20
11 Roles.Role private _burners;
26
175
11 // only the owner can call specialThing()!
30 * @return bool
69 * @dev Returns `true` if `account` has been granted `role`.
72 function _transferOwnership(address newOwner) internal {
Openzeppelin即将宣布的v3.0版本(当前处于Beta版)已终止Roles库,转而利用名为AccessControl的abstract 智能合约。
Role-Based Access Control (RBAC)
32
148 * event.
117 * - the caller must have ``role``'s admin role.
130 * Requirements:
172 require(!address(this).isContract(), "AccessControl: roles cannot be setup after construction");
43 * @dev Returns true if the caller is the current owner.
90 * WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
67
31 * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
23 }
145 * if they are compromised (such as when a trusted device is misplaced).
17 * ```
124
4import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
86 *
17 for (uint256 i = 0; i < minters.length; ++i) {
76 }
123 }
1pragma solidity ^0.5.0;
85 * value between 0 and {getRoleMemberCount}, non-inclusive.
149 *
66 event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
71 function hasRole(bytes32 role, address account) public view returns (bool) {
onlyOwner模式是智能合约中最常用、最容易实现的会见节制要领。
60
57 emit OwnershipTransferred(_owner, address(0));
162 *
131 *
34 /**
15
30 _mint(to, amount);
122 _grantRole(role, account);
63 * Can only be called by the current owner.
83 /**
代码2展示了如安在子智能合约中实现此示例。
5 * @dev Library for managing addresses assigned to a Role.
74
103 * To change a role's admin, use {_setRoleAdmin}.
47 mapping (bytes32 => RoleData) private _roles;
33 function burn(address from, uint256 amount) public {
134 function revokeRole(bytes32 role, address account) public virtual {
18 _minters.add(minters[i]);
151 *
56 */
11 * Roles are referred to by their `bytes32` identifier. These should be exposed
21 for (uint256 i = 0; i < burners.length; ++i) {
如今智能合约中仅存有简朴形式的静态会见节制。最常见的是onlyOwner模式。另一个是Openzeppelin的“脚色”智能合约,该智能合约可以在陈设之前界说脚色。
9 * This module is used through inheritance. It will make available the modifier
53 *
33
具有活泼用户基本的软件,出格是企业软件,本质上需要差异级此外会见。跟着组织的成长或萎缩,会见节制应用措施的打点员需要可以或许轻松添加和分派新脚色的本领。这些布局如今以基于脚色的会见节制(RBAC)和基于属性的会见节制(ABAC)的形式存在于软件中。
177 * @dev Sets `adminRole` as ``role``'s admin role.
141 * @dev Revokes `role` from the calling account.
6 */
2
36 */
28 * @dev Returns the address of the current owner.
182
23 function remove(Role storage role, address account) internal {
29 */
37 */
17 role.bearer[account] = true;
32 }
41
9
14 *
65 function transferOwnership(address newOwner) public onlyOwner {
13 * @dev Give an account access to this role.
49 /**
2
5 * @dev Contract module which provides a basic access control mechanism, where
5contract MyContract is Ownable {
20 */
180 _roles[role].adminRole = adminRole;
7 // anyone can call this normalThing()
18 /**
157 _revokeRole(role, account);
164 * event. Note that unlike {grantRole}, this function doesn't perform any
59 /**
33 require(account != address(0), "Roles: account is the zero address");
1pragma solidity ^0.5.0;
109 /**
75 _owner = newOwner;
10 Roles.Role private _minters;
31 return _owner;
133 */
50
53 * NOTE: Renouncing ownership will leave the contract without an owner,
39 using EnumerableSet for EnumerableSet.AddressSet;
14 ERC20Detailed("MyToken", "MTKN", 18)
173 _grantRole(role, account);
63 * - if using `revokeRole`, it is the admin role bearer
12 * in the external API and be unique. The best way to achieve this is by
10 *
8 }
57 event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
37 modifier onlyOwner() {
14 */
101 * {revokeRole}.
89 *
12
34 // Only burners can burn
5import "@openzeppelin/contracts/token/ERC20/ERC20Detailed.sol";
本文先容现有的智能合约会见节制模式,并提出了RBAC和基于属性的会见节制(ABAC)智能合约的界说。
35 }
27 /**
4 * @title Roles
170 */
137 _revokeRole(role, account);
106 return _roles[role].adminRole;
160 /**
66 _transferOwnership(newOwner);
8 struct Role {
88 * change at any point.
27 // Only minters can mint
Attribute-Based Access Control (ABAC)
22 * ```
167 * Requirements:
29 * Roles can be granted and revoked dynamically via the {grantRole} and
97 }
82
139
54 * `sender` is the account that originated the contract call, an admin role
126 * @dev Revokes `role` from `account`.
