get existing roles feature (#517)

* get existing roles feature

* used persistent storage for existing roles

Author: ozgunozerk

packages/access/src/access_control/mod.rs

@@ -95,11 +95,11 @@ use soroban_sdk::{contracterror, contractevent, Address, Env, Symbol};
 
 pub use crate::access_control::storage::{
     accept_admin_transfer, add_to_role_enumeration, enforce_admin_auth,
-    ensure_if_admin_or_admin_role, ensure_role, get_admin, get_role_admin, get_role_member,
-    get_role_member_count, grant_role, grant_role_no_auth, has_role, remove_from_role_enumeration,
-    remove_role_accounts_count_no_auth, remove_role_admin_no_auth, renounce_admin, renounce_role,
-    revoke_role, revoke_role_no_auth, set_admin, set_role_admin, set_role_admin_no_auth,
-    transfer_admin_role, AccessControlStorageKey,
+    ensure_if_admin_or_admin_role, ensure_role, get_admin, get_existing_roles, get_role_admin,
+    get_role_member, get_role_member_count, grant_role, grant_role_no_auth, has_role,
+    remove_from_role_enumeration, remove_role_accounts_count_no_auth, remove_role_admin_no_auth,
+    renounce_admin, renounce_role, revoke_role, revoke_role_no_auth, set_admin, set_role_admin,
+    set_role_admin_no_auth, transfer_admin_role, AccessControlStorageKey,
 };
 
 pub trait AccessControl {
@@ -175,6 +175,8 @@ pub trait AccessControl {
     ///
     /// * [`AccessControlError::Unauthorized`] - If the caller does not have
     ///   enough privileges.
+    /// * [`AccessControlError::MaxRolesExceeded`] - If adding a new role would
+    ///   exceed the maximum allowed number of roles.
     ///
     /// # Events
     ///
@@ -346,13 +348,16 @@ pub enum AccessControlError {
     RoleNotHeld = 2007,
     RoleIsEmpty = 2008,
     TransferInProgress = 2009,
+    MaxRolesExceeded = 2010,
 }
 
 // ################## CONSTANTS ##################
 
 const DAY_IN_LEDGERS: u32 = 17280;
 pub const ROLE_EXTEND_AMOUNT: u32 = 90 * DAY_IN_LEDGERS;
 pub const ROLE_TTL_THRESHOLD: u32 = ROLE_EXTEND_AMOUNT - DAY_IN_LEDGERS;
+/// Maximum number of roles that can exist simultaneously.
+pub const MAX_ROLES: u32 = 256;
 
 // ################## EVENTS ##################
 

packages/access/src/access_control/storage.rs

@@ -1,10 +1,10 @@
-use soroban_sdk::{contracttype, panic_with_error, Address, Env, Symbol};
+use soroban_sdk::{contracttype, panic_with_error, Address, Env, Symbol, Vec};
 
 use crate::{
     access_control::{
         emit_admin_renounced, emit_admin_transfer_completed, emit_admin_transfer_initiated,
         emit_role_admin_changed, emit_role_granted, emit_role_revoked, AccessControlError,
-        ROLE_EXTEND_AMOUNT, ROLE_TTL_THRESHOLD,
+        MAX_ROLES, ROLE_EXTEND_AMOUNT, ROLE_TTL_THRESHOLD,
     },
     role_transfer::{accept_transfer, transfer_role},
 };
@@ -19,10 +19,11 @@ pub struct RoleAccountKey {
 /// Storage keys for the data associated with the access control
 #[contracttype]
 pub enum AccessControlStorageKey {
+    ExistingRoles,                // Vec<Symbol> of all existing roles
     RoleAccounts(RoleAccountKey), // (role, index) -> Address
     HasRole(Address, Symbol),     // (account, role) -> index
-    RoleAccountsCount(Symbol),    // role -> count
-    RoleAdmin(Symbol),            // role -> the admin role
+    RoleAccountsCount(Symbol),    // role -> count of accounts with the role
+    RoleAdmin(Symbol),            // role -> the admin of the role
     Admin,
     PendingAdmin,
 }
@@ -42,7 +43,6 @@ pub enum AccessControlStorageKey {
 pub fn has_role(e: &Env, account: &Address, role: &Symbol) -> Option<u32> {
     let key = AccessControlStorageKey::HasRole(account.clone(), role.clone());
 
