Background
A single admin address is a central point of failure and trust. Different platform operators need different permission levels (e.g., a "fee manager" vs. a "dispute resolver").
Goal
Implement a role-based access control (RBAC) system with at least three roles: SuperAdmin, FeeManager, and DisputeAdmin.
Acceptance Criteria
DataKey::Role(Address) mapped to a Role enum in Persistent storage.grant_role(address, role) and revoke_role(address, role) restricted to SuperAdmin.- Each sensitive function checks the correct minimum role.
- Emits
RoleGranted { address, role } and RoleRevoked { address, role } events.
Key Files
contracts/src/admin.rs, contracts/src/roles.rs
Background
A single admin address is a central point of failure and trust. Different platform operators need different permission levels (e.g., a "fee manager" vs. a "dispute resolver").
Goal
Implement a role-based access control (RBAC) system with at least three roles:
SuperAdmin,FeeManager, andDisputeAdmin.Acceptance Criteria
DataKey::Role(Address)mapped to aRoleenum inPersistentstorage.grant_role(address, role)andrevoke_role(address, role)restricted toSuperAdmin.RoleGranted { address, role }andRoleRevoked { address, role }events.Key Files
contracts/src/admin.rs,contracts/src/roles.rs