Improve contract role management and admin delegation invariants

[grantfox-oss]

Role and admin delegation state can be left in an inconsistent partial state when a role transfer or multi-admin configuration is partially applied.

Affected areas: app/contract/contracts/Folder/src/admin.rs, app/contract/contracts/Folder/src/roles.rs, app/contract/contracts/Folder/src/storage.rs, app/contract/contracts/Folder/src/test.rs.

Implementation scope:

• Ensure role changes are atomic and validate before persistence.
• Add delegation revocation, transfer acceptance, and role clearing semantics.
• Harden role inheritance and admin access checks for every public method.
• Add regression tests for partial role update failure modes.

Acceptance criteria:

• Role/administrator updates either complete fully or roll back cleanly.
• No public action can proceed with partially applied role metadata.
• Tests cover delegation, role revocation, and cross-role invariants.

[Kureszn]

I've reviewed the issue and believe I can contribute effectively. My experience spans software development, blockchain technologies, cybersecurity and open source collaboration. I take a structured approach to contributions carefully understanding the existing codebase, identifying the root cause and delivering a thoroughly tested implementation.

[Chideraakude]

Hello,
Please i would love to resolve this issue

[Chideraakude]

Hello,
Please i would love to resolve this issue

[ZuLu0890]

I would like to work on this issue

[BigGoodness]

I have experience with HTML, CSS, JavaScript, and DOM manipulation. I have reviewed the issue and I understand what needs to be done. I would approach it by first reproducing the problem, checking the existing code carefully, then making a clean fix and testing it before submitting a PR. I can work on this and submit a pull request within 2 days.

[EDOHWARES]

GM GM. Pls can I work on this issue ? ETA - 12hrs

[A-one-tech]

I am a fullstack engineer. I can perfectly work on this issue. Kindly give me this job to work on it. Thank you.

[githoboman]

hello would love to work on this

[Padom2020]

Hi! I'd like to apply to work on this issue.
I have solid experience with Rust and smart contract development, and this is exactly the kind of issue I enjoy digging into: state-consistency bugs in role/admin management are easy to introduce and hard to catch without deliberate design discipline.
The core problem here is that mutations across admin.rs and roles.rs aren't atomic validation and persistence are interleaved, so a failure mid-update (a bad transfer, a partial multi-admin config) can leave role metadata in a state that's neither the old config nor the new one. That's a real risk for any public method that reads role state to gate access.
My plan:

Audit every mutation path in admin.rs, roles.rs, and storage.rs to find where state is written before validation completes.
Refactor to a "validate-then-commit" pattern: build the full new state in memory, run all invariant checks, and only persist once everything passes so no public method can ever observe a half-applied update.
Introduce a staged transfer pattern (pending_admin/pending_role + explicit accept_transfer) instead of direct overwrites, with corresponding revoke/clear semantics so delegation can't dangle after an admin/role change.
Centralize access checks (require_admin, require_role) and call them consistently at the top of every public entrypoint, replacing any ad hoc checks.
Add regression tests in test.rs: failed transfer mid-flight, revoked delegation, role clearing, and cross-role invariant violations including fuzz-style edge cases around concurrent/conflicting updates if the test harness supports it.

I'll open a draft PR early so maintainers can weigh in on the approach (especially storage layout changes) before I go further. Happy to align with existing conventions in the codebase.
Looking forward to working on this.

[kike-alt]

I have experience with NESTJS, I can work on this, can you assign to be, i'll submit a PR within a day