Permissions
import "@thirdweb-dev/contracts/extension/Permissions.sol";
The Permissions
extension provides role-based access control: you can create roles and write custom logic in your smart contract that depends on whether a given wallet holds a given role.
There are two different contracts you can implement to add permissions:
Permissions
: Create roles and restrict access to functions based on those roles.PermissionsEnumerable
:Permissions
plus the capability to view all the addresses holding a specific role (or all roles).
You only need to implement one of the two.
Usage
This is an example smart contract demonstrating how to inherit from this extension and override the functions to add (optional) custom functionality.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "@thirdweb-dev/contracts/extension/Permissions.sol";
contract MyContract is Permissions {
// Any `bytes32` value is a valid role. You can create roles by defining them like this.
bytes32 public constant NUMBER_ROLE = keccak256("NUMBER_ROLE");
// See comments for `setNumber`, below.
uint256 public number;
/**
* The `Permissions` contract makes an already defined role available: the `DEFAULT_ADMIN_ROLE`.
*
* As an EXAMPLE, we grant the deployer of the contract this admin role.
*/
constructor() {
_setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
/**
* EXAMPLE: here we have a function that we want to restrict only to holders of `NUMBER_ROLE`.
*
* To accomplish this, we use the `onlyRole` modifier made available by `Permissions`, and
* pass it `NUMBER_ROLE` as an argument.
*/
function setNumber(uint256 _newNumber) public onlyRole(NUMBER_ROLE) {
number = _newNumber;
}
}
SDK Usage
By adding this extension to a smart contract, the following features, hooks and functions are unlocked in the SDK:
Base Contracts Implementing This Extension
None of the base contracts implement this extension.
Full API Reference
hasRole
function hasRole(bytes32 role, address account) external view returns (bool);
- Returns
true
ifaccount
has been grantedrole
.
getRoleAdmin
function getRoleAdmin(bytes32 role) external view returns (bytes32);
- Returns the admin role that controls
role
i.e. the holders of the admin role (the return value) can grant or revokerole
from wallets.
grantRole
function grantRole(bytes32 role, address account) external;
- Grants
role
toaccount
. Can only be called by a holder of the admin role of the role being granted.
revokeRole
function revokeRole(bytes32 role, address account) external;
- Revokes
role
fromaccount
. Can only be called by a holder of the admin role of the role being granted.
renounceRole
function renounceRole(bytes32 role, address account) external;
- Revokes
role
from the calling account.
hasRoleWithSwitch
function hasRoleWithSwitch(bytes32 role, address account) public view returns (bool);
- Returns
true
ifaccount
has been grantedrole
. - Role restrictions can be switched on and off:
- If
address(0)
hasrole
, then the role restrictions don't apply i.e. this function will always returntrue
. - If
address(0)
does not haverole
, then the role restrictions will apply i.e. this function will behave likehasRole
.
- If