diff --git a/packages/contracts/src/AdminSetup.sol b/packages/contracts/src/AdminSetup.sol index 5c87d808..60424afa 100644 --- a/packages/contracts/src/AdminSetup.sol +++ b/packages/contracts/src/AdminSetup.sol @@ -26,6 +26,10 @@ contract AdminSetup is PluginSetup { bytes32 public constant EXECUTE_PROPOSAL_PERMISSION_ID = keccak256("EXECUTE_PROPOSAL_PERMISSION"); + /// @notice The ID of the permission required to call the `setTargetConfig` function. + bytes32 private constant SET_TARGET_CONFIG_PERMISSION_ID = + keccak256("SET_TARGET_CONFIG_PERMISSION"); + /// @notice Thrown if the admin address is zero. /// @param admin The admin address. error AdminAddressInvalid(address admin); @@ -54,7 +58,7 @@ contract AdminSetup is PluginSetup { // Prepare permissions PermissionLib.MultiTargetPermission[] - memory permissions = new PermissionLib.MultiTargetPermission[](2); + memory permissions = new PermissionLib.MultiTargetPermission[](3); // Grant `ADMIN_EXECUTE_PERMISSION` of the plugin to the admin. permissions[0] = PermissionLib.MultiTargetPermission({ @@ -65,8 +69,16 @@ contract AdminSetup is PluginSetup { permissionId: EXECUTE_PROPOSAL_PERMISSION_ID }); - // Grant `EXECUTE_PERMISSION` on the DAO to the plugin. permissions[1] = PermissionLib.MultiTargetPermission({ + operation: PermissionLib.Operation.Grant, + where: plugin, + who: _dao, + condition: PermissionLib.NO_CONDITION, + permissionId: SET_TARGET_CONFIG_PERMISSION_ID + }); + + // Grant `EXECUTE_PERMISSION` on the DAO to the plugin. + permissions[2] = PermissionLib.MultiTargetPermission({ operation: PermissionLib.Operation.Grant, where: _dao, who: plugin, @@ -85,7 +97,7 @@ contract AdminSetup is PluginSetup { SetupPayload calldata _payload ) external pure returns (PermissionLib.MultiTargetPermission[] memory permissions) { // Prepare permissions - permissions = new PermissionLib.MultiTargetPermission[](1); + permissions = new PermissionLib.MultiTargetPermission[](2); permissions[0] = PermissionLib.MultiTargetPermission({ operation: PermissionLib.Operation.Revoke, @@ -94,5 +106,13 @@ contract AdminSetup is PluginSetup { condition: PermissionLib.NO_CONDITION, permissionId: EXECUTE_PERMISSION_ID }); + + permissions[1] = PermissionLib.MultiTargetPermission({ + operation: PermissionLib.Operation.Revoke, + where: _payload.plugin, + who: _dao, + condition: PermissionLib.NO_CONDITION, + permissionId: SET_TARGET_CONFIG_PERMISSION_ID + }); } } diff --git a/packages/contracts/test/10_unit-testing/12_plugin-setup.ts b/packages/contracts/test/10_unit-testing/12_plugin-setup.ts index ce817a0a..3812687d 100644 --- a/packages/contracts/test/10_unit-testing/12_plugin-setup.ts +++ b/packages/contracts/test/10_unit-testing/12_plugin-setup.ts @@ -5,6 +5,7 @@ import {AdminSetup, Admin__factory, AdminSetup__factory} from '../../typechain'; import { ADMIN_INTERFACE, EXECUTE_PROPOSAL_PERMISSION_ID, + SET_TARGET_CONFIG_PERMISSION_ID, TargetConfig, } from '../admin-constants'; import {Operation as Op} from '../admin-constants'; @@ -145,7 +146,7 @@ describe(PLUGIN_SETUP_CONTRACT_NAME, function () { expect(plugin).to.be.equal(anticipatedPluginAddress); expect(helpers.length).to.be.equal(0); - expect(permissions.length).to.be.equal(2); + expect(permissions.length).to.be.equal(3); expect(permissions).to.deep.equal([ [ Operation.Grant, @@ -154,6 +155,13 @@ describe(PLUGIN_SETUP_CONTRACT_NAME, function () { ethers.constants.AddressZero, EXECUTE_PROPOSAL_PERMISSION_ID, ], + [ + Operation.Grant, + plugin, + dao.address, + ethers.constants.AddressZero, + SET_TARGET_CONFIG_PERMISSION_ID, + ], [ Operation.Grant, dao.address, @@ -208,7 +216,7 @@ describe(PLUGIN_SETUP_CONTRACT_NAME, function () { } ); - expect(permissions.length).to.be.equal(1); + expect(permissions.length).to.be.equal(2); expect(permissions).to.deep.equal([ [ Operation.Revoke, @@ -217,6 +225,13 @@ describe(PLUGIN_SETUP_CONTRACT_NAME, function () { ethers.constants.AddressZero, DAO_PERMISSIONS.EXECUTE_PERMISSION_ID, ], + [ + Operation.Revoke, + plugin, + dao.address, + ethers.constants.AddressZero, + SET_TARGET_CONFIG_PERMISSION_ID, + ], ]); }); });