AUT_Roles_v1.sol

Git Source

Inherits: IAuthorizer_v1, AccessControlEnumerableUpgradeable, Module_v1

Author: Inverter Network

Provides a robust access control mechanism for managing roles and permissions across different modules within the Inverter Network, ensuring secure and controlled access to critical functionalities.

Extends {AccessControlEnumerableUpgradeable} and integrates with {Module_v1} to offer fine-grained access control through role-based permissions. Utilizes ERC2771 for meta-transactions to enhance module interaction experiences.

State Variables

BURN_ADMIN_ROLE

The role that is used as a placeholder for a burned admin role.

bytes32 public constant BURN_ADMIN_ROLE =
    0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;

__gap

Storage gap for future upgrades.

uint[50] private __gap;

Functions

supportsInterface

See {IERC165-supportsInterface}.

function supportsInterface(bytes4 interfaceId)
    public
    view
    virtual
    override(Module_v1, AccessControlEnumerableUpgradeable)
    returns (bool);

onlyModule

Verifies that the caller is an active module.

modifier onlyModule(address module);

Parameters

Name
Type
Description

module

address

The address of the module.

notLastAdmin

Verifies that the admin being removed is not the last one.

modifier notLastAdmin(bytes32 role);

Parameters

Name
Type
Description

role

bytes32

The id number of the role.

noSelfAdmin

Verifies that the admin being added is not the {Orchestrator_v1}.

modifier noSelfAdmin(bytes32 role, address who);

Parameters

Name
Type
Description

role

bytes32

The id number of the role.

who

address

The user we want to check on.

Public Functions

init

function init(
    IOrchestrator_v1 orchestrator_,
    Metadata memory metadata,
    bytes memory configData
) external override initializer;

checkForRole

Checks whether an address holds the required role to execute the current transaction.

The calling contract needs to generate the right role ID using its own address and the role identifier. In modules, this function should be used instead of hasRole, as there are Authorizer-specific checks that need to be performed.

function checkForRole(bytes32 role, address who)
    external
    view
    virtual
    returns (bool);

Parameters

Name
Type
Description

role

bytes32

The identifier of the role we want to check

who

address

The address on which to perform the check.

Returns

Name
Type
Description

<none>

bool

bool Returns if the address holds the role

generateRoleId

Helper function to generate a bytes32 role hash for a module role.

function generateRoleId(address module, bytes32 role)
    public
    pure
    returns (bytes32);

Parameters

Name
Type
Description

module

address

The address of the module to generate the hash for.

role

bytes32

The ID number of the role to generate the hash for.

Returns

Name
Type
Description

<none>

bytes32

bytes32 Returns the generated role hash.

grantRoleFromModule

Used by a Module to grant a role to a user.

function grantRoleFromModule(bytes32 role, address target)
    external
    onlyModule(_msgSender());

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to grant.

target

address

The address to which to grant the role.

grantRoleFromModuleBatched

Used by a Module to grant a role to a set of users.

function grantRoleFromModuleBatched(bytes32 role, address[] calldata targets)
    external
    onlyModule(_msgSender());

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to grant.

targets

address[]

The addresses to which to grant the role.

revokeRoleFromModule

Used by a Module to revoke a role from a user.

function revokeRoleFromModule(bytes32 role, address target)
    external
    onlyModule(_msgSender());

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to revoke.

target

address

The address to revoke the role from.

revokeRoleFromModuleBatched

Used by a Module to revoke a role from a set of users.

function revokeRoleFromModuleBatched(bytes32 role, address[] calldata targets)
    external
    onlyModule(_msgSender());

Parameters

Name
Type
Description

role

bytes32

The identifier of the role to revoke.

targets

address[]

The address to revoke the role from.

transferAdminRole

Transfer the admin rights to a given role.

function transferAdminRole(bytes32 roleId, bytes32 newAdmin)
    external
    onlyRole(getRoleAdmin(roleId));

Parameters

Name
Type
Description

roleId

bytes32

The role on which to peform the admin transfer.

newAdmin

bytes32

The new role to which to transfer admin access to.

burnAdminFromModuleRole

Irreversibly burns the admin of a given role.

