Description:
To allow maximum flexibility when the vault deployer is choosing its flavour, the vault would benefit from the possibility of leaving permissioned functions callable by anyone.
This means that the permissioned functions are initially closed (as no roles have been granted yet and roles are not open) but can be open by the role_manager (if it has not been burned setting it to 0).
The granularity of control for permissioned functions is per role (meaning that full roles can be opened to the public but that means that all the functions with that role assigned will be open).
jmonteer
commented
2 years ago
Description: To allow maximum flexibility when the vault deployer is choosing its flavour, the vault would benefit from the possibility of leaving permissioned functions callable by anyone.
This means that the permissioned functions are initially closed (as no roles have been granted yet and roles are not open) but can be open by the
role_manager(if it has not been burned setting it to 0).The granularity of control for permissioned functions is per role (meaning that full roles can be opened to the public but that means that all the functions with that role assigned will be open).
For that, we need to replace _enforce_role (https://github.com/jmonteer/yearn-vaults-v3/blob/fdf9b73ed690897c717174a71c410121140bf2d7/contracts/VaultV3.vy#L852) for something like
assert (role in self.roles[account]) or self.open_roles[role] # dev: not allowedset_open_rolefunction should be added tootests checking that functions can be called by others should be open too
Dependencies: NA
Acceptance criteria:
Payment Trigger: PR is merged Category: DEV Level: 0