GithubDiscordTwitterLinks

AUT_Roles_v1.sol

Git Source

Inherits: IAuthorizer_v1, AccessControlEnumerableUpgradeable, Module_v1

Author: Inverter Network

Provides a robust access control mechanism for managing roles and permissions across different modules within the Inverter Network, ensuring secure and controlled access to critical functionalities.

Extends {AccessControlEnumerableUpgradeable} and integrates with {Module_v1} to offer fine-grained access control through role-based permissions. Utilizes ERC2771 for meta-transactions to enhance module interaction experiences.

State Variables

BURN_ADMIN_ROLE

The role that is used as a placeholder for a burned admin role.

bytes32 public constant BURN_ADMIN_ROLE =
    0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;

__gap

Storage gap for future upgrades.

uint[50] private __gap;

Functions

supportsInterface

See {IERC165-supportsInterface}.

onlyModule

Verifies that the caller is an active module.

Parameters

Name
Type
Description

module

address

The address of the module.

notLastAdmin

Verifies that the admin being removed is not the last one.

Parameters

Name
Type
Description

role

bytes32

The id number of the role.

noSelfAdmin

Verifies that the admin being added is not the {Orchestrator_v1}.

Parameters

Name
Type
Description

role

bytes32

The id number of the role.

who

address

The user we want to check on.

Public Functions

init

checkForRole

Checks whether an address holds the required role to execute the current transaction.

The calling contract needs to generate the right role ID using its own address and the role identifier. In modules, this function should be used instead of hasRole, as there are Authorizer-specific checks that need to be performed.

Parameters

Name
Type
Description

role

bytes32

The identifier of the role we want to check

who

address

The address on which to perform the check.

Returns

Name
Type
Description

<none>

bool

bool Returns if the address holds the role

generateRoleId

Helper function to generate a bytes32 role hash for a module role.

Parameters

Name
Type
Description

module

address

The address of the module to generate the hash for.

role

bytes32

The ID number of the role to generate the hash for.

Returns

Name
Type
Description

<none>

bytes32

bytes32 Returns the generated role hash.

grantRoleFromModule

Used by a Module to grant a role to a user.

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to grant.

target

address

The address to which to grant the role.

grantRoleFromModuleBatched

Used by a Module to grant a role to a set of users.

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to grant.

targets

address[]

The addresses to which to grant the role.

revokeRoleFromModule

Used by a Module to revoke a role from a user.

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to revoke.

target

address

The address to revoke the role from.

revokeRoleFromModuleBatched

Used by a Module to revoke a role from a set of users.

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to revoke.

targets

address[]

The address to revoke the role from.

transferAdminRole

Transfer the admin rights to a given role.

Parameters

Name
Type
Description

roleId

bytes32

The role on which to peform the admin transfer.

newAdmin

bytes32

The new role to which to transfer admin access to.

burnAdminFromModuleRole

Irreversibly burns the admin of a given role.

The module itself can still grant and revoke it's own roles. This only burns third-party access to the role.

Parameters

Name
Type
Description

role

bytes32

The role to remove admin access from.

grantGlobalRole

Grants a global role to a target.

Only the addresses with the Admin role should be able to call this function.

Parameters

Name
Type
Description

role

bytes32

The role to grant.

target

address

The address to grant the role to.

grantGlobalRoleBatched

Grants a global role to a set of targets.

Only the addresses with the Admin role should be able to call this function.

Parameters

Name
Type
Description

role

bytes32

The role to grant.

targets

address[]

The addresses to grant the role to.

revokeGlobalRole

Revokes a global role from a target.

Only the addresses with the Admin role should be able to call this function.

Parameters

Name
Type
Description

role

bytes32

The role to grant.

target

address

The address to grant the role to.

revokeGlobalRoleBatched

Revokes a global role from a set of targets.

Only the addresses with the Admin role should be able to call this function.

Parameters

Name
Type
Description

role

bytes32

The role to grant.

targets

address[]

The addresses to grant the role to.

getAdminRole

Returns the role ID of the admin role.

Returns

Name
Type
Description

<none>

bytes32

The role ID.

Internal Functions

__RoleAuthorizer_init

Initializes the role authorizer.

Parameters

Name
Type
Description

initialAdmin

address

The initial admin of the role authorizer.

_revokeRole

Overrides _revokeRole to prevent having an empty ADMIN role.

Parameters

Name
Type
Description

role

bytes32

The id number of the role.

who

address

The user we want to check on.

Returns

Name
Type
Description

<none>

bool

bool Returns if revoke has been succesful.

_grantRole

Overrides _grantRole to prevent having the {Orchestrator_v1} having the OWNER role.

Parameters

Name
Type
Description

role

bytes32

The id of the role.

who

address

The user we want to check on.

Returns

Name
Type
Description

<none>

bool

bool Returns if grant has been succesful.

_msgSender

Needs to be overridden, because they are imported via the AccessControlEnumerableUpgradeable as well.

_msgData

Needs to be overridden, because they are imported via the AccessControlEnumerableUpgradeable as well.

_contextSuffixLength

PreviousAUT_EXT_VotingRoles_v1.solNextAUT_TokenGated_Roles_v1.sol

Last updated