The module itself can still grant and revoke it's own roles. This only burns third-party access to the role.

function burnAdminFromModuleRole(bytes32 role)
    external
    onlyModule(_msgSender());

Parameters

Name
Type
Description

role

bytes32

The role to remove admin access from.

grantGlobalRole

Grants a global role to a target.

Only the addresses with the Admin role should be able to call this function.

function grantGlobalRole(bytes32 role, address target)
    external
    onlyRole(DEFAULT_ADMIN_ROLE);

Parameters

Name
Type
Description

role

bytes32

The role to grant.

target

address

The address to grant the role to.

grantGlobalRoleBatched

Grants a global role to a set of targets.

Only the addresses with the Admin role should be able to call this function.

function grantGlobalRoleBatched(bytes32 role, address[] calldata targets)
    external
    onlyRole(DEFAULT_ADMIN_ROLE);

Parameters

Name
Type
Description

role

bytes32

The role to grant.

targets

address[]

The addresses to grant the role to.

revokeGlobalRole

Revokes a global role from a target.

Only the addresses with the Admin role should be able to call this function.

function revokeGlobalRole(bytes32 role, address target)
    external
    onlyRole(DEFAULT_ADMIN_ROLE);

Parameters

Name
Type
Description

role

bytes32

The role to grant.

target

address

The address to grant the role to.

revokeGlobalRoleBatched

Revokes a global role from a set of targets.

Only the addresses with the Admin role should be able to call this function.

function revokeGlobalRoleBatched(bytes32 role, address[] calldata targets)
    external
    onlyRole(DEFAULT_ADMIN_ROLE);

Parameters

Name
Type
Description

role

bytes32

The role to grant.

targets

address[]

The addresses to grant the role to.

getAdminRole

Returns the role ID of the admin role.

function getAdminRole() public pure returns (bytes32);

Returns

Name
Type
Description

<none>

bytes32

The role ID.

Internal Functions

__RoleAuthorizer_init

Initializes the role authorizer.

function __RoleAuthorizer_init(address initialAdmin)
    internal
    onlyInitializing;

Parameters

Name
Type
Description

initialAdmin

address

The initial admin of the role authorizer.

_revokeRole

Overrides _revokeRole to prevent having an empty ADMIN role.

function _revokeRole(bytes32 role, address who)
    internal
    virtual
    override
    notLastAdmin(role)
    returns (bool);

Parameters

Name
Type
Description

role

bytes32

The id number of the role.

who

address

The user we want to check on.

Returns

Name
Type
Description

<none>

bool

bool Returns if revoke has been succesful.

_grantRole

Overrides _grantRole to prevent having the {Orchestrator_v1} having the OWNER role.

function _grantRole(bytes32 role, address who)
    internal
    virtual
    override
    noSelfAdmin(role, who)
    returns (bool);

Parameters

Name
Type
Description

role

bytes32

The id of the role.

who

address

The user we want to check on.

Returns

Name
Type
Description

<none>

bool

bool Returns if grant has been succesful.

_msgSender

Needs to be overridden, because they are imported via the AccessControlEnumerableUpgradeable as well.

function _msgSender()
    internal
    view
    virtual
    override(ContextUpgradeable, ERC2771ContextUpgradeable)
    returns (address sender);

_msgData

Needs to be overridden, because they are imported via the AccessControlEnumerableUpgradeable as well.

function _msgData()
    internal
    view
    virtual
    override(ContextUpgradeable, ERC2771ContextUpgradeable)
    returns (bytes calldata);

_contextSuffixLength

function _contextSuffixLength()
    internal
    view
    virtual
    override(ContextUpgradeable, ERC2771ContextUpgradeable)
    returns (uint);

Last updated