openzeppelin-contracts/test/access/manager/AccessManager.test.js

const { web3 } = require('hardhat');
const { constants, expectEvent, time, expectRevert } = require('@openzeppelin/test-helpers');
const { expectRevertCustomError } = require('../../helpers/customError');
const { selector } = require('../../helpers/methods');
const { clockFromReceipt } = require('../../helpers/time');
const {
  buildBaseRoles,
  formatAccess,
  EXPIRATION,
  MINSETBACK,
  EXECUTION_ID_STORAGE_SLOT,
  CONSUMING_SCHEDULE_STORAGE_SLOT,
  scheduleOperation,
  hashOperation,
} = require('../../helpers/access-manager');
const {
  shouldBehaveLikeDelayedAdminOperation,
  shouldBehaveLikeNotDelayedAdminOperation,
  shouldBehaveLikeRoleAdminOperation,
  shouldBehaveLikeAManagedRestrictedOperation,
} = require('./AccessManager.behavior');
const {
  LIKE_COMMON_SCHEDULABLE,
  testAsClosable,
  testAsDelay,
  testAsSchedulableOperation,
  testAsCanCall,
  testAsHasRole,
  testAsGetAccess,
} = require('./AccessManager.predicate');
const { default: Wallet } = require('ethereumjs-wallet');
const {
  mine,
  time: { setNextBlockTimestamp },
  getStorageAt,
} = require('@nomicfoundation/hardhat-network-helpers');
const { MAX_UINT48 } = require('../../helpers/constants');
const { impersonate } = require('../../helpers/account');

const AccessManager = artifacts.require('$AccessManager');
const AccessManagedTarget = artifacts.require('$AccessManagedTarget');
const Ownable = artifacts.require('$Ownable');

const someAddress = Wallet.generate().getChecksumAddressString();

// This test suite is made using the following tools:
//
// * Predicates: Functions with common conditional setups without assertions.
// * Behaviors: Functions with common assertions.
//
// The behavioral tests are built by composing predicates and are used as templates
// for testing access to restricted functions.
//
// Similarly, unit tests in this suite will use predicates to test subsets of these
// behaviors and are helped by common assertions provided for some of the predicates.
//
// The predicates can be identified by the `testAs*` prefix while the behaviors
// are prefixed with `shouldBehave*`. The common assertions for predicates are
// defined as constants.
contract('AccessManager', function (accounts) {
  const [admin, manager, guardian, member, user, other] = accounts;

  beforeEach(async function () {
    this.roles = buildBaseRoles();

    // Add members
    this.roles.ADMIN.members = [admin];
    this.roles.SOME_ADMIN.members = [manager];
    this.roles.SOME_GUARDIAN.members = [guardian];
    this.roles.SOME.members = [member];
    this.roles.PUBLIC.members = [admin, manager, guardian, member, user, other];

    this.manager = await AccessManager.new(admin);
    this.target = await AccessManagedTarget.new(this.manager.address);

    for (const { id: roleId, admin, guardian, members } of Object.values(this.roles)) {
      if (roleId === this.roles.PUBLIC.id) continue; // Every address belong to public and is locked
      if (roleId === this.roles.ADMIN.id) continue; // Admin set during construction and is locked

      // Set admin role avoiding default
      if (admin.id !== this.roles.ADMIN.id) {
        await this.manager.$_setRoleAdmin(roleId, admin.id);
      }

      // Set guardian role avoiding default
      if (guardian.id !== this.roles.ADMIN.id) {
        await this.manager.$_setRoleGuardian(roleId, guardian.id);
      }

      // Grant role to members
      for (const member of members) {
        await this.manager.$_grantRole(roleId, member, 0, 0);
      }
    }
  });

  describe('during construction', function () {
    it('grants admin role to initialAdmin', async function () {
      const manager = await AccessManager.new(other);
      expect(await manager.hasRole(this.roles.ADMIN.id, other).then(formatAccess)).to.be.deep.equal([true, '0']);
    });

    it('rejects zero address for initialAdmin', async function () {
      await expectRevertCustomError(AccessManager.new(constants.ZERO_ADDRESS), 'AccessManagerInvalidInitialAdmin', [
        constants.ZERO_ADDRESS,
      ]);
    });

    it('initializes setup roles correctly', async function () {
      for (const { id: roleId, admin, guardian, members } of Object.values(this.roles)) {
        expect(await this.manager.getRoleAdmin(roleId)).to.be.bignumber.equal(admin.id);
        expect(await this.manager.getRoleGuardian(roleId)).to.be.bignumber.equal(guardian.id);

        for (const user of this.roles.PUBLIC.members) {
          expect(await this.manager.hasRole(roleId, user).then(formatAccess)).to.be.deep.equal([
            members.includes(user),
            '0',
          ]);
        }
      }
    });
  });

  describe('getters', function () {
    describe('#canCall', function () {
      beforeEach('set calldata', function () {
        this.calldata = '0x12345678';
        this.role = { id: web3.utils.toBN(379204) };
      });

      testAsCanCall({
        closed() {
          it('should return false and no delay', async function () {
            const { immediate, delay } = await this.manager.canCall(
              someAddress,
              this.target.address,
              this.calldata.substring(0, 10),
            );
            expect(immediate).to.be.equal(false);
            expect(delay).to.be.bignumber.equal('0');
          });
        },
        open: {
          callerIsTheManager: {
            executing() {
              it('should return true and no delay', async function () {
                const { immediate, delay } = await this.manager.canCall(
                  this.caller,
                  this.target.address,
                  this.calldata.substring(0, 10),
                );
                expect(immediate).to.be.equal(true);
                expect(delay).to.be.bignumber.equal('0');
              });
            },
            notExecuting() {
              it('should return false and no delay', async function () {
                const { immediate, delay } = await this.manager.canCall(
                  this.caller,
                  this.target.address,
                  this.calldata.substring(0, 10),
                );
                expect(immediate).to.be.equal(false);
                expect(delay).to.be.bignumber.equal('0');
              });
            },
          },
          callerIsNotTheManager: {
            publicRoleIsRequired() {
              it('should return true and no delay', async function () {
                const { immediate, delay } = await this.manager.canCall(
                  this.caller,
                  this.target.address,
                  this.calldata.substring(0, 10),
                );
                expect(immediate).to.be.equal(true);
                expect(delay).to.be.bignumber.equal('0');
              });
            },
            specificRoleIsRequired: {
              requiredRoleIsGranted: {
                roleGrantingIsDelayed: {
                  callerHasAnExecutionDelay: {
                    beforeGrantDelay() {
                      beforeEach('consume previously set grant delay', async function () {
                        // Consume previously set delay
                        await mine();
                      });

                      it('should return false and no execution delay', async function () {
                        const { immediate, delay } = await this.manager.canCall(
                          this.caller,
                          this.target.address,
                          this.calldata.substring(0, 10),
                        );
                        expect(immediate).to.be.equal(false);
                        expect(delay).to.be.bignumber.equal('0');
                      });
                    },
                    afterGrantDelay() {
                      beforeEach('consume previously set grant delay', async function () {
                        // Consume previously set delay
                        await mine();
                        this.scheduleIn = this.executionDelay; // For testAsSchedulableOperation
                      });

                      testAsSchedulableOperation({
                        scheduled: {
                          before() {
                            beforeEach('consume previously set delay', async function () {
                              // Consume previously set delay
                              await mine();
                            });

                            it('should return false and execution delay', async function () {
                              const { immediate, delay } = await this.manager.canCall(
                                this.caller,
                                this.target.address,
                                this.calldata.substring(0, 10),
                              );
                              expect(immediate).to.be.equal(false);
                              expect(delay).to.be.bignumber.equal(this.executionDelay);
                            });
                          },
                          after() {
                            beforeEach('consume previously set delay', async function () {
                              // Consume previously set delay
                              await mine();
                            });

                            it('should return false and execution delay', async function () {
                              const { immediate, delay } = await this.manager.canCall(
                                this.caller,
                                this.target.address,
                                this.calldata.substring(0, 10),
                              );
                              expect(immediate).to.be.equal(false);
                              expect(delay).to.be.bignumber.equal(this.executionDelay);
                            });
                          },
                          expired() {
                            beforeEach('consume previously set delay', async function () {
                              // Consume previously set delay
                              await mine();
                            });
                            it('should return false and execution delay', async function () {
                              const { immediate, delay } = await this.manager.canCall(
                                this.caller,
                                this.target.address,
                                this.calldata.substring(0, 10),
                              );
                              expect(immediate).to.be.equal(false);
                              expect(delay).to.be.bignumber.equal(this.executionDelay);
                            });
                          },
                        },
                        notScheduled() {
                          it('should return false and execution delay', async function () {
                            const { immediate, delay } = await this.manager.canCall(
                              this.caller,
                              this.target.address,
                              this.calldata.substring(0, 10),
                            );
                            expect(immediate).to.be.equal(false);
                            expect(delay).to.be.bignumber.equal(this.executionDelay);
                          });
                        },
                      });
                    },
                  },
                  callerHasNoExecutionDelay: {
                    beforeGrantDelay() {
                      beforeEach('consume previously set grant delay', async function () {
                        // Consume previously set delay
                        await mine();
                      });

                      it('should return false and no execution delay', async function () {
                        const { immediate, delay } = await this.manager.canCall(
                          this.caller,
                          this.target.address,
                          this.calldata.substring(0, 10),
                        );
                        expect(immediate).to.be.equal(false);
                        expect(delay).to.be.bignumber.equal('0');
                      });
                    },
                    afterGrantDelay() {
                      beforeEach('consume previously set grant delay', async function () {
                        // Consume previously set delay
                        await mine();
                      });

