π§Access
AccessControl
Inherits: IAccessControl
Authors: cosimo.demedici.eth (https://github.com/ninfa-labs/ninfa-contracts), modified from OpenZeppelin Contracts v5.1.0 (access/AccessControl)
*Contract module that allows children to implement role-based access control mechanisms. This is a lightweight version that doesn't allow enumerating role members except through off-chain means by accessing the contract event logs. Roles are referred to by their bytes32 identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using public constant hash digests:
bytes32 public constant MY_ROLE = keccak256("MY_ROLE");Roles can be used to represent a set of permissions. To restrict access to a function call, use hasRole:
function foo() public {
require(hasRole(MY_ROLE, msg.sender));
...
}Roles can be granted and revoked dynamically via the {grantRole} and {revokeRole} functions. Each role has an associated admin role, and only accounts that have a role's admin role can call {grantRole} and {revokeRole}. By default, the admin role for all roles is DEFAULT_ADMIN_ROLE, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using {_setRoleAdmin}. WARNING: The DEFAULT_ADMIN_ROLE is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it.*
State Variables
_roles
mapping(bytes32 role => RoleData) private _roles;DEFAULT_ADMIN_ROLE
Functions
onlyRole
Modifier that checks that an account has a specific role. Reverts with a {AccessControlUnauthorizedAccount} error including the required role.
hasRole
Returns true if account has been granted role.
getRoleAdmin
Returns the admin role that controls role. See {grantRole} and {revokeRole}. To change a role's admin, use {AccessControl-_setRoleAdmin}.
grantRole
*Grants role to account. If account had not been already granted role, emits a {RoleGranted} event. Requirements:
the caller must have
role's admin role.*
revokeRole
*Revokes role from account. If account had been granted role, emits a {RoleRevoked} event. Requirements:
the caller must have
role's admin role.*
renounceRole
*Revokes role from the calling account. Roles are often managed via {grantRole} and {revokeRole}: this function's purpose is to provide a mechanism for accounts to lose their privileges if they are compromised (such as when a trusted device is misplaced). If the calling account had been granted role, emits a {RoleRevoked} event. Requirements:
the caller must be
callerConfirmation.*
_setRoleAdmin
Sets adminRole as role's admin role. Emits a {RoleAdminChanged} event.
_grantRole
Grants role to account. Internal function without access restriction.
Inheriting contracts should call this function to set _DEFAULT_ADMIN_ROLE (in the constructor) or any other custom roles.
_revokeRole
Revokes role from account. Private function without access restriction.
Structs
RoleData
Owned
Authors: cosimo.demedici.eth (https://github.com/ninfa-labs/ninfa-contracts), Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/auth/Owned.sol)
Simple single owner authorization mixin.
Returns true if account has been granted role.
constructor was removed from original implementation, because contracts that need to be deployed from factory, or any upgradeable contract, should not have a constructor and therefore owner should be set in the initializer, this is done atomically when deploying a clone from a factory.
State Variables
owner
Functions
onlyOwner
transferOwnership
Events
OwnershipTransferred
Last updated