feat: add admin role management functions and corresponding tests (#296)

* feat: add admin role management functions and corresponding tests

* fix fmt

Author: vestor-dev

contract/contracts/access-control/src/lib.rs

@@ -215,6 +215,70 @@ impl AccessControl {
 
         Ok(())
     }
+
+    /// Checks if a user is the current super admin.
+    ///
+    /// # Arguments
+    /// * `user` - The address to check.
+    ///
+    /// # Returns
+    /// `true` if the user is the current super admin, `false` otherwise.
+    pub fn is_admin(env: Env, user: Address) -> bool {
+        match Self::get_admin(env) {
+            Ok(admin) => admin == user,
+            Err(_) => false,
+        }
+    }
+
+    /// Revokes all roles from a user.
+    ///
+    /// Only the current super admin can call this function.
+    ///
+    /// # Arguments
+    /// * `admin_caller` - The address of the admin calling the function.
+    /// * `user` - The address from which all roles will be revoked.
+    ///
+    /// # Errors
+    /// * `Unauthorized` - If the caller is not the super admin.
+    pub fn revoke_all_roles(env: Env, admin_caller: Address, user: Address) -> Result<(), Error> {
+        admin_caller.require_auth();
+
+        let current_admin = Self::get_admin(env.clone())?;
+        if admin_caller != current_admin {
+            return Err(Error::Unauthorized);
+        }
+
+        // Revoke all possible roles
+        for role in [Role::Admin, Role::Operator, Role::Moderator].iter() {
+            let key = DataKey::Role(user.clone(), role.clone());
+            if env.storage().persistent().has(&key) {
+                env.storage().persistent().remove(&key);
+            }
+        }
+
+        Ok(())
+    }
+
+    /// Checks if a user has any of the specified roles.
+    ///
+    /// # Arguments
+    /// * `user` - The address to check.
+    /// * `roles` - A vector of roles to check.
+    ///
+    /// # Returns
+    /// `true` if the user has at least one of the specified roles, `false` otherwise.
+    pub fn has_any_role(env: Env, user: Address, roles: soroban_sdk::Vec<Role>) -> bool {
+        for role in roles.iter() {
+            if env
+                .storage()
+                .persistent()
+                .has(&DataKey::Role(user.clone(), role))
+            {
+                return true;
+            }
+        }
+        false
+    }
 }
 
 mod test;

contract/contracts/access-control/src/test.rs

@@ -125,3 +125,113 @@ fn test_unauthorized_assignment() {
     let result = client.try_assign_role(&non_admin, &user, &Role::Operator);
     assert_eq!(result, Err(Ok(Error::Unauthorized)));
 }
+#[test]
+fn test_is_admin() {
+    let env = Env::default();
+    env.mock_all_auths();
+
+    let contract_id = env.register(AccessControl, ());
+    let client = AccessControlClient::new(&env, &contract_id);
+
+    let admin = Address::generate(&env);
+    let non_admin = Address::generate(&env);
+
+    client.init(&admin);
+
+    // Check that admin is recognized as admin
+    assert!(client.is_admin(&admin));
+
+    // Check that non-admin is not admin
+    assert!(!client.is_admin(&non_admin));
+}
+
+#[test]
+fn test_revoke_all_roles() {
+    let env = Env::default();
+    env.mock_all_auths();
+
+    let contract_id = env.register(AccessControl, ());
+    let client = AccessControlClient::new(&env, &contract_id);
+
+    let admin = Address::generate(&env);
+    let user = Address::generate(&env);
+
+    client.init(&admin);
+
+    // Assign multiple roles to user
+    client.assign_role(&admin, &user, &Role::Operator);
+    client.assign_role(&admin, &user, &Role::Moderator);
+
+    assert!(client.has_role(&user, &Role::Operator));
+    assert!(client.has_role(&user, &Role::Moderator));
+
+    // Revoke all roles at once
+    client.revoke_all_roles(&admin, &user);
+
+    // Verify all roles are removed
+    assert!(!client.has_role(&user, &Role::Operator));
+    assert!(!client.has_role(&user, &Role::Moderator));
+    assert!(!client.has_role(&user, &Role::Admin));
+}
+
+#[test]
+fn test_revoke_all_roles_unauthorized() {
+    let env = Env::default();
+    env.mock_all_auths();
+
+    let contract_id = env.register(AccessControl, ());
+    let client = AccessControlClient::new(&env, &contract_id);
+
+    let admin = Address::generate(&env);
+    let non_admin = Address::generate(&env);
+    let user = Address::generate(&env);
+
+    client.init(&admin);
+    client.assign_role(&admin, &user, &Role::Operator);
+
+    // Non-admin tries to revoke all roles
+    let result = client.try_revoke_all_roles(&non_admin, &user);
+    assert_eq!(result, Err(Ok(Error::Unauthorized)));
+}
+
+#[test]
+fn test_has_any_role() {
+    let env = Env::default();
+    env.mock_all_auths();
+
+    let contract_id = env.register(AccessControl, ());
+    let client = AccessControlClient::new(&env, &contract_id);
+
+    let admin = Address::generate(&env);
+    let user = Address::generate(&env);
+
+    client.init(&admin);
+
+    // User has no roles yet
+    let mut empty_roles = soroban_sdk::Vec::new(&env);
+    empty_roles.push_back(Role::Operator);
+    empty_roles.push_back(Role::Moderator);
+    assert!(!client.has_any_role(&user, &empty_roles));
+
+    // Assign Operator role to user
+    client.assign_role(&admin, &user, &Role::Operator);
+
+    // Now user should have any role (Operator is in the list)
+    assert!(client.has_any_role(&user, &empty_roles));
+
+    // Create a list with roles user doesn't have
+    let mut other_roles = soroban_sdk::Vec::new(&env);
+    other_roles.push_back(Role::Admin);
+    other_roles.push_back(Role::Moderator);
+
+    // User still has Operator (not in this list), so should return false
+    assert!(!client.has_any_role(&user, &other_roles));
+
+    // Add Admin to the list - still false because user is not admin
+    let mut mixed_roles = soroban_sdk::Vec::new(&env);
+    mixed_roles.push_back(Role::Operator);
+    mixed_roles.push_back(Role::Admin);
+
+    // Now should be true because user has Operator
+    assert!(client.has_any_role(&user, &mixed_roles));
+}