Grant/Revoke Roles

In an Inverter Workflow we have the preliminary authorizer which manages the access of the users who are subject to the individual modules of this workflow.

Defining the workflow

import { Inverter, RequestedModules } from '@inverter-network/sdk'

const sdk = new Inverter({
    publicClient,
    walletClient
})

const { getDeploy } = sdk

// Should either be `as const` or be passed dirrectly in the `run` or `simulate` function args

const requestedModules = {
    fundingManager: 'FM_DepositVault_v1',
    paymentProcessor: 'PP_Simple_v1',
    authorizer: 'AUT_Roles_v1',
    optionalModules: [
        'LM_PC_Bounties_v1'
    ]
} as const satisfies RequestedModules

const workflow = await sdk.getWorkflow({
    orchestratorAddress: '0x8a1897E6Fa0236F68f86240C391D2a7bED3Cf85c',
    requestedModules
})

Fetch Role Hexes

To begin with the process we need the role hexes from the authorizer.

const adminRole = await workflow.authorizer.read.getAdminRole.run()

const verifierRole = await workflow.optionalModule.LM_PC_Bounties_v1.read.VERIFIER_ROLE.run()

Admin Role

Check Role

For checking the status of the role we need to use the role hex.

const hasAdminRole = await workflow.authorizer.read.hasRole.run([
    adminRole,
    walletClient.account.address,
])

Grant or Revoke Role

For admin roles we need to use the granteRole or revokeRole function from the authorizer.

For the granting or revoking we are using the non generated role.

const args = [
    adminRole,
    walletClient.account.address,
] as const

// Grant role
const txHash = await workflow.authorizer.write.grantRole.run(args)

// Revoke role
const txHash = await workflow.authorizer.write.revokeRole.run(args)

Module Role

For any role which is not a orchestrator admin role we need to generate a role id using the authorizer this generation is necessary to have a unique identifier since every workflow has different modules with different addresses.

Generate Role

Note that this is only to check the status of a module role.

const generatedVerifierRole = await workflow.authorizer.read.generateRoleId.run([
    workflow.optionalModule.LM_PC_Bounties_v1.address,
    verifierRole,
])

Check Role

For checking the status of the role we need to use the generated role.

const hasVerifierRole = await workflow.authorizer.read.hasRole.run([
    generatedVerifierRole,
    walletClient.account.address,
])

Grant or Revoke Role

For module roles we need to use the grantModuleRole or revokeModuleRole function from the module itself not the authorizer function.

For the granting or revoking we are using the non generated role.

const args = [
    verifierRole,
    walletClient.account.address,
] as const

// Grant role
const txHash = await workflow.optionalModule.LM_PC_Bounties_v1.write.grantModuleRole.run(args)

// Revoke role
const txHash = await workflow.optionalModule.LM_PC_Bounties_v1.write.revokeModuleRole.run(args)

PreviousGuides NextDeploy Restricted PIM Factory

Last updated 1 month ago