Access

This document is better viewed at https://docs.openzeppelin.com/community-contracts/proxy

This directory contains utility contracts to restrict access control in smart contracts. These include:

  • AccessManagerLight: A simpler version of an AccessManager that uses bytes8 roles to allow function calls identified by their 4-bytes selector.

AccessManager

AccessManagerLight 

import "@openzeppelin/contracts/access/manager/AccessManagerLight.sol";

Light version of an AccessManager contract that defines bytes8 roles that are stored as requirements (see getRequirements) for each function.

Each requirement is a bitmask of roles that are allowed to call a function identified by its bytes4 selector. Users have their permissioned stored as a bitmask of roles they belong to.

The admin role is a special role that has access to all functions and can manage the roles of other users.

Modifiers

  • onlyRole(requirement)

Functions

  • constructor(admin)

  • canCall(caller, target, selector)

  • getGroups(user)

  • getGroupAdmins(group)

  • getRequirements(target, selector)

  • addGroup(user, group)

  • remGroup(user, group)

  • _addGroup(user, group)

  • _remGroup(user, group)

  • setGroupAdmins(group, admins)

  • _setGroupAdmins(group, admins)

  • setRequirements(target, selectors, groups)

  • _setRequirements(target, selector, groups)

  • ADMIN_ROLE()

  • PUBLIC_ROLE()

  • ADMIN_MASK()

  • PUBLIC_MASK()

Events

  • GroupAdded(user, group)

  • GroupRemoved(user, group)

  • GroupAdmins(group, admins)

  • RequirementsSet(target, selector, groups)

Errors

  • MissingPermissions(user, permissions, requirement)

onlyRole(Masks.Mask requirement) modifier

Throws if the specified requirement is not met by the caller’s permissions (see getGroups).

constructor(address admin) public

Initializes the contract with the admin as the first member of the admin group.

canCall(address caller, address target, bytes4 selector) → bool public

Returns whether the caller has the required permissions to call the target with the selector.

getGroups(address user) → Masks.Mask public

Returns the groups that the user belongs to.

getGroupAdmins(uint8 group) → Masks.Mask public

Returns the admins of the group.

getRequirements(address target, bytes4 selector) → Masks.Mask public

Returns the requirements for the target and selector.

addGroup(address user, uint8 group) public

Adds the user to the group. Emits GroupAdded event.

remGroup(address user, uint8 group) public

Removes the user from the group. Emits GroupRemoved event.

_addGroup(address user, uint8 group) internal

Internal version of addGroup without access control.

_remGroup(address user, uint8 group) internal

Internal version of remGroup without access control.

setGroupAdmins(uint8 group, uint8[] admins) public

Sets the admins of the group. Emits GroupAdmins event.

_setGroupAdmins(uint8 group, Masks.Mask admins) internal

Internal version of _setGroupAdmins without access control.

setRequirements(address target, bytes4[] selectors, uint8[] groups) public

Sets the groups requirements for the selectors of the target.

_setRequirements(address target, bytes4 selector, Masks.Mask groups) internal

Internal version of _setRequirements without access control.

ADMIN_ROLE() → uint8 public

PUBLIC_ROLE() → uint8 public

ADMIN_MASK() → Masks.Mask public

PUBLIC_MASK() → Masks.Mask public

GroupAdded(address indexed user, uint8 indexed group) event

GroupRemoved(address indexed user, uint8 indexed group) event

GroupAdmins(uint8 indexed group, Masks.Mask admins) event

RequirementsSet(address indexed target, bytes4 indexed selector, Masks.Mask groups) event

MissingPermissions(address user, Masks.Mask permissions, Masks.Mask requirement) error

← Utilities
Proxy →