New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding new Superuser contract with test #952
Adding new Superuser contract with test #952
Conversation
contracts/ownership/Superuser.sol
Outdated
* @dev A superuser can transfer his role to a new address. | ||
*/ | ||
contract Superuser is Ownable, RBAC { | ||
event SuperuserTransferred(address indexed previousSuperuser, address indexed newSuperuser); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These events aren't necessary. RBAC emits RoleChanged
events, so SuperuserTransferred
isn't needed, and Ownable already emits OwnershipTransferred
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
About OwnershipTransferred: I am overriding transferOwnership and therefore it will not be emitted by Ownable.
I need to override it because in Ownable that method is onlyOwner and I need it to be onlySuperuser (actually it should be both).
I think I could do "emit super.OwnershipTransferred..." though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- the events are inherited as well, so you don't have to declare it again. just
emit OwnershipTransferred(...)
- If you call
super.transferOwnership(...)
the contract would emit the event correctly regardless
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shrugs I removed the event declaration. As we discussed in Slack, I can't call super.transferOwnership because of the onlyOwner modifier.
contracts/ownership/Superuser.sol
Outdated
|
||
string public constant ROLE_SUPERUSER = "superuser"; | ||
|
||
constructor () { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
constructor should have the public
modifier
contracts/ownership/Superuser.sol
Outdated
_; | ||
} | ||
|
||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: formatting
contracts/ownership/Superuser.sol
Outdated
/** | ||
* @dev getter to determine if address has superuser role | ||
*/ | ||
function superuser(address addr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's change this to isSuperuser
to be more explicit.
contracts/ownership/Superuser.sol
Outdated
public | ||
{ | ||
require(newSuperuser != address(0)); | ||
emit SuperuserTransferred(msg.sender, newSuperuser); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
events not needed here, but also, generally you'll emit events after something has occurred (even though this whole process is atomic, it's good practice)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect! Actually I agree with that practice but I wanted to follow the pattern in Ownable.sol π
contracts/ownership/Superuser.sol
Outdated
* @dev Allows the current superuser to transfer his role to a newSuperuser. | ||
* @param newSuperuser The address to transfer ownership to. | ||
*/ | ||
function transferSuperuser(address newSuperuser) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The convention is to prefix arguments with _
to keep them visually separate from variables in the function body. make this _newSuperuser
?
likewise for the various other arguments in this file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect! Same here, trying to follow the style of Ownable.sol and Whitelist.sol :)
contracts/ownership/Superuser.sol
Outdated
* @dev Allows the current superuser to transfer control of the contract to a newOwner. | ||
* @param newOwner The address to transfer ownership to. | ||
*/ | ||
function transferOwnership(address newOwner) public onlySuperuser { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can just call super.transferOwnership()
here instead of re-implementing the function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See my comments at the top of the page about this. I need to override the function to make it onlySuperuser instead of onlyOwner (actually I think it should be both). Let me know your thoughts about this.
contracts/ownership/Superuser.sol
Outdated
contract Superuser is Ownable, RBAC { | ||
string public constant ROLE_SUPERUSER = "superuser"; | ||
|
||
constructor ()public { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space here
make sure to run npm run lint:sol
to catch these
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shrugs Fixed. For some reason the linter is not catching it.
waiting on a second review before merging π |
@shrugs Hey! Any updates on this? :) |
Thanks for the reminder, @pmosse, I'll grab a second review by monday :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Sorry it took me a while to get to this. Re:
@pmosse I see that the contract was merged with |
@frangio I could see it both ways With |
@shrugs Well, with the code as it is now, and assuming that the normal behaviour is to transfer the superuser role to another account as soon as the contract is deployed, we are not allowing the owner to transfer his ownership if he needs to do that. With the change proposed by @frangio, the owner will be able to transfer his ownership at any time if needed, and if the current owner's account gets compromised, the superuser can always regain control by assigning a new owner. Does that make sense? |
Yeah exactly; I could see the argument for either way; neither of them are specifically good or bad; we just have to pick the "intended behavior" and stick with it. |
Personally I'm for making it only-owner-or-superuser, because I see this as With |
I support that. @pmosse ? |
Fixes #50
π Description
I am adding a new Superuser contract. This allows a contract to have a user in the superuser role. A superuser can set a new owner for the contract, in case that the original owner address becomes compromised. The creator of the contract is the first superuser and he can then transfer his role to a different user.
npm run lint:all:fix
).