Merge remote-tracking branch 'origin/develop' into feature/permission…

…-condition-erc-165-support

.github/workflows/comment-triggers.yml

@@ -10,16 +10,14 @@ jobs:
     runs-on: ubuntu-latest
     name: A job to check user's permission level
     steps:
-      # Check for write permission
-      - name: Check user permission
-        id: check
-        uses: scherermichael-oss/action-has-permission@master
+      - name: Check user permission (write)
+        id: check-write
+        uses: actions-cool/check-user-permission@v2
         with:
-          required-permission: write
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: abort
-        if: "! steps.check.outputs.has-permission"
+          require: 'write'
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Abort
+        if: steps.check-write.outputs.check-result == 'false'
         run: exit 1
   mythx_partial:
     needs: [check_user_permission]

packages/contracts/CHANGELOG.md

@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Revert with an error if the `grantWithCondition` function in `PermissionManager` is called with a condition address that is not a `IPermissionCondition` implementation.
+- Revert with an error if the `applySingleTargetPermissions` function in `PermissionManager` is called with `PermissionLib.Operation.GrantWithCondition`.
 - Fixed logic bug in the `TokenVoting` and `AddresslistVoting` implementations that caused the `createProposal` function to emit the unvalidated `_startDate` and `_endDate` input arguments (that both can be zero) in the `ProposalCreated` event instead of the validated ones.
 - Changed the `createProposal` functions in `Multisig` to allow creating proposals when the `_msgSender()` is listed in the current block.
 - Changed the `createProposal` functions in `AddresslistVoting` to allow creating proposals when the `_msgSender()` is listed in the current block.

packages/contracts/docs/osx/01-how-it-works/02-framework/01-dao-creation/index.md

@@ -49,6 +49,7 @@ function register(
 requiring the `REGISTER_DAO_PERMISSION_ID` permission currently held only by the `DAOFactory`.
 
 If the requested ENS `subdomain` name [is valid](../03-ens-names.md) and not taken, the `DAORegistry` registers the subdomain and adds the `DAO` contract address to the `DAORegistry`.
+If the `subdomain` parameter is non-empty (not `""`) and still available, the ENS name will be registered.
 If the registration was successful, the DAO name, contract and creator addresses are emitted in an event.
 
 For more details visit the [`DAORegistry` reference guide entry](../../../03-reference-guide/framework/dao/DAORegistry.md).

packages/contracts/docs/osx/01-how-it-works/02-framework/02-plugin-management/01-plugin-repo/01-plugin-repo-creation.md

@@ -42,7 +42,7 @@ function createPluginRepoWithFirstVersion(
 
 which creates a `PluginRepo` with the first release and first build (`v1.1`) inside and registers it in the Aragon OSx `PluginRepoRegistry`contract with an [ENS subdomain](../../03-ens-names.md) under the`plugin.dao.eth` domain managed by Aragon.
 
-Additional to the information required by the [`createVersion` function discussed earlier](./index.md/#the-puginrepo-contract), it receives
+Additional to the information required by the [`createVersion` function discussed earlier](./index.md/#the-pluginrepo-contract), it receives
 
 - A valid ENS `_subdomain` name under that isn't already taken
 - The address of the plugin repo maintainer who ends up having the `ROOT_PERMISSION_ID`, `MAINTAINER_PERMISSION_ID`, and `UPGRADE_REPO_PERMISSION_ID` permission allowing to call the internal `PermissionManager`, the `createVersion` and `updateReleaseMetadata` functions as well as upgrading the contract.

packages/contracts/docs/osx/01-how-it-works/02-framework/03-ens-names.md

@@ -7,6 +7,10 @@ title: ENS Names
 To make DAOs and plugin repositories easily identifiable in the Aragon OSx ecosystem, we assign unique ENS names to them upon registration during the [DAO creation](./01-dao-creation/index.md/) and [plugin repo creation](./02-plugin-management/01-plugin-repo/01-plugin-repo-creation.md) processes.
 `DAO` and `PluginRepo` contracts created through the Aragon OSx protocol infrastructure are registered as subdomains under the `dao.eth` and `plugin.dao.eth` domain, respectively.
 
+:::info
+You can skip registering an ENS name for your DAO under the `dao.eth` by leaving the [`DAOSettings.subdomain` field](../../03-reference-guide/framework/dao/DAOFactory.md#public-struct-daosettings) empty when calling the [`createDao`](../../03-reference-guide/framework/dao/DAOFactory.md#external-function-createdao) function.
+:::
+
 ### Allowed Character Set
 
 We allow the following characters for the subdomain names:

packages/contracts/src/core/permission/PermissionManager.sol

@@ -61,6 +61,9 @@ abstract contract PermissionManager is Initializable {
     /// @notice Thrown for permission grants where `who` and `where` are both `ANY_ADDR`.
     error AnyAddressDisallowedForWhoAndWhere();
 
+    /// @notice Thrown if `Operation.GrantWithCondition` is requested as an operation but the method does not support it.
+    error GrantWithConditionNotSupported();
+
     /// @notice Emitted when a permission `permission` is granted in the context `here` to the address `_who` for the contract `_where`.
     /// @param permissionId The permission identifier.
     /// @param here The address of the context in which the permission is granted.
@@ -159,6 +162,8 @@ abstract contract PermissionManager is Initializable {
                 _grant(_where, item.who, item.permissionId);
             } else if (item.operation == PermissionLib.Operation.Revoke) {
                 _revoke(_where, item.who, item.permissionId);
+            } else if (item.operation == PermissionLib.Operation.GrantWithCondition) {
+                revert GrantWithConditionNotSupported();
             }
 
             unchecked {

packages/contracts/src/framework/dao/DAORegistry.sol

@@ -42,7 +42,7 @@ contract DAORegistry is InterfaceBasedRegistry {
         subdomainRegistrar = _subdomainRegistrar;
     }
 
-    /// @notice Registers a DAO by its address.
+    /// @notice Registers a DAO by its address. If a non-empty subdomain name is provided that is not taken already, the DAO becomes the owner of the ENS name.
     /// @dev A subdomain is unique within the Aragon DAO framework and can get stored here.
     /// @param dao The address of the DAO contract.
     /// @param creator The address of the creator.

packages/contracts/src/framework/plugin/setup/PluginSetupProcessor.sol

@@ -693,7 +693,7 @@ contract PluginSetupProcessor {
         }
     }
 
-    /// @notice Checks if a caller has the permission to apply a setup.
+    /// @notice Checks if a caller can apply a setup. The caller can be either the DAO to which the plugin setup is applied to or another account to which the DAO has granted the respective permission.
     /// @param _dao The address of the applying DAO.
     /// @param _permissionId The permission ID.
     function _canApply(address _dao, bytes32 _permissionId) private view {

packages/contracts/test/core/permission/permission-manager.ts

@@ -603,6 +603,20 @@ describe('Core: PermissionManager', function () {
       }
     });
 
+    it('reverts for `Operation.GrantWithCondition` ', async () => {
+      const signers = await ethers.getSigners();
+      const bulkItems: SingleTargetPermission[] = [
+        {
+          operation: Operation.GrantWithCondition,
+          who: signers[1].address,
+          permissionId: ADMIN_PERMISSION_ID,
+        },
+      ];
+      await expect(
+        pm.applySingleTargetPermissions(pm.address, bulkItems)
+      ).to.be.revertedWithCustomError(pm, 'GrantWithConditionNotSupported');
+    });
+
     it('should handle bulk mixed', async () => {
       const signers = await ethers.getSigners();
       await pm.grant(pm.address, signers[1].address, ADMIN_PERMISSION_ID);