Permissions
import "@thirdweb-dev/contracts/extension/Permissions.sol";
Add permissions to your smart contract to control which addresses can perform certain actions.
The Permissions extension provides role-based access control: you can create roles and write custom logic in your smart contract that depends on whether a given wallet holds a given role.
There are two different contracts you can implement to add permissions:
Permissions: Create roles and restrict access to functions based on those roles.PermissionsEnumerable:Permissionsplus the capability to view all the addresses holding a specific role (or all roles).
You only need to implement one of the two.
Availability in base contracts
The Permissions and PermissionsEnumerable extensions are not already included in any base contracts. To use this extension, check out the implementation guide and full API reference.
Unlocked Features
Once deployed, you can use the features made available by these contracts on the SDK and dashboard:
Implementing the Contract
Import the contract and make your contract inherit it.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "@thirdweb-dev/contracts/extension/Permissions.sol";
contract MyContract is Permissions {
// Any `bytes32` value is a valid role. You can create roles by defining them like this.
bytes32 public constant NUMBER_ROLE = keccak256("NUMBER_ROLE");
// See comments for `setNumber`, below.
uint256 public number;
/**
* The `Permissions` contract makes an already defined role available: the `DEFAULT_ADMIN_ROLE`.
*
* As an EXAMPLE, we grant the deployer of the contract this admin role.
*/
constructor() {
_setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
/**
* EXAMPLE: here we have a function that we want to restrict only to holders of `NUMBER_ROLE`.
*
* To accomplish this, we use the `onlyRole` modifier made available by `Permissions`, and
* pass it `NUMBER_ROLE` as an argument.
*/
function setNumber(uint256 _newNumber) public onlyRole(NUMBER_ROLE) {
number = _newNumber;
}
}
Full API Reference
hasRole
function hasRole(bytes32 role, address account) external view returns (bool);
- Returns
trueifaccounthas been grantedrole.
getRoleAdmin
function getRoleAdmin(bytes32 role) external view returns (bytes32);
- Returns the admin role that controls
rolei.e. the holders of the admin role (the return value) can grant or revokerolefrom wallets.
grantRole
function grantRole(bytes32 role, address account) external;
- Grants
roletoaccount. Can only be called by a holder of the admin role of the role being granted.
revokeRole
function revokeRole(bytes32 role, address account) external;
- Revokes
rolefromaccount. Can only be called by a holder of the admin role of the role being granted.
renounceRole
function renounceRole(bytes32 role, address account) external;
- Revokes
rolefrom the calling account.
hasRoleWithSwitch
function hasRoleWithSwitch(bytes32 role, address account) public view returns (bool);
- Returns
trueifaccounthas been grantedrole. - Role restrictions can be swtiched on and off:
- If
address(0)hasrole, then the role restrictions don't apply i.e. this function will always returntrue. - If
address(0)does not haverole, then the role restrictions will apply i.e. this function will behave likehasRole.
- If
getRoleMember (PermissionsEnumerable)
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
- Returns one of the accounts that have
role.indexmust be a value between 0 and the value ofgetRoleMemberCountat the time, non-inclusive.
getRoleMemberCount (PermissionsEnumerable)
function getRoleMemberCount(bytes32 role) external view returns (uint256);
- Returns the number of accounts that have
role. Can be used together withgetRoleMemberto enumerate all bearers of a role.