Module 0x24e01fa503119e76bf9eea69eec59884fc3da82f5ea23bf5f20f8ce358a4606::acl_manage

@title ACLManager @author Aave @notice Access Control List Manager. Main registry of system roles and permissions.

Roles are referred to by their vector<u8> identifier. These should be exposed in the external API and be unique. The best way to achieve this is by using const hash digests:

const MY_ROLE = b"MY_ROLE";

Roles can be used to represent a set of permissions. To restrict access to a function call, use {has_role}:

public fun foo() {
assert!(has_role(MY_ROLE, error_code::ENOT_MANAGEMENT));
...
}

Roles can be granted and revoked dynamically via the {grant_role} and {revoke_role} functions. Each role has an associated admin role, and only accounts that have a role's admin role can call {grant_role} and {revoke_role}.

By default, the admin role for all roles is DEFAULT_ADMIN_ROLE, which means that only accounts with this role will be able to grant or revoke other roles. More complex role relationships can be created by using {set_role_admin}.

WARNING: The DEFAULT_ADMIN_ROLE is also its own admin: it has permission to grant and revoke this role. Extra precautions should be taken to secure accounts that have been granted it.

use 0x1::acl;
use 0x1::event;
use 0x1::object;
use 0x1::signer;
use 0x1::smart_table;
use 0x1::string;
use 0xa888dd108ea636a234c973b8b72b9cadf0c7ae94d6f355c64dde9fdc275724ee::error_config;

Struct RoleAdminChanged

#[event]
struct RoleAdminChanged has drop, store

Struct RoleGranted

#[event]
struct RoleGranted has drop, store

Struct RoleRevoked

#[event]
struct RoleRevoked has drop, store

Struct RoleData

@dev Main structure for storing role data including members and admin role

struct RoleData has store

Resource Roles

@dev Root structure holding ACL data for the module

struct Roles has key

Constants

const ADMIN_CONTROLLED_ECOSYSTEM_RESERVE_FUNDS_ADMIN_ROLE: vector<u8> = [65, 68, 77, 73, 78, 95, 67, 79, 78, 84, 82, 79, 76, 76, 69, 68, 95, 69, 67, 79, 83, 89, 83, 84, 69, 77, 95, 82, 69, 83, 69, 82, 86, 69, 95, 70, 85, 78, 68, 83, 95, 65, 68, 77, 73, 78];


const ASSET_LISTING_ADMIN_ROLE: vector<u8> = [65, 83, 83, 69, 84, 95, 76, 73, 83, 84, 73, 78, 71, 95, 65, 68, 77, 73, 78];


const DEFAULT_ADMIN_ROLE: vector<u8> = [68, 69, 70, 65, 85, 76, 84, 95, 65, 68, 77, 73, 78];


const EMERGENCY_ADMIN_ROLE: vector<u8> = [69, 77, 69, 82, 71, 69, 78, 67, 89, 95, 65, 68, 77, 73, 78];


const EMISSION_ADMIN_ROLE: vector<u8> = [69, 77, 73, 83, 83, 73, 79, 78, 95, 65, 68, 77, 73, 78];


const FLASH_BORROWER_ROLE: vector<u8> = [70, 76, 65, 83, 72, 95, 66, 79, 82, 82, 79, 87, 69, 82];


const FUNDS_ADMIN_ROLE: vector<u8> = [70, 85, 78, 68, 83, 95, 65, 68, 77, 73, 78];


const POOL_ADMIN_ROLE: vector<u8> = [80, 79, 79, 76, 95, 65, 68, 77, 73, 78];


const REWARDS_CONTROLLER_ADMIN_ROLE: vector<u8> = [82, 69, 87, 65, 82, 68, 83, 95, 67, 79, 78, 84, 82, 79, 76, 76, 69, 82, 95, 65, 68, 77, 73, 78];


const RISK_ADMIN_ROLE: vector<u8> = [82, 73, 83, 75, 95, 65, 68, 77, 73, 78];

Function default_admin_role

@notice Returns the default admin role string @return Default admin role as a String

#[view]
public fun default_admin_role(): string::String

Function get_role_admin

@notice Returns the admin role that controls role @param role The role to check the admin for @return Admin role string for the specified role

#[view]
public fun get_role_admin(role: string::String): string::String

Function has_role

@notice Checks if user has been granted role @param role The role identifier @param user The account to check @return Boolean indicating if the user has the role

