Merge pull request #580 from Shrugs/feat/rbac

feat: RBAC authentication contract and role library
2017-12-04 12:30:38 -03:00
parent 306132f823 63c8751e06
commit 83b941c76c
5 changed files with 395 additions and 0 deletions
--- a/contracts/ownership/rbac/RBAC.sol
+++ b/contracts/ownership/rbac/RBAC.sol
@ -0,0 +1,157 @@
+pragma solidity ^0.4.18;
+
+import './Roles.sol';
+
+
+/**
+ * @title RBAC (Role-Based Access Control)
+ * @author Matt Condon (@Shrugs)
+ * @dev Stores and provides setters and getters for roles and addresses.
+ *      Supports unlimited numbers of roles and addresses.
+ *      See //contracts/examples/RBACExample.sol for an example of usage.
+ * This RBAC method uses strings to key roles. It may be beneficial
+ *  for you to write your own implementation of this interface using Enums or similar.
+ * It's also recommended that you define constants in the contract, like ROLE_ADMIN below,
+ *  to avoid typos.
+ */
+contract RBAC {
+    using Roles for Roles.Role;
+
+    mapping (string => Roles.Role) private roles;
+
+    event RoleAdded(address addr, string roleName);
+    event RoleRemoved(address addr, string roleName);
+
+    /**
+     * A constant role name for indicating admins.
+     */
+    string public constant ROLE_ADMIN = "admin";
+
+    /**
+     * @dev constructor. Sets msg.sender as admin by default
+     */
+    function RBAC()
+        public
+    {
+        addRole(msg.sender, ROLE_ADMIN);
+    }
+
+    /**
+     * @dev add a role to an address
+     * @param addr address
+     * @param roleName the name of the role
+     */
+    function addRole(address addr, string roleName)
+        internal
+    {
+        roles[roleName].add(addr);
+        RoleAdded(addr, roleName);
+    }
+
+    /**
+     * @dev remove a role from an address
+     * @param addr address
+     * @param roleName the name of the role
+     */
+    function removeRole(address addr, string roleName)
+        internal
+    {
+        roles[roleName].remove(addr);
+        RoleRemoved(addr, roleName);
+    }
+
+    /**
+     * @dev reverts if addr does not have role
+     * @param addr address
+     * @param roleName the name of the role
+     * // reverts
+     */
+    function checkRole(address addr, string roleName)
+        view
+        public
+    {
+        roles[roleName].check(addr);
+    }
+
+    /**
+     * @dev determine if addr has role
+     * @param addr address
+     * @param roleName the name of the role
+     * @return bool
+     */
+    function hasRole(address addr, string roleName)
+        view
+        public
+        returns (bool)
+    {
+        return roles[roleName].has(addr);
+    }
+
+    /**
+     * @dev add a role to an address
+     * @param addr address
+     * @param roleName the name of the role
+     */
+    function adminAddRole(address addr, string roleName)
+        onlyAdmin
+        public
+    {
+        addRole(addr, roleName);
+    }
+
+    /**
+     * @dev remove a role from an address
+     * @param addr address
+     * @param roleName the name of the role
+     */
+    function adminRemoveRole(address addr, string roleName)
+        onlyAdmin
+        public
+    {
+        removeRole(addr, roleName);
+    }
+
+
+    /**
+     * @dev modifier to scope access to a single role (uses msg.sender as addr)
+     * @param roleName the name of the role
+     * // reverts
+     */
+    modifier onlyRole(string roleName)
+    {
+        checkRole(msg.sender, roleName);
+        _;
+    }
+
+    /**
+     * @dev modifier to scope access to admins
+     * // reverts
+     */
+    modifier onlyAdmin()
+    {
+        checkRole(msg.sender, ROLE_ADMIN);
+        _;
+    }
+
+    /**
+     * @dev modifier to scope access to a set of roles (uses msg.sender as addr)
+     * @param roleNames the names of the roles to scope access to
+     * // reverts
+     *
+     * @TODO - when solidity supports dynamic arrays as arguments to modifiers, provide this
+     *  see: https://github.com/ethereum/solidity/issues/2467
+     */
+    // modifier onlyRoles(string[] roleNames) {
+    //     bool hasAnyRole = false;
+    //     for (uint8 i = 0; i < roleNames.length; i++) {
+    //         if (hasRole(msg.sender, roleNames[i])) {
+    //             hasAnyRole = true;
+    //             break;
+    //         }
+    //     }
+
+    //     require(hasAnyRole);
+
+    //     _;
+    // }
+}
--- a/contracts/ownership/rbac/Roles.sol
+++ b/contracts/ownership/rbac/Roles.sol
@ -0,0 +1,55 @@
+pragma solidity ^0.4.18;
+
+
+/**
+ * @title Roles
+ * @author Francisco Giordano (@frangio)
+ * @dev Library for managing addresses assigned to a Role.
+ *      See RBAC.sol for example usage.
+ */
+library Roles {
+    struct Role {
+        mapping (address => bool) bearer;
+    }
+
+    /**
+     * @dev give an address access to this role
+     */
+    function add(Role storage role, address addr)
+        internal
+    {
+        role.bearer[addr] = true;
+    }
+
+    /**
+     * @dev remove an address' access to this role
+     */
+    function remove(Role storage role, address addr)
+        internal
+    {
+        role.bearer[addr] = false;
+    }
+
+    /**
+     * @dev check if an address has this role
+     * // reverts
+     */
+    function check(Role storage role, address addr)
+        view
+        internal
+    {
+        require(has(role, addr));
+    }
+
+    /**
+     * @dev check if an address has this role
+     * @return bool
+     */
+    function has(Role storage role, address addr)
+        view
+        internal
+        returns (bool)
+    {
+        return role.bearer[addr];
+    }
+}