Adds wrapper method to simplify granting auth admin role

vzotova · Jan 20, 2025 · 7159fb4 · 7159fb4
1 parent 8cb5b5b
commit 7159fb4
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 11 deletions.
diff --git a/contracts/contracts/coordination/ManagedAllowList.sol b/contracts/contracts/coordination/ManagedAllowList.sol
@@ -33,14 +33,20 @@ contract ManagedAllowList is GlobalAllowList, AccessControlUpgradeable {
      * Acquire cohort admin role
      * @param ritualId The ID of the ritual
      */
-    function initializeCohortAdminRole(uint32 ritualId) external {
+    function initializeCohortAdminRole(uint32 ritualId) public {
+        bytes32 cohortAdminRole = ritualRole(ritualId, COHORT_ADMIN_BASE);
         address authority = coordinator.getAuthority(ritualId);
-        require(authority == msg.sender, "Only ritual authority is permitted");
-        _setRoleAdmin(
-            ritualRole(ritualId, AUTH_ADMIN_BASE),
-            ritualRole(ritualId, COHORT_ADMIN_BASE)
-        );
-        _grantRole(ritualRole(ritualId, COHORT_ADMIN_BASE), authority);
+        require(authority != address(0), "Ritual is not initiated");
+        if (hasRole(cohortAdminRole, authority)) {
+            return;
+        }
+        _setRoleAdmin(ritualRole(ritualId, AUTH_ADMIN_BASE), cohortAdminRole);
+        _grantRole(cohortAdminRole, authority);
+    }
+
+    function grantAuthAdminRole(uint32 ritualId, address account) external {
+        initializeCohortAdminRole(ritualId);
+        grantRole(ritualRole(ritualId, AUTH_ADMIN_BASE), account);
     }
 
     /**

diff --git a/tests/test_managed_allow_list.py b/tests/test_managed_allow_list.py
@@ -71,20 +71,31 @@ def test_authorize_using_global_allow_list(coordinator, deployer, initiator, man
     with ape.reverts("Only auth admin is permitted"):
         managed_allow_list.authorize(ritual_id, [deployer.address], sender=deployer)
 
-    with ape.reverts("Only ritual authority is permitted"):
+    with ape.reverts("Ritual is not initiated"):
         managed_allow_list.initializeCohortAdminRole(ritual_id, sender=deployer)
 
     coordinator.initiateRitual(ritual_id, initiator, sender=initiator)
 
-    with ape.reverts("Only ritual authority is permitted"):
-        managed_allow_list.initializeCohortAdminRole(ritual_id, sender=deployer)
-
     managed_allow_list.initializeCohortAdminRole(ritual_id, sender=initiator)
     assert managed_allow_list.hasRole(cohort_admin_role, initiator)
 
     managed_allow_list.grantRole(auth_admin_role, deployer, sender=initiator)
+    assert managed_allow_list.hasRole(auth_admin_role, deployer)
     managed_allow_list.authorize(ritual_id, [deployer.address], sender=deployer)
 
     managed_allow_list.grantRole(auth_admin_role, initiator, sender=initiator)
     with ape.reverts("Encryptor must be authorized by the sender first"):
         managed_allow_list.deauthorize(ritual_id, [deployer.address], sender=initiator)
+
+    ritual_id = 1
+    cohort_admin_role = managed_allow_list.ritualRole(
+        ritual_id, managed_allow_list.COHORT_ADMIN_BASE()
+    )
+    auth_admin_role = managed_allow_list.ritualRole(ritual_id, managed_allow_list.AUTH_ADMIN_BASE())
+    coordinator.initiateRitual(ritual_id, initiator, sender=initiator)
+    with ape.reverts():
+        managed_allow_list.grantAuthAdminRole(ritual_id, deployer, sender=deployer)
+
+    managed_allow_list.grantAuthAdminRole(ritual_id, deployer, sender=initiator)
+    assert managed_allow_list.hasRole(cohort_admin_role, initiator)
+    assert managed_allow_list.hasRole(auth_admin_role, deployer)