uint256)");
-    // Update payments
-    setAdminRoleCapability(colony, "finalizePayment(uint256)");
-    setFounderRoleCapability(colony, "finalizePayment(uint256)");
-
-    setAdminRoleCapability(colony, "setPaymentRecipient(uint256,address)");
-    setFounderRoleCapability(colony, "setPaymentRecipient(uint256,address)");
-    
-    setAdminRoleCapability(colony, "setPaymentDomain(uint256,uint256)");
-    setFounderRoleCapability(colony, "setPaymentDomain(uint256,uint256)");
-
-    setAdminRoleCapability(colony, "setPaymentSkill(uint256,uint256)");
-    setFounderRoleCapability(colony, "setPaymentSkill(uint256,uint256)");
-
-    setAdminRoleCapability(colony, "setPaymentPayout(uint256,address,uint256)");
-    setFounderRoleCapability(colony, "setPaymentPayout(uint256,address,uint256)");
-
-    // Start next reward payout
-    setAdminRoleCapability(colony, "startNextRewardPayout(address,bytes,bytes,uint256,bytes32[])");
-    setFounderRoleCapability(colony, "startNextRewardPayout(address,bytes,bytes,uint256,bytes32[])");
-    // Set admin
-    setAdminRoleCapability(colony, "setAdminRole(address)");
-    setFounderRoleCapability(colony, "setAdminRole(address)");
-  }
-
-  function setFounderRoleCapability(address colony, bytes memory sig) private {
-    bytes4 functionSig = bytes4(keccak256(sig));
-    setRoleCapability(founderRole, colony, functionSig, true);
+  uint8 constant FUNDING_ROLE = uint8(ColonyDataTypes.ColonyRole.Funding);
+  uint8 constant ADMINISTRATION_ROLE = uint8(ColonyDataTypes.ColonyRole.Administration);
+  uint8 constant ARBITRATION_ROLE = uint8(ColonyDataTypes.ColonyRole.Arbitration);
+  uint8 constant ARCHITECTURE_ROLE = uint8(ColonyDataTypes.ColonyRole.Architecture);
+  uint8 constant ARCHITECTURE_SUBDOMAIN_ROLE = uint8(ColonyDataTypes.ColonyRole.ArchitectureSubdomain);
+  uint8 constant ROOT_ROLE = uint8(ColonyDataTypes.ColonyRole.Root);
+
+  address colony;
+
+  constructor(address _colony) public CommonAuthority(_colony) {
+    colony = _colony;
+
+    // Add permissions for the Administration role
+    addRoleCapability(ADMINISTRATION_ROLE, "makeTask(uint256,uint256,bytes32,uint256,uint256,uint256)");
+    addRoleCapability(ADMINISTRATION_ROLE, "addPayment(uint256,uint256,address,address,uint256,uint256,uint256)");
+    addRoleCapability(ADMINISTRATION_ROLE, "setPaymentRecipient(uint256,uint256,uint256,address)");
+    addRoleCapability(ADMINISTRATION_ROLE, "setPaymentDomain(uint256,uint256,uint256,uint256)");
+    addRoleCapability(ADMINISTRATION_ROLE, "setPaymentSkill(uint256,uint256,uint256,uint256)");
+    addRoleCapability(ADMINISTRATION_ROLE, "setPaymentPayout(uint256,uint256,uint256,address,uint256)");
+    addRoleCapability(ADMINISTRATION_ROLE, "finalizePayment(uint256,uint256,uint256)");
+
+    // Add permissions for the Funding role
+    addRoleCapability(FUNDING_ROLE, "moveFundsBetweenPots(uint256,uint256,uint256,uint256,uint256,uint256,address)");
+
+    // Add permissions for the Architecture role
+    addRoleCapability(ARCHITECTURE_ROLE, "addDomain(uint256,uint256,uint256)");
+    addRoleCapability(ARCHITECTURE_SUBDOMAIN_ROLE, "setArchitectureRole(uint256,uint256,address,uint256,bool)");
+    addRoleCapability(ARCHITECTURE_SUBDOMAIN_ROLE, "setFundingRole(uint256,uint256,address,uint256,bool)");
+    addRoleCapability(ARCHITECTURE_SUBDOMAIN_ROLE, "setAdministrationRole(uint256,uint256,address,uint256,bool)");
+
+    // Add permissions for the Root role
+    addRoleCapability(ROOT_ROLE, "setRootRole(address,bool)");
+    addRoleCapability(ROOT_ROLE, "setArchitectureRole(uint256,uint256,address,uint256,bool)");
+    addRoleCapability(ROOT_ROLE, "setFundingRole(uint256,uint256,address,uint256,bool)");
+    addRoleCapability(ROOT_ROLE, "setAdministrationRole(uint256,uint256,address,uint256,bool)");
+    // Managing recovery roles
+    addRoleCapability(ROOT_ROLE, "setRecoveryRole(address)");
+    addRoleCapability(ROOT_ROLE, "removeRecoveryRole(address)");
+    // Colony functions
+    addRoleCapability(ROOT_ROLE, "startNextRewardPayout(address,bytes,bytes,uint256,bytes32[])");
+    addRoleCapability(ROOT_ROLE, "bootstrapColony(address[],int256[])");
+    addRoleCapability(ROOT_ROLE, "registerColonyLabel(string,string)");
+    addRoleCapability(ROOT_ROLE, "setRewardInverse(uint256)");
+    addRoleCapability(ROOT_ROLE, "mintTokens(uint256)");
+    addRoleCapability(ROOT_ROLE, "upgrade(uint256)");
+    //  Meta Colony functions
+    addRoleCapability(ROOT_ROLE, "addNetworkColonyVersion(uint256,address)");
+    addRoleCapability(ROOT_ROLE, "setNetworkFeeInverse(uint256)");
+    addRoleCapability(ROOT_ROLE, "addGlobalSkill(uint256)");
   }
 
