feat: access control

solidity/contracts/AccessController.sol

@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.19;
+
+import {IAccessControlModule} from '../interfaces/modules/accessControl/IAccessControlModule.sol';
+
+abstract contract AccessController {
+  /**
+   * @notice The access control struct
+   * @param user The address of the user
+   * @param data The data for access control validation
+   */
+  struct AccessControl {
+    address user;
+    bytes data;
+  }
+
+  /**
+   * @notice Modifier to check if the caller has access to the user
+   * @param _caller The caller of the function
+   * @param _user The user to check access for
+   * @param _data The data to check access for
+   */
+  modifier hasAccess(IAccessControlModule _accessControlModule, address _caller, AccessControl memory _accessControl) {
+    if (
+      _caller == _accessControl.user
+        || (
+          address(_accessControlModule) != address(0)
+            && _accessControlModule.hasAccess(_caller, _accessControl.user, _accessControl.data)
+        )
+    ) revert AccessController_NoAccess();
+    _;
+  }
+}

solidity/contracts/Oracle.sol

@@ -11,7 +11,9 @@ import {IResolutionModule} from '../interfaces/modules/resolution/IResolutionMod
 import {IResponseModule} from '../interfaces/modules/response/IResponseModule.sol';
 import {ValidatorLib} from '../libraries/ValidatorLib.sol';
 
-contract Oracle is IOracle {
+import {AccessController} from './AccessController.sol';
+
+contract Oracle is IOracle, AccessController {
   using ValidatorLib for *;
 
   /// @inheritdoc IOracle
@@ -301,7 +303,9 @@ contract Oracle is IOracle {
   }
 
   /// @inheritdoc IOracle
-  function getResponseIds(bytes32 _requestId) public view returns (bytes32[] memory _ids) {
+  function getResponseIds(
+    bytes32 _requestId
+  ) public view returns (bytes32[] memory _ids) {
     bytes memory _responses = _responseIds[_requestId];
     uint256 _length = _responses.length / 32;
 
@@ -355,7 +359,9 @@ contract Oracle is IOracle {
    * @param _request The request to be finalized
    * @return _requestId The id of the finalized request
    */
-  function _finalizeWithoutResponse(IOracle.Request calldata _request) internal view returns (bytes32 _requestId) {
+  function _finalizeWithoutResponse(
+    IOracle.Request calldata _request
+  ) internal view returns (bytes32 _requestId) {
     _requestId = ValidatorLib._getId(_request);
 
     if (requestCreatedAt[_requestId] == 0) {
@@ -419,7 +425,11 @@ contract Oracle is IOracle {
    * @param _ipfsHash The hashed IPFS CID of the metadata json
    * @return _requestId The id of the created request
    */
-  function _createRequest(Request memory _request, bytes32 _ipfsHash) internal returns (bytes32 _requestId) {
+  function _createRequest(
+    Request memory _request,
+    bytes32 _ipfsHash,
+    AccessControl memory _accessControl
+  ) internal hasAccess(_request.accessControlModule, msg.sender, _accessControl) returns (bytes32 _requestId) {
     uint256 _requestNonce = totalRequestCount++;
 
     if (_request.nonce == 0) _request.nonce = uint96(_requestNonce);

solidity/interfaces/IOracle.sol

@@ -193,6 +193,8 @@ interface IOracle {
    * @param disputeModule The address of the dispute module
    * @param resolutionModule The address of the resolution module
    * @param finalityModule The address of the finality module
+   * @param accessControlModule The address of the access control module
+   * //  * @param accessControlModuleData The parameters for the access control module // TODO: Access control could be used to create a request so there is no way to have general data?
    * @param requestModuleData The parameters for the request module
    * @param responseModuleData The parameters for the response module
    * @param disputeModuleData The parameters for the dispute module
@@ -209,6 +211,8 @@ interface IOracle {
     address disputeModule;
     address resolutionModule;
     address finalityModule;
+    address accessControlModule;
+    bytes accessControlModuleData;
     bytes requestModuleData;
     bytes responseModuleData;
     bytes disputeModuleData;
@@ -252,7 +256,9 @@ interface IOracle {
    * @param _responseId The response id to get the dispute for
    * @return _disputeId The id of the dispute associated with the given response
    */
-  function disputeOf(bytes32 _responseId) external view returns (bytes32 _disputeId);
+  function disputeOf(
+    bytes32 _responseId
+  ) external view returns (bytes32 _disputeId);
 
