RulesEngineAdminRolesFacet - Forte Rules Engine

Inherits: AccessControlEnumerable, ReentrancyGuard

Author: @mpetersoCode55, @ShaneDuncan602, @TJ-Everett, @VoR0220

SPDX-License-Identifier: BUSL-1.1

This contract is a critical component of the Rules Engine, enabling secure and flexible role management.

This contract serves as the primary Admin Roles facet for the Rules Engine. It is responsible for managing, mutating, and granting all admin roles, including policy and calling contract admin roles. It enforces role-based access control and ensures proper role assignment and revocation. The contract also provides mechanisms for proposing and confirming new admin roles.

Functions

isPolicyAdmin

Checks if an address is the policy admin for a specific policy ID.

function isPolicyAdmin(uint256 _policyId, address _account) public view returns (bool);

Parameters

Name	Type	Description
`_policyId`	`uint256`	The ID of the policy.
`_account`	`address`	The address to check for the policy admin role.

Returns

Name	Type	Description
`<none>`	`bool`	bool True if the address has the policy admin role, false otherwise.

generatePolicyAdminRole

Generates and assigns a policy admin role to an address.

This function is called internally by the Rules Engine to assign the policy admin role.

function generatePolicyAdminRole(uint256 _policyId, address _account) public nonReentrant returns (bytes32);

Parameters

Name	Type	Description
`_policyId`	`uint256`	The ID of the policy.
`_account`	`address`	The address to assign the policy admin role.

Returns

Name	Type	Description
`<none>`	`bytes32`	bytes32 The generated admin role identifier.

_grantRolePolicyAdmin

Grants a policy admin role to an address.

Internal function to assign the policy admin role.

function _grantRolePolicyAdmin(bytes32 _role, address _account) internal;

Parameters

Name	Type	Description
`_role`	`bytes32`	The admin role identifier.
`_account`	`address`	The address to be granted the role.

proposeNewPolicyAdmin

Proposes a new policy admin for a specific policy.

function proposeNewPolicyAdmin(address newPolicyAdmin, uint256 policyId) public;

Parameters

Name	Type	Description
`newPolicyAdmin`	`address`	The address of the proposed new policy admin.
`policyId`	`uint256`	The ID of the policy.

confirmNewPolicyAdmin

Confirms the proposed policy admin for a specific policy.

function confirmNewPolicyAdmin(uint256 policyId) public;

Parameters

Name	Type	Description
`policyId`	`uint256`	The ID of the policy.

_generatePolicyAdminRoleId

Generates a unique identifier for a policy admin role.

function _generatePolicyAdminRoleId(uint256 _policyId, bytes32 _adminRole) internal pure returns (bytes32);

Parameters

Name	Type	Description
`_policyId`	`uint256`	The ID of the policy.
`_adminRole`	`bytes32`	The role constant identifier.

Returns

Name	Type	Description
`<none>`	`bytes32`	bytes32 The generated admin role identifier.

renounceRole

This function is used to renounce Role. It is also preventing policyAdmins from renouncing ther role. They must set another policyAdmin through the function proposeNewPolicyAdmin().

function renounceRole(bytes32 role, address account, uint256 policyId) public nonReentrant;

Parameters

Name	Type	Description
`role`	`bytes32`	the role to renounce.
`account`	`address`	address renouncing to the role.
`policyId`	`uint256`

revokeRole

enforcing the min-1-admin requirement.

This function overrides the parent’s revokeRole function. Its purpose is to prevent Policy Admins from being revoked through this “backdoor” which would effectively leave the policy in a Policy Admin-orphan state.

function revokeRole(bytes32 role, address account, uint256 policyId) public nonReentrant;

Parameters

Name	Type	Description
`role`	`bytes32`	the role to revoke.
`account`	`address`	address of revoked role.
`policyId`	`uint256`

isCallingContractAdmin

enforcing the min-1-admin requirement for policy admins.

Checks if an address is the calling contract admin for a specific contract.

function isCallingContractAdmin(address _callingContract, address _account) public view returns (bool);

Parameters

Name	Type	Description
`_callingContract`	`address`	The address of the calling contract.
`_account`	`address`	The address to check for the calling contract admin role.

Returns

Name	Type	Description
`<none>`	`bool`	bool True if the address has the calling contract admin role, false otherwise.

grantCallingContractRole

Grants the calling contract admin role to an address.

Call this function from your contract to set the calling contract admin.

function grantCallingContractRole(address _callingContract, address _account) public nonReentrant returns (bytes32);

Parameters

Name	Type	Description
`_callingContract`	`address`	The address of the calling contract.
`_account`	`address`	The address to assign the calling contract admin role.

