DefaultAccessControl
Overview
DefaultAccessControl contract provides a flexible role-based access control mechanism. It leverages the OpenZeppelin AccessControlEnumerable. The contract defines three roles —OPERATOR, ADMIN_ROLE, and ADMIN_DELEGATE_ROLE — each with specific permissions to control various aspects of the system.
Key Features
Role Hierarchy: Establishes a clear hierarchy of permissions through three primary roles:
Admin Role: Has the highest privileges.
Admin Delegate Role: Can manage operators.
Operator Role: Executes regular tasks but with limited authority.
Access Verification: Provides methods to verify if a user meets certain permission requirements.
Roles
OPERATOR: A hashed identifier for the operator role.ADMIN_ROLE: A hashed identifier for the admin role.ADMIN_DELEGATE_ROLE: A hashed identifier for the admin delegate role.
Constructor
constructor(address): Initializes the contract with an admin address.admin: Address of the initial admin.
Errors:
AddressZero: Raised if the admin address is zero.
Core Methods
Role Verification
isAdmin(address): Checks if the sender has an admin or admin delegate role.sender: Address to verify.
Returns:
trueif the sender is an admin or delegate,falseotherwise.
isOperator(address): Checks if the sender has an operator role.sender: Address to verify.
Returns:
trueif the sender is an operator,falseotherwise.
Access Enforcement
requireAdmin(address): Requires the sender to be an admin or delegate.sender: Address of the user.
Errors:
Forbidden: Raised if the sender does not have the required role.
requireAtLeastOperator(address): Requires the sender to be at least an operator or higher.sender: Address of the user.
Errors:
Forbidden: Raised if the sender does not have the required role.
Internal Methods
_requireAdmin(address): Internal method for admin verification._requireAtLeastOperator(address): Internal method for operator or higher verification.