AUT_Roles_v1.sol
Inherits: IAuthorizer_v1, AccessControlEnumerableUpgradeable, Module_v1
Author: Inverter Network
Provides a robust access control mechanism for managing roles and permissions across different modules within the Inverter Network, ensuring secure and controlled access to critical functionalities.
Extends {AccessControlEnumerableUpgradeable} and integrates with {Module_v1} to offer fine-grained access control through role-based permissions. Utilizes ERC2771 for meta-transactions to enhance module interaction experiences.
State Variables
BURN_ADMIN_ROLE
The role that is used as a placeholder for a burned admin role.
bytes32 public constant BURN_ADMIN_ROLE =
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;
__gap
Storage gap for future upgrades.
uint[50] private __gap;
Functions
supportsInterface
See {IERC165-supportsInterface}.
function supportsInterface(bytes4 interfaceId)
public
view
virtual
override(Module_v1, AccessControlEnumerableUpgradeable)
returns (bool);
onlyModule
Verifies that the caller is an active module.
modifier onlyModule(address module);
Parameters
module
address
The address of the module.
notLastAdmin
Verifies that the admin being removed is not the last one.
modifier notLastAdmin(bytes32 role);
Parameters
role
bytes32
The id number of the role.
noSelfAdmin
Verifies that the admin being added is not the {Orchestrator_v1}.
modifier noSelfAdmin(bytes32 role, address who);
Parameters
role
bytes32
The id number of the role.
who
address
The user we want to check on.
Public Functions
init
function init(
IOrchestrator_v1 orchestrator_,
Metadata memory metadata,
bytes memory configData
) external override initializer;
checkForRole
Checks whether an address holds the required role to execute the current transaction.
The calling contract needs to generate the right role ID using its own address and the role identifier. In modules, this function should be used instead of hasRole
, as there are Authorizer-specific checks that need to be performed.
function checkForRole(bytes32 role, address who)
external
view
virtual
returns (bool);
Parameters
role
bytes32
The identifier of the role we want to check
who
address
The address on which to perform the check.
Returns
<none>
bool
bool Returns if the address holds the role
generateRoleId
Helper function to generate a bytes32 role hash for a module role.
function generateRoleId(address module, bytes32 role)
public
pure
returns (bytes32);
Parameters
module
address
The address of the module to generate the hash for.
role
bytes32
The ID number of the role to generate the hash for.
Returns
<none>
bytes32
bytes32 Returns the generated role hash.
grantRoleFromModule
Used by a Module to grant a role to a user.
function grantRoleFromModule(bytes32 role, address target)
external
onlyModule(_msgSender());
Parameters
role
bytes32
The identifier of the role to grant.
target
address
The address to which to grant the role.
grantRoleFromModuleBatched
Used by a Module to grant a role to a set of users.
function grantRoleFromModuleBatched(bytes32 role, address[] calldata targets)
external
onlyModule(_msgSender());
Parameters
role
bytes32
The identifier of the role to grant.
targets
address[]
The addresses to which to grant the role.
revokeRoleFromModule
Used by a Module to revoke a role from a user.
function revokeRoleFromModule(bytes32 role, address target)
external
onlyModule(_msgSender());
Parameters
role
bytes32
The identifier of the role to revoke.
target
address
The address to revoke the role from.
revokeRoleFromModuleBatched
Used by a Module to revoke a role from a set of users.
function revokeRoleFromModuleBatched(bytes32 role, address[] calldata targets)
external
onlyModule(_msgSender());
Parameters
role
bytes32
The identifier of the role to revoke.
targets
address[]
The address to revoke the role from.
transferAdminRole
Transfer the admin rights to a given role.
function transferAdminRole(bytes32 roleId, bytes32 newAdmin)
external
onlyRole(getRoleAdmin(roleId));
Parameters
roleId
bytes32
The role on which to peform the admin transfer.
newAdmin
bytes32
The new role to which to transfer admin access to.
burnAdminFromModuleRole
Irreversibly burns the admin of a given role.
The module itself can still grant and revoke it's own roles. This only burns third-party access to the role.
function burnAdminFromModuleRole(bytes32 role)
external
onlyModule(_msgSender());
Parameters
role
bytes32
The role to remove admin access from.
grantGlobalRole
Grants a global role to a target.
Only the addresses with the Admin role should be able to call this function.
function grantGlobalRole(bytes32 role, address target)
external
onlyRole(DEFAULT_ADMIN_ROLE);
Parameters
role
bytes32
The role to grant.
target
address
The address to grant the role to.
grantGlobalRoleBatched
Grants a global role to a set of targets.
Only the addresses with the Admin role should be able to call this function.
function grantGlobalRoleBatched(bytes32 role, address[] calldata targets)
external
onlyRole(DEFAULT_ADMIN_ROLE);
Parameters
role
bytes32
The role to grant.
targets
address[]
The addresses to grant the role to.
revokeGlobalRole
Revokes a global role from a target.
Only the addresses with the Admin role should be able to call this function.
function revokeGlobalRole(bytes32 role, address target)
external
onlyRole(DEFAULT_ADMIN_ROLE);
Parameters
role
bytes32
The role to grant.
target
address
The address to grant the role to.
revokeGlobalRoleBatched
Revokes a global role from a set of targets.
Only the addresses with the Admin role should be able to call this function.
function revokeGlobalRoleBatched(bytes32 role, address[] calldata targets)
external
onlyRole(DEFAULT_ADMIN_ROLE);
Parameters
role
bytes32
The role to grant.
targets
address[]
The addresses to grant the role to.
getAdminRole
Returns the role ID of the admin role.
function getAdminRole() public pure returns (bytes32);
Returns
<none>
bytes32
The role ID.
Internal Functions
__RoleAuthorizer_init
Initializes the role authorizer.
function __RoleAuthorizer_init(address initialAdmin)
internal
onlyInitializing;
Parameters
initialAdmin
address
The initial admin of the role authorizer.
_revokeRole
Overrides _revokeRole to prevent having an empty ADMIN
role.
function _revokeRole(bytes32 role, address who)
internal
virtual
override
notLastAdmin(role)
returns (bool);
Parameters
role
bytes32
The id number of the role.
who
address
The user we want to check on.
Returns
<none>
bool
bool Returns if revoke has been succesful.
_grantRole
Overrides _grantRole to prevent having the {Orchestrator_v1} having the OWNER
role.
function _grantRole(bytes32 role, address who)
internal
virtual
override
noSelfAdmin(role, who)
returns (bool);
Parameters
role
bytes32
The id of the role.
who
address
The user we want to check on.
Returns
<none>
bool
bool Returns if grant has been succesful.
_msgSender
Needs to be overridden, because they are imported via the AccessControlEnumerableUpgradeable as well.
function _msgSender()
internal
view
virtual
override(ContextUpgradeable, ERC2771ContextUpgradeable)
returns (address sender);
_msgData
Needs to be overridden, because they are imported via the AccessControlEnumerableUpgradeable as well.
function _msgData()
internal
view
virtual
override(ContextUpgradeable, ERC2771ContextUpgradeable)
returns (bytes calldata);
_contextSuffixLength
function _contextSuffixLength()
internal
view
virtual
override(ContextUpgradeable, ERC2771ContextUpgradeable)
returns (uint);
Last updated