feat: adjusted lendingpool permissions

contracts/misc/PermissionedWETHGateway.sol

@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: agpl-3.0
+pragma solidity 0.6.12;
+pragma experimental ABIEncoderV2;
+
+import {Ownable} from '../dependencies/openzeppelin/contracts/Ownable.sol';
+import {IERC20} from '../dependencies/openzeppelin/contracts/IERC20.sol';
+import {IWETH} from './interfaces/IWETH.sol';
+import {WETHGateway} from './WETHGateway.sol';
+import {ILendingPool} from '../interfaces/ILendingPool.sol';
+import {IAToken} from '../interfaces/IAToken.sol';
+import {ReserveConfiguration} from '../protocol/libraries/configuration/ReserveConfiguration.sol';
+import {UserConfiguration} from '../protocol/libraries/configuration/UserConfiguration.sol';
+import {Helpers} from '../protocol/libraries/helpers/Helpers.sol';
+import {DataTypes} from '../protocol/libraries/types/DataTypes.sol';
+import {IPermissionManager} from '../interfaces/IPermissionManager.sol';
+import {ILendingPoolAddressesProvider} from '../interfaces/ILendingPoolAddressesProvider.sol';
+import {Errors} from '../protocol/libraries/helpers/Errors.sol';
+
+contract PermissionedWETHGateway is WETHGateway {
+  /**
+   * @dev Sets the WETH address and the LendingPoolAddressesProvider address. Infinite approves lending pool.
+   * @param weth Address of the Wrapped Ether contract
+   **/
+  constructor(address weth) public WETHGateway(weth) {}
+
+  /**
+   * @dev deposits WETH into the reserve, using native ETH. A corresponding amount of the overlying asset (aTokens)
+   * is minted.
+   * @param lendingPool address of the targeted underlying lending pool
+   * @param onBehalfOf address of the user who will receive the aTokens representing the deposit
+   * @param referralCode integrators are assigned a referral code and can potentially receive rewards.
+   **/
+  function depositETH(
+    address lendingPool,
+    address onBehalfOf,
+    uint16 referralCode
+  ) public payable override {
+    ILendingPool pool = ILendingPool(lendingPool);
+
+    require(_isDepositorOrBorrowerOrLiquidator(msg.sender, pool), Errors.USER_UNAUTHORIZED);
+
+    super.depositETH(lendingPool, onBehalfOf, referralCode);
+  }
+
+  /**
+   * @dev repays a borrow on the WETH reserve, for the specified amount (or for the whole amount, if uint256(-1) is specified).
+   * @param lendingPool address of the targeted underlying lending pool
+   * @param amount the amount to repay, or uint256(-1) if the user wants to repay everything
+   * @param rateMode the rate mode to repay
+   * @param onBehalfOf the address for which msg.sender is repaying
+   */
+  function repayETH(
+    address lendingPool,
+    uint256 amount,
+    uint256 rateMode,
+    address onBehalfOf
+  ) public payable override {
+    ILendingPool pool = ILendingPool(lendingPool);
+
+    require(_isDepositorOrBorrowerOrLiquidator(msg.sender, pool), Errors.USER_UNAUTHORIZED);
+    super.repayETH(lendingPool, amount, rateMode, onBehalfOf);
+  }
+
+
+  function _isDepositorOrBorrowerOrLiquidator(address user, ILendingPool pool)
+    internal
+    view
+    returns (bool)
+  {
+    ILendingPoolAddressesProvider provider =
+      ILendingPoolAddressesProvider(pool.getAddressesProvider());
+    IPermissionManager manager =
+      IPermissionManager(provider.getAddress(keccak256('PERMISSION_MANAGER')));
+
+    uint256[] memory roles = new uint256[](3);
+
+    roles[0] = uint256(DataTypes.Roles.DEPOSITOR);
+    roles[1] = uint256(DataTypes.Roles.BORROWER);
+    roles[2] = uint256(DataTypes.Roles.LIQUIDATOR);
+
+    return manager.isInAnyRole(msg.sender, roles);
+  }
+}

