Skip to content

TMP: Access control #1

Open
Open
TMP: Access control#1
@Evert0x

Description

@Evert0x
Evert0x
opened on Jan 8, 2021

TMP-1: Access control

tmp: 1
title: Access control module
author: Evert Kors (@Evert0x)
discussions-to: #1
status: Draft
type: Module
created: 2021/01/08
requires (*optional):
replaces (*optional):

Simple Summary

Enable role-based access control mechanisms.

Inspiration: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/AccessControl.sol

Interface: https://docs.openzeppelin.com/contracts/3.x/api/access#AccessControl

Abstract

The following standard allows the implementation of a standard interface for roles basd access to methods in the pool.

Motivation

Role based access is a common request when creating a pool.

Specification

Interface

interface IAccessControl {
    event RoleAdminChanged(
        bytes32 indexed role,
        bytes32 indexed previousAdminRole,
        bytes32 indexed newAdminRole
    );

    event RoleGranted(
        bytes32 indexed role,
        address indexed account,
        address indexed sender
    );

    event RoleRevoked(
        bytes32 indexed role,
        address indexed account,
        address indexed sender
    );

    function hasRole(bytes32 role, address account)
        external
        view
        returns (bool);

    function getRoleMemberCount(bytes32 role) external view returns (uint256);

    function getRoleMember(bytes32 role, uint256 index)
        external
        view
        returns (address);

    function getRoleAdmin(bytes32 role) external view returns (bytes32);

    function grantRole(bytes32 role, address account) external;

    function revokeRole(bytes32 role, address account) external;

    function renounceRole(bytes32 role, address account) external;
}
Internal Interface (`contracts/AccessControlView.sol`) 
    function _hasRole(bytes32 role, address account)
        internal
        virtual
        view
        returns (bool);

    function _setupRole(bytes32 role, address account) internal virtual;

    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual;

    function _grantRole(bytes32 role, address account) internal virtual;

    function _revokeRole(bytes32 role, address account) internal virtual;

Storage

    bytes32 constant ACCESS_STORAGE_POSITION = keccak256(
        "diamond.standard.access.storage"
    );

    struct RoleStorage {
        mapping(bytes32 => RoleData) roles;
    }

    struct RoleData {
        EnumerableSet.AddressSet members;
        bytes32 adminRole;
    }

Rationale

Backwards Compatibility

Reference Implementation

https://github.com/Evert0x/AccessControl
https://github.com/Evert0x/AccessControlMock

Security Considerations

Copyright

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions