Adding new Superuser contract with test #952
Conversation
contracts/ownership/Superuser.sol
Outdated
| * @dev A superuser can transfer his role to a new address. | ||
| */ | ||
| contract Superuser is Ownable, RBAC { | ||
| event SuperuserTransferred(address indexed previousSuperuser, address indexed newSuperuser); |
There was a problem hiding this comment.
These events aren't necessary. RBAC emits RoleChanged events, so SuperuserTransferred isn't needed, and Ownable already emits OwnershipTransferred.
There was a problem hiding this comment.
About OwnershipTransferred: I am overriding transferOwnership and therefore it will not be emitted by Ownable.
I need to override it because in Ownable that method is onlyOwner and I need it to be onlySuperuser (actually it should be both).
I think I could do "emit super.OwnershipTransferred..." though.
There was a problem hiding this comment.
- the events are inherited as well, so you don't have to declare it again. just
emit OwnershipTransferred(...) - If you call
super.transferOwnership(...)the contract would emit the event correctly regardless
There was a problem hiding this comment.
@shrugs I removed the event declaration. As we discussed in Slack, I can't call super.transferOwnership because of the onlyOwner modifier.
contracts/ownership/Superuser.sol
Outdated
|
|
||
| string public constant ROLE_SUPERUSER = "superuser"; | ||
|
|
||
| constructor () { |
There was a problem hiding this comment.
constructor should have the public modifier
contracts/ownership/Superuser.sol
Outdated
| _; | ||
| } | ||
|
|
||
| /** |
contracts/ownership/Superuser.sol
Outdated
| /** | ||
| * @dev getter to determine if address has superuser role | ||
| */ | ||
| function superuser(address addr) |
There was a problem hiding this comment.
let's change this to isSuperuser to be more explicit.
contracts/ownership/Superuser.sol
Outdated
| public | ||
| { | ||
| require(newSuperuser != address(0)); | ||
| emit SuperuserTransferred(msg.sender, newSuperuser); |
There was a problem hiding this comment.
events not needed here, but also, generally you'll emit events after something has occurred (even though this whole process is atomic, it's good practice)
There was a problem hiding this comment.
Perfect! Actually I agree with that practice but I wanted to follow the pattern in Ownable.sol π
contracts/ownership/Superuser.sol
Outdated
| * @dev Allows the current superuser to transfer his role to a newSuperuser. | ||
| * @param newSuperuser The address to transfer ownership to. | ||
| */ | ||
| function transferSuperuser(address newSuperuser) |
There was a problem hiding this comment.
The convention is to prefix arguments with _ to keep them visually separate from variables in the function body. make this _newSuperuser?
likewise for the various other arguments in this file
There was a problem hiding this comment.
Perfect! Same here, trying to follow the style of Ownable.sol and Whitelist.sol :)
contracts/ownership/Superuser.sol
Outdated
| * @dev Allows the current superuser to transfer control of the contract to a newOwner. | ||
| * @param newOwner The address to transfer ownership to. | ||
| */ | ||
| function transferOwnership(address newOwner) public onlySuperuser { |
There was a problem hiding this comment.
you can just call super.transferOwnership() here instead of re-implementing the function.
There was a problem hiding this comment.
See my comments at the top of the page about this. I need to override the function to make it onlySuperuser instead of onlyOwner (actually I think it should be both). Let me know your thoughts about this.
contracts/ownership/Superuser.sol
Outdated
| contract Superuser is Ownable, RBAC { | ||
| string public constant ROLE_SUPERUSER = "superuser"; | ||
|
|
||
| constructor ()public { |
There was a problem hiding this comment.
space here
make sure to run npm run lint:sol to catch these
There was a problem hiding this comment.
@shrugs Fixed. For some reason the linter is not catching it.
|
waiting on a second review before merging π |
|
@shrugs Hey! Any updates on this? :) |
|
Thanks for the reminder, @pmosse, I'll grab a second review by monday :) |
|
Sorry it took me a while to get to this. Re:
@pmosse I see that the contract was merged with |
|
@frangio I could see it both ways With |
|
@shrugs Well, with the code as it is now, and assuming that the normal behaviour is to transfer the superuser role to another account as soon as the contract is deployed, we are not allowing the owner to transfer his ownership if he needs to do that. With the change proposed by @frangio, the owner will be able to transfer his ownership at any time if needed, and if the current owner's account gets compromised, the superuser can always regain control by assigning a new owner. Does that make sense? |
|
Yeah exactly; I could see the argument for either way; neither of them are specifically good or bad; we just have to pick the "intended behavior" and stick with it. |
|
Personally I'm for making it only-owner-or-superuser, because I see this as With |
|
I support that. @pmosse ? |
Fixes #50
π Description
I am adding a new Superuser contract. This allows a contract to have a user in the superuser role. A superuser can set a new owner for the contract, in case that the original owner address becomes compromised. The creator of the contract is the first superuser and he can then transfer his role to a different user.
npm run lint:all:fix).