pragma solidity ^0.4.25;// File: @settlemint/solidity-mint/contracts/authentica

1. pragma solidity ^0.4.25;
2. // File: @settlemint/solidity-mint/contracts/authentication/interfaces/IRoleRegistry.sol
3. /**
4. * Copyright (C) SettleMint NV - All Rights Reserved
5. *
6. * Use of this file is strictly prohibited without an active license agreement.
7. * Distribution of this file, via any medium, is strictly prohibited.
8. *
9. * For license inquiries, contact hello@settlemint.com
10. */
11.  
12. pragma solidity ^0.4.24;
13.  
14.  
15. /**
16. * @title RoleRegistry
17. * @dev The RoleRegistry contract defines the methods and data structures to
18. * record if addresses have certain roles or not.
19. */
20. contract IRoleRegistry {
21.  
22. event Designated(address _address);
23. event Discharged(address _address);
24. event RoleRegistryCreated(address _address);
25.  
26.  
27. /**
28. * @dev Checks if an address has a certain role
29. * @param _address The address to check for the role.
30. * @return A boolean that is True if the address has the role.
31. */
32. function hasRole(address _address) public view returns (bool hasTheRole);
33.  
34. /**
35. * @dev Gives the role to an address
36. * @param _address The address to designate the role to.
37. */
38. function designate(address _address) public;
39.  
40. /**
41. * @dev Removes the role from an address
42. * @param _address The address to discharge fromn the role.
43. */
44. function discharge(address _address) public;
45.  
46. }
47. // File: @settlemint/solidity-mint/contracts/authentication/GateKeeper.sol
48. /**
49. * Copyright (C) SettleMint NV - All Rights Reserved
50. *
51. * Use of this file is strictly prohibited without an active license agreement.
52. * Distribution of this file, via any medium, is strictly prohibited.
53. *
54. * For license inquiries, contact hello@settlemint.com
55. */
56.  
57. pragma solidity ^0.4.24;
58.  
59.  
60.  
61. contract GateKeeper {
62.  
63. bytes32 constant public CREATE_PERMISSIONS_ROLE = bytes32("CREATE_PERMISSIONS_ROLE");
64. bytes32 constant public ADD_ROLEREGISTRY_ROLE = bytes32("ADD_ROLEREGISTRY_ROLE");
65.  
66. event SetPermission(address indexed entity, address indexed contractAddress, bytes32 indexed role, bool allowed);
67. event ChangePermissionManager(address indexed contractAddress, bytes32 indexed role, address indexed manager);
68.  
69. // whether a certain entity has a permission
70. mapping (address => mapping (address => mapping (bytes32 => bool))) permissions;
71. // who is the manager of a permission
72. mapping (address => mapping (bytes32 => address)) permissionManager;
73. // a mapping of roles to the address of their correspending role registry
74. mapping(bytes32 => address) roleToRoleRegistry;
75.  
76. // a list of all RoleRegistries
77. IRoleRegistry[] roleRegistries;
78.  
79. modifier onlyPermissionManager(address _contract, bytes32 role) {
80. require(msg.sender == getPermissionManager(_contract, role), "Sender is not the permission manager");
81. _;
82. }
83.  
84. modifier auth(bytes32 _role) {
85. require(hasPermission(msg.sender, address(this), _role), "Sender does not have the correct permissions");
86. _;
87. }
88.  
89. constructor() public {
90. _createPermission(
91. msg.sender,
92. address(this),
93. CREATE_PERMISSIONS_ROLE,
94. msg.sender
95. );
96. _createPermission(
97. msg.sender,
98. address(this),
99. ADD_ROLEREGISTRY_ROLE,
100. msg.sender
101. );
102. }
103.  
104. function addRoleRegistry(address roleRegisty) external auth(ADD_ROLEREGISTRY_ROLE) {
105. roleRegistries.push(IRoleRegistry(roleRegisty));
106. }
107.  
108. /**
109. * @dev Creates a permission that wasn't previously set. Access is limited by the ACL.
110. * if a created permission is removed it is possible to reset it with createPermission.
111. * @notice Create a new permission granting `_entity` the ability to perform actions of role `_role` on `_contract` (setting `_manager` as parent)
112. * @param _entity Address of the whitelisted entity that will be able to perform the role, this can be a user or a roleregistry
113. * @param _contract Address of the app in which the role will be allowed (requires app to depend on kernel for ACL)
114. * @param _role Identifier for the group of actions in app given access to perform
115. * @param _manager Address of the entity that will be able to grant and revoke the permission further.
