stellar-access 0.6.0

Access Control, Ownable, and Role Transfer utilities for Stellar contracts.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

# Stellar Access Control

Access Control, Ownable, and Role Transfer utilities for Stellar contracts.

## Overview

This package provides three main modules for managing access control in Soroban smart contracts:

- **Access Control**: Role-based access control with hierarchical permissions
- **Ownable**: Simple single-owner access control pattern
- **Role Transfer**: Utility module for secure role and ownership transfers

## Modules

### Access Control

The `access_control` module provides comprehensive role-based access control functionality:

- **Admin Management**: Single overarching admin with full privileges
- **Role Hierarchy**: Roles can have admin roles that can grant/revoke permissions
- **Secure Transfers**: Two-step admin transfer process for security

#### Usage Examples

```rust
use soroban_sdk::{contract, contractimpl, symbol_short, Address, Env};
use stellar_access::access_control::{self as access_control, AccessControl};

#[contract]
pub struct MyContract;

#[contractimpl]
impl MyContract {
    // deploy this contract with the Stellar CLI:
    //
    // stellar contract deploy \
    // --wasm path/to/file.wasm \
    // -- \
    // --admin <admin_address>
    pub fn __constructor(e: &Env, admin: Address) {
        access_control::set_admin(e, &admin);
    }

    pub fn admin_restricted_function(e: &Env) {
        access_control::enforce_admin_auth(e);
        // ...
    }

    pub fn mint(e: &Env, to: Address, token_id: u32, caller: Address) {
        access_control::ensure_role(e, &symbol_short!("minter"), &caller );
        caller.require_auth();
        // minting
    }
}

#[contractimpl(contracttrait)]
impl AccessControl for MyContract {}
```

**With Macros** (requires `stellar-macros` dependency):

```rust
use stellar_macros::{only_admin, only_role};

#[only_admin]
pub fn admin_restricted_function(e: &Env) {
    // ...
}

#[only_role(caller, "minter")]
fn mint(e: &Env, to: Address, token_id: u32, caller: Address) {
    // ...
}
```

### Ownable

The `ownable` module implements a simple ownership pattern:

- **Single Owner**: Contract has one owner with exclusive access
- **Ownership Transfer**: Secure two-step ownership transfer
- **Ownership Renouncement**: Owner can renounce ownership

#### Usage Examples

```rust
use soroban_sdk::{contract, contractimpl, Address, Env};
use stellar_access::ownable::{self as ownable, Ownable};

#[contract]
pub struct MyContract;

#[contractimpl]
impl MyContract {
    // deploy this contract with the Stellar CLI:
    //
    // stellar contract deploy \
    // --wasm path/to/file.wasm \
    // -- \
    // --owner <owner_address>
    pub fn __constructor(e: &Env, owner: Address) {
        ownable::set_owner(e, &owner);
    }

    pub fn owner_restricted_function(e: &Env) {
        ownable::enforce_owner_auth(e);
        // ...
    }
}

#[contractimpl(contracttrait)]
impl Ownable for MyContract {}
```

**With Macros** (requires `stellar-macros` dependency):

```rust
use stellar_macros::only_owner;

#[only_owner]
pub fn owner_restricted_function(e: &Env) {
    // ...
}
```

### Role Transfer

The `role_transfer` module is a utility module that provides the underlying infrastructure for secure two-step role and ownership transfers used by both Access Control and Ownable modules.

## Security Model

Both Access Control and Ownable modules implement a **two-step transfer process** for critical role changes:

1. **Initiate Transfer**: Current admin/owner specifies the new recipient and expiration
2. **Accept Transfer**: Designated recipient must explicitly accept the transfer

This mechanism prevents accidental transfers to wrong addresses or loss of control due to typos or errors.

**Note**: Unlike OpenZeppelin's Solidity library where role transfers can be immediate, **all role transfers in this Stellar library are always two-step processes** for enhanced security. This applies to both ownership transfers and admin role transfers.

## Installation

Add this to your `Cargo.toml`:

```toml
[dependencies]
# We recommend pinning to a specific version, because rapid iterations are expected as the library is in an active development phase.
stellar-access = "=0.6.0"
# Add this if you want to use macros
stellar-macros = "=0.6.0"
```

## Examples

See the following examples in the repository:
- [`examples/ownable/`](https://github.com/OpenZeppelin/stellar-contracts/tree/main/examples/ownable) - Simple ownership pattern
- [`examples/nft-access-control/`](https://github.com/OpenZeppelin/stellar-contracts/tree/main/examples/nft-access-control) - Role-based access control

## License

This package is part of the Stellar Contracts library and follows the same licensing terms.