#[view]
public fun has_role(role: string::String, user: address): bool

Function is_default_admin

@notice Checks if the address is the default admin (i.e., a super-admin) @param admin Address to check @return Boolean indicating if the address is the default admin

#[view]
public fun is_default_admin(admin: address): bool

Function is_pool_admin

@notice Checks if the address is a pool admin @param admin Address to check @return Boolean indicating if the address is a pool admin

#[view]
public fun is_pool_admin(admin: address): bool

Function is_emergency_admin

@notice Checks if the address is an emergency admin @param admin Address to check @return Boolean indicating if the address is an emergency admin

#[view]
public fun is_emergency_admin(admin: address): bool

Function is_risk_admin

@notice Checks if the address is a risk admin @param admin Address to check @return Boolean indicating if the address is a risk admin

#[view]
public fun is_risk_admin(admin: address): bool

Function is_flash_borrower

@notice Checks if the address is a flash borrower @param borrower Address to check @return Boolean indicating if the address is a flash borrower

#[view]
public fun is_flash_borrower(borrower: address): bool

Function is_asset_listing_admin

@notice Checks if the address is an asset listing admin @param admin Address to check @return Boolean indicating if the address is an asset listing admin

#[view]
public fun is_asset_listing_admin(admin: address): bool

Function is_funds_admin

@notice Checks if the address is a funds admin @param admin Address to check @return Boolean indicating if the address is a funds admin

#[view]
public fun is_funds_admin(admin: address): bool

Function is_emission_admin

@notice Checks if the address is an emission admin @param admin Address to check @return Boolean indicating if the address is an emission admin

#[view]
public fun is_emission_admin(admin: address): bool

Function is_admin_controlled_ecosystem_reserve_funds_admin

@notice Checks if the address is an admin controlled ecosystem reserve funds admin @param admin Address to check @return Boolean indicating if the address is an admin controlled ecosystem reserve funds admin

#[view]
public fun is_admin_controlled_ecosystem_reserve_funds_admin(admin: address): bool

Function is_rewards_controller_admin

@notice Checks if the address is a rewards controller admin @param admin Address to check @return Boolean indicating if the address is a rewards controller admin

#[view]
public fun is_rewards_controller_admin(admin: address): bool

Function get_pool_admin_role

@notice Returns the pool admin role string @return Pool admin role as a String

#[view]
public fun get_pool_admin_role(): string::String

Function get_emergency_admin_role

@notice Returns the emergency admin role string @return Emergency admin role as a String

#[view]
public fun get_emergency_admin_role(): string::String

Function get_risk_admin_role

@notice Returns the risk admin role string @return Risk admin role as a String

#[view]
public fun get_risk_admin_role(): string::String

Function get_flash_borrower_role

@notice Returns the flash borrower role string @return Flash borrower role as a String

#[view]
public fun get_flash_borrower_role(): string::String

Function get_asset_listing_admin_role

@notice Returns the asset listing admin role string @return Asset listing admin role as a String

#[view]
public fun get_asset_listing_admin_role(): string::String

Function get_funds_admin_role

@notice Returns the funds admin role string @return Funds admin role as a String

#[view]
public fun get_funds_admin_role(): string::String

Function get_emission_admin_role

@notice Returns the emission admin role string @return Emission admin role as a String

#[view]
public fun get_emission_admin_role(): string::String

Function get_admin_controlled_ecosystem_reserve_funds_admin_role

@notice Returns the admin controlled ecosystem reserve funds admin role string @return Admin controlled ecosystem reserve funds admin role as a String

#[view]
public fun get_admin_controlled_ecosystem_reserve_funds_admin_role(): string::String

Function get_rewards_controller_admin_role

@notice Returns the rewards controller admin role string @return Rewards controller admin role as a String

#[view]
public fun get_rewards_controller_admin_role(): string::String

Function set_role_admin

@notice Sets admin_role as role's admin role @param admin Signer with permissions to set role admin @param role The role to modify admin for @param admin_role The new admin role to set @dev Emits a {RoleAdminChanged} event

public entry fun set_role_admin(admin: &signer, role: string::String, admin_role: string::String)

Function grant_role

@notice Grants role to account @param admin Signer with admin role permissions @param role The role to grant @param user Address to grant the role to @dev Errors if the 0x0 address is being used to be granted a role @dev If account had not been already granted role, emits a {RoleGranted} event @dev Requirements: the caller must have role's admin role

public entry fun grant_role(admin: &signer, role: string::String, user: address)