contracts/misc/WETHGateway.sol

@@ -42,7 +42,7 @@ contract WETHGateway is IWETHGateway, Ownable {
     address lendingPool,
     address onBehalfOf,
     uint16 referralCode
-  ) external payable override {
+  ) public payable virtual override {
     WETH.deposit{value: msg.value}();
     ILendingPool(lendingPool).deposit(address(WETH), msg.value, onBehalfOf, referralCode);
   }
@@ -57,7 +57,7 @@ contract WETHGateway is IWETHGateway, Ownable {
     address lendingPool,
     uint256 amount,
     address to
-  ) external override {
+  ) external virtual override {
     IAToken aWETH = IAToken(ILendingPool(lendingPool).getReserveData(address(WETH)).aTokenAddress);
     uint256 userBalance = aWETH.balanceOf(msg.sender);
     uint256 amountToWithdraw = amount;
@@ -84,7 +84,7 @@ contract WETHGateway is IWETHGateway, Ownable {
     uint256 amount,
     uint256 rateMode,
     address onBehalfOf
-  ) external payable override {
+  ) public payable virtual override {
     (uint256 stableDebt, uint256 variableDebt) =
       Helpers.getUserCurrentDebtMemory(
         onBehalfOf,
@@ -119,7 +119,7 @@ contract WETHGateway is IWETHGateway, Ownable {
     uint256 amount,
     uint256 interesRateMode,
     uint16 referralCode
-  ) external override {
+  ) external virtual override {
     ILendingPool(lendingPool).borrow(
       address(WETH),
       amount,

contracts/protocol/configuration/PermissionManager.sol

@@ -120,7 +120,7 @@ contract PermissionManager is IPermissionManager, Ownable {
   }
 
   ///@inheritdoc IPermissionManager
-  function isInAnyRole(address account, uint256[] calldata roles) public view override returns (bool) {
+  function isInAnyRole(address account, uint256[] calldata roles) external view override returns (bool) {
   
     for(uint256 i=0; i<roles.length; i++){
       if((_permissions[account] >> roles[i]) & 1 > 0){

contracts/protocol/lendingpool/PermissionedLendingPool.sol

@@ -17,7 +17,11 @@ contract PermissionedLendingPool is LendingPool {
   bytes32 public constant PERMISSION_MANAGER = keccak256('PERMISSION_MANAGER');
 
   modifier onlyDepositors(address user) {
-    require(_isInRole(msg.sender, DataTypes.Roles.DEPOSITOR), Errors.DEPOSITOR_UNAUTHORIZED);
+    require(
+      _isDepositorOrBorrowerOrLiquidator(msg.sender) &&
+        ((user == msg.sender) || _isInRole(user, DataTypes.Roles.DEPOSITOR)),
+      Errors.DEPOSITOR_UNAUTHORIZED
+    );
     _;
   }
 
@@ -32,12 +36,7 @@ contract PermissionedLendingPool is LendingPool {
   }
 
   modifier onlyDepositorsOrBorrowersOrLiquidators {
-    require(
+    require(_isDepositorOrBorrowerOrLiquidator(msg.sender), Errors.USER_UNAUTHORIZED);
-      _isInRole(msg.sender, DataTypes.Roles.DEPOSITOR) ||
-        _isInRole(msg.sender, DataTypes.Roles.BORROWER) ||
-        _isInRole(msg.sender, DataTypes.Roles.LIQUIDATOR),
-      Errors.REPAYER_UNAUTHORIZED
-    );
     _;
   }
 
@@ -269,4 +268,18 @@ contract PermissionedLendingPool is LendingPool {
         uint256(role)
       );
   }
+
+  function _isDepositorOrBorrowerOrLiquidator(address user) internal view returns (bool) {
+    uint256[] memory roles = new uint256[](3);
+
+    roles[0] = uint256(DataTypes.Roles.DEPOSITOR);
+    roles[1] = uint256(DataTypes.Roles.BORROWER);
+    roles[2] = uint256(DataTypes.Roles.LIQUIDATOR);
+
+    return
+      IPermissionManager(_addressesProvider.getAddress(PERMISSION_MANAGER)).isInAnyRole(
+        user,
+        roles
+      );
+  }
 }

contracts/protocol/libraries/helpers/Errors.sol

@@ -107,7 +107,7 @@ library Errors {
   string public constant BORROWER_UNAUTHORIZED = '82';
   string public constant LIQUIDATOR_UNAUTHORIZED = '83';
   string public constant CALLER_NOT_STABLE_RATE_MANAGER = '84';
-  string public constant REPAYER_UNAUTHORIZED = '85';
+  string public constant USER_UNAUTHORIZED = '85';
 
   enum CollateralManagerErrors {
     NO_ERROR,