                      it('should return true and no execution delay', async function () {
                        const { immediate, delay } = await this.manager.canCall(
                          this.caller,
                          this.target.address,
                          this.calldata.substring(0, 10),
                        );
                        expect(immediate).to.be.equal(true);
                        expect(delay).to.be.bignumber.equal('0');
                      });
                    },
                  },
                },
                roleGrantingIsNotDelayed: {
                  callerHasAnExecutionDelay() {
                    it('should return false and execution delay', async function () {
                      const { immediate, delay } = await this.manager.canCall(
                        this.caller,
                        this.target.address,
                        this.calldata.substring(0, 10),
                      );
                      expect(immediate).to.be.equal(false);
                      expect(delay).to.be.bignumber.equal(this.executionDelay);
                    });
                  },
                  callerHasNoExecutionDelay() {
                    it('should return true and no execution delay', async function () {
                      const { immediate, delay } = await this.manager.canCall(
                        this.caller,
                        this.target.address,
                        this.calldata.substring(0, 10),
                      );
                      expect(immediate).to.be.equal(true);
                      expect(delay).to.be.bignumber.equal('0');
                    });
                  },
                },
              },
              requiredRoleIsNotGranted() {
                it('should return false and no execution delay', async function () {
                  const { immediate, delay } = await this.manager.canCall(
                    this.caller,
                    this.target.address,
                    this.calldata.substring(0, 10),
                  );
                  expect(immediate).to.be.equal(false);
                  expect(delay).to.be.bignumber.equal('0');
                });
              },
            },
          },
        },
      });
    });

    describe('#expiration', function () {
      it('has a 7 days default expiration', async function () {
        expect(await this.manager.expiration()).to.be.bignumber.equal(EXPIRATION);
      });
    });

    describe('#minSetback', function () {
      it('has a 5 days default minimum setback', async function () {
        expect(await this.manager.minSetback()).to.be.bignumber.equal(MINSETBACK);
      });
    });

    describe('#isTargetClosed', function () {
      testAsClosable({
        closed() {
          it('returns true', async function () {
            expect(await this.manager.isTargetClosed(this.target.address)).to.be.equal(true);
          });
        },
        open() {
          it('returns false', async function () {
            expect(await this.manager.isTargetClosed(this.target.address)).to.be.equal(false);
          });
        },
      });
    });

    describe('#getTargetFunctionRole', function () {
      const methodSelector = selector('something(address,bytes)');

      it('returns the target function role', async function () {
        const roleId = web3.utils.toBN(21498);
        await this.manager.$_setTargetFunctionRole(this.target.address, methodSelector, roleId);

        expect(await this.manager.getTargetFunctionRole(this.target.address, methodSelector)).to.be.bignumber.equal(
          roleId,
        );
      });

      it('returns the ADMIN role if not set', async function () {
        expect(await this.manager.getTargetFunctionRole(this.target.address, methodSelector)).to.be.bignumber.equal(
          this.roles.ADMIN.id,
        );
      });
    });

    describe('#getTargetAdminDelay', function () {
      describe('when the target admin delay is setup', function () {
        beforeEach('set target admin delay', async function () {
          this.oldDelay = await this.manager.getTargetAdminDelay(this.target.address);
          this.newDelay = time.duration.days(10);

          await this.manager.$_setTargetAdminDelay(this.target.address, this.newDelay);
          this.delay = MINSETBACK; // For testAsDelay
        });

        testAsDelay('effect', {
          before() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns the old target admin delay', async function () {
              expect(await this.manager.getTargetAdminDelay(this.target.address)).to.be.bignumber.equal(this.oldDelay);
            });
          },
          after() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns the new target admin delay', async function () {
              expect(await this.manager.getTargetAdminDelay(this.target.address)).to.be.bignumber.equal(this.newDelay);
            });
          },
        });
      });

      it('returns the 0 if not set', async function () {
        expect(await this.manager.getTargetAdminDelay(this.target.address)).to.be.bignumber.equal('0');
      });
    });

    describe('#getRoleAdmin', function () {
      const roleId = web3.utils.toBN(5234907);

      it('returns the role admin', async function () {
        const adminId = web3.utils.toBN(789433);

        await this.manager.$_setRoleAdmin(roleId, adminId);

        expect(await this.manager.getRoleAdmin(roleId)).to.be.bignumber.equal(adminId);
      });

      it('returns the ADMIN role if not set', async function () {
        expect(await this.manager.getRoleAdmin(roleId)).to.be.bignumber.equal(this.roles.ADMIN.id);
      });
    });

    describe('#getRoleGuardian', function () {
      const roleId = web3.utils.toBN(5234907);

      it('returns the role guardian', async function () {
        const guardianId = web3.utils.toBN(789433);

        await this.manager.$_setRoleGuardian(roleId, guardianId);

        expect(await this.manager.getRoleGuardian(roleId)).to.be.bignumber.equal(guardianId);
      });

      it('returns the ADMIN role if not set', async function () {
        expect(await this.manager.getRoleGuardian(roleId)).to.be.bignumber.equal(this.roles.ADMIN.id);
      });
    });

    describe('#getRoleGrantDelay', function () {
      const roleId = web3.utils.toBN(9248439);

      describe('when the grant admin delay is setup', function () {
        beforeEach('set grant admin delay', async function () {
          this.oldDelay = await this.manager.getRoleGrantDelay(roleId);
          this.newDelay = time.duration.days(11);

          await this.manager.$_setGrantDelay(roleId, this.newDelay);
          this.delay = MINSETBACK; // For testAsDelay
        });

        testAsDelay('grant', {
          before() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns the old role grant delay', async function () {
              expect(await this.manager.getRoleGrantDelay(roleId)).to.be.bignumber.equal(this.oldDelay);
            });
          },
          after() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns the new role grant delay', async function () {
              expect(await this.manager.getRoleGrantDelay(roleId)).to.be.bignumber.equal(this.newDelay);
            });
          },
        });
      });

      it('returns 0 if delay is not set', async function () {
        expect(await this.manager.getTargetAdminDelay(this.target.address)).to.be.bignumber.equal('0');
      });
    });

    describe('#getAccess', function () {
      beforeEach('set role', function () {
        this.role = { id: web3.utils.toBN(9452) };
        this.caller = user;
      });

      testAsGetAccess({
        requiredRoleIsGranted: {
          roleGrantingIsDelayed: {
            callerHasAnExecutionDelay: {
              beforeGrantDelay() {
                beforeEach('consume previously set grant delay', async function () {
                  // Consume previously set delay
                  await mine();
                });

                it('role is not in effect and execution delay is set', async function () {
                  const access = await this.manager.getAccess(this.role.id, this.caller);
                  expect(access[0]).to.be.bignumber.equal(this.delayEffect); // inEffectSince
                  expect(access[1]).to.be.bignumber.equal(this.executionDelay); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                  // Not in effect yet
                  expect(await time.latest()).to.be.bignumber.lt(access[0]);
                });
              },
              afterGrantDelay() {
                beforeEach('consume previously set grant delay', async function () {
                  // Consume previously set delay
                  await mine();
                });

                it('access has role in effect and execution delay is set', async function () {
                  const access = await this.manager.getAccess(this.role.id, this.caller);

                  expect(access[0]).to.be.bignumber.equal(this.delayEffect); // inEffectSince
                  expect(access[1]).to.be.bignumber.equal(this.executionDelay); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                  // Already in effect
                  expect(await time.latest()).to.be.bignumber.equal(access[0]);
                });
              },
            },
            callerHasNoExecutionDelay: {
              beforeGrantDelay() {
                beforeEach('consume previously set grant delay', async function () {
                  // Consume previously set delay
                  await mine();
                });

                it('access has role not in effect without execution delay', async function () {
                  const access = await this.manager.getAccess(this.role.id, this.caller);
                  expect(access[0]).to.be.bignumber.equal(this.delayEffect); // inEffectSince
                  expect(access[1]).to.be.bignumber.equal('0'); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                  // Not in effect yet
                  expect(await time.latest()).to.be.bignumber.lt(access[0]);
                });
              },
              afterGrantDelay() {
                beforeEach('consume previously set grant delay', async function () {
                  // Consume previously set delay
                  await mine();
                });

                it('role is in effect without execution delay', async function () {
                  const access = await this.manager.getAccess(this.role.id, this.caller);
                  expect(access[0]).to.be.bignumber.equal(this.delayEffect); // inEffectSince
                  expect(access[1]).to.be.bignumber.equal('0'); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                  // Already in effect
                  expect(await time.latest()).to.be.bignumber.equal(access[0]);
                });
              },
            },
          },
          roleGrantingIsNotDelayed: {
            callerHasAnExecutionDelay() {
              it('access has role in effect and execution delay is set', async function () {
                const access = await this.manager.getAccess(this.role.id, this.caller);
                expect(access[0]).to.be.bignumber.equal(await time.latest()); // inEffectSince
                expect(access[1]).to.be.bignumber.equal(this.executionDelay); // currentDelay
                expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                // Already in effect
                expect(await time.latest()).to.be.bignumber.equal(access[0]);
              });
            },
            callerHasNoExecutionDelay() {
              it('access has role in effect without execution delay', async function () {
                const access = await this.manager.getAccess(this.role.id, this.caller);
                expect(access[0]).to.be.bignumber.equal(await time.latest()); // inEffectSince
                expect(access[1]).to.be.bignumber.equal('0'); // currentDelay
                expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                // Already in effect
                expect(await time.latest()).to.be.bignumber.equal(access[0]);
              });
            },
          },
        },
        requiredRoleIsNotGranted() {
          it('has empty access', async function () {
            const access = await this.manager.getAccess(this.role.id, this.caller);
            expect(access[0]).to.be.bignumber.equal('0'); // inEffectSince
            expect(access[1]).to.be.bignumber.equal('0'); // currentDelay
            expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
            expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect
          });
        },
      });
    });

    describe('#hasRole', function () {
      beforeEach('setup testAsHasRole', function () {
        this.role = { id: web3.utils.toBN(49832) };
        this.calldata = '0x1234';
        this.caller = user;
      });

      testAsHasRole({
        publicRoleIsRequired() {
          it('has PUBLIC role', async function () {
            const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
            expect(isMember).to.be.true;
            expect(executionDelay).to.be.bignumber.eq('0');
          });
        },
        specificRoleIsRequired: {
          requiredRoleIsGranted: {
            roleGrantingIsDelayed: {
              callerHasAnExecutionDelay: {
                beforeGrantDelay() {
                  beforeEach('consume previously set grant delay', async function () {
                    // Consume previously set delay
                    await mine();
                  });

