Solidity API
SpanningAccessControl
_Contract module that allows children to implement role-based access control mechanisms. This is a lightweight version that doesn't allow enumerating role members except through off-chain means by accessing the contract event logs. Some applications may benefit from on-chain enumerability, for those cases see {AccessControlEnumerable}.
Roles are referred to by their bytes32 identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using public constant hash digests:
bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
Roles can be used to represent a set of permissions. To restrict access to a function call, use {hasRole}:
function foo() public {
require(hasRole(MY_ROLE, msg.sender));
...
}
Roles can be granted and revoked dynamically via the {grantRole} and {revokeRole} functions. Each role has an associated admin role, and only accounts that have a role's admin role can call {grantRole} and {revokeRole}.
By default, the admin role for all roles is DEFAULT_ADMIN_ROLE, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using {_setRoleAdmin}.
WARNING: The DEFAULT_ADMIN_ROLE is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it._
RoleData
struct RoleData {
mapping(bytes32 => bool) members;
bytes32 adminRole;
}
_roles
mapping(bytes32 => struct SpanningAccessControl.RoleData) _roles
DEFAULT_ADMIN_ROLE
bytes32 DEFAULT_ADMIN_ROLE
onlyRole
modifier onlyRole(bytes32 role)
_Modifier that checks that an account has a specific role. Reverts with a standardized message including the required role.
The format of the revert reason is given by the following regular expression:
/^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/_
supportsInterface
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool)
See {IERC165-supportsInterface}.
hasRole
function hasRole(bytes32 role, bytes32 account) public view virtual returns (bool)
Returns true if account has been granted role.
_checkRole
function _checkRole(bytes32 role) internal view virtual
_Revert with a standard message if _msgSender() is missing role. Overriding this function changes the behavior of the {onlyRole} modifier.
Format of the revert message is described in {checkRole}.
_checkRole
function _checkRole(bytes32 role, bytes32 account) internal view virtual
_Revert with a standard message if account is missing role.
The format of the revert reason is given by the following regular expression:
/^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/_
getRoleAdmin
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32)
_Returns the admin role that controls role. See {grantRole} and {revokeRole}.
To change a role's admin, use {setRoleAdmin}.
grantRole
function grantRole(bytes32 role, bytes32 account) public virtual
_Grants role to account.
If account had not been already granted role, emits a {RoleGranted} event.
Requirements:
- the caller must have
role's admin role._
revokeRole
function revokeRole(bytes32 role, bytes32 account) public virtual
_Revokes role from account.
If account had been granted role, emits a {RoleRevoked} event.
Requirements:
- the caller must have
role's admin role._
renounceRole
function renounceRole(bytes32 role, bytes32 account) public virtual
_Revokes role from the calling account.
Roles are often managed via {grantRole} and {revokeRole}: this function's purpose is to provide a mechanism for accounts to lose their privileges if they are compromised (such as when a trusted device is misplaced).
If the calling account had been revoked role, emits a {RoleRevoked} event.
Requirements:
- the caller must be
account._
_setRoleAdmin
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual
_Sets adminRole as role's admin role.
Emits a {RoleAdminChanged} event._
_grantRole
function _grantRole(bytes32 role, bytes32 account) internal virtual
_Grants role to account.
Internal function without access restriction._
_revokeRole
function _revokeRole(bytes32 role, bytes32 account) internal virtual
_Revokes role from account.
Internal function without access restriction._