-    // extend ttl if `Some(index)`
     e.storage().persistent().get(&key).inspect(|_| {
         e.storage().persistent().extend_ttl(&key, ROLE_TTL_THRESHOLD, ROLE_EXTEND_AMOUNT)
     })
@@ -106,11 +106,29 @@ pub fn get_role_member(e: &Env, role: &Symbol, index: u32) -> Address {
 /// * `role` - The role to query the admin role for.
 pub fn get_role_admin(e: &Env, role: &Symbol) -> Option<Symbol> {
     let key = AccessControlStorageKey::RoleAdmin(role.clone());
-    if let Some(admin_role) = e.storage().persistent().get(&key) {
+
+    e.storage().persistent().get(&key).inspect(|_| {
+        e.storage().persistent().extend_ttl(&key, ROLE_TTL_THRESHOLD, ROLE_EXTEND_AMOUNT)
+    })
+}
+
+/// Returns a vector containing all existing roles.
+/// Defaults to empty vector if no roles exist.
+///
+/// # Arguments
+///
+/// * `e` - Access to Soroban environment.
+///
+/// # Notes
+///
+/// This function returns all roles that currently have at least one member.
+pub fn get_existing_roles(e: &Env) -> Vec<Symbol> {
+    let key = AccessControlStorageKey::ExistingRoles;
+    if let Some(existing_roles) = e.storage().persistent().get(&key) {
         e.storage().persistent().extend_ttl(&key, ROLE_TTL_THRESHOLD, ROLE_EXTEND_AMOUNT);
-        Some(admin_role)
+        existing_roles
     } else {
-        None
+        Vec::new(e)
     }
 }
 
@@ -153,6 +171,7 @@ pub fn set_admin(e: &Env, admin: &Address) {
 /// # Errors
 ///
 /// * refer to [`ensure_if_admin_or_admin_role`] errors.
+/// * refer to [`grant_role_no_auth`] errors.
 ///
 /// # Events
 ///
@@ -180,6 +199,10 @@ pub fn grant_role(e: &Env, account: &Address, role: &Symbol, caller: &Address) {
 /// * `role` - The role to grant.
 /// * `caller` - The address of the caller.
 ///
+/// # Errors
+///
+/// * refer to [`add_to_role_enumeration`] errors.
+///
 /// # Events
 ///
 /// * topics - `["role_granted", role: Symbol, account: Address]`
@@ -637,11 +660,29 @@ pub fn enforce_admin_auth(e: &Env) -> Address {
 /// * `e` - Access to Soroban environment.
 /// * `account` - The account to add to the role.
 /// * `role` - The role to add the account to.
+///
+/// # Errors
+///
+/// * [`AccessControlError::MaxRolesExceeded`] - If adding a new role would
+///   exceed the maximum allowed number of roles.
 pub fn add_to_role_enumeration(e: &Env, account: &Address, role: &Symbol) {
     // Get the current count of accounts with this role
     let count_key = AccessControlStorageKey::RoleAccountsCount(role.clone());
     let count = e.storage().persistent().get(&count_key).unwrap_or(0);
 
+    // If this is the first account with this role, add the role to ExistingRoles
+    if count == 0 {
+        let mut existing_roles = get_existing_roles(e);
+
+        // Check if we've reached the maximum number of roles
+        if existing_roles.len() == MAX_ROLES {
+            panic_with_error!(e, AccessControlError::MaxRolesExceeded);
+        }
+
+        existing_roles.push_back(role.clone());
+        e.storage().persistent().set(&AccessControlStorageKey::ExistingRoles, &existing_roles);
+    }
+
     // Add the account to the enumeration
     let new_key =
         AccessControlStorageKey::RoleAccounts(RoleAccountKey { role: role.clone(), index: count });
@@ -720,4 +761,16 @@ pub fn remove_from_role_enumeration(e: &Env, account: &Address, role: &Symbol) {
 
