Multiple Role Admins?

EmanueleSpadaro · April 22, 2023, 11:02pm

Hello!
I'm trying, by using OpenZeppelin's contracts, to develop a simple DAO (Decentralized Autonomous Organization) with a simple ranking system.
I want to implement two functions that allow users to respectively promote or demote others inside their respective organization if they have an higher rank.
Basically higher ranks shall be allowed to promote a lower rank user by removing its lowest rank and assigning it an higher one.
The actual structure of AccessControl is fine, it's actually smart to have adminRoles for each role.
Let's say I have 4 ranks: A, B, C, D.
I've set admin roles so that A is the admin role of B, B is the admin role of C and C is the admin role of D, basically by build this hierarchy: A > B > C > D.
How can I manage to make it possible for "A role" to promote or demote (by using grantRole or revokeRole) users that have "D role"?

Given that you might have more experience, I was hoping you could help me, because the only thing I've come up to is to actually modify AccessControl's code to actually have multiple adminRoles, but I'd like to actually not alter your source code but eventually adapt mine.

frangio · May 2, 2023, 9:43pm

It's difficult to implement this kind of mechanism, but I think you could try something like overriding _checkRole so that when the contract checks for role D it also checks for roles C, B, and A. You just need to be careful not to introduce an unbounded loop.

EmanueleSpadaro · May 3, 2023, 3:48pm

Hi! Thank you for replying to me!
In the end that's what I did!
Here's the code snippet of the function I came up with:

function isAdminOfRole(bytes32 isAdminRole, bytes32 ofRole) public view returns(bool){
        bytes32 ofRoleAdminRole = getRoleAdmin(ofRole);
        while(ofRoleAdminRole != DEFAULT_ADMIN_ROLE){
            if(ofRoleAdminRole == isAdminRole){
                return true;
            }
            ofRoleAdminRole = getRoleAdmin(ofRoleAdminRole);
        }
        return isAdminRole == DEFAULT_ADMIN_ROLE;
    }

frangio · May 3, 2023, 8:26pm

That probably works, you just need to be mindful that it is technically vulnerable to falling into an infinite loop, but if the roles are statically defined and don't have a cycle other than the default admin role it looks like it should be fine.

Topic		Replies	Views
Workshop Recap: Setting Up Access Control for Smart Contracts Guides and Tutorials	0	908	April 23, 2021
Is there a limit of one admin account per role using AccessControl? Contracts	6	1605	August 26, 2022
AccessControl: using a quorum to let a smart contract grant / revoke roles Contracts openzeppelin-contracts	3	1035	February 11, 2021
renounceRole method can make the contract without administrator role Smart Contracts	0	488	February 9, 2022
Contracts-upgradeable and AccessControl DEFAULT_ADMIN_ROLE Upgrades proxies	4	1507	June 17, 2021

Multiple Role Admins?

Related topics