Role-Based Access Control (RBAC) Implementation

Overview

This implementation provides a comprehensive Role-Based Access Control (RBAC) system for the Prediction DAO platform, focusing on premium features and administrative capabilities.

Architecture

Core Components

1. RoleContext (frontend/src/contexts/RoleContext.jsx)

Central state management for user roles, providing: - Role definitions for the system - Role checking utilities - Role grant/revoke functionality - Integration with wallet authentication

Available Roles: - MARKET_MAKER - Create and manage prediction markets - CLEARPATH_USER - Access DAO governance platform - TOKENMINT - Mint and manage NFTs and ERC20 tokens - ADMIN - Full system access including role management

2. Role Storage (frontend/src/utils/roleStorage.js)

Local storage-based persistence layer that: - Stores roles per wallet address - Maintains purchase history - Provides lookup and management utilities - Follows principle of least privilege

3. RoleGate Component (frontend/src/components/ui/RoleGate.jsx)

Access control wrapper that: - Conditionally renders content based on user roles - Shows premium upgrade options - Provides clear messaging about required permissions - Integrates with purchase flow

User Flows

1. Regular User Flow

1. Connect Wallet - User connects their Web3 wallet
2. View Profile - Click user icon → Opens User Management Modal
3. See Roles Section - Empty state if no premium roles
4. Purchase Access - Click "Get Premium Access" → Opens Purchase Modal
5. Select Role - Choose desired premium role (e.g., CLEARPATH_USER)
6. Complete Payment - Simulate stablecoin payment
7. Register ZK Key (ClearPath only) - Register zero-knowledge public key
8. Access Features - Can now access premium features

2. ClearPath User Flow

1. With CLEARPATH_USER role - User has purchased access
2. User Modal - Shows active role badge
3. Management Link - "Manage Organizations" button appears
4. Navigate to ClearPath - Click button → Redirects to /clearpath
5. Access Dashboard - Full DAO governance features available

3. Administrator Flow

1. With ADMIN role - User has administrator privileges
2. User Modal - Shows admin section
3. Role Management - Click "Role Management" → Opens admin panel
4. Grant Roles - Search/add users and assign roles
5. Revoke Roles - Remove roles from users
6. View Statistics - See role distribution across platform

Implementation Details

Role Context Integration

The RoleProvider wraps the entire application in frontend/src/main.jsx:

<RoleProvider>
  <App />
</RoleProvider>

Using Roles in Components

import { useRoles } from '../hooks/useRoles'

function MyComponent() {
  const { hasRole, roles, ROLES } = useRoles()

  if (hasRole(ROLES.CLEARPATH_USER)) {
    // Show ClearPath features
  }
}

Protecting Routes with RoleGate

import RoleGate from './ui/RoleGate'

<RoleGate 
  requiredRoles={[ROLES.CLEARPATH_USER]}
  showPurchase={true}
  onPurchase={handlePurchaseClick}
>
  <ProtectedContent />
</RoleGate>

Key Features

1. Premium Access Purchase

• Role Selection - Choose from available premium roles
• Pricing Display - Clear pricing in USDC stablecoin
• Payment Processing - Simulated blockchain transaction
• Immediate Activation - Role granted upon successful payment

2. ZK Key Registration

For ClearPath users specifically: - Post-Purchase Step - Register zero-knowledge public key - Privacy Preservation - Required for ZK-protected governance - Optional - Can be skipped and done later - Validation - Key format checking

3. Role Management Admin Panel

Accessible at /admin/roles for ADMIN role holders:

Features: - User List - View all users with roles - Search - Find users by wallet address - Grant Roles - Assign roles to any wallet address - Revoke Roles - Remove roles from users - Statistics - Role distribution dashboard - Validation - Ethereum address format checking

4. User Management Modal

Enhanced with role display: - Active Roles - Shows all roles user currently has - Premium Badges - Visual indicators for premium roles - Quick Actions - Direct links to role-specific features - Admin Controls - Administrative options for admins

Security Considerations

Principle of Least Privilege

• No default admin roles
• Each role has specific, limited permissions
• Roles must be explicitly granted
• Admin role required for role management

Role Validation

• Wallet address validation on grant
• Storage isolation per wallet
• Local verification of role ownership
• Clear separation between roles

Future Enhancements

The system is designed for extensibility:

1. Blockchain Integration
2. Smart contract role verification
3. On-chain role storage

4. Decentralized role management

5. Advanced Access Modifiers

6. Financial controls per role
7. Time-locked permissions
8. M-of-N multi-signature requirements

9. Tiered access levels

10. Audit Trail

11. Role grant/revoke history
12. Transaction logging
13. Compliance reporting

File Structure

frontend/src/
├── contexts/
│   └── RoleContext.jsx          # Role state management
├── hooks/
│   └── useRoles.js              # Role access hook
├── utils/
│   └── roleStorage.js           # Role persistence
├── components/
│   ├── RoleManagementAdmin.jsx  # Admin panel
│   └── ui/
│       ├── RoleGate.jsx         # Access control wrapper
│       ├── RolePurchaseModal.jsx # Purchase interface
│       └── UserManagementModal.jsx # Enhanced with roles

Testing

Manual Testing Steps

1. Basic Flow
2. Connect wallet
3. View user modal
4. Purchase a role

5. Verify role appears in profile

6. ClearPath Access

7. Purchase CLEARPATH_USER role
8. Navigate to ClearPath
9. Verify access granted

10. Test ZK key registration

11. Admin Functions

12. Grant ADMIN role to test account
13. Access admin panel at /admin/roles
14. Grant role to another address
15. Revoke role from address

16. Verify statistics update

17. Access Control

18. Without role: Try accessing ClearPath → See purchase prompt
19. With role: Access ClearPath → See dashboard
20. Logout: Roles reset
21. Reconnect: Roles load from storage

Integration Notes

Current Implementation Status

✅ Completed: - Core RBAC infrastructure - Role storage and management - User interface components - Admin panel - Purchase flow - ClearPath integration - Access control gates

⚠️ Mock/Simulated: - Payment processing (uses local storage) - ZK key registration (simulated) - Role purchase transactions (no actual blockchain calls)

🔄 Future Work: - Smart contract integration - Real payment processing - Actual ZK key verification - On-chain role verification - MARKET_MAKER and TOKENMINT feature screens

Usage Examples

Grant Admin Role (for testing)

1. Open browser console
2. Run:

   // Import storage utility
   import { addUserRole } from './src/utils/roleStorage.js'
   
   // Grant ADMIN role to your wallet
   addUserRole('0xYourWalletAddress', 'ADMIN')
   
   // Refresh page
   location.reload()
   

Check Current Roles

import { getUserRoles } from './src/utils/roleStorage.js'

// Check roles for connected wallet
const roles = getUserRoles(ethereum.selectedAddress)
console.log('Current roles:', roles)

Troubleshooting

Issue: Role not appearing after purchase

Solution: Refresh the page to reload roles from storage

Issue: Cannot access admin panel

Solution: Verify ADMIN role is granted using console commands above

Issue: Purchase modal not showing

Solution: Ensure wallet is connected and User Management Modal is open

Issue: ClearPath shows purchase prompt despite having role

Solution: Check that CLEARPATH_USER role is properly stored, verify in User Modal

Related Documentation

• ClearPath Governance UI
• DAO UI Implementation
• Frontend Build Book