   /**
    * @notice Returns the total number of requests stored in the oracle
@@ -267,55 +273,69 @@ interface IOracle {
    * @param _disputeId The id of the dispute
    * @return _status The status of the dispute
    */
-  function disputeStatus(bytes32 _disputeId) external view returns (DisputeStatus _status);
+  function disputeStatus(
+    bytes32 _disputeId
+  ) external view returns (DisputeStatus _status);
 
   /**
    * @notice The id of each request in chronological order
    *
    * @param _nonce The nonce of the request
    * @return _requestId The id of the request
    */
-  function nonceToRequestId(uint256 _nonce) external view returns (bytes32 _requestId);
+  function nonceToRequestId(
+    uint256 _nonce
+  ) external view returns (bytes32 _requestId);
 
   /**
    * @notice Returns the finalized response ID for a given request
    *
    * @param _requestId The id of the request
    * @return _finalizedResponseId The id of the finalized response
    */
-  function finalizedResponseId(bytes32 _requestId) external view returns (bytes32 _finalizedResponseId);
+  function finalizedResponseId(
+    bytes32 _requestId
+  ) external view returns (bytes32 _finalizedResponseId);
 
   /**
    * @notice The number of the block at which a request was created
    *
    * @param _id The request id
    * @return _requestCreatedAt The block number
    */
-  function requestCreatedAt(bytes32 _id) external view returns (uint128 _requestCreatedAt);
+  function requestCreatedAt(
+    bytes32 _id
+  ) external view returns (uint128 _requestCreatedAt);
 
   /**
    * @notice The number of the block at which a response was created
    *
    * @param _id The response id
    * @return _responseCreatedAt The block number
    */
-  function responseCreatedAt(bytes32 _id) external view returns (uint128 _responseCreatedAt);
+  function responseCreatedAt(
+    bytes32 _id
+  ) external view returns (uint128 _responseCreatedAt);
 
   /**
    * @notice The number of the block at which a dispute was created
    *
    * @param _id The dispute id
    * @return _disputeCreatedAt The block number
    */
-  function disputeCreatedAt(bytes32 _id) external view returns (uint128 _disputeCreatedAt);
+  function disputeCreatedAt(
+    bytes32 _id
+  ) external view returns (uint128 _disputeCreatedAt);
 
   /**
    * @notice The number of the block at which a request was finalized
    *
    * @param _requestId The request id
    * @return _finalizedAt The block number
    */
-  function finalizedAt(bytes32 _requestId) external view returns (uint128 _finalizedAt);
+  function finalizedAt(
+    bytes32 _requestId
+  ) external view returns (uint128 _finalizedAt);
 
   /*///////////////////////////////////////////////////////////////
                               LOGIC
@@ -435,7 +455,9 @@ interface IOracle {
    * @param _requestId The id of the request
    * @return _ids The ids of the responses
    */
-  function getResponseIds(bytes32 _requestId) external view returns (bytes32[] memory _ids);
+  function getResponseIds(
+    bytes32 _requestId
+  ) external view returns (bytes32[] memory _ids);
 
   /**
    * @notice Finalizes the request and executes the post-request logic on the modules

solidity/interfaces/modules/accessControl/IAccessControlModule.sol

@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.19;
+
+import {IModule} from '../../IModule.sol';
+
+/**
+ * @title ResponseModule
+ * @notice Common interface for all response modules
+ */
+interface IAccessControlModule is IModule {
+  function hasAccess(address _caller, address _user, bytes calldata _data) external view returns (bool _hasAccess);
+}