116. */
117. function createPermission(
118. address _entity,
119. address _contract,
120. bytes32 _role,
121. address _manager
122. )
123. public
124. auth(CREATE_PERMISSIONS_ROLE)
125. {
126. _createPermission(
127. _entity,
128. _contract,
129. _role,
130. _manager
131. );
132. }
133.  
134. /**
135. * @dev Grants a permission if allowed. This requires `msg.sender` to be the permission manager
136. * @notice Grants `_entity` the ability to perform actions of role `_role` on `_contract`
137. * @param _entity Address of the whitelisted entity that will be able to perform the role
138. * @param _contract Address of the app in which the role will be allowed (requires app to depend on kernel for ACL)
139. * @param _role Identifier for the group of actions in app given access to perform
140. */
141. function grantPermission(address _entity, address _contract, bytes32 _role)
142. public
143. onlyPermissionManager(_contract, _role)
144. {
145. _setPermission(
146. _entity,
147. _contract,
148. _role,
149. true
150. );
151. }
152.  
153. /**
154. * @dev Revokes permission if allowed. This requires `msg.sender` to be the parent of the permission
155. * @notice Revokes `_entity` the ability to perform actions of role `_role` on `_contract`
156. * @param _entity Address of the whitelisted entity that will be revoked access
157. * @param _contract Address of the app in which the role is revoked
158. * @param _role Identifier for the group of actions in app given access to perform
159. */
160. function revokePermission(address _entity, address _contract, bytes32 _role)
161. public
162. onlyPermissionManager(_contract, _role)
163. {
164. _setPermission(
165. _entity,
166. _contract,
167. _role,
168. false
169. );
170. }
171.  
172. /**
173. * @notice Sets `_newManager` as the manager of the permission `_role` in `_contract`
174. * @param _newManager Address for the new manager
175. * @param _contract Address of the app in which the permission management is being transferred
176. * @param _role Identifier for the group of actions in app given access to perform
177. */
178. function setPermissionManager(address _newManager, address _contract, bytes32 _role)
179. public
180. onlyPermissionManager(_contract, _role)
181. {
182. _setPermissionManager(_newManager, _contract, _role);
183. }
184.  
185. /**
186. * @dev Get manager address for permission
187. * @param _contract Address of the app
188. * @param _role Identifier for a group of actions in app
189. * @return address of the manager for the permission
190. */
191. function getPermissionManager(address _contract, bytes32 _role) public view returns (address) {
192. return permissionManager[_contract][_role];
193. }
194.  
195. /**
196. * @dev Function called by apps to check ACL on kernel or to check permission statu
197. * @param _entity Sender of the original call
198. * @param _contract Address of the app
199. * @param _role Identifier for a group of actions in app
200. * @return boolean indicating whether the ACL allows the role or not
201. */
202. function hasPermission(address _entity, address _contract, bytes32 _role) public view returns (bool) {
203. // the address passed in has the permissions themselves
204. bool personalPermission = permissions[_entity][_contract][_role];
205. if (personalPermission) {
206. return personalPermission;
207. }
208. // or we will check if any of the role registries have the permission
209. for (uint256 counter = 0; counter < roleRegistries.length; counter++) {
210. address registry = address(roleRegistries[counter]);
211. bool registryPermission = permissions[registry][_contract][_role];
212. if (registryPermission) {
213. if (roleRegistries[counter].hasRole(_entity)) {
214. return true;
215. }
216. }
217. }
218. // if, not, deny!
219. return false;
220. }
221.  
222. /**
223. * @dev Function called to retrieve the role registry for a given role
224. * @param _role Identifier for the role mapped to a role registry
225. * @return address of the role registry that corresponds to the role
226. */
227. function getRoleRegistryAddress(bytes32 _role) public view returns (address) {
228. return roleToRoleRegistry[_role];
229. }
230.  
231. /**
232. * @dev Function called to set the role registry for a given role
233. * @param _role Identifier for the role mapped to a role registry
234. * @param _address address of the role registry to put into the store
235. */
236. function setRoleRegistryAddress(bytes32 _role, address _address) public auth(ADD_ROLEREGISTRY_ROLE) {
237. roleToRoleRegistry[_role] = _address;
238. }
239.  
