Replace OZ AccessControl with CL SimpleWriteAccessController

Author: krebernisak

contracts/v0.7/bridge/token/LinkTokenChild.sol

@@ -6,24 +6,19 @@ import { TypeAndVersionInterface } from "../../../v0.6/TypeAndVersionInterface.s
 import { IERC20Child } from "./IERC20Child.sol";
 
 /* Contract Imports */
-import { AccessControl } from "../../../vendor/@openzeppelin/contracts/3.4.1/contracts/access/AccessControl.sol";
+import { SimpleWriteAccessController } from "../../../vendor/@chainlink/contracts/0.1.7/contracts/v0.6/SimpleWriteAccessController.sol";
 import { LinkToken } from "../../../v0.6/LinkToken.sol";
 
 /// @dev Access controlled mintable & burnable LinkToken, for use on sidechains and L2 networks.
-contract LinkTokenChild is TypeAndVersionInterface, IERC20Child, AccessControl, LinkToken {
-  // Using this role the bridge gateway can deposit/withdraw (mint/burn)
-  bytes32 public constant BRIDGE_GATEWAY_ROLE = keccak256("BRIDGE_GATEWAY_ROLE");
-
+contract LinkTokenChild is TypeAndVersionInterface, IERC20Child, SimpleWriteAccessController, LinkToken {
   /**
    * @dev Overrides parent contract so no tokens are minted on deployment.
    * @inheritdoc LinkToken
    */
   function _onCreate()
     internal
     override
-  {
-    _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
-  }
+  {}
 
   /**
    * @notice versions:
@@ -43,7 +38,7 @@ contract LinkTokenChild is TypeAndVersionInterface, IERC20Child, AccessControl,
   }
 
   /**
-   * @dev Only callable by account with BRIDGE_GATEWAY_ROLE
+   * @dev Only callable by account with access (gateway role)
    * @inheritdoc IERC20Child
    */
   function deposit(
@@ -53,13 +48,13 @@ contract LinkTokenChild is TypeAndVersionInterface, IERC20Child, AccessControl,
     external
     override
     virtual
-    onlyRole(BRIDGE_GATEWAY_ROLE)
+    checkAccess()
   {
     _mint(recipient, amount);
   }
 
   /**
-   * @dev Only callable by account with BRIDGE_GATEWAY_ROLE
+   * @dev Only callable by account with access (gateway role)
    * @inheritdoc IERC20Child
    */
   function withdraw(
@@ -68,19 +63,8 @@ contract LinkTokenChild is TypeAndVersionInterface, IERC20Child, AccessControl,
     external
     override
     virtual
-    onlyRole(BRIDGE_GATEWAY_ROLE)
+    checkAccess()
   {
     _burn(_msgSender(), amount);
   }
-
-  /**
-   * @dev Modifier to check access by role.
-   * @param role the required role
-   */
-  modifier onlyRole(
-    bytes32 role
-  ) {
-    require(hasRole(role, _msgSender()), "LinkTokenChild: missing role");
-    _;
-  }
 }

contracts/vendor/@chainlink/contracts/0.1.7/contracts/v0.6/Owned.sol

@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.6.0;
+// next-line updated from source
+pragma solidity >0.6.0 <0.8.0;
 
 /**
  * @title The Owned contract

contracts/vendor/@chainlink/contracts/0.1.7/contracts/v0.6/SimpleWriteAccessController.sol

@@ -0,0 +1,113 @@
+// SPDX-License-Identifier: MIT
+// next-line updated from source
+pragma solidity >0.6.0 <0.8.0;
+
+import "./Owned.sol";
+import "./interfaces/AccessControllerInterface.sol";
+
+/**
+ * @title SimpleWriteAccessController
+ * @notice Gives access to accounts explicitly added to an access list by the
+ * controller's owner.
+ * @dev does not make any special permissions for externally, see
+ * SimpleReadAccessController for that.
+ */
+contract SimpleWriteAccessController is AccessControllerInterface, Owned {
+
+  bool public checkEnabled;
+  mapping(address => bool) internal accessList;
+
+  event AddedAccess(address user);
+  event RemovedAccess(address user);
+  event CheckAccessEnabled();
+  event CheckAccessDisabled();
+
+  constructor()
+    public
+  {
+    checkEnabled = true;
+  }
+
+  /**
+   * @notice Returns the access of an address
+   * @param _user The address to query
+   */
+  function hasAccess(
+    address _user,
+    bytes memory
+  )
+    public
+    view
+    virtual
+    override
+    returns (bool)
+  {
+    return accessList[_user] || !checkEnabled;
+  }
+
+  /**
+   * @notice Adds an address to the access list
+   * @param _user The address to add
+   */
+  function addAccess(address _user)
+    external
+    onlyOwner()
+  {
+    if (!accessList[_user]) {
+      accessList[_user] = true;
+
+      emit AddedAccess(_user);
+    }
+  }
+
+  /**
+   * @notice Removes an address from the access list
+   * @param _user The address to remove
+   */
+  function removeAccess(address _user)
+    external
+    onlyOwner()
+  {
+    if (accessList[_user]) {
+      accessList[_user] = false;
+
+      emit RemovedAccess(_user);
+    }
+  }
+
+  /**
+   * @notice makes the access check enforced
+   */
+  function enableAccessCheck()
+    external
+    onlyOwner()
+  {
+    if (!checkEnabled) {
+      checkEnabled = true;
+
+      emit CheckAccessEnabled();
+    }
+  }
+
+  /**
+   * @notice makes the access check unenforced
+   */
+  function disableAccessCheck()
+    external
+    onlyOwner()
+  {
+    if (checkEnabled) {
+      checkEnabled = false;
+
+      emit CheckAccessDisabled();
+    }
+  }
+
+  /**
+   * @dev reverts if the caller does not have access
+   */
+  modifier checkAccess() {
+    require(hasAccess(msg.sender, msg.data), "No access");
+    _;
+  }
+}

contracts/vendor/@chainlink/contracts/0.1.7/contracts/v0.6/interfaces/AccessControllerInterface.sol

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+// next-line updated from source
+pragma solidity >0.6.0 <0.8.0;
+
+interface AccessControllerInterface {
+  function hasAccess(address user, bytes calldata data) external view returns (bool);
+}