Returns

Name	Type	Description
`<none>`	`bytes32`	bytes32 The generated admin role identifier.

grantCallingContractRoleAccessControl

Function to grant calling contract admin role

Call this function when you are the calling contract admin of your contract

function grantCallingContractRoleAccessControl(address _callingContract, address _account)
    public
    nonReentrant
    returns (bytes32);

Parameters

Name	Type	Description
`_callingContract`	`address`	policy Id
`_account`	`address`	address to assign admin role Id

Returns

Name	Type	Description
`<none>`	`bytes32`	bytes32 adminRoleId

grantCallingContractRoleOwnable

Grants the calling contract admin role to an address.

Call this function from your contract to set the calling contract admin.

function grantCallingContractRoleOwnable(address _callingContract, address _account)
    public
    nonReentrant
    returns (bytes32);

Parameters

Name	Type	Description
`_callingContract`	`address`	The address of the calling contract.
`_account`	`address`	The address to assign the calling contract admin role.

Returns

Name	Type	Description
`<none>`	`bytes32`	bytes32 The generated admin role identifier.

_generateCallingContractAdminRoleId

Generates a unique identifier for a calling contract admin role.

function _generateCallingContractAdminRoleId(address _callingContract, bytes32 _adminRole)
    internal
    pure
    returns (bytes32);

Parameters

Name	Type	Description
`_callingContract`	`address`	The address of the calling contract.
`_adminRole`	`bytes32`	The role constant identifier.

Returns

Name	Type	Description
`<none>`	`bytes32`	bytes32 The generated admin role identifier.

proposeNewCallingContractAdmin

There can only ever be one Calling Contract Admin per calling contract

This function grants the proposed admin role to the newPolicyAdmin address

Calling Contract Admin does not have a revoke or renounce function. Only Use Propose and Confirm to transfer Role.

function proposeNewCallingContractAdmin(address callingContractAddress, address newCallingContractAdmin) public;

Parameters

Name	Type	Description
`callingContractAddress`	`address`	address of the calling contract.
`newCallingContractAdmin`	`address`	address of new admin.

confirmNewCallingContractAdmin

This function confirms the proposed admin role

function confirmNewCallingContractAdmin(address callingContractAddress) public;

Parameters

Name	Type	Description
`callingContractAddress`	`address`	address of the calling contract.

grantRole

Overrides the parent’s grantRole function to disable its public nature.

This function is intentionally disabled to enforce role granting through specific channels.

function grantRole(bytes32 role, address account) public pure override(AccessControl, IAccessControl);

Parameters

Name	Type	Description
`role`	`bytes32`	The role to grant.
`account`	`address`	The address to grant the role to.

renounceRole

this is done to funnel all the role granting functions through this contract since the policyAdmins could add other policyAdmins through this back door

Overrides the parent’s renounceRole function to disable its public nature.

This function is intentionally disabled to enforce role renouncing through specific channels.

function renounceRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl);

Parameters

Name	Type	Description
`role`	`bytes32`	The role to renounce.
`account`	`address`	The address renouncing the role.

revokeRole

Overrides the parent’s revokeRole function to disable its public nature.

This function is intentionally disabled to enforce role revocation through specific channels.

function revokeRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl);

Parameters

Name	Type	Description
`role`	`bytes32`	The role to revoke.
`account`	`address`	The address of the revoked role.

Reference

​Functions

​isPolicyAdmin

​generatePolicyAdminRole

​_grantRolePolicyAdmin

​proposeNewPolicyAdmin

​confirmNewPolicyAdmin

​_generatePolicyAdminRoleId

​renounceRole

​revokeRole

​isCallingContractAdmin

​grantCallingContractRole

​grantCallingContractRoleAccessControl

​grantCallingContractRoleOwnable

​_generateCallingContractAdminRoleId

​proposeNewCallingContractAdmin

​confirmNewCallingContractAdmin

​grantRole

​renounceRole

​revokeRole

Functions

isPolicyAdmin

generatePolicyAdminRole

_grantRolePolicyAdmin

proposeNewPolicyAdmin

confirmNewPolicyAdmin

_generatePolicyAdminRoleId

renounceRole

revokeRole

isCallingContractAdmin

grantCallingContractRole

grantCallingContractRoleAccessControl

grantCallingContractRoleOwnable

_generateCallingContractAdminRoleId

proposeNewCallingContractAdmin

confirmNewCallingContractAdmin

grantRole

renounceRole

revokeRole