240. /**
241. * @dev Internal createPermission for access inside the gatekeeper (on instantiation)
242. */
243. function _createPermission(
244. address _entity,
245. address _contract,
246. bytes32 _role,
247. address _manager
248. )
249. internal
250. {
251. require(permissionManager[_contract][_role] == 0, "only allow permission creation when it has no manager (hasn't been created before)");
252. _setPermission(
253. _entity,
254. _contract,
255. _role,
256. true
257. );
258. _setPermissionManager(_manager, _contract, _role);
259. }
260.  
261. /**
262. * @dev Internal function called to actually save the permission
263. */
264. function _setPermission(
265. address _entity,
266. address _contract,
267. bytes32 _role,
268. bool _allowed
269. )
270. internal
271. {
272. permissions[_entity][_contract][_role] = _allowed;
273. emit SetPermission(
274. _entity,
275. _contract,
276. _role,
277. _allowed
278. );
279. }
280.  
281. /**
282. * @dev Internal function that sets management
283. */
284. function _setPermissionManager(address _newManager, address _contract, bytes32 _role) internal {
285. require(_newManager > 0, "_newManager should be a real address");
286.  
287. permissionManager[_contract][_role] = _newManager;
288. emit ChangePermissionManager(_contract, _role, _newManager);
289. }
290. }
291. // File: @settlemint/solidity-mint/contracts/utility/conversions/Converter.sol
292. /**
293. * Copyright (C) SettleMint NV - All Rights Reserved
294. *
295. * Use of this file is strictly prohibited without an active license agreement.
296. * Distribution of this file, via any medium, is strictly prohibited.
297. *
298. * For license inquiries, contact hello@settlemint.com
299. */
300.  
301. pragma solidity ^0.4.24;
302.  
303.  
304. contract Converter {
305. function addressToString(address x) internal pure returns (string) {
306. bytes memory b = new bytes(20);
307. for (uint i = 0; i < 20; i++) {
308. b[i] = byte(uint8(uint(x) / (2**(8*(19 - i)))));
309. }
310. return string(b);
311. }
312.  
313. function bytes32ToString(bytes32 x) internal pure returns (string) {
314. bytes memory bytesString = new bytes(32);
315. uint charCount = 0;
316. for (uint j = 0; j < 32; j++) {
317. byte char = byte(bytes32(uint(x) * 2 ** (8 * j)));
318. if (char != 0) {
319. bytesString[charCount] = char;
320. charCount++;
321. }
322. }
323. bytes memory bytesStringTrimmed = new bytes(charCount);
324. for (j = 0; j < charCount; j++) {
325. bytesStringTrimmed[j] = bytesString[j];
326. }
327. return string(bytesStringTrimmed);
328. }
329. }
330. // File: @settlemint/solidity-mint/contracts/authentication/Secured.sol
331. /**
332. * Copyright (C) SettleMint NV - All Rights Reserved
333. *
334. * Use of this file is strictly prohibited without an active license agreement.
335. * Distribution of this file, via any medium, is strictly prohibited.
336. *
337. * For license inquiries, contact hello@settlemint.com
338. */
339.  
340. pragma solidity ^0.4.24;
341.  
342.  
343.  
344.  
345. contract Secured is Converter {
346.  
347. GateKeeper public gateKeeper;
348.  
349. modifier auth(bytes32 _role) {
350. require(
351. canPerform(msg.sender, _role),
352. "Sender do not have the correct role");
353. _;
354. }
355.  
356. constructor(address _gateKeeper) public {
357. gateKeeper = GateKeeper(_gateKeeper);
358. }
359.  
360. function canPerform(address _sender, bytes32 _role) internal view returns (bool) {
361. return address(gateKeeper) == 0 || gateKeeper.hasPermission(_sender, address(this), _role);
362. }
363.  
364. }
365. // File: @settlemint/solidity-mint/contracts/utility/syncing/Syncable.sol
366. /**
367. * Copyright (C) SettleMint NV - All Rights Reserved
368. *
369. * Use of this file is strictly prohibited without an active license agreement.
370. * Distribution of this file, via any medium, is strictly prohibited.
371. *
372. * For license inquiries, contact hello@settlemint.com
373. */
374.  
375. pragma solidity ^0.4.24;
376.  
377.  
378. /**
379. * The listable item should also implement
380. * @dev function getInfo() constant public returns (bytes32 _productID, bytes32 _issuerProductID, bytes32 _productPayoffCode, address _currency, uint256 _totalSupply) {
381. */
382. contract Syncable {
383.  
384. function getIndexLength() public view returns (uint length);
385.  
386. // Waiting for the time we can return structs from functions!
387. //function getByIndex(uint index) constant public returns (address key, bool hasRole){
388. //function getByKey(address _key) constant public returns (address key, bool hasRole){
389.  
