Open taitruong opened 9 months ago
query should be expose in helpers.rs here: https://github.com/CosmWasm/cw-nfts/blob/main/contracts/cw721-base/src/helpers.rs
Actually for 3rd party contracts it is quite tedious, since it needs to check and query, sender being:
I found this issue when trying to send nfts between chains. Right after owner of nft allows some operators (contracts) to transfer/send his token, other person can send a message with their information to contract and steal the token.
partially solved in v19, by exposing functions check_can_send
and check_can_approve
. But for moving to helper is not done yet. both functions throws a contract error, but it helper it shouldnt. It is a minor thing, but not done yet.
check_can_send()
can rn only be used internally. But externals, 3rd party contract, might benefit from this as well. Use case:Even contract is approved to do so, it needs to check whether sender is owner and eligible to do so on contract.
This is boilerplate and covered by
check_can_send()
:https://github.com/CosmWasm/cw-nfts/blob/588868d74bda898fe4b93ddbb3a74b74e94ca948/contracts/cw721-base/src/execute.rs#L376-L395
we just need to change input param from
info: &MessageInfo
tosender: String
and return a bool, then we can expose this function.