Documentation Index
Fetch the complete documentation index at: https://docs.forterulesengine.io/llms.txt
Use this file to discover all available pages before exploring further.
Git Source
Inherits:
AccessControlEnumerable, ReentrancyGuard
Author:
@mpetersoCode55, @ShaneDuncan602, @TJ-Everett, @VoR0220
SPDX-License-Identifier: BUSL-1.1
This contract is a critical component of the Rules Engine, enabling secure and flexible role management.
This contract serves as the primary Admin Roles facet for the Rules Engine. It is responsible for managing, mutating,
and granting all admin roles, including policy and calling contract admin roles. It enforces role-based access control
and ensures proper role assignment and revocation. The contract also provides mechanisms for proposing and confirming
new admin roles.
Functions
isPolicyAdmin
Checks if an address is the policy admin for a specific policy ID.
function isPolicyAdmin(uint256 policyId, address account) public view returns (bool);
| Name | Type | Description |
|---|
policyId | uint256 | The ID of the policy. |
account | address | The address to check for the policy admin role. |
| Name | Type | Description |
|---|
<none> | bool | bool True if the address has the policy admin role, false otherwise. |
generatePolicyAdminRole
Generates and assigns a policy admin role to an address.
This function is called internally by the Rules Engine to assign the policy admin role.
function generatePolicyAdminRole(uint256 policyId, address account) public nonReentrant returns (bytes32);
| Name | Type | Description |
|---|
policyId | uint256 | The ID of the policy. |
account | address | The address to assign the policy admin role. |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
proposeNewPolicyAdmin
Proposes a new policy admin for a specific policy.
function proposeNewPolicyAdmin(address newPolicyAdmin, uint256 policyId) public;
| Name | Type | Description |
|---|
newPolicyAdmin | address | The address of the proposed new policy admin. |
policyId | uint256 | The ID of the policy. |
confirmNewPolicyAdmin
Confirms the proposed policy admin for a specific policy.
function confirmNewPolicyAdmin(uint256 policyId) public;
| Name | Type | Description |
|---|
policyId | uint256 | The ID of the policy. |
renouncePolicyAdminRole
This function is used to renounce Role. It is also preventing policyAdmins from renouncing ther role.
They must set another policyAdmin through the function proposeNewPolicyAdmin().
function renouncePolicyAdminRole(bytes32 role, address account, uint256 policyId) public nonReentrant;
| Name | Type | Description |
|---|
role | bytes32 | the role to renounce. |
account | address | address renouncing to the role. |
policyId | uint256 | |
renounceCallingContractAdminRole
This function is used to renounce Calling Contract Admin Role.
function renounceCallingContractAdminRole(address callingContract, address account) external nonReentrant;
| Name | Type | Description |
|---|
callingContract | address | the calling contract associated to the role. |
account | address | address renouncing to the role. |
renounceForeignCallAdminRole
This function is used to renounce Foreign Call Admin Role.
function renounceForeignCallAdminRole(address _foreignCallContract, bytes4 _functionSignature, address account)
external
nonReentrant;
| Name | Type | Description |
|---|
_foreignCallContract | address | the role to renounce. |
_functionSignature | bytes4 | function signature of the foreign call |
account | address | address renouncing to the role. |
revokeRole
This function overrides the parent’s revokeRole function. Its purpose is to prevent Policy Admins from being revoked through
this “backdoor” which would effectively leave the policy in a Policy Admin-orphan state.
function revokeRole(bytes32 role, address account, uint256 policyId) public nonReentrant;
| Name | Type | Description |
|---|
role | bytes32 | the role to revoke. |
account | address | address of revoked role. |
policyId | uint256 | |
_grantRolePolicyAdmin
Grants a policy admin role to an address.
Internal function to assign the policy admin role.
function _grantRolePolicyAdmin(bytes32 _role, address _account) internal;
| Name | Type | Description |
|---|
_role | bytes32 | The admin role identifier. |
_account | address | The address to be granted the role. |
_generatePolicyAdminRoleId
Generates a unique identifier for a policy admin role.
function _generatePolicyAdminRoleId(uint256 _policyId, bytes32 _adminRole) internal pure returns (bytes32);
| Name | Type | Description |
|---|
_policyId | uint256 | The ID of the policy. |
_adminRole | bytes32 | The role constant identifier. |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
isCallingContractAdmin
Checks if an address is the calling contract admin for a specific contract.
function isCallingContractAdmin(address _callingContract, address _account) public view returns (bool);
| Name | Type | Description |
|---|
_callingContract | address | The address of the calling contract. |
_account | address | The address to check for the calling contract admin role. |
| Name | Type | Description |
|---|
<none> | bool | bool True if the address has the calling contract admin role, false otherwise. |
grantCallingContractRole
Grants the calling contract admin role to an address.
Call this function from your contract to set the calling contract admin.
function grantCallingContractRole(address _callingContract, address _account) public nonReentrant returns (bytes32);
| Name | Type | Description |
|---|
_callingContract | address | The address of the calling contract. |
_account | address | The address to assign the calling contract admin role. |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
grantCallingContractRoleAccessControl
Function to grant calling contract admin role
Call this function when you are the calling contract admin of your contract
This method allows contracts that implement AccessControl to grant a calling contract admin role without inheriting the full RulesEngineClient contract
function grantCallingContractRoleAccessControl(address _callingContract, address _account)
public
nonReentrant
returns (bytes32);
| Name | Type | Description |
|---|
_callingContract | address | policy Id |
_account | address | address to assign admin role Id |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 adminRoleId |
grantCallingContractRoleOwnable
Grants the calling contract admin role to an address.
