A modifier to protect a function from calling itself, directly or indirectly (reentrancy).

Currently, this modifier is only applied to the execute() function. If this is used multiple times, private _beforeNonReentrant() and _afterNonReentrant() functions should be created to prevent code duplication.

This ensures that the initialize function cannot be called during the upgrade process.

Disables the initializers on the implementation contract to prevent it from being left uninitialized.

Initializes the DAO by - setting the reentrancy status variable to _NOT_ENTERED - registering the [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID - setting the trusted forwarder for meta transactions - giving the ROOT_PERMISSION_ID permission to the initial owner (that should be revoked and transferred to the DAO after setup).

This method is required to support [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822).

Initializes the DAO after an upgrade from a previous protocol version.

Decides if the granting permissionId is restricted when _who == ANY_ADDR or _where == ANY_ADDR.

By default, every permission is unrestricted and it is the derived contract’s responsibility to override it. Note, that the ROOT_PERMISSION_ID is included and not required to be set it again.

Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).

The caller must have the UPGRADE_DAO_PERMISSION_ID permission.

Setter for the trusted forwarder verifying the meta transaction.

Getter for the trusted forwarder verifying the meta transaction.

Checks if an address has permission on a contract via a permission identifier and considers if ANY_ADDRESS was used in the granting process.

Updates the DAO metadata (e.g., an IPFS hash).

Executes a list of actions. If a zero allow-failure map is provided, a failing action reverts the entire execution. If a non-zero allow-failure map is provided, allowed actions can fail without the entire call being reverted.

Deposits (native) tokens to the DAO contract with a reference string.

Removed function being left here to not corrupt the IDAO interface ID. Any call will revert.

Introduced in v1.0.0. Removed in v1.4.0.

Checks whether a signature is valid for a provided hash according to [ERC-1271](https://eips.ethereum.org/EIPS/eip-1271).

Relays the validation logic determining who is allowed to sign on behalf of the DAO to its permission manager. Caller specific bypassing can be set direct granting (i.e., grant({_where: dao, _who: specificErc1271Caller, _permissionId: VALIDATE_SIGNATURE_PERMISSION_ID})). Caller specific signature validation logic can be set by granting with a PermissionCondition (i.e., grantWithCondition({_where: dao, _who: specificErc1271Caller, _permissionId: VALIDATE_SIGNATURE_PERMISSION_ID, _condition: yourConditionImplementation})) Generic signature validation logic can be set for all calling contracts by granting with a PermissionCondition to PermissionManager.ANY_ADDR() (i.e., grantWithCondition({_where: dao, _who: PermissionManager.ANY_ADDR(), _permissionId: VALIDATE_SIGNATURE_PERMISSION_ID, _condition: yourConditionImplementation})).

Emits the NativeTokenDeposited event to track native token deposits that weren’t made via the deposit method.

This call is bound by the gas limitations for send/transfer calls introduced by [ERC-2929](https://eips.ethereum.org/EIPS/eip-2929). Gas cost increases in future hard forks might break this function. As an alternative, [ERC-2930](https://eips.ethereum.org/EIPS/eip-2930)-type transactions using access lists can be employed.

Fallback to handle future versions of the [ERC-165](https://eips.ethereum.org/EIPS/eip-165) standard.

Emits the MetadataSet event if new metadata is set.

Sets the trusted forwarder on the DAO and emits the associated event.

Registers an ERC standard having a callback by registering its [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID and callback function signature.

A distinct Uniform Resource Identifier (URI) pointing to a JSON object following the "EIP-4824 DAO JSON-LD Schema". This JSON file splits into four URIs: membersURI, proposalsURI, activityLogURI, and governanceURI. The membersURI should point to a JSON file that conforms to the "EIP-4824 Members JSON-LD Schema". The proposalsURI should point to a JSON file that conforms to the "EIP-4824 Proposals JSON-LD Schema". The activityLogURI should point to a JSON file that conforms to the "EIP-4824 Activity Log JSON-LD Schema". The governanceURI should point to a flatfile, normatively a .md file. Each of the JSON files named above can be statically hosted or dynamically-generated.

Updates the set DAO URI to a new value.

Sets the new [ERC-4824](https://eips.ethereum.org/EIPS/eip-4824) DAO URI and emits the associated event.

The ID of the permission required to call the execute function.

The ID of the permission required to call the _authorizeUpgrade function.

The ID of the permission required to call the setMetadata function.

The ID of the permission required to call the setTrustedForwarder function.

The ID of the permission required to call the registerStandardCallback function.

The ID of the permission required to validate [ERC-1271](https://eips.ethereum.org/EIPS/eip-1271) signatures.

