Skip to content

Revamped Access Control #2112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Mar 16, 2020
Merged

Revamped Access Control #2112

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
b301381
Remove Roles
nventuro Mar 6, 2020
9f6b348
Add AccessControl and tests
nventuro Mar 6, 2020
7947ad3
Removed IAccessControl
nventuro Mar 6, 2020
f24302d
Add RoleGranted and RoleRevoked events
nventuro Mar 6, 2020
26052a5
Make roles grantable and revokable regardless of their previous status
nventuro Mar 6, 2020
2a89784
Fix typo
nventuro Mar 6, 2020
6754f63
Add documentation
nventuro Mar 6, 2020
4732b68
Cleanup tests
nventuro Mar 6, 2020
c4ddbdd
Add enumeration tests
nventuro Mar 6, 2020
7fb1b43
Add _setRoleAdmin tests
nventuro Mar 6, 2020
e5b1cc3
Fix lint error
nventuro Mar 9, 2020
4bc4249
Fix AccessControl link in docs
nventuro Mar 10, 2020
bc5c929
WIP on access control guide
nventuro Mar 10, 2020
f8ab7d7
Rename getRoleMembersCount
nventuro Mar 10, 2020
6e92c96
Add tests for new role admin
nventuro Mar 10, 2020
ac965e7
Make AccessControl GSN compatible
nventuro Mar 11, 2020
0b97267
Update access control guide
nventuro Mar 11, 2020
d14c628
Rename admin to adminRole
nventuro Mar 11, 2020
8758632
Rename roleIds to roles
nventuro Mar 11, 2020
eea1903
Add 'operator' to RoleGranted and RoleRevoked events.
nventuro Mar 11, 2020
37d4adf
Only emit events if the roles were not previously granted/revoked
nventuro Mar 11, 2020
71f8da2
Uncomment expectEvent.not tests
nventuro Mar 12, 2020
d6bad63
Rename operator to sender
nventuro Mar 13, 2020
58fd0be
Add changelog entry
nventuro Mar 16, 2020
9c54ba4
Merge branch 'master' into access-control
nventuro Mar 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions contracts/access/AccessControl.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,23 +159,24 @@ abstract contract AccessControl is Context {
/**
* @dev Grants `role` to `account`.
*
* Emits a {RoleGranted} event.
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*/
function _grantRole(bytes32 role, address account) internal virtual {
_roles[role].members.add(account);

emit RoleGranted(role, account, msg.sender);
if (_roles[role].members.add(account)) {
emit RoleGranted(role, account, msg.sender);
}
}

/**
* @dev Revokes `role` from `account`.
*
* Emits a {RoleRevoked} event.
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual {
_roles[role].members.remove(account);

emit RoleRevoked(role, account, msg.sender);
if (_roles[role].members.remove(account)) {
emit RoleRevoked(role, account, msg.sender);
}
}

/**
Expand Down
11 changes: 6 additions & 5 deletions test/access/AccessControl.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ describe('AccessControl', function () {
it('accounts can be granted a role multiple times', async function () {
await this.accessControl.grantRole(ROLE, authorized, { from: admin });
const receipt = await this.accessControl.grantRole(ROLE, authorized, { from: admin });
expectEvent(receipt, 'RoleGranted', { account: authorized, role: ROLE, operator: admin });
//await expectEvent.not.inTransaction(receipt.tx, AccessControlMock, 'RoleGranted');
});
});

Expand All @@ -58,7 +58,7 @@ describe('AccessControl', function () {
expect(await this.accessControl.hasRole(ROLE, authorized)).to.equal(false);

const receipt = await this.accessControl.revokeRole(ROLE, authorized, { from: admin });
expectEvent(receipt, 'RoleRevoked', { account: authorized, role: ROLE, operator: admin });
//await expectEvent.not.inTransaction(receipt.tx, AccessControlMock, 'RoleRevoked');
});

context('with granted role', function () {
Expand All @@ -84,15 +84,15 @@ describe('AccessControl', function () {
await this.accessControl.revokeRole(ROLE, authorized, { from: admin });

const receipt = await this.accessControl.revokeRole(ROLE, authorized, { from: admin });
expectEvent(receipt, 'RoleRevoked', { account: authorized, role: ROLE, operator: admin });
//await expectEvent.not.inTransaction(receipt.tx, AccessControlMock, 'RoleRevoked');
});
});
});

describe('renouncing', function () {
it('roles that are not had can be renounced', async function () {
const receipt = await this.accessControl.renounceRole(ROLE, authorized, { from: authorized });
expectEvent(receipt, 'RoleRevoked', { account: authorized, role: ROLE, operator: authorized });
//await expectEvent.not.inTransaction(receipt.tx, AccessControlMock, 'RoleRevoked');
});

context('with granted role', function () {
Expand All @@ -118,7 +118,7 @@ describe('AccessControl', function () {
await this.accessControl.renounceRole(ROLE, authorized, { from: authorized });

const receipt = await this.accessControl.renounceRole(ROLE, authorized, { from: authorized });
expectEvent(receipt, 'RoleRevoked', { account: authorized, role: ROLE, operator: authorized });
//await expectEvent.not.inTransaction(receipt.tx, AccessControlMock, 'RoleRevoked');
});
});
});
Expand Down Expand Up @@ -156,6 +156,7 @@ describe('AccessControl', function () {
});

it('the new admin can revoke roles', async function () {
await this.accessControl.grantRole(ROLE, authorized, { from: otherAdmin });
const receipt = await this.accessControl.revokeRole(ROLE, authorized, { from: otherAdmin });
expectEvent(receipt, 'RoleRevoked', { account: authorized, role: ROLE, operator: otherAdmin });
});
Expand Down