kill-switch: cleanup models leaving only app level

Author: facuspagnuolo

contracts/factory/DAOFactory.sol

@@ -3,7 +3,6 @@ pragma solidity 0.4.24;
 import "../kernel/IKernel.sol";
 import "../kernel/Kernel.sol";
 import "../kernel/KernelProxy.sol";
-import "../kill_switch/kernel/KernelKillSwitch.sol";
 
 import "../acl/IACL.sol";
 import "../acl/ACL.sol";
@@ -54,26 +53,6 @@ contract DAOFactory {
         return dao;
     }
 
-    /**
-    * @notice Create a new DAO with `_root` set as the initial admin and `_issuesRegistry` as the source of truth for kill-switch purpose
-    * @param _root Address that will be granted control to setup DAO permissions
-    * @param _issuesRegistry Address of the registry of issues that will be used in case of critical situations by the kernel kill switch
-    * @return Newly created DAO
-    */
-    function newDAOWithKillSwitch(address _root, IssuesRegistry _issuesRegistry) public returns (KernelKillSwitch) {
-        KernelKillSwitch dao = KernelKillSwitch(new KernelProxy(baseKernel));
-
-        if (address(regFactory) == address(0)) {
-            dao.initialize(_issuesRegistry, baseACL, _root);
-        } else {
-            dao.initialize(_issuesRegistry, baseACL, address(this));
-            _setupNewDaoPermissions(_root, Kernel(dao));
-        }
-
-        emit DeployDAO(address(dao));
-        return dao;
-    }
-
     function _setupNewDaoPermissions(address _root, Kernel _dao) internal {
         ACL acl = ACL(_dao.acl());
         bytes32 permRole = acl.CREATE_PERMISSIONS_ROLE();

…acts/kill_switch/base/IssuesRegistry.sol contracts/kill_switch/IssuesRegistry.solcontracts/kill_switch/base/IssuesRegistry.sol renamed to contracts/kill_switch/IssuesRegistry.sol contracts/kill_switch/base/IssuesRegistry.sol renamed to contracts/kill_switch/IssuesRegistry.sol

@@ -1,6 +1,6 @@
 pragma solidity 0.4.24;
 
-import "../../apps/AragonApp.sol";
+import "../apps/AragonApp.sol";
 
 
 contract IssuesRegistry is AragonApp {

contracts/kill_switch/base/KillSwitch.sol contracts/kill_switch/KillSwitch.solcontracts/kill_switch/base/KillSwitch.sol renamed to contracts/kill_switch/KillSwitch.sol

@@ -3,24 +3,56 @@ pragma solidity 0.4.24;
 import "./IssuesRegistry.sol";
 
 
-contract KillSwitch {
+contract KillSwitch is AragonApp {
+    bytes32 constant public SET_ISSUES_REGISTRY_ROLE = keccak256("SET_ISSUES_REGISTRY_ROLE");
     bytes32 constant public SET_CONTRACT_ACTION_ROLE = keccak256("SET_CONTRACT_ACTION_ROLE");
+    bytes32 constant public SET_LOWEST_ALLOWED_SEVERITY_ROLE = keccak256("SET_LOWEST_ALLOWED_SEVERITY_ROLE");
 
     enum ContractAction { Check, Ignore, Deny }
 
     IssuesRegistry public issuesRegistry;
     mapping (address => ContractAction) internal contractActions;
+    mapping (address => IssuesRegistry.Severity) internal lowestAllowedSeverityByContract;
 
     event IssuesRegistrySet(address issuesRegistry, address sender);
     event ContractActionSet(address contractAddress, ContractAction action);
+    event LowestAllowedSeveritySet(address indexed _contract, IssuesRegistry.Severity severity);
 
-    function setContractAction(address _contract, ContractAction _action) external;
+    function initialize(IssuesRegistry _issuesRegistry) external onlyInit {
+        initialized();
+        _setIssuesRegistry(_issuesRegistry);
+    }
+
+    function setContractAction(address _contract, ContractAction _action)
+        external
+        authP(SET_CONTRACT_ACTION_ROLE, arr(_contract, msg.sender))
+    {
+        contractActions[_contract] = _action;
+        emit ContractActionSet(_contract, _action);
+    }
+
+    function setLowestAllowedSeverity(address _contract, IssuesRegistry.Severity _severity)
+        external
+        authP(SET_LOWEST_ALLOWED_SEVERITY_ROLE, arr(_contract, msg.sender))
+    {
+        lowestAllowedSeverityByContract[_contract] = _severity;
+        emit LowestAllowedSeveritySet(_contract, _severity);
+    }
+
+    function setIssuesRegistry(IssuesRegistry _issuesRegistry)
+        external
+        authP(SET_ISSUES_REGISTRY_ROLE, arr(msg.sender))
+    {
+        _setIssuesRegistry(_issuesRegistry);
+    }
 
     function getContractAction(address _contract) public view returns (ContractAction) {
         return contractActions[_contract];
     }
 