                  it('does not have role but execution delay', async function () {
                    const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
                    expect(isMember).to.be.false;
                    expect(executionDelay).to.be.bignumber.eq(this.executionDelay);
                  });
                },
                afterGrantDelay() {
                  beforeEach('consume previously set grant delay', async function () {
                    // Consume previously set delay
                    await mine();
                  });

                  it('has role and execution delay', async function () {
                    const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
                    expect(isMember).to.be.true;
                    expect(executionDelay).to.be.bignumber.eq(this.executionDelay);
                  });
                },
              },
              callerHasNoExecutionDelay: {
                beforeGrantDelay() {
                  beforeEach('consume previously set grant delay', async function () {
                    // Consume previously set delay
                    await mine();
                  });

                  it('does not have role nor execution delay', async function () {
                    const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
                    expect(isMember).to.be.false;
                    expect(executionDelay).to.be.bignumber.eq('0');
                  });
                },
                afterGrantDelay() {
                  beforeEach('consume previously set grant delay', async function () {
                    // Consume previously set delay
                    await mine();
                  });

                  it('has role and no execution delay', async function () {
                    const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
                    expect(isMember).to.be.true;
                    expect(executionDelay).to.be.bignumber.eq('0');
                  });
                },
              },
            },
            roleGrantingIsNotDelayed: {
              callerHasAnExecutionDelay() {
                it('has role and execution delay', async function () {
                  const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
                  expect(isMember).to.be.true;
                  expect(executionDelay).to.be.bignumber.eq(this.executionDelay);
                });
              },
              callerHasNoExecutionDelay() {
                it('has role and no execution delay', async function () {
                  const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
                  expect(isMember).to.be.true;
                  expect(executionDelay).to.be.bignumber.eq('0');
                });
              },
            },
          },
          requiredRoleIsNotGranted() {
            it('has no role and no execution delay', async function () {
              const { isMember, executionDelay } = await this.manager.hasRole(this.role.id, this.caller);
              expect(isMember).to.be.false;
              expect(executionDelay).to.be.bignumber.eq('0');
            });
          },
        },
      });
    });

    describe('#getSchedule', function () {
      beforeEach('set role and calldata', async function () {
        const method = 'fnRestricted()';
        this.caller = user;
        this.role = { id: web3.utils.toBN(493590) };
        await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
        await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay

        this.calldata = this.target.contract.methods[method]().encodeABI();
        this.scheduleIn = time.duration.days(10); // For testAsSchedulableOperation
      });

      testAsSchedulableOperation({
        scheduled: {
          before() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns schedule in the future', async function () {
              const schedule = await this.manager.getSchedule(this.operationId);
              expect(schedule).to.be.bignumber.equal(this.scheduledAt.add(this.scheduleIn));
              expect(schedule).to.be.bignumber.gt(await time.latest());
            });
          },
          after() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns schedule', async function () {
              const schedule = await this.manager.getSchedule(this.operationId);
              expect(schedule).to.be.bignumber.equal(this.scheduledAt.add(this.scheduleIn));
              expect(schedule).to.be.bignumber.eq(await time.latest());
            });
          },
          expired() {
            beforeEach('consume previously set grant delay', async function () {
              // Consume previously set delay
              await mine();
            });

            it('returns 0', async function () {
              expect(await this.manager.getSchedule(this.operationId)).to.be.bignumber.equal('0');
            });
          },
        },
        notScheduled() {
          it('defaults to 0', async function () {
            expect(await this.manager.getSchedule(this.operationId)).to.be.bignumber.equal('0');
          });
        },
      });
    });

    describe('#getNonce', function () {
      describe('when operation is scheduled', function () {
        beforeEach('schedule operation', async function () {
          const method = 'fnRestricted()';
          this.caller = user;
          this.role = { id: web3.utils.toBN(4209043) };
          await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
          await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay

          this.calldata = this.target.contract.methods[method]().encodeABI();
          this.delay = time.duration.days(10);

          const { operationId } = await scheduleOperation(this.manager, {
            caller: this.caller,
            target: this.target.address,
            calldata: this.calldata,
            delay: this.delay,
          });
          this.operationId = operationId;
        });

        it('returns nonce', async function () {
          expect(await this.manager.getNonce(this.operationId)).to.be.bignumber.equal('1');
        });
      });

      describe('when is not scheduled', function () {
        it('returns default 0', async function () {
          expect(await this.manager.getNonce(web3.utils.keccak256('operation'))).to.be.bignumber.equal('0');
        });
      });
    });

    describe('#hashOperation', function () {
      it('returns an operationId', async function () {
        const calldata = '0x123543';
        const address = someAddress;

        const args = [user, address, calldata];

        expect(await this.manager.hashOperation(...args)).to.be.bignumber.eq(hashOperation(...args));
      });
    });
  });

  describe('admin operations', function () {
    beforeEach('set required role', function () {
      this.role = this.roles.ADMIN;
    });

    describe('subject to a delay', function () {
      describe('#labelRole', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'labelRole(uint64,string)';
            const args = [123443, 'TEST'];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeDelayedAdminOperation();
        });

        it('emits an event with the label', async function () {
          expectEvent(await this.manager.labelRole(this.roles.SOME.id, 'Some label', { from: admin }), 'RoleLabel', {
            roleId: this.roles.SOME.id,
            label: 'Some label',
          });
        });

        it('updates label on a second call', async function () {
          await this.manager.labelRole(this.roles.SOME.id, 'Some label', { from: admin });

          expectEvent(await this.manager.labelRole(this.roles.SOME.id, 'Updated label', { from: admin }), 'RoleLabel', {
            roleId: this.roles.SOME.id,
            label: 'Updated label',
          });
        });

        it('reverts labeling PUBLIC_ROLE', async function () {
          await expectRevertCustomError(
            this.manager.labelRole(this.roles.PUBLIC.id, 'Some label', { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.PUBLIC.id],
          );
        });

        it('reverts labeling ADMIN_ROLE', async function () {
          await expectRevertCustomError(
            this.manager.labelRole(this.roles.ADMIN.id, 'Some label', { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.ADMIN.id],
          );
        });
      });

      describe('#setRoleAdmin', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'setRoleAdmin(uint64,uint64)';
            const args = [93445, 84532];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeDelayedAdminOperation();
        });

        it("sets any role's admin if called by an admin", async function () {
          expect(await this.manager.getRoleAdmin(this.roles.SOME.id)).to.be.bignumber.equal(this.roles.SOME_ADMIN.id);

          const { receipt } = await this.manager.setRoleAdmin(this.roles.SOME.id, this.roles.ADMIN.id, { from: admin });
          expectEvent(receipt, 'RoleAdminChanged', { roleId: this.roles.SOME.id, admin: this.roles.ADMIN.id });

          expect(await this.manager.getRoleAdmin(this.roles.SOME.id)).to.be.bignumber.equal(this.roles.ADMIN.id);
        });

        it('reverts setting PUBLIC_ROLE admin', async function () {
          await expectRevertCustomError(
            this.manager.setRoleAdmin(this.roles.PUBLIC.id, this.roles.ADMIN.id, { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.PUBLIC.id],
          );
        });

        it('reverts setting ADMIN_ROLE admin', async function () {
          await expectRevertCustomError(
            this.manager.setRoleAdmin(this.roles.ADMIN.id, this.roles.ADMIN.id, { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.ADMIN.id],
          );
        });
      });

      describe('#setRoleGuardian', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'setRoleGuardian(uint64,uint64)';
            const args = [93445, 84532];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeDelayedAdminOperation();
        });

        it("sets any role's guardian if called by an admin", async function () {
          expect(await this.manager.getRoleGuardian(this.roles.SOME.id)).to.be.bignumber.equal(
            this.roles.SOME_GUARDIAN.id,
          );

          const { receipt } = await this.manager.setRoleGuardian(this.roles.SOME.id, this.roles.ADMIN.id, {
            from: admin,
          });
          expectEvent(receipt, 'RoleGuardianChanged', { roleId: this.roles.SOME.id, guardian: this.roles.ADMIN.id });

          expect(await this.manager.getRoleGuardian(this.roles.SOME.id)).to.be.bignumber.equal(this.roles.ADMIN.id);
        });

        it('reverts setting PUBLIC_ROLE admin', async function () {
          await expectRevertCustomError(
            this.manager.setRoleGuardian(this.roles.PUBLIC.id, this.roles.ADMIN.id, { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.PUBLIC.id],
          );
        });

        it('reverts setting ADMIN_ROLE admin', async function () {
          await expectRevertCustomError(
            this.manager.setRoleGuardian(this.roles.ADMIN.id, this.roles.ADMIN.id, { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.ADMIN.id],
          );
        });
      });

      describe('#setGrantDelay', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'setGrantDelay(uint64,uint32)';
            const args = [984910, time.duration.days(2)];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeDelayedAdminOperation();
        });

        it('reverts setting grant delay for the PUBLIC_ROLE', async function () {
          await expectRevertCustomError(
            this.manager.setGrantDelay(this.roles.PUBLIC.id, web3.utils.toBN(69), { from: admin }),
            'AccessManagerLockedRole',
            [this.roles.PUBLIC.id],
          );
        });

        describe('when increasing the delay', function () {
          const oldDelay = web3.utils.toBN(10);
          const newDelay = web3.utils.toBN(100);

          beforeEach('sets old delay', async function () {
            this.role = this.roles.SOME;
            await this.manager.$_setGrantDelay(this.role.id, oldDelay);
            await time.increase(MINSETBACK);
            expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(oldDelay);
          });

          it('increases the delay after minsetback', async function () {
            const { receipt } = await this.manager.setGrantDelay(this.role.id, newDelay, { from: admin });
            const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
            expectEvent(receipt, 'RoleGrantDelayChanged', {
              roleId: this.role.id,
              delay: newDelay,
              since: timestamp.add(MINSETBACK),
            });

            expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(oldDelay);
            await time.increase(MINSETBACK);
            expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(newDelay);
          });
        });

        describe('when reducing the delay', function () {
          const oldDelay = time.duration.days(10);

