Skip to main content

Access Control Pausable Facet

Manage role pausing and unpausing within a diamond

Key Features
  • Allows temporary disabling of roles using pauseRole.
  • Enables re-enabling of roles via unpauseRole.
  • Provides isRolePaused to check role status.
  • Integrates seamlessly with diamond storage and access control patterns.

Overview

This facet provides functionality to pause and unpause specific roles within a diamond, controlled by role administrators. It integrates with diamond storage to manage role states and allows for temporary suspension of role execution. Developers add this facet to enable granular control over role availability.

Storage

AccessControlStorage

Definition
struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

AccessControlPausableStorage

Definition
struct AccessControlPausableStorage {
  mapping(bytes32 role => bool paused) pausedRoles;
}

State Variables

PropertyTypeDescription
ACCESS_CONTROL_STORAGE_POSITIONbytes32Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))
PAUSABLE_STORAGE_POSITIONbytes32Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol.pausable"))

Functions

isRolePaused

Returns if a role is paused.

function isRolePaused(bytes32 _role) external view returns (bool);

Parameters:

PropertyTypeDescription
_rolebytes32The role to check.

Returns:

PropertyTypeDescription
-boolTrue if the role is paused, false otherwise.

pauseRole

Temporarily disables a role, preventing all accounts from using it. Only the admin of the role can pause it. Emits a RolePaused event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function pauseRole(bytes32 _role) external;

Parameters:

PropertyTypeDescription
_rolebytes32The role to pause.

unpauseRole

Re-enables a role that was previously paused. Only the admin of the role can unpause it. Emits a RoleUnpaused event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function unpauseRole(bytes32 _role) external;

Parameters:

PropertyTypeDescription
_rolebytes32The role to unpause.

requireRoleNotPaused

Checks if an account has a role and if the role is not paused. - Reverts with AccessControlUnauthorizedAccount If the account does not have the role. - Reverts with AccessControlRolePaused If the role is paused.

function requireRoleNotPaused(bytes32 _role, address _account) external view;

Parameters:

PropertyTypeDescription
_rolebytes32The role to check.
_accountaddressThe account to check the role for.

exportSelectors

Exports the selectors that are exposed by the facet.

function exportSelectors() external pure returns (bytes memory);

Returns:

PropertyTypeDescription
-bytesSelectors that are exported by the facet.

Events

Errors

Best Practices

Best Practice
  • Grant the role administrator appropriate permissions to call pauseRole and unpauseRole.
  • Use requireRoleNotPaused before executing critical operations tied to a specific role.
  • Ensure AccessControlPausableFacet selectors are correctly registered with the diamond.

Security Considerations

Security

All state-changing functions (pauseRole, unpauseRole) are protected by access control, reverting with AccessControlUnauthorizedAccount if the caller is not the admin of the role. The requireRoleNotPaused function reverts with AccessControlRolePaused if the specified role is paused, preventing execution. Follow standard Solidity security practices for input validation.

Was this helpful?
Last updated:

Newsletter

Get notified about releases, feature announcements, and technical deep-dives on building smart contracts with Compose.

No spam. Unsubscribe anytime.
This site is powered by Netlify