-  function setAdminRoleCapability(address colony, bytes memory sig) private {
+  function addRoleCapability(uint8 role, bytes memory sig) private {
     bytes4 functionSig = bytes4(keccak256(sig));
-    setRoleCapability(adminRole, colony, functionSig, true);
+    setRoleCapability(role, colony, functionSig, true);
   }
 }

contracts/ColonyDataTypes.sol

@@ -36,18 +36,21 @@ contract ColonyDataTypes {
   /// @param newVersion The new colony version upgraded to
   event ColonyUpgraded(uint256 oldVersion, uint256 newVersion);
 
-  /// @notice Event logged when the colony founder role is changed
-  /// @param oldFounder The current founder delegating the role away
-  /// @param newFounder User who is new new colony founder
-  event ColonyFounderRoleSet(address oldFounder, address newFounder);
+  /// @notice Event logged when a new user is assigned the colony funding role
+  /// @param user The newly added colony funding user address
+  event ColonyFundingRoleSet(address user, bool setTo);
 
-  /// @notice Event logged when a new user is assigned the colony admin role
-  /// @param user The newly added colony admin user address
-  event ColonyAdminRoleSet(address user);
+  /// @notice Event logged when a new user is assigned the colony administration role
+  /// @param user The newly added colony administration user address
+  event ColonyAdministrationRoleSet(address user, bool setTo);
 
-  /// @notice Event logged when an existing colony admin is removed the colony admin role
-  /// @param user The removed colony admin user address
-  event ColonyAdminRoleRemoved(address user);
+  /// @notice Event logged when a new user is assigned the colony architecture role
+  /// @param user The newly added colony architecture user address
+  event ColonyArchitectureRoleSet(address user, bool setTo);
+
+  /// @notice Event logged when a new user is assigned the colony root role
+  /// @param user The newly added colony root user address
+  event ColonyRootRoleSet(address user, bool setTo);
 
   /// @notice Event logged when colony funds, either tokens or ether, has been moved between funding pots
   /// @param fromPot The source funding pot
@@ -204,7 +207,7 @@ contract ColonyDataTypes {
 
   enum TaskStatus { Active, Cancelled, Finalized }
 
-  enum ColonyRole { Founder, Admin }
+  enum ColonyRole { Recovery, Root, Arbitration, Architecture, ArchitectureSubdomain, Funding, Administration }
 
   struct Role {
     // Address of the user for the given role

contracts/ColonyFunding.sol

@@ -106,9 +106,9 @@ contract ColonyFunding is ColonyStorage, PatriciaTreeProofs {
     processPayout(payment.fundingPotId, _token, fundingPot.payouts[_token], payment.recipient);
   }
 
-  function setPaymentPayout(uint256 _id, address _token, uint256 _amount) public
-  auth
+  function setPaymentPayout(uint256 _permissionDomainId, uint256 _childSkillIndex, uint256 _id, address _token, uint256 _amount) public
   stoppable
+  authDomain(_permissionDomainId, _childSkillIndex, payments[_id].domainId)
   validPayoutAmount(_amount)
   paymentNotFinalized(_id)
   {
@@ -141,35 +141,43 @@ contract ColonyFunding is ColonyStorage, PatriciaTreeProofs {
     return (fundingPot.associatedType, fundingPot.associatedTypeId, fundingPot.payoutsWeCannotMake);
   }
 
