Skip to content

Role Authorizer

Jump to bottom
Rahul Saxena edited this page Aug 14, 2023 · 3 revisions

File: RoleAuthorizer.sol

Things to know

  1. Core roles for a orchestrator are OWNER and MANAGER.
  2. They correspond to uint8(0) and uint(1) respectively.
  3. Orchestrator owner can register more global roles using numbers after uint(1). They'll need to go through the DEFAULT_ADMIN_ROLE for this.

Modifiers

1. onlyModule 

modifier onlyModule(address module)

Verifies that the caller is an active module

2. onlySelfManaged 

modifier onlySelfManaged()

Verifies that the calling module has turned on self-management

3. notLastOwner 

modifier notLastOwner(bytes32 role)

Verifies that the owner being removed is not the last one.

View Functions

1. isAuthorized 

function isAuthorized(uint8 role, address who)
        external
        view
        returns (bool);

Overloads {isAuthorized} for a Module to ask whether an address holds the required role to execute the current transaction. If the role is not self-managed, it will default to the orchestrator roles. If not, it will use the calling address to generate the role ID. Therefore, for checking on anything other than itself, hasRole() should be used.

Parameters

  1. uint8 role: The identifier of the role we want to check
  2. address who: The address on which to perform the check

Return Data

  1. bool: Is the address who authorized for the role role.

Write Functions

1. init 

function init(
        IOrchestrator orchestrator_,
        Metadata memory metadata,
        bytes memory configData
    ) external override initializer

A function that helps initialize a module.

Parameters

  1. IOrchestrator orchestrator_: {IOrchestrator} instance of the orchestrator that uses this role authorizer.
  2. Metadata metadata: Metadata about the RoleAuthorizer module
  3. bytes configData: Custom data that is useful for the initialization of this module.

2. generateRoleId 

function generateRoleId(address module, uint8 role)
        external
        returns (bytes32);

Helper function to generate a bytes32 role hash for a module role.

Parameters

  1. address module: The address of the module to generate hash for
  2. uint8 role: The ID number of the role to generate hash for

Return Data

  1. bytes32: The ID for the new role in the form of bytes32.

3. toggleModuleSelfManagement 

function toggleModuleSelfManagement() external;

Toggles if a Module self-manages its roles or defaults to the orchestrator's roles.

4. grantRoleFromModule 

function grantRoleFromModule(uint8 role, address target) external;

Used by a Module to grant a role to a user.

Parameters

  1. uint8 role: The identifier of the role to grant
  2. address target: The address to which to grant the role

5. revokeRoleFromModule 

function revokeRoleFromModule(uint8 role, address target) external;

Used by a Module to revoke a role from a user.

Parameters

  1. uint8 role: The identifier of the role to revoke
  2. address target: The address to revoke the role from.

6. transferAdminRole 

function transferAdminRole(bytes32 roleId, bytes32 newAdmin) external;

Transfer the admin rights to a given role.

Parameters

  1. bytes32 roleId: The role on which to peform the admin transfer
  2. bytes32 newAdmin: The new role to which to transfer admin access to

7. burnAdminRole 

function burnAdminRole(uint8 role) external;

Irreversibly burns the admin of a given role. The module itself can still grant and revoke it's own roles. This only burns third-party access to the role.

Parameters

  1. uint8 role: The role to remove admin access from

Home

Factories

Orchestrators

Modules

Clone this wiki locally