role hierarchy with guardians

brozorec · brozorec · commit 590d67117a7d · 2025-11-03T12:10:34.000+01:00
diff --git a/content/stellar-contracts/access/access-control.mdx b/content/stellar-contracts/access/access-control.mdx
@@ -36,46 +36,47 @@ This allows for creating complex organizational structures with chains of comman
 Here's how to establish and use role hierarchies in practice:
 
 ```rust
-use soroban_sdk::{contract, contractimpl, symbol_short, Address, Env};
+use soroban_sdk::{contract, contractimpl, symbol_short, Address, Env, Symbol};
 use stellar_access::access_control::{self as access_control, AccessControl};
 
+const MANAGER_ROLE: Symbol = symbol_short!("manager");
+const GUARDIAN_ROLE: Symbol = symbol_short!("guardian");
+
 #[contract]
 pub struct MyContract;
 
 #[contractimpl]
 impl MyContract {
-    pub fn __constructor(e: &Env, admin: Address) {
+    pub fn __constructor(e: &Env, admin: Address, manager: Address) {
         // Set the contract admin
         access_control::set_admin(e, &admin);
         
-        // Define role hierarchy: MANAGER_ROLE can manage USER_ROLE
-        let manager_role = symbol_short!("manager");
-        let user_role = symbol_short!("user");
-        
-        // Set MANAGER_ROLE as the admin role for USER_ROLE
-        access_control::set_role_admin(e, &admin, &user_role, &manager_role);
+        // 1. Set MANAGER_ROLE as the admin role for GUARDIAN_ROLE:
+        // accounts with MANAGER_ROLE can manage accounts with GUARDIAN_ROLE
+        access_control::set_role_admin_no_auth(e, &admin, &GUARDIAN_ROLE, &MANAGER_ROLE);
+
+        // 2. Admin grants MANAGER_ROLE to the manager account
+        access_control::grant_role_no_auth(e, &admin, &manager, &MANAGER_ROLE);
     }
-    
-    pub fn setup_roles(e: &Env, admin: Address, manager: Address, user: Address) {
-        let manager_role = symbol_short!("manager");
-        let user_role = symbol_short!("user");
-        
-        // Admin grants MANAGER_ROLE to the manager account
-        access_control::grant_role(e, &admin, &manager, &manager_role);
+
+    pub fn manage_guardians(e: &Env, manager: Address, guardian1: Address, guardian2: Address) {
+        // Manager must be authorized
+        manager.require_auth();
         
-        // Now the manager can grant USER_ROLE to other accounts
-        access_control::grant_role(e, &manager, &user, &user_role);
+        // 3. Now the manager can grant GUARDIAN_ROLE to other accounts
+        access_control::grant_role_no_auth(e, &manager, &guardian1, &GUARDIAN_ROLE);
+        access_control::grant_role_no_auth(e, &manager, &guardian2, &GUARDIAN_ROLE);
         
-        // Manager can also revoke USER_ROLE
-        access_control::revoke_role(e, &manager, &user, &user_role);
+        // Manager can also revoke GUARDIAN_ROLE
+        access_control::revoke_role_no_auth(e, &manager, &guardian1, &GUARDIAN_ROLE);
     }
 }
 ```
 
 In this example:
-1. The contract admin sets `manager` as the admin role for `user` using `set_role_admin()`
-2. The admin grants the `manager` role to a manager account
-3. The manager can now grant/revoke the `user` role to other accounts without requiring admin intervention
+1. The `admin` sets `MANAGER_ROLE` as the admin role for `GUARDIAN_ROLE` using `set_role_admin()`
+2. The `admin` grants the `MANAGER_ROLE` role to the `manager` account
+3. The `manager` can now grant/revoke the `GUARDIAN_ROLE` role to other accounts without requiring admin intervention
 
 ### Role Enumeration
 