390. }
391. // File: @settlemint/solidity-mint/contracts/authentication/RoleRegistry.sol
392. /**
393. * Copyright (C) SettleMint NV - All Rights Reserved
394. *
395. * Use of this file is strictly prohibited without an active license agreement.
396. * Distribution of this file, via any medium, is strictly prohibited.
397. *
398. * For license inquiries, contact hello@settlemint.com
399. */
400.  
401. pragma solidity ^0.4.24;
402. pragma experimental ABIEncoderV2;
403.  
404.  
405.  
406.  
407.  
408. /**
409. * @title RoleRegistry
410. * @dev The RoleRegistry contract defines the methods and data structures to
411. * record if addresses have certain roles or not.
412. */
413. contract RoleRegistry is IRoleRegistry, Syncable, Secured {
414.  
415. bytes32 constant public DESIGNATE_ROLE = bytes32("DESIGNATE_ROLE");
416.  
417. struct RoleHolderContainer {
418. bool roleDesignated;
419. uint256 creationDate;
420. }
421. mapping(address => RoleHolderContainer) private roleHolders;
422. address[] private roleHoldersIndex;
423.  
424. event Designated(address _address);
425. event Discharged(address _address);
426. event RoleRegistryCreated(address _address);
427.  
428. constructor(address _gateKeeper) Secured(_gateKeeper) public {
429. emit RoleRegistryCreated(this);
430. }
431.  
432. /**
433. * @notice Returns a list of all the holders of this role.
434. */
435. function getRoleHolders() public view returns(address[] allRoleHolders) {
436. return roleHoldersIndex;
437. }
438.  
439. /**
440. * @dev Checks if an address has a certain role
441. * @param _address The address to check for the role.
442. * @return A boolean that is True if the address has the role.
443. */
444. function hasRole(address _address) public view returns (bool hasTheRole) {
445. hasTheRole = roleHolders[_address].roleDesignated;
446. }
447.  
448. /**
449. * @dev Gives the role to an address
450. * @param _address The address to designate the role to.
451. */
452. function designate(address _address) public auth(DESIGNATE_ROLE) {
453. if (roleHolders[_address].creationDate == 0) {
454. roleHoldersIndex.push(_address);
455. roleHolders[_address].creationDate = now;
456. }
457. roleHolders[_address].roleDesignated = true;
458. emit Designated(_address);
459. }
460.  
461. /**
462. * @dev Removes the role from an address
463. * @param _address The address to discharge fromn the role.
464. */
465. function discharge(address _address) public auth(DESIGNATE_ROLE) {
466. require(roleHolders[_address].creationDate > 0, "This address was never designated to this role");
467.  
468. uint i = 0;
469. while (roleHoldersIndex[i] != _address) {
470. i++;
471. }
472. for (uint j = i; j<roleHoldersIndex.length-1; j++) {
473. roleHoldersIndex[j] = roleHoldersIndex[j+1];
474. }
475. roleHoldersIndex.length--;
476.  
477. roleHolders[_address].roleDesignated = false;
478. emit Discharged(_address);
479. }
480.  
481. /**
482. * @dev Returns the length of the index array
483. * @return the amount of items in the index array
484. */
485. function getIndexLength() public view returns (uint length) {
486. length = roleHoldersIndex.length;
487. }
488.  
489. /**
490. * @dev Returns the information for the key on a certain index
491. * @param _index The index of the key in the key array
492. * @return the information for the key on a certain index
493. */
494. function getByIndex(uint _index) public view returns (address key, bool hasTheRole) {
495. key = roleHoldersIndex[_index];
496. hasTheRole = roleHolders[roleHoldersIndex[_index]].roleDesignated;
497. }
498.  
499. /**
500. * @dev Returns the information for the key
501. * @param _key The key to get the info for
502. * @return the information for the key
503. */
504. function getByKey(address _key) public view returns (address key, bool hasTheRole) {
505. key = _key;
506. hasTheRole = roleHolders[_key].roleDesignated;
507. }
508.  
509. }
510. // File: contracts/Administrator/AdministratorRegistry.sol
511. /**
512. * @title AdministratorRegistry
513. * @dev Contains all the administrators of this system.
514. */
515. contract AdministratorRegistry is RoleRegistry {
516.  
517. bytes32 constant public ROLE = "ADMIN_ROLE";
518.  
519. constructor(address _gateKeeper) public RoleRegistry(_gateKeeper) {}
520. }