Call this function from your contract to set the calling contract admin.
This method allows contracts that implement Ownable to grant a calling contract admin role without inheriting the full RulesEngineClient contract
function grantCallingContractRoleOwnable(address _callingContract, address _account)
public
nonReentrant
returns (bytes32);
| Name | Type | Description |
|---|
_callingContract | address | The address of the calling contract. |
_account | address | The address to assign the calling contract admin role. |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
proposeNewCallingContractAdmin
There can only ever be one Calling Contract Admin per calling contract
This function grants the proposed admin role to the newPolicyAdmin address
Calling Contract Admin does not have a revoke or renounce function. Only Use Propose and Confirm to transfer Role.
function proposeNewCallingContractAdmin(address callingContractAddress, address newCallingContractAdmin) public;
| Name | Type | Description |
|---|
callingContractAddress | address | address of the calling contract. |
newCallingContractAdmin | address | address of new admin. |
confirmNewCallingContractAdmin
This function confirms the proposed admin role
function confirmNewCallingContractAdmin(address callingContractAddress) public;
| Name | Type | Description |
|---|
callingContractAddress | address | address of the calling contract. |
_grantCallingContractRoleHelper
Internal helper function to handle common calling contract role granting logic
function _grantCallingContractRoleHelper(address _callingContract, address _account) private returns (bytes32);
| Name | Type | Description |
|---|
_callingContract | address | The address of the calling contract |
_account | address | The address to assign the calling contract admin role |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier |
_generateCallingContractAdminRoleId
Generates a unique identifier for a calling contract admin role.
function _generateCallingContractAdminRoleId(address _callingContract, bytes32 _adminRole)
internal
pure
returns (bytes32);
| Name | Type | Description |
|---|
_callingContract | address | The address of the calling contract. |
_adminRole | bytes32 | The role constant identifier. |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
isForeignCallAdmin
Checks if an address is the foreign call admin for a specific contract.
function isForeignCallAdmin(address _foreignCallContract, address _account, bytes4 _functionSignature)
public
view
returns (bool);
| Name | Type | Description |
|---|
_foreignCallContract | address | The address of the foreign call contract. |
_account | address | The address to check for the foreign call admin role. |
_functionSignature | bytes4 | The function signature for which the foreign call admin role is being checked. |
| Name | Type | Description |
|---|
<none> | bool | bool True if the address has the foreign admin role, false otherwise. |
grantForeignCallAdminRole
Grants the foreign call admin role to an address.
Call this function from your contract to set the foreign call admin.
function grantForeignCallAdminRole(address _foreignCallContract, address _account, bytes4 _functionSignature)
public
nonReentrant
returns (bytes32);
| Name | Type | Description |
|---|
_foreignCallContract | address | The address of the foreign call. |
_account | address | The address to assign the foreign call admin role. |
_functionSignature | bytes4 | |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
proposeNewForeignCallAdmin
There can only ever be one Foreign Call Admin per foriegn call contract
This function grants the proposed admin role to the foreignCall Admin address
Foreign Call Admin does not have a revoke or renounce function. Only Use Propose and Confirm to transfer Role.
function proposeNewForeignCallAdmin(
address foreignCallContract,
address newForeignCallContractAdmin,
bytes4 functionSignature
) public;
| Name | Type | Description |
|---|
foreignCallContract | address | address of the foreign call contract. |
newForeignCallContractAdmin | address | address of new admin. |
functionSignature | bytes4 | |
confirmNewForeignCallAdmin
This function confirms the proposed admin role
function confirmNewForeignCallAdmin(address foreignCallContract, bytes4 functionSignature) public;
| Name | Type | Description |
|---|
foreignCallContract | address | address of the calling contract. |
functionSignature | bytes4 | |
_generateForeignCallAdminRoleId
Generates a unique identifier for a foreign call admin role.
function _generateForeignCallAdminRoleId(address _foreignCallContract, bytes4 _functionSignature, bytes32 _adminRole)
internal
pure
returns (bytes32);
| Name | Type | Description |
|---|
_foreignCallContract | address | The address of the foreign call contract. |
_functionSignature | bytes4 | |
_adminRole | bytes32 | The role constant identifier. |
| Name | Type | Description |
|---|
<none> | bytes32 | bytes32 The generated admin role identifier. |
renounceRole
Overrides the parent’s renounceRole function to disable its public nature.
This function is intentionally disabled to enforce role renouncing through specific channels.
function renounceRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl);
| Name | Type | Description |
|---|
role | bytes32 | The role to renounce. |
account | address | The address renouncing the role. |
revokeRole
Overrides the parent’s revokeRole function to disable its public nature.
This function is intentionally disabled to enforce role revocation through specific channels.
function revokeRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl);
| Name | Type | Description |
|---|
role | bytes32 | The role to revoke. |
account | address | The address of the revoked role. |
grantRole
Overrides the parent’s grantRole function to disable its public nature.
This function is intentionally disabled to enforce role granting through specific channels.
function grantRole(bytes32 role, address account) public pure override(AccessControl, IAccessControl);
| Name | Type | Description |
|---|
role | bytes32 | The role to grant. |
account | address | The address to grant the role to. |
