Access Control Pausable Module

Manages role pausing and checks within a diamond

Key Features

• Internal functions for role pausing and status checks, intended for use within custom facets.
• Utilizes diamond storage pattern via ACCESS_CONTROL_STORAGE_POSITION for shared state.
• Emits RolePaused and RoleUnpaused events for off-chain monitoring.
• Reverts with custom errors AccessControlRolePaused and AccessControlUnauthorizedAccount.

Module Usage

This module provides internal functions for use in your custom facets. Import it to access shared logic and storage.

Overview

This module provides internal functions to pause and unpause specific roles, controlling whether accounts can perform actions associated with those roles. It leverages diamond storage for state management, ensuring that pausing decisions are universally visible across all facets interacting with the same storage. This enhances security by allowing temporary suspension of role-based operations.

Storage

AccessControlPausableStorage

Storage struct for AccessControlPausable. storage-location: erc8042:compose.accesscontrol.pausable

Definition

struct AccessControlPausableStorage {
  mapping(bytes32 role => bool paused) pausedRoles;
}

---

AccessControlStorage

Storage struct for AccessControl (reused struct definition). Must match the struct definition in AccessControlDataFacet / AccessControlDataMod. storage-location: erc8042:compose.accesscontrol

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
ACCESS_CONTROL_STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))
PAUSABLE_STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol.pausable"))

Functions

getAccessControlStorage

Returns the storage for AccessControl.

function getAccessControlStorage() pure returns (AccessControlStorage storage s);

Returns:

Property	Type	Description
s	AccessControlStorage	The AccessControl storage struct.

---

getStorage

Returns the storage for AccessControlPausable.

function getStorage() pure returns (AccessControlPausableStorage storage s);

Returns:

Property	Type	Description
s	AccessControlPausableStorage	The AccessControlPausable storage struct.

---

isRolePaused

function to check if a role is paused.

function isRolePaused(bytes32 _role) view returns (bool);

Parameters:

Property	Type	Description
_role	bytes32	The role to check.

Returns:

Property	Type	Description
-	bool	True if the role is paused, false otherwise.

---

pauseRole

function to pause a role.

function pauseRole(bytes32 _role) ;

Parameters:

Property	Type	Description
_role	bytes32	The role to pause.

---

requireRoleNotPaused

function to check if an account has a role and if the role is not paused. Notes: - Reverts with AccessControlUnauthorizedAccount If the account does not have the role. - Reverts with AccessControlRolePaused If the role is paused.

function requireRoleNotPaused(bytes32 _role, address _account) view;

Parameters:

Property	Type	Description
_role	bytes32	The role to check.
_account	address	The account to check the role for.

---

unpauseRole

function to unpause a role.

function unpauseRole(bytes32 _role) ;

Parameters:

Property	Type	Description
_role	bytes32	The role to unpause.

Events

Event emitted when a role is paused.

Signature:

event RolePaused(bytes32 indexed _role, address indexed _account);

Parameters:

Property	Type	Description
_role	bytes32	The role that was paused.
_account	address	The account that paused the role.

Event emitted when a role is unpaused.

Signature:

event RoleUnpaused(bytes32 indexed _role, address indexed _account);

Parameters:

Property	Type	Description
_role	bytes32	The role that was unpaused.
_account	address	The account that unpaused the role.

Errors

Thrown when a role is paused and an operation requiring that role is attempted.

Signature:

error AccessControlRolePaused(bytes32 _role);

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Best Practices

Best Practice

• Call requireRoleNotPaused before executing role-dependent logic to enforce active role status.
• Ensure the AccessControlPausableMod is correctly initialized with the diamond's storage pointer.
• Handle AccessControlRolePaused and AccessControlUnauthorizedAccount errors when using requireRoleNotPaused in external-facing functions.

Integration Notes

Shared Storage

This module interacts with diamond storage at the position identified by ACCESS_CONTROL_STORAGE_POSITION. It manages the paused state of roles within the AccessControlPausableStorage struct, which is shared across all facets. Functions like pauseRole and unpauseRole modify this shared state, making the changes immediately visible to any other facet that reads from the same storage position. The requireRoleNotPaused function reads this state to enforce restrictions.

Was this helpful?

Last updated:March 13, 2026