ObjectAuthorization
Inherits: IObjectAuthorization, OmniRegistryErrors, Initializable
Manages directional authorization rules for object relations. Grants define who can initiate a relation (from or to) based on various criteria, such as ownership, token holding, delegation, or external contract verification.
State Variables
OBJECTAUTHORIZATION_STORAGE_LOCATION
Deterministic storage slot per ERC-7201
bytes32 private constant OBJECTAUTHORIZATION_STORAGE_LOCATION =
0x66533e6d1966c5548931afa2a923bcafa00e1e6794f41ca0f03bbc3ab865ab00;
Functions
_getObjectAuthorizationStorage
function _getObjectAuthorizationStorage() private pure returns (ObjectAuthorizationStorage storage $);
__ObjectAuthorization_init
function __ObjectAuthorization_init() internal onlyInitializing;
grantFrom
Issues a grant to allow initiating relations from a tail object
function grantFrom(uint128 tail, RelationGrant memory grant) external;
Parameters
| Name | Type | Description |
|---|---|---|
tail | uint128 | Tail object ID |
grant | RelationGrant | Grant details |
revokeFrom
Revokes a previously issued from grant
function revokeFrom(uint128 tail, uint32 grantId) external;
Parameters
| Name | Type | Description |
|---|---|---|
tail | uint128 | Tail object ID |
grantId | uint32 | Grant ID to revoke |
grantTo
Issues a grant to allow accepting relations to a head object
function grantTo(uint128 head, RelationGrant memory grant) external;
Parameters
| Name | Type | Description |
|---|---|---|
head | uint128 | Head object ID |
grant | RelationGrant | Grant details |
revokeTo
Revokes a previously issued to grant
function revokeTo(uint128 head, uint32 grantId) external;
Parameters
| Name | Type | Description |
|---|---|---|
head | uint128 | Head object ID |
grantId | uint32 | Grant ID to revoke |
allowFrom
Checks whether a sender is authorized to initiate a relation from a tail object
function allowFrom(uint32 grantId, address sender, uint128 tail, uint64 rel, uint64 headKind, uint64 headSet)
external
view
returns (bool allow);
Parameters
| Name | Type | Description |
|---|---|---|
grantId | uint32 | Grant ID to check |
sender | address | Address attempting the action |
tail | uint128 | Tail object ID |
rel | uint64 | Relation ID |
headKind | uint64 | Kind ID of the target (head) object |
headSet | uint64 | Set ID of the target (head) object |
Returns
| Name | Type | Description |
|---|---|---|
allow | bool | allowed True if authorized |
allowTo
Checks whether a sender is authorized to accept a relation to a head object
function allowTo(uint32 grantId, address sender, uint128 head, uint64 rel, uint64 tailKind, uint64 tailSet)
external
view
returns (bool);
Parameters
| Name | Type | Description |
|---|---|---|
grantId | uint32 | Grant ID to check |
sender | address | Address attempting the action |
head | uint128 | Head object ID |
rel | uint64 | Relation ID |
tailKind | uint64 | Kind ID of the source (tail) object |
tailSet | uint64 | Set ID of the source (tail) object |
Returns
| Name | Type | Description |
|---|---|---|
<none> | bool | allowed True if authorized |
_objectInfo
function _objectInfo(uint64 set, uint64 id)
internal
view
virtual
returns (Descriptor memory meta, address setContract, address owner);
_objectInfo
function _objectInfo(uint128 sid)
private
view
returns (uint64 id, Descriptor memory meta, address setContract, address owner);
_validateHolder
function _validateHolder(address holder, bytes32 holding) internal view virtual returns (bool);
_validateGrantSpec
function _validateGrantSpec(RelationGrant memory grant) private view;
_validateGrant
function _validateGrant(RelationGrant memory grant, address sender, uint128 sid, uint64 rel, uint64 kind, uint64 set)
private
view
returns (bool);
_grantKey
function _grantKey(uint8 direction, uint128 sid, uint32 grantId) private pure returns (uint256);
_pointerKey
function _pointerKey(uint8 direction, uint128 sid) private pure returns (uint256);
Structs
GrantPointer
struct GrantPointer {
uint32 lastId;
uint32 minValidId;
}
ObjectAuthorizationStorage
Note: storage-location: erc7201:every.storage.ObjectAuthorization
struct ObjectAuthorizationStorage {
mapping(uint256 => GrantPointer) pointers;
mapping(uint256 => RelationGrant) grants;
}
Enums
Direction
enum Direction {
None,
From,
To
}
GrantStatus
enum GrantStatus {
None,
Granted,
Revoked
}