          beforeEach('sets old delay', async function () {
            this.role = this.roles.SOME;
            await this.manager.$_setGrantDelay(this.role.id, oldDelay);
            await time.increase(MINSETBACK);
            expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(oldDelay);
          });

          describe('when the delay difference is shorter than minimum setback', function () {
            const newDelay = oldDelay.subn(1);

            it('increases the delay after minsetback', async function () {
              const { receipt } = await this.manager.setGrantDelay(this.role.id, newDelay, { from: admin });
              const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
              expectEvent(receipt, 'RoleGrantDelayChanged', {
                roleId: this.role.id,
                delay: newDelay,
                since: timestamp.add(MINSETBACK),
              });

              expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(oldDelay);
              await time.increase(MINSETBACK);
              expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(newDelay);
            });
          });

          describe('when the delay difference is longer than minimum setback', function () {
            const newDelay = web3.utils.toBN(1);

            beforeEach('assert delay difference is higher than minsetback', function () {
              expect(oldDelay.sub(newDelay)).to.be.bignumber.gt(MINSETBACK);
            });

            it('increases the delay after delay difference', async function () {
              const setback = oldDelay.sub(newDelay);
              const { receipt } = await this.manager.setGrantDelay(this.role.id, newDelay, { from: admin });
              const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
              expectEvent(receipt, 'RoleGrantDelayChanged', {
                roleId: this.role.id,
                delay: newDelay,
                since: timestamp.add(setback),
              });

              expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(oldDelay);
              await time.increase(setback);
              expect(await this.manager.getRoleGrantDelay(this.role.id)).to.be.bignumber.equal(newDelay);
            });
          });
        });
      });

      describe('#setTargetAdminDelay', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'setTargetAdminDelay(address,uint32)';
            const args = [someAddress, time.duration.days(3)];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeDelayedAdminOperation();
        });

        describe('when increasing the delay', function () {
          const oldDelay = time.duration.days(10);
          const newDelay = time.duration.days(11);
          const target = someAddress;

          beforeEach('sets old delay', async function () {
            await this.manager.$_setTargetAdminDelay(target, oldDelay);
            await time.increase(MINSETBACK);
            expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(oldDelay);
          });

          it('increases the delay after minsetback', async function () {
            const { receipt } = await this.manager.setTargetAdminDelay(target, newDelay, { from: admin });
            const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
            expectEvent(receipt, 'TargetAdminDelayUpdated', {
              target,
              delay: newDelay,
              since: timestamp.add(MINSETBACK),
            });

            expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(oldDelay);
            await time.increase(MINSETBACK);
            expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(newDelay);
          });
        });

        describe('when reducing the delay', function () {
          const oldDelay = time.duration.days(10);
          const target = someAddress;

          beforeEach('sets old delay', async function () {
            await this.manager.$_setTargetAdminDelay(target, oldDelay);
            await time.increase(MINSETBACK);
            expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(oldDelay);
          });

          describe('when the delay difference is shorter than minimum setback', function () {
            const newDelay = oldDelay.subn(1);

            it('increases the delay after minsetback', async function () {
              const { receipt } = await this.manager.setTargetAdminDelay(target, newDelay, { from: admin });
              const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
              expectEvent(receipt, 'TargetAdminDelayUpdated', {
                target,
                delay: newDelay,
                since: timestamp.add(MINSETBACK),
              });

              expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(oldDelay);
              await time.increase(MINSETBACK);
              expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(newDelay);
            });
          });

          describe('when the delay difference is longer than minimum setback', function () {
            const newDelay = web3.utils.toBN(1);

            beforeEach('assert delay difference is higher than minsetback', function () {
              expect(oldDelay.sub(newDelay)).to.be.bignumber.gt(MINSETBACK);
            });

            it('increases the delay after delay difference', async function () {
              const setback = oldDelay.sub(newDelay);
              const { receipt } = await this.manager.setTargetAdminDelay(target, newDelay, { from: admin });
              const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
              expectEvent(receipt, 'TargetAdminDelayUpdated', {
                target,
                delay: newDelay,
                since: timestamp.add(setback),
              });

              expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(oldDelay);
              await time.increase(setback);
              expect(await this.manager.getTargetAdminDelay(target)).to.be.bignumber.equal(newDelay);
            });
          });
        });
      });
    });

    describe('not subject to a delay', function () {
      describe('#updateAuthority', function () {
        beforeEach('create a target and a new authority', async function () {
          this.newAuthority = await AccessManager.new(admin);
          this.newManagedTarget = await AccessManagedTarget.new(this.manager.address);
        });

        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'updateAuthority(address,address)';
            const args = [this.newManagedTarget.address, this.newAuthority.address];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeNotDelayedAdminOperation();
        });

        it('changes the authority', async function () {
          expect(await this.newManagedTarget.authority()).to.be.equal(this.manager.address);

          const { tx } = await this.manager.updateAuthority(this.newManagedTarget.address, this.newAuthority.address, {
            from: admin,
          });

          // Managed contract is responsible of notifying the change through an event
          await expectEvent.inTransaction(tx, this.newManagedTarget, 'AuthorityUpdated', {
            authority: this.newAuthority.address,
          });

          expect(await this.newManagedTarget.authority()).to.be.equal(this.newAuthority.address);
        });
      });

      describe('#setTargetClosed', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'setTargetClosed(address,bool)';
            const args = [someAddress, true];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeNotDelayedAdminOperation();
        });

        it('closes and opens a target', async function () {
          const close = await this.manager.setTargetClosed(this.target.address, true, { from: admin });
          expectEvent(close.receipt, 'TargetClosed', { target: this.target.address, closed: true });

          expect(await this.manager.isTargetClosed(this.target.address)).to.be.equal(true);

          const open = await this.manager.setTargetClosed(this.target.address, false, { from: admin });
          expectEvent(open.receipt, 'TargetClosed', { target: this.target.address, closed: false });
          expect(await this.manager.isTargetClosed(this.target.address)).to.be.equal(false);
        });

        it('reverts if closing the manager', async function () {
          await expectRevertCustomError(
            this.manager.setTargetClosed(this.manager.address, true, { from: admin }),
            'AccessManagerLockedAccount',
            [this.manager.address],
          );
        });
      });

      describe('#setTargetFunctionRole', function () {
        describe('restrictions', function () {
          beforeEach('set method and args', function () {
            const method = 'setTargetFunctionRole(address,bytes4[],uint64)';
            const args = [someAddress, ['0x12345678'], 443342];
            this.calldata = this.manager.contract.methods[method](...args).encodeABI();
          });

          shouldBehaveLikeNotDelayedAdminOperation();
        });

        const sigs = ['someFunction()', 'someOtherFunction(uint256)', 'oneMoreFunction(address,uint8)'].map(selector);

        it('sets function roles', async function () {
          for (const sig of sigs) {
            expect(await this.manager.getTargetFunctionRole(this.target.address, sig)).to.be.bignumber.equal(
              this.roles.ADMIN.id,
            );
          }

          const { receipt: receipt1 } = await this.manager.setTargetFunctionRole(
            this.target.address,
            sigs,
            this.roles.SOME.id,
            {
              from: admin,
            },
          );

          for (const sig of sigs) {
            expectEvent(receipt1, 'TargetFunctionRoleUpdated', {
              target: this.target.address,
              selector: sig,
              roleId: this.roles.SOME.id,
            });
            expect(await this.manager.getTargetFunctionRole(this.target.address, sig)).to.be.bignumber.equal(
              this.roles.SOME.id,
            );
          }

          const { receipt: receipt2 } = await this.manager.setTargetFunctionRole(
            this.target.address,
            [sigs[1]],
            this.roles.SOME_ADMIN.id,
            {
              from: admin,
            },
          );
          expectEvent(receipt2, 'TargetFunctionRoleUpdated', {
            target: this.target.address,
            selector: sigs[1],
            roleId: this.roles.SOME_ADMIN.id,
          });

          for (const sig of sigs) {
            expect(await this.manager.getTargetFunctionRole(this.target.address, sig)).to.be.bignumber.equal(
              sig == sigs[1] ? this.roles.SOME_ADMIN.id : this.roles.SOME.id,
            );
          }
        });
      });

      describe('role admin operations', function () {
        const ANOTHER_ADMIN = web3.utils.toBN(0xdeadc0de1);
        const ANOTHER_ROLE = web3.utils.toBN(0xdeadc0de2);

        beforeEach('set required role', async function () {
          // Make admin a member of ANOTHER_ADMIN
          await this.manager.$_grantRole(ANOTHER_ADMIN, admin, 0, 0);
          await this.manager.$_setRoleAdmin(ANOTHER_ROLE, ANOTHER_ADMIN);

          this.role = { id: ANOTHER_ADMIN };
          this.user = user;
          await this.manager.$_grantRole(this.role.id, this.user, 0, 0);
        });

        describe('#grantRole', function () {
          describe('restrictions', function () {
            beforeEach('set method and args', function () {
              const method = 'grantRole(uint64,address,uint32)';
              const args = [ANOTHER_ROLE, someAddress, 0];
              this.calldata = this.manager.contract.methods[method](...args).encodeABI();
            });

            shouldBehaveLikeRoleAdminOperation(ANOTHER_ADMIN);
          });

          it('reverts when granting PUBLIC_ROLE', async function () {
            await expectRevertCustomError(
              this.manager.grantRole(this.roles.PUBLIC.id, user, 0, {
                from: admin,
              }),
              'AccessManagerLockedRole',
              [this.roles.PUBLIC.id],
            );
          });

          describe('when the user is not a role member', function () {
            describe('with grant delay', function () {
              beforeEach('set grant delay and grant role', async function () {
                // Delay granting
                this.grantDelay = time.duration.weeks(2);
                await this.manager.$_setGrantDelay(ANOTHER_ROLE, this.grantDelay);
                await time.increase(MINSETBACK);

