mirror
/
openzeppelin-contracts
mirror of https://github.com/OpenZeppelin/openzeppelin-contracts
2
1
Fork 1
Code Issues Releases Wiki Activity

Add a bool return to _grantRole and _revokeRole (#4241)

Browse Source 
Co-authored-by: Ernesto García <ernestognw@gmail.com>
audit/2023-08-01
Hadrien Croubois 2 years ago committed by GitHub
parent 48cc8a92f5
commit 5ae630684a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 63 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      .changeset/two-wasps-punch.md
  2. 14
      contracts/access/AccessControl.sol
  3. 8
      contracts/access/extensions/AccessControlDefaultAdminRules.sol
  4. 22
      contracts/access/extensions/AccessControlEnumerable.sol
  5. 30
      test/access/AccessControl.behavior.js

5
.changeset/two-wasps-punch.md
Unescape View File

@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---
`AccessControl`: Add a boolean return value to the internal `_grantRole` and `_revokeRole` functions indicating whether the role was granted or revoked.

14
contracts/access/AccessControl.sol
Unescape View File

@ -174,30 +174,36 @@ abstract contract AccessControl is Context, IAccessControl, ERC165 {
} }
/** /**
* @dev Grants `role` to `account`. * @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
* *
* Internal function without access restriction. * Internal function without access restriction.
* *
* May emit a {RoleGranted} event. * May emit a {RoleGranted} event.
*/ */
function _grantRole(bytes32 role, address account) internal virtual { function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
if (!hasRole(role, account)) { if (!hasRole(role, account)) {
_roles[role].members[account] = true; _roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender()); emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
} }
} }
/** /**
* @dev Revokes `role` from `account`. * @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked.
* *
* Internal function without access restriction. * Internal function without access restriction.
* *
* May emit a {RoleRevoked} event. * May emit a {RoleRevoked} event.
*/ */
function _revokeRole(bytes32 role, address account) internal virtual { function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
if (hasRole(role, account)) { if (hasRole(role, account)) {
_roles[role].members[account] = false; _roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender()); emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
} }
} }
} }

8
contracts/access/extensions/AccessControlDefaultAdminRules.sol
Unescape View File

@ -130,24 +130,24 @@ abstract contract AccessControlDefaultAdminRules is IAccessControlDefaultAdminRu
* NOTE: Exposing this function through another mechanism may make the `DEFAULT_ADMIN_ROLE` * NOTE: Exposing this function through another mechanism may make the `DEFAULT_ADMIN_ROLE`
* assignable again. Make sure to guarantee this is the expected behavior in your implementation. * assignable again. Make sure to guarantee this is the expected behavior in your implementation.
*/ */
function _grantRole(bytes32 role, address account) internal virtual override { function _grantRole(bytes32 role, address account) internal virtual override returns (bool) {
if (role == DEFAULT_ADMIN_ROLE) { if (role == DEFAULT_ADMIN_ROLE) {
if (defaultAdmin() != address(0)) { if (defaultAdmin() != address(0)) {
revert AccessControlEnforcedDefaultAdminRules(); revert AccessControlEnforcedDefaultAdminRules();
} }
_currentDefaultAdmin = account; _currentDefaultAdmin = account;
} }
super._grantRole(role, account); return super._grantRole(role, account);
} }
/** /**
* @dev See {AccessControl-_revokeRole}. * @dev See {AccessControl-_revokeRole}.
*/ */
function _revokeRole(bytes32 role, address account) internal virtual override { function _revokeRole(bytes32 role, address account) internal virtual override returns (bool) {
if (role == DEFAULT_ADMIN_ROLE && account == defaultAdmin()) { if (role == DEFAULT_ADMIN_ROLE && account == defaultAdmin()) {
delete _currentDefaultAdmin; delete _currentDefaultAdmin;
} }
super._revokeRole(role, account); return super._revokeRole(role, account);
} }
/** /**

22
contracts/access/extensions/AccessControlEnumerable.sol
Unescape View File

@ -47,18 +47,24 @@ abstract contract AccessControlEnumerable is IAccessControlEnumerable, AccessCon
} }
/** /**
* @dev Overload {_grantRole} to track enumerable memberships * @dev Overload {AccessControl-_grantRole} to track enumerable memberships
*/ */
function _grantRole(bytes32 role, address account) internal virtual override { function _grantRole(bytes32 role, address account) internal virtual override returns (bool) {
super._grantRole(role, account); bool granted = super._grantRole(role, account);
_roleMembers[role].add(account); if (granted) {
_roleMembers[role].add(account);
}
return granted;
} }
/** /**
* @dev Overload {_revokeRole} to track enumerable memberships * @dev Overload {AccessControl-_revokeRole} to track enumerable memberships
*/ */
function _revokeRole(bytes32 role, address account) internal virtual override { function _revokeRole(bytes32 role, address account) internal virtual override returns (bool) {
super._revokeRole(role, account); bool revoked = super._revokeRole(role, account);
_roleMembers[role].remove(account); if (revoked) {
_roleMembers[role].remove(account);
}
return revoked;
} }
} }

30
test/access/AccessControl.behavior.js
Unescape View File

@ -191,6 +191,36 @@ function shouldBehaveLikeAccessControl(admin, authorized, other, otherAdmin) {
); );
}); });
}); });
describe('internal functions', function () {
describe('_grantRole', function () {
it('return true if the account does not have the role', async function () {
const receipt = await this.accessControl.$_grantRole(ROLE, authorized);
expectEvent(receipt, 'return$_grantRole', { ret0: true });
});
it('return false if the account has the role', async function () {
await this.accessControl.$_grantRole(ROLE, authorized);
const receipt = await this.accessControl.$_grantRole(ROLE, authorized);
expectEvent(receipt, 'return$_grantRole', { ret0: false });
});
});
describe('_revokeRole', function () {
it('return true if the account has the role', async function () {
await this.accessControl.$_grantRole(ROLE, authorized);
const receipt = await this.accessControl.$_revokeRole(ROLE, authorized);
expectEvent(receipt, 'return$_revokeRole', { ret0: true });
});
it('return false if the account does not have the role', async function () {
const receipt = await this.accessControl.$_revokeRole(ROLE, authorized);
expectEvent(receipt, 'return$_revokeRole', { ret0: false });
});
});
});
} }
function shouldBehaveLikeAccessControlEnumerable(admin, authorized, other, otherAdmin, otherAuthorized) { function shouldBehaveLikeAccessControlEnumerable(admin, authorized, other, otherAdmin, otherAuthorized) {

Write Preview
Loading…
Cancel
Save