Git Source Inherits: AccessControlEnumerable, ReentrancyGuard Author: @mpetersoCode55, @ShaneDuncan602, @TJ-Everett, @VoR0220 SPDX-License-Identifier: BUSL-1.1 This contract is a critical component of the Rules Engine, enabling secure and flexible role management. This contract serves as the primary Admin Roles facet for the Rules Engine. It is responsible for managing, mutating, and granting all admin roles, including policy and calling contract admin roles. It enforces role-based access control and ensures proper role assignment and revocation. The contract also provides mechanisms for proposing and confirming new admin roles.

Functions

isPolicyAdmin

Checks if an address is the policy admin for a specific policy ID. 
function isPolicyAdmin(uint256 policyId, address account) public view returns (bool);
Parameters
NameTypeDescription
policyIduint256The ID of the policy.
accountaddressThe address to check for the policy admin role.
Returns
NameTypeDescription
<none>boolbool True if the address has the policy admin role, false otherwise.

generatePolicyAdminRole

Generates and assigns a policy admin role to an address. This function is called internally by the Rules Engine to assign the policy admin role. 
function generatePolicyAdminRole(uint256 policyId, address account) public nonReentrant returns (bytes32);
Parameters
NameTypeDescription
policyIduint256The ID of the policy.
accountaddressThe address to assign the policy admin role.
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

proposeNewPolicyAdmin

Proposes a new policy admin for a specific policy. 
function proposeNewPolicyAdmin(address newPolicyAdmin, uint256 policyId) public;
Parameters
NameTypeDescription
newPolicyAdminaddressThe address of the proposed new policy admin.
policyIduint256The ID of the policy.

confirmNewPolicyAdmin

Confirms the proposed policy admin for a specific policy. 
function confirmNewPolicyAdmin(uint256 policyId) public;
Parameters
NameTypeDescription
policyIduint256The ID of the policy.

renouncePolicyAdminRole

This function is used to renounce Role. It is also preventing policyAdmins from renouncing ther role. They must set another policyAdmin through the function proposeNewPolicyAdmin(). 
function renouncePolicyAdminRole(bytes32 role, address account, uint256 policyId) public nonReentrant;
Parameters
NameTypeDescription
rolebytes32the role to renounce.
accountaddressaddress renouncing to the role.
policyIduint256

renounceCallingContractAdminRole

This function is used to renounce Calling Contract Admin Role. 
function renounceCallingContractAdminRole(address callingContract, address account) external nonReentrant;
Parameters
NameTypeDescription
callingContractaddressthe calling contract associated to the role.
accountaddressaddress renouncing to the role.

renounceForeignCallAdminRole

This function is used to renounce Foreign Call Admin Role. 
function renounceForeignCallAdminRole(address _foreignCallContract, bytes4 _functionSignature, address account)
    external
    nonReentrant;
Parameters
NameTypeDescription
_foreignCallContractaddressthe role to renounce.
_functionSignaturebytes4function signature of the foreign call
accountaddressaddress renouncing to the role.

revokeRole

This function overrides the parent’s revokeRole function. Its purpose is to prevent Policy Admins from being revoked through this “backdoor” which would effectively leave the policy in a Policy Admin-orphan state. 
function revokeRole(bytes32 role, address account, uint256 policyId) public nonReentrant;
Parameters
NameTypeDescription
rolebytes32the role to revoke.
accountaddressaddress of revoked role.
policyIduint256

_grantRolePolicyAdmin

Grants a policy admin role to an address. Internal function to assign the policy admin role. 
function _grantRolePolicyAdmin(bytes32 _role, address _account) internal;
Parameters
NameTypeDescription
_rolebytes32The admin role identifier.
_accountaddressThe address to be granted the role.

_generatePolicyAdminRoleId

Generates a unique identifier for a policy admin role. 
function _generatePolicyAdminRoleId(uint256 _policyId, bytes32 _adminRole) internal pure returns (bytes32);
Parameters
NameTypeDescription
_policyIduint256The ID of the policy.
_adminRolebytes32The role constant identifier.
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

isCallingContractAdmin

Checks if an address is the calling contract admin for a specific contract. 
function isCallingContractAdmin(address _callingContract, address _account) public view returns (bool);
Parameters
NameTypeDescription
_callingContractaddressThe address of the calling contract.
_accountaddressThe address to check for the calling contract admin role.
Returns
NameTypeDescription
<none>boolbool True if the address has the calling contract admin role, false otherwise.

grantCallingContractRole

Grants the calling contract admin role to an address. Call this function from your contract to set the calling contract admin. 
function grantCallingContractRole(address _callingContract, address _account) public nonReentrant returns (bytes32);
Parameters
NameTypeDescription
_callingContractaddressThe address of the calling contract.
_accountaddressThe address to assign the calling contract admin role.
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

grantCallingContractRoleAccessControl

Function to grant calling contract admin role Call this function when you are the calling contract admin of your contract This method allows contracts that implement AccessControl to grant a calling contract admin role without inheriting the full RulesEngineClient contract 
function grantCallingContractRoleAccessControl(address _callingContract, address _account)
    public
    nonReentrant
    returns (bytes32);
Parameters
NameTypeDescription
_callingContractaddresspolicy Id
_accountaddressaddress to assign admin role Id
Returns
NameTypeDescription
<none>bytes32bytes32 adminRoleId