                // Grant role
                this.executionDelay = time.duration.days(3);
                expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                  false,
                  '0',
                ]);
                const { receipt } = await this.manager.grantRole(ANOTHER_ROLE, this.user, this.executionDelay, {
                  from: admin,
                });

                this.receipt = receipt;
                this.delay = this.grantDelay; // For testAsDelay
              });

              testAsDelay('grant', {
                before() {
                  beforeEach('consume previously set grant delay', async function () {
                    // Consume previously set delay
                    await mine();
                  });

                  it('does not grant role to the user yet', async function () {
                    const timestamp = await clockFromReceipt.timestamp(this.receipt).then(web3.utils.toBN);
                    expectEvent(this.receipt, 'RoleGranted', {
                      roleId: ANOTHER_ROLE,
                      account: this.user,
                      since: timestamp.add(this.grantDelay),
                      delay: this.executionDelay,
                      newMember: true,
                    });

                    // Access is correctly stored
                    const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                    expect(access[0]).to.be.bignumber.equal(timestamp.add(this.grantDelay)); // inEffectSince
                    expect(access[1]).to.be.bignumber.equal(this.executionDelay); // currentDelay
                    expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                    expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                    // Not in effect yet
                    const currentTimestamp = await time.latest();
                    expect(currentTimestamp).to.be.a.bignumber.lt(access[0]);
                    expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                      false,
                      this.executionDelay.toString(),
                    ]);
                  });
                },
                after() {
                  beforeEach('consume previously set grant delay', async function () {
                    // Consume previously set delay
                    await mine();
                  });

                  it('grants role to the user', async function () {
                    const timestamp = await clockFromReceipt.timestamp(this.receipt).then(web3.utils.toBN);
                    expectEvent(this.receipt, 'RoleGranted', {
                      roleId: ANOTHER_ROLE,
                      account: this.user,
                      since: timestamp.add(this.grantDelay),
                      delay: this.executionDelay,
                      newMember: true,
                    });

                    // Access is correctly stored
                    const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                    expect(access[0]).to.be.bignumber.equal(timestamp.add(this.grantDelay)); // inEffectSince
                    expect(access[1]).to.be.bignumber.equal(this.executionDelay); // currentDelay
                    expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                    expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                    // Already in effect
                    const currentTimestamp = await time.latest();
                    expect(currentTimestamp).to.be.a.bignumber.equal(access[0]);
                    expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                      true,
                      this.executionDelay.toString(),
                    ]);
                  });
                },
              });
            });

            describe('without grant delay', function () {
              beforeEach('set granting delay', async function () {
                // Delay granting
                this.grantDelay = 0;
                await this.manager.$_setGrantDelay(ANOTHER_ROLE, this.grantDelay);
                await time.increase(MINSETBACK);
              });

              it('immediately grants the role to the user', async function () {
                this.executionDelay = time.duration.days(6);
                expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                  false,
                  '0',
                ]);
                const { receipt } = await this.manager.grantRole(ANOTHER_ROLE, this.user, this.executionDelay, {
                  from: admin,
                });

                const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);
                expectEvent(receipt, 'RoleGranted', {
                  roleId: ANOTHER_ROLE,
                  account: this.user,
                  since: timestamp,
                  delay: this.executionDelay,
                  newMember: true,
                });

                // Access is correctly stored
                const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                expect(access[0]).to.be.bignumber.equal(timestamp); // inEffectSince
                expect(access[1]).to.be.bignumber.equal(this.executionDelay); // currentDelay
                expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                // Already in effect
                const currentTimestamp = await time.latest();
                expect(currentTimestamp).to.be.a.bignumber.equal(access[0]);
                expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                  true,
                  this.executionDelay.toString(),
                ]);
              });
            });
          });

          describe('when the user is already a role member', function () {
            beforeEach('make user role member', async function () {
              this.previousExecutionDelay = time.duration.days(6);
              await this.manager.$_grantRole(ANOTHER_ROLE, this.user, 0, this.previousExecutionDelay);
              this.oldAccess = await this.manager.getAccess(ANOTHER_ROLE, user);
            });

            describe('with grant delay', function () {
              beforeEach('set granting delay', async function () {
                // Delay granting
                const grantDelay = time.duration.weeks(2);
                await this.manager.$_setGrantDelay(ANOTHER_ROLE, grantDelay);
                await time.increase(MINSETBACK);
              });

              describe('when increasing the execution delay', function () {
                beforeEach('set increased new execution delay', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.previousExecutionDelay.toString(),
                  ]);

                  this.newExecutionDelay = this.previousExecutionDelay.add(time.duration.days(4));
                });

                it('emits event and immediately changes the execution delay', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.previousExecutionDelay.toString(),
                  ]);
                  const { receipt } = await this.manager.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay, {
                    from: admin,
                  });
                  const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);

                  expectEvent(receipt, 'RoleGranted', {
                    roleId: ANOTHER_ROLE,
                    account: this.user,
                    since: timestamp,
                    delay: this.newExecutionDelay,
                    newMember: false,
                  });

                  // Access is correctly stored
                  const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                  expect(access[0]).to.be.bignumber.equal(this.oldAccess[0]); // inEffectSince
                  expect(access[1]).to.be.bignumber.equal(this.newExecutionDelay); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                  // Already in effect
                  expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.newExecutionDelay.toString(),
                  ]);
                });
              });

              describe('when decreasing the execution delay', function () {
                beforeEach('decrease execution delay', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.previousExecutionDelay.toString(),
                  ]);

                  this.newExecutionDelay = this.previousExecutionDelay.sub(time.duration.days(4));
                  const { receipt } = await this.manager.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay, {
                    from: admin,
                  });
                  this.grantTimestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);

                  this.receipt = receipt;
                  this.delay = this.previousExecutionDelay.sub(this.newExecutionDelay); // For testAsDelay
                });

                it('emits event', function () {
                  expectEvent(this.receipt, 'RoleGranted', {
                    roleId: ANOTHER_ROLE,
                    account: this.user,
                    since: this.grantTimestamp.add(this.delay),
                    delay: this.newExecutionDelay,
                    newMember: false,
                  });
                });

                testAsDelay('execution delay effect', {
                  before() {
                    beforeEach('consume effect delay', async function () {
                      // Consume previously set delay
                      await mine();
                    });

                    it('does not change the execution delay yet', async function () {
                      // Access is correctly stored
                      const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                      expect(access[0]).to.be.bignumber.equal(this.oldAccess[0]); // inEffectSince
                      expect(access[1]).to.be.bignumber.equal(this.previousExecutionDelay); // currentDelay
                      expect(access[2]).to.be.bignumber.equal(this.newExecutionDelay); // pendingDelay
                      expect(access[3]).to.be.bignumber.equal(this.grantTimestamp.add(this.delay)); // pendingDelayEffect

                      // Not in effect yet
                      expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                        true,
                        this.previousExecutionDelay.toString(),
                      ]);
                    });
                  },
                  after() {
                    beforeEach('consume effect delay', async function () {
                      // Consume previously set delay
                      await mine();
                    });

                    it('changes the execution delay', async function () {
                      // Access is correctly stored
                      const access = await this.manager.getAccess(ANOTHER_ROLE, user);

                      expect(access[0]).to.be.bignumber.equal(this.oldAccess[0]); // inEffectSince
                      expect(access[1]).to.be.bignumber.equal(this.newExecutionDelay); // currentDelay
                      expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                      expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                      // Already in effect
                      expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                        true,
                        this.newExecutionDelay.toString(),
                      ]);
                    });
                  },
                });
              });
            });

            describe('without grant delay', function () {
              beforeEach('set granting delay', async function () {
                // Delay granting
                const grantDelay = 0;
                await this.manager.$_setGrantDelay(ANOTHER_ROLE, grantDelay);
                await time.increase(MINSETBACK);
              });

              describe('when increasing the execution delay', function () {
                beforeEach('set increased new execution delay', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.previousExecutionDelay.toString(),
                  ]);

                  this.newExecutionDelay = this.previousExecutionDelay.add(time.duration.days(4));
                });

                it('emits event and immediately changes the execution delay', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.previousExecutionDelay.toString(),
                  ]);
                  const { receipt } = await this.manager.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay, {
                    from: admin,
                  });
                  const timestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);

                  expectEvent(receipt, 'RoleGranted', {
                    roleId: ANOTHER_ROLE,
                    account: this.user,
                    since: timestamp,
                    delay: this.newExecutionDelay,
                    newMember: false,
                  });

                  // Access is correctly stored
                  const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                  expect(access[0]).to.be.bignumber.equal(this.oldAccess[0]); // inEffectSince
                  expect(access[1]).to.be.bignumber.equal(this.newExecutionDelay); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                  // Already in effect
                  expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.newExecutionDelay.toString(),
                  ]);
                });
              });

              describe('when decreasing the execution delay', function () {
                beforeEach('decrease execution delay', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, this.user).then(formatAccess)).to.be.deep.equal([
                    true,
                    this.previousExecutionDelay.toString(),
                  ]);

                  this.newExecutionDelay = this.previousExecutionDelay.sub(time.duration.days(4));
                  const { receipt } = await this.manager.grantRole(ANOTHER_ROLE, this.user, this.newExecutionDelay, {
                    from: admin,
                  });
                  this.grantTimestamp = await clockFromReceipt.timestamp(receipt).then(web3.utils.toBN);

                  this.receipt = receipt;
                  this.delay = this.previousExecutionDelay.sub(this.newExecutionDelay); // For testAsDelay
                });

                it('emits event', function () {
                  expectEvent(this.receipt, 'RoleGranted', {
                    roleId: ANOTHER_ROLE,
                    account: this.user,
                    since: this.grantTimestamp.add(this.delay),
                    delay: this.newExecutionDelay,
                    newMember: false,
                  });
                });

                testAsDelay('execution delay effect', {
                  before() {
                    beforeEach('consume effect delay', async function () {
                      // Consume previously set delay
                      await mine();
                    });

                    it('does not change the execution delay yet', async function () {
                      // Access is correctly stored
                      const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                      expect(access[0]).to.be.bignumber.equal(this.oldAccess[0]); // inEffectSince
                      expect(access[1]).to.be.bignumber.equal(this.previousExecutionDelay); // currentDelay
                      expect(access[2]).to.be.bignumber.equal(this.newExecutionDelay); // pendingDelay
                      expect(access[3]).to.be.bignumber.equal(this.grantTimestamp.add(this.delay)); // pendingDelayEffect

