Class AccessControl<T>

Represents a role-based access control object.

Remarks

Manages roles and permissions using a bitmask approach. Each bit in a bitmask represents a distinct permission.

Example

import { Context, Address } from '@massalabs/massa-as-sdk';
import { Args, stringToBytes } from '@massalabs/as-types';
import { AccessControl } from '@massalabs/sc-standards';

const controller = new AccessControl<u8>(1);
const ADMIN = controller.newPermission('admin');
const USER = controller.newPermission('user');

export function constructor(raw: StaticArray<u8>): StaticArray<u8> {
  if (!Context.isDeployingContract()) {
    return [];
  }

  const args = new Args(raw);
  const adminAddress = args.nextSerializable<Address>().expect('Admin address is missing');
  const userAddress = args.nextSerializable<Address>().expect('User address is missing');

  controller.grantPermission(ADMIN, adminAddress);
  controller.grantPermission(USER, userAddress);

  return [];
}

export function superSensible(_: StaticArray<u8>): StaticArray<u8> {
  controller.mustHavePermission(ADMIN, Context.caller());
  return stringToBytes('Super sensitive data');
}

export function internalOnly(_: StaticArray<u8>): StaticArray<u8> {
  controller.mustHaveAnyPermission(ADMIN | USER, Context.caller());
  return stringToBytes('Internal data');
}

export function publicData(_: StaticArray<u8>): StaticArray<u8> {
  return stringToBytes('Public data');
}

Type Parameters

T

Use to size the bitmask. The maximum number of permissions is 8 * sizeof().

Hierarchy

AccessControl

Index

Constructors

constructor

Methods

grantPermission hasAnyPermission hasPermission mustHaveAnyPermission mustHavePermission newPermission revokePermission

Constructors

constructor

new AccessControl<T>(moduleId: number): AccessControl<T>
Type Parameters
- T
Parameters
- moduleId: number
  
  The module identifier to differentiate storage keys.
Returns AccessControl<T>
- Defined in security/accessControl.ts:69

Methods

grantPermission

grantPermission(permission: T, user: Address): void
Add a permission to a user.

Remarks
Updated permissions are stored in the contract's storage.

Throws
if the user already has the permission or if the permission does not exist.
Parameters
- permission: T
  
  The permission to grant.
- user: Address
  
  The user identified by his address.
Returns void
- Defined in security/accessControl.ts:137

hasAnyPermission

hasAnyPermission(permission: T, user: Address): boolean
Checks if the user has any of the given permissions.

Returns
true if the user has any of the permissions, false otherwise.

Throws
if the permission does not exist.
Parameters
- permission: T
  
  The permission bitmask to check.
- user: Address
  
  The user identified by his address.
Returns boolean
- Defined in security/accessControl.ts:226

hasPermission

hasPermission(permission: T, user: Address): boolean
Checks if the user has the given permission.

Returns
true if the user has the permission, false otherwise.

Throws
if the permission does not exist.
Parameters
- permission: T
  
  The permission bitmask to check.
- user: Address
  
  The user identified by his address.
Returns boolean
- Defined in security/accessControl.ts:191

mustHaveAnyPermission

mustHaveAnyPermission(permission: T, user: Address): void
Checks if the user has any of the given permissions.

Throws
if the user does not have any of the permissions.
Parameters
- permission: T
  
  The permission bitmask to check.
- user: Address
  
  The user identified by his address.
Returns void
- Defined in security/accessControl.ts:244

mustHavePermission

mustHavePermission(permission: T, user: Address): void
Checks if the user has the given permission.

Throws
if the user does not have the permission.
Parameters
- permission: T
  
  The permission bitmask to check.
- user: Address
  
  The user identified by his address.
Returns void
- Defined in security/accessControl.ts:210

newPermission

newPermission(Permission: string): T
Creates a new permission.

Remarks
Permissions are dynamically created and not stored in the contract's storage. While this optimization reduces storage usage, it also means that the permission must be globally defined and consistent.

Returns
a number representing the permission.

Throws
if the maximum number of permissions is reached.
Parameters
- Permission: string
  
  The name of the permission.
Returns T
- Defined in security/accessControl.ts:116

revokePermission

revokePermission(permission: T, user: Address): void
Removes a permission from a user.

Remarks
Updated permissions are stored in the contract's storage.

Throws
if the user does not have the permission or if the permission does not exist.
Parameters
- permission: T
  
  The permission to remove.
- user: Address
  
  The user identified by his address.
Returns void
- Defined in security/accessControl.ts:165

Class AccessControl<T>

Remarks

Example

Type Parameters

T

Hierarchy

Index

Constructors

Methods

Constructors

constructor

Type Parameters

T

Parameters

moduleId: number

Returns AccessControl<T>

Methods

grantPermission

Remarks

Throws

Parameters

permission: T

user: Address

Returns void

hasAnyPermission

Returns

Throws

Parameters

permission: T

user: Address

Returns boolean

hasPermission

Returns

Throws

Parameters

permission: T

user: Address

Returns boolean

mustHaveAnyPermission

Throws

Parameters

permission: T

user: Address

Returns void

mustHavePermission

Throws

Parameters

permission: T

user: Address

Returns void

newPermission

Remarks

Returns

Throws

Parameters

Permission: string

Returns T

revokePermission

Remarks

Throws

Parameters

permission: T

user: Address

Returns void

Settings

Member Visibility

Theme