30 * {revokeRole} functions. Each role has an associated admin role, and only
51 * `onlyOwner` functions anymore. Can only be called by the current owner.
118 */
47 }
42 /**
119 function grantRole(bytes32 role, address account) public virtual {
6
99 /**
120 require(hasRole(_roles[role].adminRole, _msgSender()), "AccessControl: sender must be an admin to grant");
19 * @dev Initializes the contract setting the deployer as the initial owner.
19 }
19
128 * If `account` had been granted `role`, emits a {RoleRevoked} event.
15 * ```
30 function owner() public view returns (address) {
140 /**
14 address private _owner;
40 }
3import "@openzeppelin/contracts/access/Roles.sol";
该模式假定智能合约只有一个打点员,并使打点员可以将所有权转移到另一个地点。扩展Ownable智能合约答允子智能合约利用onlyOwner自界说修饰符界说函数。这些函数要求事务的发送者是单一打点员。
31 }
135 require(hasRole(_roles[role].adminRole, _msgSender()), "AccessControl: sender must be an admin to revoke");
6 function normalThing() public {
48
51 /**
29 * @dev Check if an account has this role.
72 return _roles[role].members.contains(account);
67 }
13 * using `public constant` hash digests:
76 * @dev Returns the number of accounts that have `role`. Can be used
11
7library Roles {
26 function mint(address to, uint256 amount) public {
29
60 * @dev Emitted when `account` is revoked `role`.
12 /**
23 _owner = msgSender;
21 * @dev Remove an account's access to this role.
15 function add(Role storage role, address account) internal {
10 function specialThing() public onlyOwner {
假如Ownable仅限于一个打点员,则Openzeppelin的Roles库可以界说多个脚色。
6 * there is an account (an owner) that can be granted exclusive access to
183 function _grantRole(bytes3239 _;
93 * for more information.
7/**
26 }
49 bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
84 * @dev Returns one of the accounts that have `role`. `index` must be a
58
3import "@openzeppelin/contracts/ownership/Ownable.sol";
37 _burn(from, amount);
105 function getRoleAdmin(bytes32 role) public view returns (bytes32) {
68 /**
104 */
会见节制是软件基本设施安详的根基要素。企业应用措施需要严格的法则来抉择谁可以做什么,这取决于每个用户的权限。可以说,智能合约中的会见节制需要更严格的审查,因为裂痕大概导致恶意参加者节制系统。 郑重声明:本文版权归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时间联系我们修改或删除,多谢。
这些当前的办理方案在陈设智能合约之前提供了脚色的机动性。由于脚色取决于硬编码法则,因此不支持动态建设的脚色。这很是适合在已知的内部智能合约之间提供会见节制,但它不能提供与现代面向用户的会见节制软件相当的机动性。
152 * - the caller must be `account`.
17
100 * @dev Returns the admin role that controls `role`. See {grantRole} and
42 struct RoleData {
25 * ...
112 * If `account` had not been already granted `role`, emits a {RoleGranted}
15 public
Limitations(范围性)
1pragma solidity ^0.6.0;
36}
7 * specific functions.
4
56 function renounceOwnership() public onlyOwner {
87 * Role bearers are not sorted in any particular way, and their ordering may
102 *
45 }
35 * @dev Throws if called by any account other than the owner.
3/**
43 EnumerableSet.AddressSet members;
32 function has(Role storage role, address account) internal view returns (bool) {
4import "../utils/Address.sol";
54 * thereby removing any functionality that is only available to the owner.
55 * bearer except when using {_setupRole}.
18 }
61 *
46
158 }
132 * - the caller must have ``role``'s admin role.
153 */
143 * Roles are often managed via {grantRole} and {revokeRole}: this function's
3import "../GSN/Context.sol";
在runtime,Ownable或Roles都不满意这些民众模式中的任何一种。假如需要建设新脚色,则需要发送新代码。这些体系布局不答允InfoSec打点员通过简朴的界面建设、更新或删除新脚色。
20 * function call, use {hasRole}:
38 require(isOwner(), "Ownable: caller is not the owner");
59 }
10 * `onlyOwner`, which can be applied to your functions to restrict their use to
161 * @dev Grants `role` to `account`.
9 * control mechanisms.
121
代码1显示了Ownable智能合约的Openzeppelin实现。
只要系统不需要新的脚色,RBAC主要通过Roles智能合约来满意。
8 using Roles for Roles.Role;
71 */
36
9
2
62 * `sender` is the account that originated the contract call:
171 function _setupRole(bytes32 role, address account) internal virtual {
52 * @dev Emitted when `account` is granted `role`.
147 * If the calling account had been granted `role`, emits a {RoleRevoked}
24 require(has(role, account), "Roles: account does not have role");
77 * together with {getRoleMember} to enumerate all bearers of a role.
