revokeAll function

contracts/acl/ACL.sol

@@ -46,6 +46,7 @@ contract ACL is IACL, TimeHelpers, AragonApp, ACLHelpers {
     string private constant ERROR_AUTH_INIT_KERNEL = "ACL_AUTH_INIT_KERNEL";
     string private constant ERROR_AUTH_NO_MANAGER = "ACL_AUTH_NO_MANAGER";
     string private constant ERROR_EXISTENT_MANAGER = "ACL_EXISTENT_MANAGER";
+    string private constant ERROR_ROLE_ERA_INCREMENT = "ACL_ROLE_ERA_INCREMENT";
 
     // Whether someone has a permission
     mapping (bytes32 => bytes32) internal permissions; // permissions hash => params hash
@@ -54,6 +55,9 @@ contract ACL is IACL, TimeHelpers, AragonApp, ACLHelpers {
     // Who is the manager of a permission
     mapping (bytes32 => address) internal permissionManager;
 
+    // Eras for the different roles
+    mapping (bytes32 => uint256) internal roleEras;
+
     event SetPermission(address indexed entity, address indexed app, bytes32 indexed role, bool allowed);
     event SetPermissionParams(address indexed entity, address indexed app, bytes32 indexed role, bytes32 paramsHash);
     event ChangePermissionManager(address indexed app, bytes32 indexed role, address indexed manager);
@@ -145,6 +149,21 @@ contract ACL is IACL, TimeHelpers, AragonApp, ACLHelpers {
         _setPermission(_entity, _app, _role, NO_PERMISSION);
     }
 
+    /**
+    * @dev Revokes all permissions for a specified role if allowed. This requires `msg.sender` to be the the permission manager
+    * @notice Revoke from all the ability to perform actions requiring `_role` on `_app`
+    * @param _app Address of the app in which the role will be revoked
+    * @param _role Identifier for the group of actions in app being revoked
+    */
+    function revokeAll(address _app, bytes32 _role)
+        external
+        onlyPermissionManager(_app, _role)
+    {
+        uint256 newRoleEra = roleEras[roleHash(_app, _role)] + 1;
+        require(newRoleEra >= roleEras[roleHash(_app, _role)], ERROR_ROLE_ERA_INCREMENT);
+        roleEras[roleHash(_app, _role)] = newRoleEra;
+    }     
+
     /**
     * @notice Set `_newManager` as the manager of `_role` in `_app`
     * @param _newManager Address for the new manager
@@ -470,7 +489,13 @@ contract ACL is IACL, TimeHelpers, AragonApp, ACLHelpers {
         return keccak256(abi.encodePacked("ROLE", _where, _what));
     }
 
-    function permissionHash(address _who, address _where, bytes32 _what) internal pure returns (bytes32) {
-        return keccak256(abi.encodePacked("PERMISSION", _who, _where, _what));
+    function permissionHash(address _who, address _where, bytes32 _what) internal view returns (bytes32) {
+        uint256 roleEra = roleEras[roleHash(_where, _what)];
+
+        // Backward compatibility for DAOs with earlier versions of the ACL
+        if (roleEra == 0)
+		    return keccak256(abi.encodePacked("PERMISSION", _who, _where, _what));
+
+        return keccak256(abi.encodePacked("PERMISSION", roleEra, _who, _where, _what));
     }
 }

test/kernel_acl.js

@@ -207,6 +207,37 @@ contract('Kernel ACL', accounts => {
                     })
                 })
 
+                it('can revoke all permissions on a role', async () => {
+                    const receipt = await acl.grantPermission(child, kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assertEvent(receipt, 'SetPermission')
+                    const receipt2 = await acl.grantPermission(accounts[3], kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assertEvent(receipt2, 'SetPermission')
+                    await acl.revokeAll(kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assert.isFalse(await acl.hasPermission(child, kernelAddr, APP_MANAGER_ROLE))
+                    assert.isFalse(await acl.hasPermission(accounts[3], kernelAddr, APP_MANAGER_ROLE))
+                })
+
+                it('can revoke all permissions on a role for the specified app only', async () => {
+                    const receipt = await acl.grantPermission(child, kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assertEvent(receipt, 'SetPermission')
+                    const createReceipt = await acl.createPermission(child, kernelAddr, '0x1234', child, { from: permissionsRoot })
+                    assertEvent(createReceipt, 'SetPermission')
+                    assertEvent(createReceipt, 'ChangePermissionManager')
+                    await acl.revokeAll(kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assert.isFalse(await acl.hasPermission(child, kernelAddr, APP_MANAGER_ROLE))
+                    assert.isTrue(await acl.hasPermission(child, kernelAddr, '0x1234'))
+                })
+
+                it('can reassign a role with a new era', async () => {
+                    const receipt = await acl.grantPermission(child, kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assertEvent(receipt, 'SetPermission')
+                    await acl.revokeAll(kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assert.isFalse(await acl.hasPermission(child, kernelAddr, APP_MANAGER_ROLE))
+                    const receipt2 = await acl.grantPermission(child, kernelAddr, APP_MANAGER_ROLE, { from: granted })
+                    assertEvent(receipt2, 'SetPermission')
+                    assert.isTrue(await acl.hasPermission(child, kernelAddr, APP_MANAGER_ROLE))
+                })
+
                 context('> transferring managership', () => {
                     const newManager = accounts[3]
                     assert.notEqual(newManager, granted, 'newManager should not be the same as granted')