                      // Not in effect yet
                      expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                        true,
                        this.previousExecutionDelay.toString(),
                      ]);
                    });
                  },
                  after() {
                    beforeEach('consume effect delay', async function () {
                      // Consume previously set delay
                      await mine();
                    });

                    it('changes the execution delay', async function () {
                      // Access is correctly stored
                      const access = await this.manager.getAccess(ANOTHER_ROLE, user);

                      expect(access[0]).to.be.bignumber.equal(this.oldAccess[0]); // inEffectSince
                      expect(access[1]).to.be.bignumber.equal(this.newExecutionDelay); // currentDelay
                      expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                      expect(access[3]).to.be.bignumber.equal('0'); // pendingDelayEffect

                      // Already in effect
                      expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                        true,
                        this.newExecutionDelay.toString(),
                      ]);
                    });
                  },
                });
              });
            });
          });
        });

        describe('#revokeRole', function () {
          describe('restrictions', function () {
            beforeEach('set method and args', async function () {
              const method = 'revokeRole(uint64,address)';
              const args = [ANOTHER_ROLE, someAddress];
              this.calldata = this.manager.contract.methods[method](...args).encodeABI();

              // Need to be set before revoking
              await this.manager.$_grantRole(...args, 0, 0);
            });

            shouldBehaveLikeRoleAdminOperation(ANOTHER_ADMIN);
          });

          describe('when role has been granted', function () {
            beforeEach('grant role with grant delay', async function () {
              this.grantDelay = time.duration.weeks(1);
              await this.manager.$_grantRole(ANOTHER_ROLE, user, this.grantDelay, 0);

              this.delay = this.grantDelay; // For testAsDelay
            });

            testAsDelay('grant', {
              before() {
                beforeEach('consume previously set grant delay', async function () {
                  // Consume previously set delay
                  await mine();
                });

                it('revokes a granted role that will take effect in the future', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                    false,
                    '0',
                  ]);

                  const { receipt } = await this.manager.revokeRole(ANOTHER_ROLE, user, { from: admin });
                  expectEvent(receipt, 'RoleRevoked', { roleId: ANOTHER_ROLE, account: user });

                  expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                    false,
                    '0',
                  ]);

                  const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                  expect(access[0]).to.be.bignumber.equal('0'); // inRoleSince
                  expect(access[1]).to.be.bignumber.equal('0'); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // effect
                });
              },
              after() {
                beforeEach('consume previously set grant delay', async function () {
                  // Consume previously set delay
                  await mine();
                });

                it('revokes a granted role that already took effect', async function () {
                  expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                    true,
                    '0',
                  ]);

                  const { receipt } = await this.manager.revokeRole(ANOTHER_ROLE, user, { from: admin });
                  expectEvent(receipt, 'RoleRevoked', { roleId: ANOTHER_ROLE, account: user });

                  expect(await this.manager.hasRole(ANOTHER_ROLE, user).then(formatAccess)).to.be.deep.equal([
                    false,
                    '0',
                  ]);

                  const access = await this.manager.getAccess(ANOTHER_ROLE, user);
                  expect(access[0]).to.be.bignumber.equal('0'); // inRoleSince
                  expect(access[1]).to.be.bignumber.equal('0'); // currentDelay
                  expect(access[2]).to.be.bignumber.equal('0'); // pendingDelay
                  expect(access[3]).to.be.bignumber.equal('0'); // effect
                });
              },
            });
          });

          describe('when role has not been granted', function () {
            it('has no effect', async function () {
              expect(await this.manager.hasRole(this.roles.SOME.id, user).then(formatAccess)).to.be.deep.equal([
                false,
                '0',
              ]);
              const { receipt } = await this.manager.revokeRole(this.roles.SOME.id, user, { from: manager });
              expectEvent.notEmitted(receipt, 'RoleRevoked', { roleId: ANOTHER_ROLE, account: user });
              expect(await this.manager.hasRole(this.roles.SOME.id, user).then(formatAccess)).to.be.deep.equal([
                false,
                '0',
              ]);
            });
          });

          it('reverts revoking PUBLIC_ROLE', async function () {
            await expectRevertCustomError(
              this.manager.revokeRole(this.roles.PUBLIC.id, user, { from: admin }),
              'AccessManagerLockedRole',
              [this.roles.PUBLIC.id],
            );
          });
        });
      });

      describe('self role operations', function () {
        describe('#renounceRole', function () {
          beforeEach('grant role', async function () {
            this.role = { id: web3.utils.toBN(783164) };
            this.caller = user;
            await this.manager.$_grantRole(this.role.id, this.caller, 0, 0);
          });

          it('renounces a role', async function () {
            expect(await this.manager.hasRole(this.role.id, this.caller).then(formatAccess)).to.be.deep.equal([
              true,
              '0',
            ]);
            const { receipt } = await this.manager.renounceRole(this.role.id, this.caller, {
              from: this.caller,
            });
            expectEvent(receipt, 'RoleRevoked', {
              roleId: this.role.id,
              account: this.caller,
            });
            expect(await this.manager.hasRole(this.role.id, this.caller).then(formatAccess)).to.be.deep.equal([
              false,
              '0',
            ]);
          });

          it('reverts if renouncing the PUBLIC_ROLE', async function () {
            await expectRevertCustomError(
              this.manager.renounceRole(this.roles.PUBLIC.id, this.caller, {
                from: this.caller,
              }),
              'AccessManagerLockedRole',
              [this.roles.PUBLIC.id],
            );
          });

          it('reverts if renouncing with bad caller confirmation', async function () {
            await expectRevertCustomError(
              this.manager.renounceRole(this.role.id, someAddress, {
                from: this.caller,
              }),
              'AccessManagerBadConfirmation',
              [],
            );
          });
        });
      });
    });
  });

  describe('access managed target operations', function () {
    describe('when calling a restricted target function', function () {
      const method = 'fnRestricted()';

      beforeEach('set required role', function () {
        this.role = { id: web3.utils.toBN(3597243) };
        this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
      });

      describe('restrictions', function () {
        beforeEach('set method and args', function () {
          this.calldata = this.target.contract.methods[method]().encodeABI();
          this.caller = user;
        });

        shouldBehaveLikeAManagedRestrictedOperation();
      });

      it('succeeds called by a role member', async function () {
        await this.manager.$_grantRole(this.role.id, user, 0, 0);

        const { receipt } = await this.target.methods[method]({
          data: this.calldata,
          from: user,
        });
        expectEvent(receipt, 'CalledRestricted', {
          caller: user,
        });
      });
    });

    describe('when calling a non-restricted target function', function () {
      const method = 'fnUnrestricted()';

      beforeEach('set required role', async function () {
        this.role = { id: web3.utils.toBN(879435) };
        await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
      });

      it('succeeds called by anyone', async function () {
        const { receipt } = await this.target.methods[method]({
          data: this.calldata,
          from: user,
        });
        expectEvent(receipt, 'CalledUnrestricted', {
          caller: user,
        });
      });
    });
  });

  describe('#schedule', function () {
    const method = 'fnRestricted()';

    beforeEach('set target function role', async function () {
      this.role = { id: web3.utils.toBN(498305) };
      this.caller = user;

      await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay

      this.calldata = this.target.contract.methods[method]().encodeABI();
      this.delay = time.duration.weeks(2);
    });

    describe('restrictions', function () {
      testAsCanCall({
        closed() {
          it('reverts as AccessManagerUnauthorizedCall', async function () {
            await expectRevertCustomError(
              scheduleOperation(this.manager, {
                caller: this.caller,
                target: this.target.address,
                calldata: this.calldata,
                delay: this.delay,
              }),
              'AccessManagerUnauthorizedCall',
              [this.caller, this.target.address, this.calldata.substring(0, 10)],
            );
          });
        },
        open: {
          callerIsTheManager: {
            executing() {
              it.skip('is not reachable because schedule is not restrictable');
            },
            notExecuting() {
              it('reverts as AccessManagerUnauthorizedCall', async function () {
                await expectRevertCustomError(
                  scheduleOperation(this.manager, {
                    caller: this.caller,
                    target: this.target.address,
                    calldata: this.calldata,
                    delay: this.delay,
                  }),
                  'AccessManagerUnauthorizedCall',
                  [this.caller, this.target.address, this.calldata.substring(0, 10)],
                );
              });
            },
          },
          callerIsNotTheManager: {
            publicRoleIsRequired() {
              it('reverts as AccessManagerUnauthorizedCall', async function () {
                // scheduleOperation is not used here because it alters the next block timestamp
                await expectRevertCustomError(
                  this.manager.schedule(this.target.address, this.calldata, MAX_UINT48, {
                    from: this.caller,
                  }),
                  'AccessManagerUnauthorizedCall',
                  [this.caller, this.target.address, this.calldata.substring(0, 10)],
                );
              });
            },
            specificRoleIsRequired: {
              requiredRoleIsGranted: {
                roleGrantingIsDelayed: {
                  callerHasAnExecutionDelay: {
                    beforeGrantDelay() {
                      it('reverts as AccessManagerUnauthorizedCall', async function () {
                        // scheduleOperation is not used here because it alters the next block timestamp
                        await expectRevertCustomError(
                          this.manager.schedule(this.target.address, this.calldata, MAX_UINT48, {
                            from: this.caller,
                          }),
                          'AccessManagerUnauthorizedCall',
                          [this.caller, this.target.address, this.calldata.substring(0, 10)],
                        );
                      });
                    },
                    afterGrantDelay() {
                      it('succeeds', async function () {
                        // scheduleOperation is not used here because it alters the next block timestamp
                        await this.manager.schedule(this.target.address, this.calldata, MAX_UINT48, {
                          from: this.caller,
                        });
                      });
                    },
                  },
                  callerHasNoExecutionDelay: {
                    beforeGrantDelay() {
                      it('reverts as AccessManagerUnauthorizedCall', async function () {
                        // scheduleOperation is not used here because it alters the next block timestamp
                        await expectRevertCustomError(
                          this.manager.schedule(this.target.address, this.calldata, MAX_UINT48, {
                            from: this.caller,
                          }),
                          'AccessManagerUnauthorizedCall',
                          [this.caller, this.target.address, this.calldata.substring(0, 10)],
                        );
                      });
                    },
                    afterGrantDelay() {
                      it('reverts as AccessManagerUnauthorizedCall', async function () {
                        // scheduleOperation is not used here because it alters the next block timestamp
                        await expectRevertCustomError(
                          this.manager.schedule(this.target.address, this.calldata, MAX_UINT48, {
                            from: this.caller,
                          }),
                          'AccessManagerUnauthorizedCall',
                          [this.caller, this.target.address, this.calldata.substring(0, 10)],
                        );
                      });
                    },
                  },
                },
                roleGrantingIsNotDelayed: {
                  callerHasAnExecutionDelay() {
                    it('succeeds', async function () {
                      await scheduleOperation(this.manager, {
                        caller: this.caller,
                        target: this.target.address,
                        calldata: this.calldata,
                        delay: this.delay,
                      });
                    });
                  },
                  callerHasNoExecutionDelay() {
                    it('reverts as AccessManagerUnauthorizedCall', async function () {
                      // scheduleOperation is not used here because it alters the next block timestamp
                      await expectRevertCustomError(
                        this.manager.schedule(this.target.address, this.calldata, MAX_UINT48, {
                          from: this.caller,
                        }),
                        'AccessManagerUnauthorizedCall',
                        [this.caller, this.target.address, this.calldata.substring(0, 10)],
                      );
                    });
                  },
                },
              },
              requiredRoleIsNotGranted() {
                it('reverts as AccessManagerUnauthorizedCall', async function () {
                  await expectRevertCustomError(
                    scheduleOperation(this.manager, {
                      caller: this.caller,
                      target: this.target.address,
                      calldata: this.calldata,
                      delay: this.delay,
                    }),
                    'AccessManagerUnauthorizedCall',
                    [this.caller, this.target.address, this.calldata.substring(0, 10)],
                  );
                });
              },
            },
          },
        },
      });
    });

