在基于角色的访问控制智能合约中修改和分配角色

Defender 允许你无缝地监督和指挥大规模的合约权限,并能以精细的粒度查看和控制访问。本教程展示了如何添加智能合约以查看和管理其角色,包括分配和移除角色。

前提条件

  • OpenZeppelin Defender 帐户。

  • 任何外部钱包(如 Metamask),其中包含在 Sepolia 中持有资金的 EOA。

1. 添加合约

在本教程中,你将使用部署到 Sepolia 的 这个,window=_blank 工厂创建一个实现基于角色的访问控制库的合约。你创建的合约将自动为你分配管理员角色,以管理其角色。

  1. 在 Web 浏览器中打开 Defender 地址簿,window=_blank

  2. 使用以下值填写表单,然后单击“创建”:

    • 名称:Access Control Factory

    • 网络:Sepolia

    • 地址:0xF909B3dBB525fDe7C3e8cd59FbECF3D42c217454

    工厂的地址簿

  3. 导航到 交易提案,window=_blank

  4. 使用以下值填写“常规信息”部分:

    • 名称:Create Access Control contract

    • 目标合约:Access Control Factory

    交易提案常规信息

  5. 对于“函数”部分,选择 create 函数。

  6. 打开“审批流程”部分,单击输入字段并选择“创建审批流程”。

  7. 使用以下值填写审批流程表单,然后单击“保存更改”:

    • 名称:Access Control Admin

    • 类型:EOA

    • 地址:你的钱包 EOA 地址

  8. 使用创建的审批流程的 EOA 地址连接你的钱包,然后单击“提交交易提案”。

    交易提案提交提案

  9. 单击“创建访问控制合约”交易提案。

  10. 单击右上角的“批准并执行”按钮,并在你的钱包上确认交易。

    交易提案提交交易

  11. 向下滚动并在“执行结果”下,将鼠标悬停在第一个合约上以复制其地址。

    交易提案复制地址

  12. 导航到 Defender https://defender.openzeppelin.com/v2/#/address-book/new 地址簿,window=_blank]以添加你新创建的合约。

  13. 使用以下值填写表单,然后单击“创建”:

    • 名称:Access Control Contract

    • 网络:Sepolia

    • 地址:从前面的步骤复制的合约地址

    • ABI:复制并粘贴以下内容

    [{"inputs": [],"stateMutability": "nonpayable","type": "constructor"},{"inputs": [],"name": "AccessControlBadConfirmation","type": "error"},{"inputs": [{"internalType": "address","name": "account","type": "address"},{"internalType": "bytes32","name": "neededRole","type": "bytes32"}],"name": "AccessControlUnauthorizedAccount","type": "error"},{"anonymous": false,"inputs": [{"indexed": true,"internalType": "bytes32","name": "role","type": "bytes32"},{"indexed": true,"internalType": "bytes32","name": "previousAdminRole","type": "bytes32"},{"indexed": true,"internalType": "bytes32","name": "newAdminRole","type": "bytes32"}],"name": "RoleAdminChanged","type": "event"},{"anonymous": false,"inputs": [{"indexed": true,"internalType": "bytes32","name": "role","type": "bytes32"},{"indexed": true,"internalType": "address","name": "account","type": "address"},{"indexed": true,"internalType": "address","name": "sender","type": "address"}],"name": "RoleGranted","type": "event"},{"anonymous": false,"inputs": [{"indexed": true,"internalType": "bytes32","name": "role","type": "bytes32"},{"indexed": true,"internalType": "address","name": "account","type": "address"},{"indexed": true,"internalType": "address","name": "sender","type": "address"}],"name": "RoleRevoked","type": "event"},{"inputs": [],"name": "DEFAULT_ADMIN_ROLE","outputs": [{"internalType": "bytes32","name": "","type": "bytes32"}],"stateMutability": "view","type": "function"},{"inputs": [],"name": "RANDOM_ROLE","outputs": [{"internalType": "bytes32","name": "","type": "bytes32"}],"stateMutability": "view","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"}],"name": "getRoleAdmin","outputs": [{"internalType": "bytes32","name": "","type": "bytes32"}],"stateMutability": "view","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "account","type": "address"}],"name": "grantRole","outputs": [],"stateMutability": "nonpayable","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "account","type": "address"}],"name": "hasRole","outputs": [{"internalType": "bool","name": "","type": "bool"}],"stateMutability": "view","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "callerConfirmation","type": "address"}],"name": "renounceRole","outputs": [],"stateMutability": "nonpayable","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "account","type": "address"}],"name": "revokeRole","outputs": [],"stateMutability": "nonpayable","type": "function"},{"inputs": [{"internalType": "bytes4","name": "interfaceId","type": "bytes4"}],"name": "supportsInterface","outputs": [{"internalType": "bool","name": "","type": "bool"}],"stateMutability": "view","type": "function"}]

  14. 导航到 访问控制页面,window=_blank

  15. 观察你新添加的合约以及拥有管理员角色的地址数量。

    带有合约的访问控制页面

  16. 单击合约卡。

2. 查看和修改角色

在你合约的特定页面中,你可以看到持有 DEFAULT_ADMIN_ROLE 角色的地址,该地址是你用于部署合约的审批流程中的 EOA 地址。要进行更改,请单击该角色并输入新地址(或者如果你想从该角色中删除地址,则删除一个地址)。按照以下步骤将新地址添加到 DEFAULT_ADMIN_ROLE

  1. 单击 DEFAULT_ADMIN_ROLE 角色。

  2. 从下拉菜单中选择任何地址或添加一个新地址。

  3. 向下滚动并单击“选择审批流程”。

  4. 选择你的 Access Control Admin 审批流程。

  5. 检查你的钱包是否已连接到正确的 EOA 地址。如果未连接,请单击字段下方的按钮以连接你的钱包。

  6. 单击“保存更改”并在你的钱包上确认交易。

  7. 等待交易执行完毕,并检查新地址是否持有 DEFAULT_ADMIN_ROLE 角色。

    合约的访问控制页面添加角色

对于可拥有的合约,你只能使用与当前所有者的地址匹配的审批流程来更改 Owner 角色。当使用多重签名作为审批流程时,你将在页面右侧看到待处理的提案。

该页面每分钟同步一次,并在修改角色时更新。

下一步

恭喜!你可以导入其他合约并修改其角色。

配置访问控制后,我们建议设置工作流。 了解如何使用工作流,请参见 此处的教程。

参考

← 操作
工作流 →