25
40 using Address for address;
127 *
35 require(_burners.has(msg.sender), "DOES_NOT_HAVE_BURNER_ROLE");
31 */
留意:不发起您在出产应用措施中利用此办理方案,因为它仍处于测试阶段。
33 * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
11 * the owner.
136
7contract MyToken is ERC20, ERC20Detailed {
165 * checks on the calling account.
110 * @dev Grants `role` to `account`.
12 }
125 /**
166 *
21 constructor () internal {
156
168 *
129 *
108
64 */
Access Control (Beta)
尽量这为大大都智能合约应用措施提供了精采的基本,但基于现有的脚色的会见节制(RBAC)系统使打点员可以或许在运行时动态地界说脚色。从这个意义上说,Roles智能合约是具有限制性的,因为在陈设之后无法界说脚色。
2
12 */
81 }
24 * require(hasRole(MY_ROLE, _msgSender()));
34 * that only accounts with this role will be able to grant or revoke other
80 return _roles[role].members.length();
22 _burners.add(burners[i]);
107 }
113 * event.
24 emit OwnershipTransferred(address(0), msgSender);
176 /**
20 /**
142 *
Roles
52 *
38 }
46 return _msgSender() == _owner;
111 *
115 * Requirements:
92 * https://forum.openzeppelin.com/t/iterating-over-el... post]
68
169 * - this function can only be called from a constructor.
154 function renounceRole(bytes32 role, address account) public virtual {
它具有机动性,答允智能合约界说所需的尽大概多的脚色,,但这将require语句的实现留给了智能合约。由于未提供自界说会见修饰符,因此在某种水平上低落了可读性,而且增加了引入编码错误的大概性。可是没有什么能阻止智能合约实现包括require语句的自界说会见修饰符。
34 return role.bearer[account];
13}
95 function getRoleMember(bytes32 role, uint256 index) public view returns (address) {
16 * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
16 event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
78 */
16 require(!has(role, account), "Roles: account already has role");
159
114 *
代码5展示了AccessControl的实现。
70 * @dev Transfers ownership of the contract to a new account (`newOwner`).
70 */
155 require(account == _msgSender(), "AccessControl: can only renounce roles for self");
代码3展示了Roles智能合约的实施。与Ownable差异,Role不提供自界说会见修饰符。相反利用此库的智能合约必需在函数内部实现脚色要求。他们还必需为每个脚色界说Roles.Role范例状态变量。代码4展示了实现两个脚色的ERC20智能合约的示例:_burners和_minters。
58 _owner = address(0);
50 * @dev Leaves the contract without owner. It will not be possible to call
22 */
62 * @dev Transfers ownership of the contract to a new account (`newOwner`).
44 */
55 */
77}
96 return _roles[role].members.at(index);
36 * {_setRoleAdmin}.
45 function isOwner() public view returns (bool) {
61 /**
3import "../utils/EnumerableSet.sol";
27 * ```
23 * function foo() public {
幸运的是,我们正在尽力办理这一问题。
28 *
144 * purpose is to provide a mechanism for accounts to lose their privileges
146 *
10 }
1pragma solidity ^0.5.0;
26 * }
32 *
在RBAC中,每个用户都被分派了一个脚色,每个脚色都具有一组权限,而且只要他们的脚色具有正确的权限,用户就可以会见资源。
9 mapping (address => bool) bearer;
18 *
65 */
21 *
138 }
2
73 }
64 * - if using `renounceRole`, it is the role bearer (i.e. `account`)
94 */
181 }
Only Owner
8 *
74 emit OwnershipTransferred(_owner, newOwner);
13 constructor(address[] memory minters, address[] memory burners)
22 address msgSender = _msgSender();
44 bytes32 adminRole;
25 }
16 {
39}
1pragma solidity ^0.5.0;
24 }
与RBAC对比,这是一个更巨大且耗时的办理方案。可是对付大型应用措施和企业而言,它越发机动,因为它答允每个用户独占的各类权限。
28 /**
150 * Requirements:
179 function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
19 * Roles can be used to represent a set of permissions. To restrict access to a
48
27
75 /**
35 * roles. More complex role relationships can be created by using
41
178 */
116 *
69 /**
6
5import "../GSN/Context.sol";
79 function getRoleMemberCount(bytes32 role) public view returns (uint256) {
98
174 }
8 * @dev Contract module that allows children to implement role-based access
163 * If `account` had not been already granted `role`, emits a {RoleGranted}
在ABAC中,为每个用户分派了一组主题属性,为每个资源分派了一组工具属性。中央会见节制机构界说有关需要执行哪些主题和工具属性的法则。
25 role.bearer[account] = false;
38abstract contract AccessControl is Context {
73 require(newOwner != address(0), "Ownable: new owner is the zero address");
13contract Ownable is Context {
28 require(_minters.has(msg.sender), "DOES_NOT_HAVE_MINTER_ROLE");
4/**