     // Update the count
     e.storage().persistent().set(&count_key, &last_index);
+
+    // If this was the last account with this role, remove the role from
+    // ExistingRoles
+    if last_index == 0 {
+        let mut existing_roles = get_existing_roles(e);
+
+        // Find and remove the role
+        if let Some(pos) = existing_roles.iter().position(|r| r == role.clone()) {
+            existing_roles.remove(pos as u32);
+            e.storage().persistent().set(&AccessControlStorageKey::ExistingRoles, &existing_roles);
+        }
+    }
 }

packages/access/src/access_control/test.rs

@@ -5,8 +5,8 @@ use stellar_event_assertion::EventAssertion;
 
 use crate::access_control::{
     accept_admin_transfer, add_to_role_enumeration, ensure_if_admin_or_admin_role, get_admin,
-    get_role_admin, get_role_member, get_role_member_count, grant_role, grant_role_no_auth,
-    has_role, remove_from_role_enumeration, remove_role_accounts_count_no_auth,
+    get_existing_roles, get_role_admin, get_role_member, get_role_member_count, grant_role,
+    grant_role_no_auth, has_role, remove_from_role_enumeration, remove_role_accounts_count_no_auth,
     remove_role_admin_no_auth, renounce_admin, renounce_role, revoke_role, set_admin,
     set_role_admin, set_role_admin_no_auth, transfer_admin_role,
 };
@@ -685,3 +685,205 @@ fn renounce_admin_fails_when_transfer_in_progress() {
         renounce_admin(&e);
     });
 }
+
+#[test]
+fn get_existing_roles_returns_empty_when_no_roles_exist() {
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+
+    e.as_contract(&address, || {
+        let roles = get_existing_roles(&e);
+        assert_eq!(roles.len(), 0);
+    });
+}
+
+#[test]
+fn get_existing_roles_returns_roles_after_granting() {
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+    let admin = Address::generate(&e);
+    let user = Address::generate(&e);
+
+    e.as_contract(&address, || {
+        set_admin(&e, &admin);
+
+        // Grant first role
+        grant_role(&e, &user, &USER_ROLE, &admin);
+
+        let roles = get_existing_roles(&e);
+        assert_eq!(roles.len(), 1);
+        assert_eq!(roles.get(0).unwrap(), USER_ROLE);
+    });
+}
+
+#[test]
+fn get_existing_roles_removes_role_when_last_account_removed() {
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+    let admin = Address::generate(&e);
+    let user = Address::generate(&e);
+
+    e.as_contract(&address, || {
+        set_admin(&e, &admin);
+
+        // Grant role
+        grant_role(&e, &user, &USER_ROLE, &admin);
+
+        // Verify role exists
+        let roles_before = get_existing_roles(&e);
+        assert_eq!(roles_before.len(), 1);
+    });
+
+    e.as_contract(&address, || {
+        // Revoke role from last (and only) user
+        revoke_role(&e, &user, &USER_ROLE, &admin);
+
+        // Verify role is removed from existing roles
+        let roles_after = get_existing_roles(&e);
+        assert_eq!(roles_after.len(), 0);
+    });
+}
+
+#[test]
+fn get_existing_roles_keeps_role_when_some_accounts_remain() {
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+    let admin = Address::generate(&e);
+    let user1 = Address::generate(&e);
+    let user2 = Address::generate(&e);
+
+    e.as_contract(&address, || {
+        set_admin(&e, &admin);
+
+        // Grant role to two users
+        grant_role(&e, &user1, &USER_ROLE, &admin);
+    });
+
+    e.as_contract(&address, || {
+        grant_role(&e, &user2, &USER_ROLE, &admin);
+
+        // Verify role exists
+        let roles_before = get_existing_roles(&e);
