This PR makes only token owners be the _sender for SetApprovalForAll().
If some random user, who doesn't own any token, tries to add an operator it will throw CodeNotTokenOwner.
Currently, anyone who doesn't have any token can set anyone as an operator with SetApprovalForAll() and create some garbage data in the contract. Only token owners should be able to add an operator.
This PR makes only token owners be the
_sender
forSetApprovalForAll()
. If some random user, who doesn't own any token, tries to add an operator it will throwCodeNotTokenOwner
.Currently, anyone who doesn't have any token can set anyone as an operator with
SetApprovalForAll()
and create some garbage data in the contract. Only token owners should be able to add an operator.