Function renounce_role

@notice Revokes role from the calling account @param admin Signer revoking their own role @param role The role to renounce @dev If the calling account had been granted role, emits a {RoleRevoked} event @dev Requirements: the caller must be account

public entry fun renounce_role(admin: &signer, role: string::String)

Function revoke_role

@notice Revokes role from account @param admin Signer with admin role permissions @param role The role to revoke @param user Address to revoke the role from @dev If account had been granted role, emits a {RoleRevoked} event @dev Requirements: the caller must have role's admin role

public entry fun revoke_role(admin: &signer, role: string::String, user: address)

Function add_default_admin

@notice Adds a default admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the default admin role to

public entry fun add_default_admin(admin: &signer, user: address)

Function renounce_default_admin

@notice Renounce the default admin role @param admin Signer with permissions to grant roles

public entry fun renounce_default_admin(admin: &signer)

Function add_pool_admin

@notice Adds a pool admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the pool admin role to

public entry fun add_pool_admin(admin: &signer, user: address)

Function remove_pool_admin

@notice Removes the pool admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the pool admin role from

public entry fun remove_pool_admin(admin: &signer, user: address)

Function add_emergency_admin

@notice Adds an emergency admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the emergency admin role to

public entry fun add_emergency_admin(admin: &signer, user: address)

Function remove_emergency_admin

@notice Removes the emergency admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the emergency admin role from

public entry fun remove_emergency_admin(admin: &signer, user: address)

Function add_risk_admin

@notice Adds a risk admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the risk admin role to

public entry fun add_risk_admin(admin: &signer, user: address)

Function remove_risk_admin

@notice Removes the risk admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the risk admin role from

public entry fun remove_risk_admin(admin: &signer, user: address)

Function add_flash_borrower

@notice Adds a flash borrower role to the specified address @param admin Signer with permissions to grant roles @param borrower Address to grant the flash borrower role to

public entry fun add_flash_borrower(admin: &signer, borrower: address)

Function remove_flash_borrower

@notice Removes the flash borrower role from the specified address @param admin Signer with permissions to revoke roles @param borrower Address to revoke the flash borrower role from

public entry fun remove_flash_borrower(admin: &signer, borrower: address)

Function add_asset_listing_admin

@notice Adds an asset listing admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the asset listing admin role to

public entry fun add_asset_listing_admin(admin: &signer, user: address)

Function remove_asset_listing_admin

@notice Removes the asset listing admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the asset listing admin role from

public entry fun remove_asset_listing_admin(admin: &signer, user: address)

Function add_funds_admin

@notice Adds a funds admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the funds admin role to

public entry fun add_funds_admin(admin: &signer, user: address)

Function remove_funds_admin

@notice Removes the funds admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the funds admin role from

public entry fun remove_funds_admin(admin: &signer, user: address)

Function add_emission_admin

@notice Adds an emission admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the emission admin role to

public entry fun add_emission_admin(admin: &signer, user: address)

Function remove_emission_admin

@notice Removes the emission admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the emission admin role from

public entry fun remove_emission_admin(admin: &signer, user: address)

Function add_admin_controlled_ecosystem_reserve_funds_admin

@notice Adds an admin controlled ecosystem reserve funds admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the admin controlled ecosystem reserve funds admin role to

public entry fun add_admin_controlled_ecosystem_reserve_funds_admin(admin: &signer, user: address)

Function remove_admin_controlled_ecosystem_reserve_funds_admin

@notice Removes the admin controlled ecosystem reserve funds admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the admin controlled ecosystem reserve funds admin role from

public entry fun remove_admin_controlled_ecosystem_reserve_funds_admin(admin: &signer, user: address)

Function add_rewards_controller_admin

@notice Adds a rewards controller admin role to the specified address @param admin Signer with permissions to grant roles @param user Address to grant the rewards controller admin role to

public entry fun add_rewards_controller_admin(admin: &signer, user: address)

Function remove_rewards_controller_admin

@notice Removes the rewards controller admin role from the specified address @param admin Signer with permissions to revoke roles @param user Address to revoke the rewards controller admin role from

public entry fun remove_rewards_controller_admin(admin: &signer, user: address)