Skip to main content

Access Control Temporal Revoke Module

Revoke temporal roles with admin authorization

Key Features
  • Provides an internal function revokeTemporalRole for revoking temporal roles.
  • Enforces authorization, allowing only the role's admin to revoke.
  • Emits a TemporalRoleRevoked event upon successful revocation.
  • Operates using the diamond storage pattern for shared state management.
Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides functions to revoke temporal roles, ensuring that only authorized administrators can perform this action. It integrates with diamond storage to manage role revocation state, making changes immediately visible to all facets accessing the same storage. Use this module to implement time-limited access control within your diamond.

Storage

AccessControlStorage

Storage struct for AccessControl (reused struct definition). Must match the struct definition in AccessControlDataFacet. storage-location: erc8042:compose.accesscontrol

Definition
struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

AccessControlTemporalStorage

Storage struct for AccessControlTemporal. storage-location: erc8042:compose.accesscontrol.temporal

Definition
struct AccessControlTemporalStorage {
  mapping(address account => mapping(bytes32 role => uint256 expiryTimestamp)) roleExpiry;
}

State Variables

PropertyTypeDescription
ACCESS_CONTROL_STORAGE_POSITIONbytes32Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))
TEMPORAL_STORAGE_POSITIONbytes32Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol.temporal"))

Functions

getAccessControlStorage

Returns the storage for AccessControl.

function getAccessControlStorage() pure returns (AccessControlStorage storage s);

Returns:

PropertyTypeDescription
sAccessControlStorageThe AccessControl storage struct.

getStorage

Returns the storage for AccessControlTemporal.

function getStorage() pure returns (AccessControlTemporalStorage storage s);

Returns:

PropertyTypeDescription
sAccessControlTemporalStorageThe AccessControlTemporal storage struct.

revokeTemporalRole

Revokes a temporal role from an account. Only the admin of the role can revoke it. Emits a {TemporalRoleRevoked} event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeTemporalRole(bytes32 _role, address _account) ;

Parameters:

PropertyTypeDescription
_rolebytes32The role to revoke.
_accountaddressThe account to revoke the role from.

Events

Errors

Best Practices

Best Practice
  • Ensure the caller possesses the necessary administrative privileges for the role before invoking revokeTemporalRole.
  • Verify that the AccessControlTemporalRevokeMod has been correctly initialized with its diamond storage address.
  • Handle the AccessControlUnauthorizedAccount error to gracefully manage unauthorized revocation attempts.

Integration Notes

Shared Storage

This module operates on shared diamond storage, specifically utilizing the ACCESS_CONTROL_STORAGE_POSITION (keccak256("compose.accesscontrol")) for its AccessControlStorage and AccessControlTemporalStorage structures. All modifications made via revokeTemporalRole are immediately reflected in the diamond's storage and are visible to any other facet that reads from these storage locations. The module's functions are internal, implying they are intended to be called by other facets within the same diamond.

Was this helpful?
Last updated:

Newsletter

Get notified about releases, feature announcements, and technical deep-dives on building smart contracts with Compose.

No spam. Unsubscribe anytime.
This site is powered by Netlify