Fix specific role check (#115)

* fix specific role check (minter on tokenid 0 is allowed to mint any token etc)

* add test

* update changesets

.changeset/eighty-plums-move.md

@@ -0,0 +1,5 @@
+---
+"@zoralabs/zora-1155-contracts": minor
+---
+
+Change permission checks for contracts – fix allowing roles that are not admin assigned to tokenid 0 to apply those roles to any token in the contract.

src/nft/ZoraCreator1155Impl.sol

@@ -182,7 +182,7 @@ contract ZoraCreator1155Impl is
     /// @param tokenId tokenId to check
     /// @param role role to check for admin
     function _requireAdminOrRole(address user, uint256 tokenId, uint256 role) internal view {
-        if (!(_hasAnyPermission(tokenId, user, PERMISSION_BIT_ADMIN | role) || _hasAnyPermission(CONTRACT_BASE_ID, user, PERMISSION_BIT_ADMIN))) {
+        if (!(_hasAnyPermission(tokenId, user, PERMISSION_BIT_ADMIN | role) || _hasAnyPermission(CONTRACT_BASE_ID, user, PERMISSION_BIT_ADMIN | role))) {
             revert UserMissingRoleForToken(user, tokenId, role);
         }
     }

test/nft/ZoraCreator1155.t.sol

@@ -168,7 +168,20 @@ contract ZoraCreator1155Test is Test {
         assertEq(tokenData.totalMinted, 0);
     }
 
-    function xtest_setupNewToken_asMinter(string memory newURI, uint256 _maxSupply) external {}
+    function test_setupNewToken_asMinter() external {
+        init();
+
+        address minterUser = address(0x999ab9);
+        vm.startPrank(admin);
+        target.addPermission(target.CONTRACT_BASE_ID(), minterUser, target.PERMISSION_BIT_MINTER());
+        vm.stopPrank();
+
+        vm.startPrank(minterUser);
+        uint256 newToken = target.setupNewToken("test", 1);
+
+        target.adminMint(minterUser, newToken, 1, "");
+        assertEq(target.uri(1), "test");
+    }
 
     function test_setupNewToken_revertOnlyAdminOrRole() external {
         init();