| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222 | // SPDX-License-Identifier: MITpragma solidity ^0.8.0;import "./IAccessControl.sol";import "../utils/Context.sol";import "../utils/Strings.sol";import "../utils/introspection/ERC165.sol";/** * @dev Contract module that allows children to implement role-based access * control mechanisms. This is a lightweight version that doesn't allow enumerating role * members except through off-chain means by accessing the contract event logs. Some * applications may benefit from on-chain enumerability, for those cases see * {AccessControlEnumerable}. * * Roles are referred to by their `bytes32` identifier. These should be exposed * in the external API and be unique. The best way to achieve this is by * using `public constant` hash digests: * * ``` * bytes32 public constant MY_ROLE = keccak256("MY_ROLE"); * ``` * * Roles can be used to represent a set of permissions. To restrict access to a * function call, use {hasRole}: * * ``` * function foo() public { *     require(hasRole(MY_ROLE, msg.sender)); *     ... * } * ``` * * Roles can be granted and revoked dynamically via the {grantRole} and * {revokeRole} functions. Each role has an associated admin role, and only * accounts that have a role's admin role can call {grantRole} and {revokeRole}. * * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means * that only accounts with this role will be able to grant or revoke other * roles. More complex role relationships can be created by using * {_setRoleAdmin}. * * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to * grant and revoke this role. Extra precautions should be taken to secure * accounts that have been granted it. */abstract contract AccessControl is Context, IAccessControl, ERC165 {    struct RoleData {        mapping(address => bool) members;        bytes32 adminRole;    }    mapping(bytes32 => RoleData) private _roles;    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;    /**     * @dev Modifier that checks that an account has a specific role. Reverts     * with a standardized message including the required role.     *     * The format of the revert reason is given by the following regular expression:     *     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/     *     * _Available since v4.1._     */    modifier onlyRole(bytes32 role) {        _checkRole(role, _msgSender());        _;    }    /**     * @dev See {IERC165-supportsInterface}.     */    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {        return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);    }    /**     * @dev Returns `true` if `account` has been granted `role`.     */    function hasRole(bytes32 role, address account) public view override returns (bool) {        return _roles[role].members[account];    }    /**     * @dev Revert with a standard message if `account` is missing `role`.     *     * The format of the revert reason is given by the following regular expression:     *     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/     */    function _checkRole(bytes32 role, address account) internal view {        if (!hasRole(role, account)) {            revert(                string(                    abi.encodePacked(                        "AccessControl: account ",                        Strings.toHexString(uint160(account), 20),                        " is missing role ",                        Strings.toHexString(uint256(role), 32)                    )                )            );        }    }    /**     * @dev Returns the admin role that controls `role`. See {grantRole} and     * {revokeRole}.     *     * To change a role's admin, use {_setRoleAdmin}.     */    function getRoleAdmin(bytes32 role) public view override returns (bytes32) {        return _roles[role].adminRole;    }    /**     * @dev Grants `role` to `account`.     *     * If `account` had not been already granted `role`, emits a {RoleGranted}     * event.     *     * Requirements:     *     * - the caller must have ``role``'s admin role.     */    function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {        _grantRole(role, account);    }    /**     * @dev Revokes `role` from `account`.     *     * If `account` had been granted `role`, emits a {RoleRevoked} event.     *     * Requirements:     *     * - the caller must have ``role``'s admin role.     */    function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {        _revokeRole(role, account);    }    /**     * @dev Revokes `role` from the calling account.     *     * Roles are often managed via {grantRole} and {revokeRole}: this function's     * purpose is to provide a mechanism for accounts to lose their privileges     * if they are compromised (such as when a trusted device is misplaced).     *     * If the calling account had been revoked `role`, emits a {RoleRevoked}     * event.     *     * Requirements:     *     * - the caller must be `account`.     */    function renounceRole(bytes32 role, address account) public virtual override {        require(account == _msgSender(), "AccessControl: can only renounce roles for self");        _revokeRole(role, account);    }    /**     * @dev Grants `role` to `account`.     *     * If `account` had not been already granted `role`, emits a {RoleGranted}     * event. Note that unlike {grantRole}, this function doesn't perform any     * checks on the calling account.     *     * [WARNING]     * ====     * This function should only be called from the constructor when setting     * up the initial roles for the system.     *     * Using this function in any other way is effectively circumventing the admin     * system imposed by {AccessControl}.     * ====     *     * NOTE: This function is deprecated in favor of {_grantRole}.     */    function _setupRole(bytes32 role, address account) internal virtual {        _grantRole(role, account);    }    /**     * @dev Sets `adminRole` as ``role``'s admin role.     *     * Emits a {RoleAdminChanged} event.     */    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {        bytes32 previousAdminRole = getRoleAdmin(role);        _roles[role].adminRole = adminRole;        emit RoleAdminChanged(role, previousAdminRole, adminRole);    }    /**     * @dev Grants `role` to `account`.     *     * Internal function without access restriction.     */    function _grantRole(bytes32 role, address account) internal virtual {        if (!hasRole(role, account)) {            _roles[role].members[account] = true;            emit RoleGranted(role, account, _msgSender());        }    }    /**     * @dev Revokes `role` from `account`.     *     * Internal function without access restriction.     */    function _revokeRole(bytes32 role, address account) internal virtual {        if (hasRole(role, account)) {            _roles[role].members[account] = false;            emit RoleRevoked(role, account, _msgSender());        }    }}
 |