feat: p/demo/accesscontrol & p/demo/timelock

[kazai777]

We have developed two packages: accesscontrol and timelock inspired by openzeppelin contracts. These packages were created in collaboration with @mous1985 , @DIGIX666 , and myself.

The accesscontrol package was primarily designed to support the development of the timelock package, but it can also be used independently for many other use cases.

Features

Accesscontrol

The accesscontrol package provides a library for managing roles and permissions within Gno. It allows for the creation, assignment, and management of roles with specific administrative privileges, ensuring that only authorized accounts can perform certain actions.

Timelock

The timelock package offers a library for scheduling, canceling, and executing time-locked operations in Gno. It ensures that operations are only carried out after a specified delay and provides mechanisms to manage and verify the status of these operations. The creation of the accesscontrol package was necessary to provide role and permission management required for the administrative tasks of timelock.

Use Cases

Accesscontrol

• Realm Administration Management: Create administrator roles to manage realms and assign or revoke roles as needed.
• Role-Based Access Control (RBAC): Implement an RBAC system to control who can access which resources and perform which actions within a Gno dApp.
• Security and Compliance: Use roles to ensure that only authorized individuals can perform critical actions, helping to meet security and compliance regulations.

Timelock

• Delayed Transactions: Schedule transactions or actions to be executed at a specific future time.
• Asset Locking: Implement asset locking mechanisms where users must wait for a certain period before they can access or move assets.
• Task Automation: Automate periodic or conditional tasks using specific time delays.

These examples of use cases are not exhaustive, and many other things are possible with these packages.

Contributors' checklist...

• Added new tests, or not needed, or not feasible
• Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
• Updated the official documentation or not needed
• No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
• Added references to related issues and PRs
• Provided any useful hints for running manual tests
• Added new benchmarks to generated graphs, if any. More info here.

[deelawn]

Great stuff -- looks pretty good overall. There are some things that I think need to be changed and a bunch of other comments asking questions about why something is the way it is.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.23%. Comparing base (2873354) to head (0ced75a).
Report is 15 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2307      +/-   ##
==========================================
- Coverage   63.32%   63.23%   -0.09%     
==========================================
  Files         548      548              
  Lines       78511    80400    +1889     
==========================================
+ Hits        49715    50841    +1126     
- Misses      25443    26136     +693     
- Partials     3353     3423      +70     

Flag	Coverage Δ
contribs/gnodev	61.16% <ø> (+1.21%)	⬆️
contribs/gnofaucet	15.77% <ø> (+0.94%)	⬆️
gno.land	67.13% <ø> (-0.05%)	⬇️
gnovm	67.88% <ø> (ø)
misc/genstd	79.72% <ø> (ø)
tm2	62.33% <ø> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zivkovicmilos]

I love the direction of this, thank you for the contribution 🙏

However, there are some things that need a bit more tweaking so we can get it just right 👌

Please check the comments and let me know 🙏

[thehowl]

Can we just place this directly in the events, and instead have as exported constants the events, in the format RoleCreatedEvent = "RoleCreated"?

I suggest you put information about the keys of each event in the godoc of each event name.

[DIGIX666]

Indeed it will bring more clarity
3b4c63a

[thehowl]

The limit on 30 seems kind of arbitrary for a package; more like a kind of validation that should be done, if anything, on the side of a realm (as an end-user application). But I don't expect many realms to publicly allow adding roles, anyway.

[thehowl]

Suggested change

	AllRoles []*Role
	Roles []*Role
	UserToRoles avl.Tree // std.Address -> []*Role

A suggestion. You'd then need to add the code to manage UserToRoles, but I think we should support being able to map a user to the roles they have.

(Of course, there should be a related function to modify it.)

[thehowl]

Doesn't make sense. It should be Role.HasAccount.

[thehowl]

I would say we remove this.

• Roles is not likely to be publicly exposed in a realm, anyway.
• But if it was, exposing RenounceRole means that the Roles cannot be used for a role like banned; because the user can "renounce it".

[thehowl]

Can we make a case for how this is different / better than p/demo/acl?

I'm not saying it's perfect, just that demo/ should probably contain one preferred ACL implementation. We can decide to move this one to p/<name>/accesscontrol, or that one to p/nt/acl. (cc'ing also @moul for an opinion on what to do here)

[DIGIX666]

Although acl and accesscontrol may seem similar at first glance, accesscontrol stands out due to its ability to implement role hierarchies as well as dynamic permission options

[thehowl]

Can you give an example? Namely, of where this distinction is useful?

[thehowl]

I see we're using std.PrevRealm() to determine the owner and generally the "sender". This assumes there's an admin user doing management, and everyone else just following suit.

However, I think an equally possible flow is that of having a realm which has an access control list. In this case, actually, we shouldn't do any checks on PrevRealm(); the realm can just use it unexported. But I suggest you have an option for the ACL to not have a "owner"; in which case the PrevRealm checks are simply not performed. Allows someone else to compose other rules on top as well.

Btw if Roles is meant to be exposed in a realm, then its fields should be unexported.

[thehowl]

Why Util?

[DIGIX666]

Util to represent a "toolbox" of essential parameters and methods needed for managing locking operations
You don't find the word explicit enough ? @thehowl

[thehowl]

No, it just seems redundant. Also, these "toolboxes" are generally discouraged in Go (and Gno): https://dave.cheney.net/2019/01/08/avoid-package-names-like-base-util-or-common

[DIGIX666]

Thank for shared the article on avoid-package-names.
As a result changed TimelockUtil to Timelock
0ced75a