Emitted when a new DAO URI is set.

Thrown if a call is reentrant.

Thrown if the action array length is larger than MAX_ACTIONS.

Thrown if action execution has failed.

Thrown if an action has insufficient gas left.

Thrown if the deposit amount is zero.

Thrown if there is a mismatch between the expected and actually deposited amount of native tokens.

Thrown if an upgrade is not supported from a specific protocol version .

Thrown when a function is removed but left to not corrupt the interface ID.

Thrown when initialize is called after it has already been executed.

The internal constant storing the maximal action array length.

A modifier to make functions on inheriting contracts authorized. Permissions to call the function are checked through this permission manager.

Initialization method to set the initial owner of the permission manager.

The initial owner is granted the ROOT_PERMISSION_ID permission.

Grants permission to an address to call methods in a contract guarded by an auth modifier with the specified permission identifier.

Requires the ROOT_PERMISSION_ID permission. Note, that granting permissions with _who or _where equal to ANY_ADDR does not replace other permissions with specific _who and _where addresses that exist in parallel.

Grants permission to an address to call methods in a target contract guarded by an auth modifier with the specified permission identifier if the referenced condition permits it.

Requires the ROOT_PERMISSION_ID permission Note, that granting permissions with _who or _where equal to ANY_ADDR does not replace other permissions with specific _who and _where addresses that exist in parallel.

Revokes permission from an address to call methods in a target contract guarded by an auth modifier with the specified permission identifier.

Requires the ROOT_PERMISSION_ID permission. Note, that revoking permissions with _who or _where equal to ANY_ADDR does not revoke other permissions with specific _who and _where addresses that exist in parallel.

Applies an array of permission operations on a single target contracts _where.

Applies an array of permission operations on multiple target contracts items[i].where.

Checks if the caller address has permission on the target contract via a permission identifier and relays the answer to a condition contract if this was declared during the granting process.

Relays the question if caller address has permission on target contract via a permission identifier to a condition contract. Checks a condition contract by doing an external call via try/catch.

If the external call fails, we return false.

Grants the ROOT_PERMISSION_ID permission to the initial owner during initialization of the permission manager.

This method is used in the external grant method of the permission manager.

Note, that granting permissions with _who or _where equal to ANY_ADDR does not replace other permissions with specific _who and _where addresses that exist in parallel.

This method is used in the external grantWithCondition method of the permission manager.

Note, that granting permissions with _who or _where equal to ANY_ADDR does not replace other permissions with specific _who and _where addresses that exist in parallel.

This method is used in the public revoke method of the permission manager.

Note, that revoking permissions with _who or _where equal to ANY_ADDR does not revoke other permissions with specific _who and _where addresses that might have been granted in parallel.

A private function to be used to check permissions on the permission manager contract (address(this)) itself.

Generates the hash for the permissionsHashed mapping obtained from the word "PERMISSION", the contract address, the address owning the permission, and the permission identifier.

Decides if the granting permissionId is restricted when _who == ANY_ADDR or _where == ANY_ADDR.

By default, every permission is unrestricted and it is the derived contract’s responsibility to override it. Note, that the ROOT_PERMISSION_ID is included and not required to be set it again.

The ID of the permission required to call the grant, grantWithCondition, revoke, and bulk function.

Emitted when a permission permission is granted in the context here to the address _who for the contract _where.

Emitted when a permission permission is revoked in the context here from the address _who for the contract _where.

Thrown if a call is unauthorized.

Thrown if a permission has been already granted with a different condition.

This makes sure that condition on the same permission can not be overwriten by a different condition.

Thrown if a condition address is not a contract.

Thrown if a condition contract does not support the IPermissionCondition interface.

Thrown for ROOT_PERMISSION_ID or EXECUTE_PERMISSION_ID permission grants where who or where is ANY_ADDR.

Thrown for permission grants where who and where are both ANY_ADDR.

Thrown if Operation.GrantWithCondition is requested as an operation but the method does not support it.

A special address encoding permissions that are valid for any address who or where.

A special address encoding if a permissions is not set and therefore not allowed.

A special address encoding if a permission is allowed.

A mapping storing permissions as hashes (i.e., permissionHash(where, who, permissionId)) and their status encoded by an address (unset, allowed, or redirecting to a PermissionCondition).

Handles callbacks to adaptively support ERC standards.

This function is supposed to be called via _handleCallback(msg.sig, msg.data) in the fallback() function of the inheriting contract.

Registers a magic number for a callback function selector.

Emitted when _handleCallback is called.

Thrown if the callback function is not registered.

A mapping between callback function selectors and magic return numbers.

The magic number refering to unregistered callbacks.