grantCallingContractRoleOwnable

Grants the calling contract admin role to an address. Call this function from your contract to set the calling contract admin. This method allows contracts that implement Ownable to grant a calling contract admin role without inheriting the full RulesEngineClient contract 
function grantCallingContractRoleOwnable(address _callingContract, address _account)
    public
    nonReentrant
    returns (bytes32);
Parameters
NameTypeDescription
_callingContractaddressThe address of the calling contract.
_accountaddressThe address to assign the calling contract admin role.
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

proposeNewCallingContractAdmin

There can only ever be one Calling Contract Admin per calling contract This function grants the proposed admin role to the newPolicyAdmin address Calling Contract Admin does not have a revoke or renounce function. Only Use Propose and Confirm to transfer Role. 
function proposeNewCallingContractAdmin(address callingContractAddress, address newCallingContractAdmin) public;
Parameters
NameTypeDescription
callingContractAddressaddressaddress of the calling contract.
newCallingContractAdminaddressaddress of new admin.

confirmNewCallingContractAdmin

This function confirms the proposed admin role 
function confirmNewCallingContractAdmin(address callingContractAddress) public;
Parameters
NameTypeDescription
callingContractAddressaddressaddress of the calling contract.

_grantCallingContractRoleHelper

Internal helper function to handle common calling contract role granting logic 
function _grantCallingContractRoleHelper(address _callingContract, address _account) private returns (bytes32);
Parameters
NameTypeDescription
_callingContractaddressThe address of the calling contract
_accountaddressThe address to assign the calling contract admin role
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier

_generateCallingContractAdminRoleId

Generates a unique identifier for a calling contract admin role. 
function _generateCallingContractAdminRoleId(address _callingContract, bytes32 _adminRole)
    internal
    pure
    returns (bytes32);
Parameters
NameTypeDescription
_callingContractaddressThe address of the calling contract.
_adminRolebytes32The role constant identifier.
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

isForeignCallAdmin

Checks if an address is the foreign call admin for a specific contract. 
function isForeignCallAdmin(address _foreignCallContract, address _account, bytes4 _functionSignature)
    public
    view
    returns (bool);
Parameters
NameTypeDescription
_foreignCallContractaddressThe address of the foreign call contract.
_accountaddressThe address to check for the foreign call admin role.
_functionSignaturebytes4The function signature for which the foreign call admin role is being checked.
Returns
NameTypeDescription
<none>boolbool True if the address has the foreign admin role, false otherwise.

grantForeignCallAdminRole

Grants the foreign call admin role to an address. Call this function from your contract to set the foreign call admin. 
function grantForeignCallAdminRole(address _foreignCallContract, address _account, bytes4 _functionSignature)
    public
    nonReentrant
    returns (bytes32);
Parameters
NameTypeDescription
_foreignCallContractaddressThe address of the foreign call.
_accountaddressThe address to assign the foreign call admin role.
_functionSignaturebytes4
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

proposeNewForeignCallAdmin

There can only ever be one Foreign Call Admin per foriegn call contract This function grants the proposed admin role to the foreignCall Admin address Foreign Call Admin does not have a revoke or renounce function. Only Use Propose and Confirm to transfer Role. 
function proposeNewForeignCallAdmin(
    address foreignCallContract,
    address newForeignCallContractAdmin,
    bytes4 functionSignature
) public;
Parameters
NameTypeDescription
foreignCallContractaddressaddress of the foreign call contract.
newForeignCallContractAdminaddressaddress of new admin.
functionSignaturebytes4

confirmNewForeignCallAdmin

This function confirms the proposed admin role 
function confirmNewForeignCallAdmin(address foreignCallContract, bytes4 functionSignature) public;
Parameters
NameTypeDescription
foreignCallContractaddressaddress of the calling contract.
functionSignaturebytes4

_generateForeignCallAdminRoleId

Generates a unique identifier for a foreign call admin role. 
function _generateForeignCallAdminRoleId(address _foreignCallContract, bytes4 _functionSignature, bytes32 _adminRole)
    internal
    pure
    returns (bytes32);
Parameters
NameTypeDescription
_foreignCallContractaddressThe address of the foreign call contract.
_functionSignaturebytes4
_adminRolebytes32The role constant identifier.
Returns
NameTypeDescription
<none>bytes32bytes32 The generated admin role identifier.

renounceRole

Overrides the parent’s renounceRole function to disable its public nature. This function is intentionally disabled to enforce role renouncing through specific channels. 
function renounceRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl);
Parameters
NameTypeDescription
rolebytes32The role to renounce.
accountaddressThe address renouncing the role.

revokeRole

Overrides the parent’s revokeRole function to disable its public nature. This function is intentionally disabled to enforce role revocation through specific channels. 
function revokeRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl);
Parameters
NameTypeDescription
rolebytes32The role to revoke.
accountaddressThe address of the revoked role.

grantRole

Overrides the parent’s grantRole function to disable its public nature. This function is intentionally disabled to enforce role granting through specific channels. 
function grantRole(bytes32 role, address account) public pure override(AccessControl, IAccessControl);
Parameters
NameTypeDescription
rolebytes32The role to grant.
accountaddressThe address to grant the role to.