-  function moveFundsBetweenPots(uint256 _fromPot, uint256 _toPot, uint256 _amount, address _token) public
+  function moveFundsBetweenPots(
+    uint256 _permissionDomainId,
+    uint256 _fromChildSkillIndex,
+    uint256 _toChildSkillIndex,
+    uint256 _fromPot,
+    uint256 _toPot,
+    uint256 _amount,
+    address _token
+  )
+  public
   stoppable
-  auth
+  authDomain(_permissionDomainId, _fromChildSkillIndex, getDomainFromFundingPot(_fromPot))
+  authDomain(_permissionDomainId, _toChildSkillIndex, getDomainFromFundingPot(_toPot))
   validFundingTransfer(_fromPot, _toPot)
   {
-    uint fromPotPreviousAmount = fundingPots[_fromPot].balance[_token];
-    uint toPotPreviousAmount = fundingPots[_toPot].balance[_token];
-
-    fundingPots[_fromPot].balance[_token] = sub(fromPotPreviousAmount, _amount);
-    fundingPots[_toPot].balance[_token] = add(toPotPreviousAmount, _amount);
-
-    // If this pot is associated with a Task, prevent money being taken from the pot
-    // if the remaining balance is less than the amount needed for payouts,
-    // unless the task was cancelled.
-    if (fundingPots[_fromPot].associatedType == FundingPotAssociatedType.Task) {
-      uint fromPotPreviousPayoutAmount = fundingPots[_fromPot].payouts[_token];
-      uint surplus = (fromPotPreviousAmount > fromPotPreviousPayoutAmount) ? sub(fromPotPreviousAmount, fromPotPreviousPayoutAmount) : 0;
- 
-      Task storage task = tasks[fundingPots[_fromPot].associatedTypeId];
-      require(task.status == TaskStatus.Cancelled || surplus >= _amount, "colony-funding-task-bad-state");
+    FundingPot storage fromPot = fundingPots[_fromPot];
+    FundingPot storage toPot = fundingPots[_toPot];
+
+    fromPot.balance[_token] = sub(fromPot.balance[_token], _amount);
+    toPot.balance[_token] = add(toPot.balance[_token], _amount);
+
+    // If this pot is associated with a Task, prevent money being taken from the pot if the
+    // remaining balance is less than the amount needed for payouts, unless the task was cancelled.
+    if (fromPot.associatedType == FundingPotAssociatedType.Task) {
+      require(
+        tasks[fromPot.associatedTypeId].status == TaskStatus.Cancelled || fromPot.balance[_token] >= fromPot.payouts[_token],
+        "colony-funding-task-bad-state"
+      );
     }
 
-    if (fundingPots[_fromPot].associatedType == FundingPotAssociatedType.Task || 
-    fundingPots[_fromPot].associatedType == FundingPotAssociatedType.Payment) {
+    if (fromPot.associatedType == FundingPotAssociatedType.Task || fromPot.associatedType == FundingPotAssociatedType.Payment) {
+      uint256 fromPotPreviousAmount = add(fromPot.balance[_token], _amount);
       updatePayoutsWeCannotMakeAfterPotChange(_fromPot, _token, fromPotPreviousAmount);
     }
 
-    if (fundingPots[_toPot].associatedType == FundingPotAssociatedType.Task || 
-    fundingPots[_toPot].associatedType == FundingPotAssociatedType.Payment) {
+    if (toPot.associatedType == FundingPotAssociatedType.Task || toPot.associatedType == FundingPotAssociatedType.Payment) {
+      uint256 toPotPreviousAmount = sub(toPot.balance[_token], _amount);
       updatePayoutsWeCannotMakeAfterPotChange(_toPot, _token, toPotPreviousAmount);
     }
 
@@ -203,7 +211,7 @@ contract ColonyFunding is ColonyStorage, PatriciaTreeProofs {
   }
 
   function startNextRewardPayout(address _token, bytes memory key, bytes memory value, uint256 branchMask, bytes32[] memory siblings)
-  public auth stoppable
+  public stoppable auth
   {
     ITokenLocking tokenLocking = ITokenLocking(IColonyNetwork(colonyNetworkAddress).getTokenLocking());
     uint256 totalLockCount = tokenLocking.lockToken(token);
@@ -414,7 +422,7 @@ contract ColonyFunding is ColonyStorage, PatriciaTreeProofs {
     uint currentTotalAmount = fundingPot.payouts[_token];
     uint currentTaskRolePayout = task.payouts[uint8(_role)][_token];
     task.payouts[uint8(_role)][_token] = _amount;
-    
+
     fundingPot.payouts[_token] = add(sub(currentTotalAmount, currentTaskRolePayout), _amount);
 
     updatePayoutsWeCannotMakeAfterBudgetChange(task.fundingPotId, _token, currentTotalAmount);
@@ -458,4 +466,21 @@ contract ColonyFunding is ColonyStorage, PatriciaTreeProofs {
       fee = _payout/feeInverse + 1;
     }
   }
+
+  function getDomainFromFundingPot(uint256 _fundingPotId) private view returns (uint256 domainId) {
+    require(_fundingPotId <= fundingPotCount, "colony-funding-nonexistent-pot");
+    FundingPot storage fundingPot = fundingPots[_fundingPotId];
+
+    if (fundingPot.associatedType == FundingPotAssociatedType.Domain) {
+      domainId = fundingPot.associatedTypeId;
+    } else if (fundingPot.associatedType == FundingPotAssociatedType.Task) {
+      domainId = tasks[fundingPot.associatedTypeId].domainId;
+    } else if (fundingPot.associatedType == FundingPotAssociatedType.Payment) {
+      domainId = payments[fundingPot.associatedTypeId].domainId;
+    } else {
+      // If rewards pot, return root domain.
+      assert(_fundingPotId == 0);
+      domainId = 1;
+    }
+  }
 }