Search Apps Documentation Source Content File Folder Download Copy Actions Download

/p/gnoswap/rbac

Directory ยท 8 Files
README.md Open

RBAC

Role-Based Access Control package for Gno smart contracts.

Overview

RBAC system enabling dynamic role management with address-based authorization and two-step ownership transfer.

Features

  • Dynamic role registration with address assignment
  • Address-based authorization checks
  • Two-step ownership transfer (Ownable2Step pattern)
  • System role protection (cannot be removed)
  • Runtime role address updates

Core API

 1// Create RBAC manager
 2func New() *RBAC
 3func NewRBACWithAddress(addr address) *RBAC
 4
 5// Role management
 6func (rb *RBAC) RegisterRole(roleName string, addr address) error
 7func (rb *RBAC) UpdateRoleAddress(roleName string, addr address) error
 8func (rb *RBAC) RemoveRole(roleName string) error
 9
10// Authorization
11func (rb *RBAC) IsAuthorized(roleName string, addr address) bool
12
13// Role queries
14func (rb *RBAC) GetRoleAddress(roleName string) (address, error)
15func (rb *RBAC) GetAllRoleAddresses() map[string]address
16
17// Ownership management
18func (rb *RBAC) Owner() address
19func (rb *RBAC) PendingOwner() address
20func (rb *RBAC) TransferOwnershipBy(newOwner, caller address) error
21func (rb *RBAC) AcceptOwnershipBy(addr address) error
22func (rb *RBAC) DropOwnershipBy(addr address) error

Usage

 1// Create manager with owner
 2manager := rbac.NewRBACWithAddress(adminAddr)
 3
 4// Register role with address
 5err := manager.RegisterRole("editor", editorAddr)
 6if err != nil {
 7    // handle error
 8}
 9
10// Check authorization
11if manager.IsAuthorized("editor", callerAddr) {
12    // caller is authorized as editor
13}
14
15// Update role address
16err = manager.UpdateRoleAddress("editor", newEditorAddr)
17
18// Get role address
19addr, err := manager.GetRoleAddress("editor")

System Roles

Predefined system roles that cannot be removed:

  • admin, governance, devops
  • pool, position, router, staker
  • emission, launchpad, protocol_fee
  • gov_staker, xgns, community_pool

Errors

Error Description
ErrInvalidRoleName Role name is empty or whitespace-only
ErrRoleAlreadyExists Role already registered
ErrRoleDoesNotExist Role not found
ErrCannotRemoveSystemRole Cannot remove system role
ErrInvalidAddress Invalid address format
ErrUnauthorized Caller is not owner
ErrNoPendingOwner No pending owner
ErrPendingUnauthorized Caller is not pending owner

Security

  • Address-based role authorization
  • Two-step ownership transfer prevents accidental transfers
  • System roles protected from removal
  • Role name validation (no empty/whitespace names)