    it('schedules an operation at the specified execution date if it is larger than caller execution delay', async function () {
      const { operationId, scheduledAt, receipt } = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay: this.delay,
      });

      expect(await this.manager.getSchedule(operationId)).to.be.bignumber.equal(scheduledAt.add(this.delay));
      expectEvent(receipt, 'OperationScheduled', {
        operationId,
        nonce: '1',
        schedule: scheduledAt.add(this.delay),
        target: this.target.address,
        data: this.calldata,
      });
    });

    it('schedules an operation at the minimum execution date if no specified execution date (when == 0)', async function () {
      const executionDelay = await time.duration.hours(72);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, executionDelay);

      const timestamp = await time.latest();
      const scheduledAt = timestamp.addn(1);
      await setNextBlockTimestamp(scheduledAt);
      const { receipt } = await this.manager.schedule(this.target.address, this.calldata, 0, {
        from: this.caller,
      });

      const operationId = await this.manager.hashOperation(this.caller, this.target.address, this.calldata);

      expect(await this.manager.getSchedule(operationId)).to.be.bignumber.equal(scheduledAt.add(executionDelay));
      expectEvent(receipt, 'OperationScheduled', {
        operationId,
        nonce: '1',
        schedule: scheduledAt.add(executionDelay),
        target: this.target.address,
        data: this.calldata,
      });
    });

    it('increases the nonce of an operation scheduled more than once', async function () {
      // Setup and check initial nonce
      const expectedOperationId = hashOperation(this.caller, this.target.address, this.calldata);
      expect(await this.manager.getNonce(expectedOperationId)).to.be.bignumber.eq('0');

      // Schedule
      const op1 = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay: this.delay,
      });
      expectEvent(op1.receipt, 'OperationScheduled', {
        operationId: op1.operationId,
        nonce: '1',
        schedule: op1.scheduledAt.add(this.delay),
        target: this.target.address,
        data: this.calldata,
      });
      expect(expectedOperationId).to.eq(op1.operationId);

      // Consume
      await time.increase(this.delay);
      await this.manager.$_consumeScheduledOp(expectedOperationId);

      // Check nonce
      expect(await this.manager.getNonce(expectedOperationId)).to.be.bignumber.eq('1');

      // Schedule again
      const op2 = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay: this.delay,
      });
      expectEvent(op2.receipt, 'OperationScheduled', {
        operationId: op2.operationId,
        nonce: '2',
        schedule: op2.scheduledAt.add(this.delay),
        target: this.target.address,
        data: this.calldata,
      });
      expect(expectedOperationId).to.eq(op2.operationId);

      // Check final nonce
      expect(await this.manager.getNonce(expectedOperationId)).to.be.bignumber.eq('2');
    });

    it('reverts if the specified execution date is before the current timestamp + caller execution delay', async function () {
      const executionDelay = time.duration.weeks(1).add(this.delay);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, executionDelay);

      await expectRevertCustomError(
        scheduleOperation(this.manager, {
          caller: this.caller,
          target: this.target.address,
          calldata: this.calldata,
          delay: this.delay,
        }),
        'AccessManagerUnauthorizedCall',
        [this.caller, this.target.address, this.calldata.substring(0, 10)],
      );
    });

    it('reverts if an operation is already schedule', async function () {
      const { operationId } = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay: this.delay,
      });

      await expectRevertCustomError(
        scheduleOperation(this.manager, {
          caller: this.caller,
          target: this.target.address,
          calldata: this.calldata,
          delay: this.delay,
        }),
        'AccessManagerAlreadyScheduled',
        [operationId],
      );
    });

    it('panics scheduling calldata with less than 4 bytes', async function () {
      const calldata = '0x1234'; // 2 bytes

      // Managed contract
      await expectRevert.unspecified(
        scheduleOperation(this.manager, {
          caller: this.caller,
          target: this.target.address,
          calldata: calldata,
          delay: this.delay,
        }),
      );

      // Manager contract
      await expectRevert.unspecified(
        scheduleOperation(this.manager, {
          caller: this.caller,
          target: this.manager.address,
          calldata: calldata,
          delay: this.delay,
        }),
      );
    });

    it('reverts scheduling an unknown operation to the manager', async function () {
      const calldata = '0x12345678';

      await expectRevertCustomError(
        scheduleOperation(this.manager, {
          caller: this.caller,
          target: this.manager.address,
          calldata,
          delay: this.delay,
        }),
        'AccessManagerUnauthorizedCall',
        [this.caller, this.manager.address, calldata],
      );
    });
  });

  describe('#execute', function () {
    const method = 'fnRestricted()';

    beforeEach('set target function role', async function () {
      this.role = { id: web3.utils.toBN(9825430) };
      this.caller = user;

      await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 0);

      this.calldata = this.target.contract.methods[method]().encodeABI();
    });

    describe('restrictions', function () {
      testAsCanCall({
        closed() {
          it('reverts as AccessManagerUnauthorizedCall', async function () {
            await expectRevertCustomError(
              this.manager.execute(this.target.address, this.calldata, { from: this.caller }),
              'AccessManagerUnauthorizedCall',
              [this.caller, this.target.address, this.calldata.substring(0, 10)],
            );
          });
        },
        open: {
          callerIsTheManager: {
            executing() {
              it('succeeds', async function () {
                await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
              });
            },
            notExecuting() {
              it('reverts as AccessManagerUnauthorizedCall', async function () {
                await expectRevertCustomError(
                  this.manager.execute(this.target.address, this.calldata, { from: this.caller }),
                  'AccessManagerUnauthorizedCall',
                  [this.caller, this.target.address, this.calldata.substring(0, 10)],
                );
              });
            },
          },
          callerIsNotTheManager: {
            publicRoleIsRequired() {
              it('succeeds', async function () {
                await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
              });
            },
            specificRoleIsRequired: {
              requiredRoleIsGranted: {
                roleGrantingIsDelayed: {
                  callerHasAnExecutionDelay: {
                    beforeGrantDelay() {
                      it('reverts as AccessManagerUnauthorizedCall', async function () {
                        await expectRevertCustomError(
                          this.manager.execute(this.target.address, this.calldata, { from: this.caller }),
                          'AccessManagerUnauthorizedCall',
                          [this.caller, this.target.address, this.calldata.substring(0, 10)],
                        );
                      });
                    },
                    afterGrantDelay() {
                      beforeEach('define schedule delay', async function () {
                        // Consume previously set delay
                        await mine();
                        this.scheduleIn = time.duration.days(21);
                      });

                      testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE);
                    },
                  },
                  callerHasNoExecutionDelay: {
                    beforeGrantDelay() {
                      it('reverts as AccessManagerUnauthorizedCall', async function () {
                        await expectRevertCustomError(
                          this.manager.execute(this.target.address, this.calldata, { from: this.caller }),
                          'AccessManagerUnauthorizedCall',
                          [this.caller, this.target.address, this.calldata.substring(0, 10)],
                        );
                      });
                    },
                    afterGrantDelay() {
                      beforeEach('define schedule delay', async function () {
                        // Consume previously set delay
                        await mine();
                      });

                      it('succeeds', async function () {
                        await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
                      });
                    },
                  },
                },
                roleGrantingIsNotDelayed: {
                  callerHasAnExecutionDelay() {
                    beforeEach('define schedule delay', async function () {
                      this.scheduleIn = time.duration.days(15);
                    });

                    testAsSchedulableOperation(LIKE_COMMON_SCHEDULABLE);
                  },
                  callerHasNoExecutionDelay() {
                    it('succeeds', async function () {
                      await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
                    });
                  },
                },
              },
              requiredRoleIsNotGranted() {
                it('reverts as AccessManagerUnauthorizedCall', async function () {
                  await expectRevertCustomError(
                    this.manager.execute(this.target.address, this.calldata, { from: this.caller }),
                    'AccessManagerUnauthorizedCall',
                    [this.caller, this.target.address, this.calldata.substring(0, 10)],
                  );
                });
              },
            },
          },
        },
      });
    });

    it('executes with a delay consuming the scheduled operation', async function () {
      const delay = time.duration.hours(4);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // Execution delay is needed so the operation is consumed

      const { operationId } = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay,
      });
      await time.increase(delay);
      const { receipt } = await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
      expectEvent(receipt, 'OperationExecuted', {
        operationId,
        nonce: '1',
      });
      expect(await this.manager.getSchedule(operationId)).to.be.bignumber.equal('0');
    });

    it('executes with no delay consuming a scheduled operation', async function () {
      const delay = time.duration.hours(4);

      // give caller an execution delay
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 1);

      const { operationId } = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay,
      });

      // remove the execution delay
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 0);

      await time.increase(delay);
      const { receipt } = await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
      expectEvent(receipt, 'OperationExecuted', {
        operationId,
        nonce: '1',
      });
      expect(await this.manager.getSchedule(operationId)).to.be.bignumber.equal('0');
    });

    it('keeps the original _executionId after finishing the call', async function () {
      const executionIdBefore = await getStorageAt(this.manager.address, EXECUTION_ID_STORAGE_SLOT);
      await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
      const executionIdAfter = await getStorageAt(this.manager.address, EXECUTION_ID_STORAGE_SLOT);
      expect(executionIdBefore).to.be.bignumber.equal(executionIdAfter);
    });

    it('reverts executing twice', async function () {
      const delay = time.duration.hours(2);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // Execution delay is needed so the operation is consumed

      const { operationId } = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay,
      });
      await time.increase(delay);
      await this.manager.execute(this.target.address, this.calldata, { from: this.caller });
      await expectRevertCustomError(
        this.manager.execute(this.target.address, this.calldata, { from: this.caller }),
        'AccessManagerNotScheduled',
        [operationId],
      );
    });
  });

  describe('#consumeScheduledOp', function () {
    beforeEach('define scheduling parameters', async function () {
      const method = 'fnRestricted()';
      this.caller = this.target.address;
      this.calldata = this.target.contract.methods[method]().encodeABI();
      this.role = { id: web3.utils.toBN(9834983) };

      await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.role.id);
      await this.manager.$_grantRole(this.role.id, this.caller, 0, 1); // nonzero execution delay

      this.scheduleIn = time.duration.hours(10); // For testAsSchedulableOperation
    });

    describe('when caller is not consuming scheduled operation', function () {
      beforeEach('set consuming false', async function () {
        await this.target.setIsConsumingScheduledOp(false, `0x${CONSUMING_SCHEDULE_STORAGE_SLOT.toString(16)}`);
      });

      it('reverts as AccessManagerUnauthorizedConsume', async function () {
        await impersonate(this.caller);
        await expectRevertCustomError(
          this.manager.consumeScheduledOp(this.caller, this.calldata, { from: this.caller }),
          'AccessManagerUnauthorizedConsume',
          [this.caller],
        );
      });
    });

    describe('when caller is consuming scheduled operation', function () {
      beforeEach('set consuming true', async function () {
        await this.target.setIsConsumingScheduledOp(true, `0x${CONSUMING_SCHEDULE_STORAGE_SLOT.toString(16)}`);
      });

      testAsSchedulableOperation({
        scheduled: {
          before() {
            it('reverts as AccessManagerNotReady', async function () {
              await impersonate(this.caller);
              await expectRevertCustomError(
                this.manager.consumeScheduledOp(this.caller, this.calldata, { from: this.caller }),
                'AccessManagerNotReady',
                [this.operationId],
              );
            });
          },
          after() {
            it('consumes the scheduled operation and resets timepoint', async function () {
              expect(await this.manager.getSchedule(this.operationId)).to.be.bignumber.equal(
                this.scheduledAt.add(this.scheduleIn),
              );
              await impersonate(this.caller);
              const { receipt } = await this.manager.consumeScheduledOp(this.caller, this.calldata, {
                from: this.caller,
              });
              expectEvent(receipt, 'OperationExecuted', {
                operationId: this.operationId,
                nonce: '1',
              });
              expect(await this.manager.getSchedule(this.operationId)).to.be.bignumber.equal('0');
            });
          },
          expired() {
            it('reverts as AccessManagerExpired', async function () {
              await impersonate(this.caller);
              await expectRevertCustomError(
                this.manager.consumeScheduledOp(this.caller, this.calldata, { from: this.caller }),
                'AccessManagerExpired',
                [this.operationId],
              );
            });
          },
        },
        notScheduled() {
          it('reverts as AccessManagerNotScheduled', async function () {
            await impersonate(this.caller);
            await expectRevertCustomError(
              this.manager.consumeScheduledOp(this.caller, this.calldata, { from: this.caller }),
              'AccessManagerNotScheduled',
              [this.operationId],
            );
          });
        },
      });
    });
  });

  describe('#cancelScheduledOp', function () {
    const method = 'fnRestricted()';

    beforeEach('setup scheduling', async function () {
      this.caller = this.roles.SOME.members[0];
      await this.manager.$_setTargetFunctionRole(this.target.address, selector(method), this.roles.SOME.id);
      await this.manager.$_grantRole(this.roles.SOME.id, this.caller, 0, 1); // nonzero execution delay

      this.calldata = this.target.contract.methods[method]().encodeABI();
      this.scheduleIn = time.duration.days(10); // For testAsSchedulableOperation
    });

    testAsSchedulableOperation({
      scheduled: {
        before() {
          describe('when caller is the scheduler', function () {
            it('succeeds', async function () {
              await this.manager.cancel(this.caller, this.target.address, this.calldata, { from: this.caller });
            });
          });

          describe('when caller is an admin', function () {
            it('succeeds', async function () {
              await this.manager.cancel(this.caller, this.target.address, this.calldata, {
                from: this.roles.ADMIN.members[0],
              });
            });
          });

          describe('when caller is the role guardian', function () {
            it('succeeds', async function () {
              await this.manager.cancel(this.caller, this.target.address, this.calldata, {
                from: this.roles.SOME_GUARDIAN.members[0],
              });
            });
          });

          describe('when caller is any other account', function () {
            it('reverts as AccessManagerUnauthorizedCancel', async function () {
              await expectRevertCustomError(
                this.manager.cancel(this.caller, this.target.address, this.calldata, { from: other }),
                'AccessManagerUnauthorizedCancel',
                [other, this.caller, this.target.address, selector(method)],
              );
            });
          });
        },
        after() {
          it('succeeds', async function () {
            await this.manager.cancel(this.caller, this.target.address, this.calldata, { from: this.caller });
          });
        },
        expired() {
          it('succeeds', async function () {
            await this.manager.cancel(this.caller, this.target.address, this.calldata, { from: this.caller });
          });
        },
      },
      notScheduled() {
        it('reverts as AccessManagerNotScheduled', async function () {
          await expectRevertCustomError(
            this.manager.cancel(this.caller, this.target.address, this.calldata),
            'AccessManagerNotScheduled',
            [this.operationId],
          );
        });
      },
    });

    it('cancels an operation and resets schedule', async function () {
      const { operationId } = await scheduleOperation(this.manager, {
        caller: this.caller,
        target: this.target.address,
        calldata: this.calldata,
        delay: this.scheduleIn,
      });
      const { receipt } = await this.manager.cancel(this.caller, this.target.address, this.calldata, {
        from: this.caller,
      });
      expectEvent(receipt, 'OperationCanceled', {
        operationId,
        nonce: '1',
      });
      expect(await this.manager.getSchedule(operationId)).to.be.bignumber.eq('0');
    });
  });

  describe('with Ownable target contract', function () {
    const roleId = web3.utils.toBN(1);

    beforeEach(async function () {
      this.ownable = await Ownable.new(this.manager.address);

      // add user to role
      await this.manager.$_grantRole(roleId, user, 0, 0);
    });

    it('initial state', async function () {
      expect(await this.ownable.owner()).to.be.equal(this.manager.address);
    });

    describe('Contract is closed', function () {
      beforeEach(async function () {
        await this.manager.$_setTargetClosed(this.ownable.address, true);
      });

      it('directly call: reverts', async function () {
        await expectRevertCustomError(this.ownable.$_checkOwner({ from: user }), 'OwnableUnauthorizedAccount', [user]);
      });

      it('relayed call (with role): reverts', async function () {
        await expectRevertCustomError(
          this.manager.execute(this.ownable.address, selector('$_checkOwner()'), { from: user }),
          'AccessManagerUnauthorizedCall',
          [user, this.ownable.address, selector('$_checkOwner()')],
        );
      });

      it('relayed call (without role): reverts', async function () {
        await expectRevertCustomError(
          this.manager.execute(this.ownable.address, selector('$_checkOwner()'), { from: other }),
          'AccessManagerUnauthorizedCall',
          [other, this.ownable.address, selector('$_checkOwner()')],
        );
      });
    });

    describe('Contract is managed', function () {
      describe('function is open to specific role', function () {
        beforeEach(async function () {
          await this.manager.$_setTargetFunctionRole(this.ownable.address, selector('$_checkOwner()'), roleId);
        });

        it('directly call: reverts', async function () {
          await expectRevertCustomError(this.ownable.$_checkOwner({ from: user }), 'OwnableUnauthorizedAccount', [
            user,
          ]);
        });

        it('relayed call (with role): success', async function () {
          await this.manager.execute(this.ownable.address, selector('$_checkOwner()'), { from: user });
        });

        it('relayed call (without role): reverts', async function () {
          await expectRevertCustomError(
            this.manager.execute(this.ownable.address, selector('$_checkOwner()'), { from: other }),
            'AccessManagerUnauthorizedCall',
            [other, this.ownable.address, selector('$_checkOwner()')],
          );
        });
      });

      describe('function is open to public role', function () {
        beforeEach(async function () {
          await this.manager.$_setTargetFunctionRole(
            this.ownable.address,
            selector('$_checkOwner()'),
            this.roles.PUBLIC.id,
          );
        });

        it('directly call: reverts', async function () {
          await expectRevertCustomError(this.ownable.$_checkOwner({ from: user }), 'OwnableUnauthorizedAccount', [
            user,
          ]);
        });

        it('relayed call (with role): success', async function () {
          await this.manager.execute(this.ownable.address, selector('$_checkOwner()'), { from: user });
        });

        it('relayed call (without role): success', async function () {
          await this.manager.execute(this.ownable.address, selector('$_checkOwner()'), { from: other });
        });
      });
    });
  });
});