+        assert_eq!(roles_before.len(), 1);
+    });
+
+    e.as_contract(&address, || {
+        // Revoke role from one user (but another still has it)
+        revoke_role(&e, &user1, &USER_ROLE, &admin);
+
+        // Verify role still exists
+        let roles_after = get_existing_roles(&e);
+        assert_eq!(roles_after.len(), 1);
+        assert_eq!(roles_after.get(0).unwrap(), USER_ROLE);
+    });
+}
+
+#[test]
+fn get_existing_roles_does_not_create_duplicates() {
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+    let admin = Address::generate(&e);
+    let user1 = Address::generate(&e);
+    let user2 = Address::generate(&e);
+
+    e.as_contract(&address, || {
+        set_admin(&e, &admin);
+
+        // Grant same role to multiple users
+        grant_role(&e, &user1, &USER_ROLE, &admin);
+    });
+
+    e.as_contract(&address, || {
+        grant_role(&e, &user2, &USER_ROLE, &admin);
+
+        // Should still only have one role in the list
+        let roles = get_existing_roles(&e);
+        assert_eq!(roles.len(), 1);
+        assert_eq!(roles.get(0).unwrap(), USER_ROLE);
+    });
+}
+
+#[test]
+#[should_panic(expected = "Error(Contract, #2010)")]
+fn grant_role_fails_when_max_roles_exceeded() {
+    use crate::access_control::MAX_ROLES;
+
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+    let admin = Address::generate(&e);
+    let user = Address::generate(&e);
+
+    e.as_contract(&address, || {
+        set_admin(&e, &admin);
+    });
+
+    // Create MAX_ROLES roles
+    for i in 0..MAX_ROLES {
+        e.as_contract(&address, || {
+            let role = Symbol::new(&e, &std::format!("role_{}", i));
+            grant_role(&e, &user, &role, &admin);
+        });
+    }
+
+    e.as_contract(&address, || {
+        // Verify we have MAX_ROLES
+        let roles = get_existing_roles(&e);
+        assert_eq!(roles.len(), MAX_ROLES);
+
+        // Try to create one more role - should panic
+        let overflow_role = Symbol::new(&e, "overflow_role");
+        grant_role(&e, &user, &overflow_role, &admin);
+    });
+}
+
+#[test]
+fn can_reuse_role_slot_after_removal() {
+    use crate::access_control::MAX_ROLES;
+
+    let e = Env::default();
+    e.mock_all_auths();
+    let address = e.register(MockContract, ());
+    let admin = Address::generate(&e);
+    let user = Address::generate(&e);
+
+    e.as_contract(&address, || {
+        set_admin(&e, &admin);
+    });
+
+    // Create MAX_ROLES roles
+    for i in 0..MAX_ROLES {
+        e.as_contract(&address, || {
+            let role = Symbol::new(&e, &std::format!("role_{}", i));
+            grant_role(&e, &user, &role, &admin);
+        });
+    }
+    e.as_contract(&address, || {
+        // Verify we have MAX_ROLES
+        let roles_before = get_existing_roles(&e);
+        assert_eq!(roles_before.len(), MAX_ROLES);
+
+        // Remove one role
+        let first_role = Symbol::new(&e, "role_0");
+        revoke_role(&e, &user, &first_role, &admin);
+
+        // Verify we now have MAX_ROLES - 1
+        let roles_after_removal = get_existing_roles(&e);
+        assert_eq!(roles_after_removal.len(), MAX_ROLES - 1);
+    });
+
+    e.as_contract(&address, || {
+        // Now we should be able to add a new role
+        let new_role = Symbol::new(&e, "new_role");
+        grant_role(&e, &user, &new_role, &admin);
+
+        // Verify we're back to MAX_ROLES
+        let roles_final = get_existing_roles(&e);
+        assert_eq!(roles_final.len(), MAX_ROLES);
+    });
+}