-    function isSeverityIgnored(address _contract, IssuesRegistry.Severity _severity) public view returns (bool);
+    function getLowestAllowedSeverity(address _contract) public view returns (IssuesRegistry.Severity) {
+        return lowestAllowedSeverityByContract[_contract];
+    }
 
     function isContractIgnored(address _contract) public view returns (bool) {
         return getContractAction(_contract) == ContractAction.Ignore;
@@ -30,6 +62,12 @@ contract KillSwitch {
         return getContractAction(_contract) == ContractAction.Deny;
     }
 
+    function isSeverityIgnored(address _contract) public view returns (bool) {
+        IssuesRegistry.Severity severityFound = issuesRegistry.getSeverityFor(_contract);
+        IssuesRegistry.Severity lowestAllowedSeverity = getLowestAllowedSeverity(_contract);
+        return lowestAllowedSeverity >= severityFound;
+    }
+
     function shouldDenyCallingContract(address _base, address _instance, address _sender, bytes _data, uint256 _value) public returns (bool) {
         // if the call should not be evaluated, then allow given call
         if (!_shouldEvaluateCall(_base, _instance, _sender, _data, _value)) {
@@ -52,15 +90,19 @@ contract KillSwitch {
         }
 
         // if the contract severity found is ignored, then allow given call
-        IssuesRegistry.Severity _severityFound = issuesRegistry.getSeverityFor(_base);
-        if (isSeverityIgnored(_base, _severityFound)) {
+        if (isSeverityIgnored(_base)) {
             return false;
         }
 
         // if none of the conditions above were met, then deny given call
         return true;
     }
 
+    function _setIssuesRegistry(IssuesRegistry _issuesRegistry) internal {
+        issuesRegistry = _issuesRegistry;
+        emit IssuesRegistrySet(_issuesRegistry, msg.sender);
+    }
+
     /**
      * @dev This function allows different kill-switch implementations to provide a custom logic to tell whether a
      *      certain call should be denied or not. This is important to ensure recoverability. For example, custom
@@ -71,14 +113,4 @@ contract KillSwitch {
     function _shouldEvaluateCall(address, address, address, bytes, uint256) internal returns (bool) {
         return true;
     }
-
-    function _setIssuesRegistry(IssuesRegistry _issuesRegistry) internal {
-        issuesRegistry = _issuesRegistry;
-        emit IssuesRegistrySet(_issuesRegistry, msg.sender);
-    }
-
-    function _setContractAction(address _contract, ContractAction _action) internal {
-        contractActions[_contract] = _action;
-        emit ContractActionSet(_contract, _action);
-    }
 }

…acts/kill_switch/app/KillSwitchedApp.sol contracts/kill_switch/KillSwitchedApp.solcontracts/kill_switch/app/KillSwitchedApp.sol renamed to contracts/kill_switch/KillSwitchedApp.sol contracts/kill_switch/app/KillSwitchedApp.sol renamed to contracts/kill_switch/KillSwitchedApp.sol

@@ -1,23 +1,23 @@
 pragma solidity 0.4.24;
 
-import "./AppKillSwitch.sol";
-import "../../apps/AragonApp.sol";
+import "./KillSwitch.sol";
+import "../apps/AragonApp.sol";
 
 
 contract KillSwitchedApp is AragonApp {
     string private constant ERROR_CONTRACT_CALL_NOT_ALLOWED = "APP_CONTRACT_CALL_NOT_ALLOWED";
 
-    AppKillSwitch internal appKillSwitch;
+    KillSwitch internal killSwitch;
 
     modifier killSwitched {
-        bool _isCallAllowed = !appKillSwitch.shouldDenyCallingContract(_baseApp(), address(this), msg.sender, msg.data, msg.value);
+        bool _isCallAllowed = !killSwitch.shouldDenyCallingContract(_baseApp(), address(this), msg.sender, msg.data, msg.value);
         require(_isCallAllowed, ERROR_CONTRACT_CALL_NOT_ALLOWED);
         _;
     }
 
-    function initialize(AppKillSwitch _appKillSwitch) public onlyInit {
+    function initialize(KillSwitch _killSwitch) public onlyInit {
         initialized();
-        appKillSwitch = _appKillSwitch;
+        killSwitch = _killSwitch;
     }
 
     function _baseApp() internal view returns (address) {