Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authz: a grant with the same granter and grantee #11505

Closed
ivan-gavran opened this issue Mar 30, 2022 · 3 comments
Closed

Authz: a grant with the same granter and grantee #11505

ivan-gavran opened this issue Mar 30, 2022 · 3 comments

Comments

@ivan-gavran
Copy link
Contributor

It seems that a grant with the same granter and grantee can be given (here is a passing test that does so).

On the other hand, the documentation says that

The message handling should fail if: (...) both granter and grantee have the same address.

That granter is not the same as grantee does not seem to be checked in the msg_server's function Grant either.

I suspect that this is an inconsistency with the documentation. Not fully sure, though, if there are some decorators which do the check, but I was not able to find them. Could anybody help clarify this issue? And, if it is real, should the documentation be changed or the code?

@atheeshp
Copy link
Contributor

Hey @ivan-gavran we are covering this case in ValidateBasic

if granter.Equals(grantee) {
return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "granter and grantee cannot be same")
}

if there are some decorators which do the check, but I was not able to find them.

func validateBasicTxMsgs(msgs []sdk.Msg) error {
if len(msgs) == 0 {
return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "must contain at least one message")
}
for _, msg := range msgs {
err := msg.ValidateBasic()
if err != nil {
return err
}
}
return nil
}

@atheeshp
Copy link
Contributor

unfortunately we don't have a covering test case for this, added a PR #11509

@ivan-gavran
Copy link
Contributor Author

Thanks for the explanation, @atheeshp!

mergify bot pushed a commit that referenced this issue Apr 5, 2022
## Description

ref: #11505 



---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed 
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants