provenance-io · arnabmitra · Apr 19, 2021 · Apr 21, 2021 · Apr 22, 2021 · Apr 23, 2021
@@ -7,6 +7,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/provenance-io/provenance/x/authz"
+
 	"github.com/provenance-io/provenance/internal/statesync"
 
 	"github.com/cosmos/cosmos-sdk/client"
@@ -113,6 +115,9 @@ import (
 	wasmclient "github.com/CosmWasm/wasmd/x/wasm/client"
 
 	"github.com/provenance-io/provenance/internal/provwasm"
+
+	authzkeeper "github.com/provenance-io/provenance/x/authz/keeper"
+	authztypes "github.com/provenance-io/provenance/x/authz/types"
 )
 
 const (
@@ -168,6 +173,7 @@ var (
 		name.AppModuleBasic{},
 		metadata.AppModuleBasic{},
 		wasm.AppModuleBasic{},
+		authz.AppModuleBasic{},
 	)
 
 	// module account permissions
@@ -239,6 +245,7 @@ type App struct {
 	AttributeKeeper attributekeeper.Keeper
 	NameKeeper      namekeeper.Keeper
 	WasmKeeper      wasm.Keeper
+	AuthzKeeper     authzkeeper.Keeper
 
 	// make scoped keepers public for test purposes
 	ScopedIBCKeeper      capabilitykeeper.ScopedKeeper
@@ -278,6 +285,7 @@ func New(
 		attributetypes.StoreKey,
 		nametypes.StoreKey,
 		wasm.StoreKey,
+		authztypes.StoreKey,
 	)
 	tkeys := sdk.NewTransientStoreKeys(paramstypes.TStoreKey)
 	memKeys := sdk.NewMemoryStoreKeys(capabilitytypes.MemStoreKey)
@@ -334,6 +342,10 @@ func New(
 	app.CrisisKeeper = crisiskeeper.NewKeeper(
 		app.GetSubspace(crisistypes.ModuleName), invCheckPeriod, app.BankKeeper, authtypes.FeeCollectorName,
 	)
+	// Authz
+	app.AuthzKeeper = authzkeeper.NewKeeper(
+		keys[authztypes.StoreKey], appCodec, app.BaseApp.MsgServiceRouter(),
+	)
 	app.UpgradeKeeper = upgradekeeper.NewKeeper(skipUpgradeHeights, keys[upgradetypes.StoreKey], appCodec, homePath)
 
 	// register the staking hooks
@@ -347,7 +359,7 @@ func New(
 	)
 
 	app.MarkerKeeper = markerkeeper.NewKeeper(
-		appCodec, keys[markertypes.StoreKey], app.GetSubspace(markertypes.ModuleName), app.AccountKeeper, app.BankKeeper,
+		appCodec, keys[markertypes.StoreKey], app.GetSubspace(markertypes.ModuleName), app.AccountKeeper, app.BankKeeper, app.AuthzKeeper,
 	)
 
 	app.NameKeeper = namekeeper.NewKeeper(
@@ -475,6 +487,7 @@ func New(
 		marker.NewAppModule(appCodec, app.MarkerKeeper, app.AccountKeeper, app.BankKeeper),
 		name.NewAppModule(appCodec, app.NameKeeper, app.AccountKeeper, app.BankKeeper),
 		attribute.NewAppModule(app.AttributeKeeper),
+		authz.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry),
 		wasm.NewAppModule(appCodec, &app.WasmKeeper, app.StakingKeeper),
 
 		upgrade.NewAppModule(app.UpgradeKeeper),
@@ -773,6 +786,7 @@ func initParamsKeeper(appCodec codec.BinaryMarshaler, legacyAmino *codec.LegacyA
 	paramsKeeper := paramskeeper.NewKeeper(appCodec, legacyAmino, key, tkey)
 
 	paramsKeeper.Subspace(authtypes.ModuleName)
+	paramsKeeper.Subspace(authztypes.ModuleName)
 	paramsKeeper.Subspace(banktypes.ModuleName)
 	paramsKeeper.Subspace(stakingtypes.ModuleName)
 	paramsKeeper.Subspace(minttypes.ModuleName)

@@ -11,6 +11,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/provenance-io/provenance/x/marker/types"
+
 	"github.com/cosmos/cosmos-sdk/crypto/keys/ed25519"
 	"github.com/stretchr/testify/require"
 	abci "github.com/tendermint/tendermint/abci/types"
@@ -448,3 +450,21 @@ func FundAccount(app *App, ctx sdk.Context, addr sdk.AccAddress, amounts sdk.Coi
 	}
 	return app.BankKeeper.SendCoinsFromModuleToAccount(ctx, minttypes.ModuleName, addr, amounts)
 }
+
+func CreateMarker(app *App, ctx sdk.Context, addr sdk.AccAddress, coin sdk.Coin, markerType types.MarkerType) error {
+	// create account and check default values
+	mac := types.NewEmptyMarkerAccount(coin.Denom, addr.String(), []types.AccessGrant{*types.NewAccessGrant(addr,
+		[]types.Access{types.Access_Mint, types.Access_Burn, types.Access_Withdraw, types.Access_Delete, types.Access_Transfer})})
+
+	mac.MarkerType = markerType
+	mac.SetManager(addr)
+	mac.SetSupply(coin)
+
+	app.MarkerKeeper.AddMarkerAccount(ctx, mac)
+
+	// Moves to finalized, mints required supply, moves to active status.
+	app.MarkerKeeper.FinalizeMarker(ctx, addr, coin.Denom)
+	// No send enabled flag enforced yet, default is allowed
+	app.BankKeeper.SendEnabledCoin(ctx, sdk.NewCoin(coin.Denom, sdk.NewInt(10)))
+	return app.MarkerKeeper.ActivateMarker(ctx, addr, coin.Denom)
+}
@@ -0,0 +1,30 @@
+syntax = "proto3";
+package provenance.authz.v1;
+
+import "cosmos_proto/cosmos.proto";
+import "google/protobuf/timestamp.proto";
+import "gogoproto/gogo.proto";
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/provenance-io/provenance/x/authz/types";
+
+option java_package        = "io.provenance.authz.v1";
+option java_multiple_files = true;
+
+// GenericAuthorization gives the grantee unrestricted permissions to execute
+// the provided method on behalf of the granter's account.
+message GenericAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  // method name to grant unrestricted permissions to execute
+  // Note: MethodName() is already a method on `GenericAuthorization` type,
+  // we need some custom naming here so using `MessageName`
+  string method_name = 1 [(gogoproto.customname) = "MessageName"];
+}
+
+// AuthorizationGrant gives permissions to execute
+// the provide method with expiration time.
+message AuthorizationGrant {
+  google.protobuf.Any       authorization = 1 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+}
@@ -0,0 +1,26 @@
+syntax = "proto3";
+package provenance.authz.v1;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/any.proto";
+import "gogoproto/gogo.proto";
+import "cosmos_proto/cosmos.proto";
+
+option go_package = "github.com/provenance-io/provenance/x/authz/types";
+
+option java_package        = "io.provenance.authz.v1";
+option java_multiple_files = true;
+
+// GenesisState defines the authz module's genesis state.
+message GenesisState {
+  repeated GrantAuthorization authorization = 1 [(gogoproto.nullable) = false];
+}
+
+// GrantAuthorization defines the GenesisState/GrantAuthorization type.
+message GrantAuthorization {
+  string granter = 1;
+  string grantee = 2;
+
+  google.protobuf.Any       authorization = 3 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 4 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true];
+}
@@ -0,0 +1,54 @@
+syntax = "proto3";
+package provenance.authz.v1;
+
+import "google/api/annotations.proto";
+import "cosmos/base/query/v1beta1/pagination.proto";
+import "provenance/authz/v1/authz.proto";
+
+option go_package = "github.com/provenance-io/provenance/x/authz/types";
+
+option java_package        = "io.provenance.authz.v1";
+option java_multiple_files = true;
+
+// Query defines the gRPC querier service.
+service Query {
+  // Returns any `Authorization` (or `nil`), with the expiration time, granted to the grantee by the granter for the
+  // provided msg type.
+  rpc Authorization(QueryAuthorizationRequest) returns (QueryAuthorizationResponse) {
+    option (google.api.http).get = "/provenance/authz/v1/granters/{granter}/grantees/{grantee}/grant";
+  }
+
+  // Returns list of `Authorization`, granted to the grantee by the granter.
+  rpc Authorizations(QueryAuthorizationsRequest) returns (QueryAuthorizationsResponse) {
+    option (google.api.http).get = "/provenance/authz/v1/granters/{granter}/grantees/{grantee}/grants";
+  }
+}
+
+// QueryAuthorizationRequest is the request type for the Query/Authorization RPC method.
+message QueryAuthorizationRequest {
+  string granter     = 1;
+  string grantee     = 2;
+  string method_name = 3;
+}
+
+// QueryAuthorizationResponse is the response type for the Query/Authorization RPC method.
+message QueryAuthorizationResponse {
+  // authorization is a authorization granted for grantee by granter.
+  provenance.authz.v1.AuthorizationGrant authorization = 1;
+}
+
+// QueryAuthorizationsRequest is the request type for the Query/Authorizations RPC method.
+message QueryAuthorizationsRequest {
+  string granter = 1;
+  string grantee = 2;
+  // pagination defines an pagination for the request.
+  cosmos.base.query.v1beta1.PageRequest pagination = 3;
+}
+
+// QueryAuthorizationsResponse is the response type for the Query/Authorizations RPC method.
+message QueryAuthorizationsResponse {
+  // authorizations is a list of grants granted for grantee by granter.
+  repeated provenance.authz.v1.AuthorizationGrant authorizations = 1;
+  // pagination defines an pagination for the response.
+  cosmos.base.query.v1beta1.PageResponse pagination = 2;
+}
@@ -0,0 +1,66 @@
+syntax = "proto3";
+package provenance.authz.v1;
+
+import "cosmos_proto/cosmos.proto";
+import "gogoproto/gogo.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/any.proto";
+import "cosmos/base/abci/v1beta1/abci.proto";
+
+option go_package = "github.com/provenance-io/provenance/x/authz/types";
+
+option java_package        = "io.provenance.authz.v1";
+option java_multiple_files = true;
+
+// Msg defines the authz Msg service.
+service Msg {
+  // GrantAuthorization grants the provided authorization to the grantee on the granter's
+  // account with the provided expiration time.
+  rpc GrantAuthorization(MsgGrantAuthorizationRequest) returns (MsgGrantAuthorizationResponse);
+
+  // ExecAuthorized attempts to execute the provided messages using
+  // authorizations granted to the grantee. Each message should have only
+  // one signer corresponding to the granter of the authorization.
+  rpc ExecAuthorized(MsgExecAuthorizedRequest) returns (MsgExecAuthorizedResponse);
+
+  // RevokeAuthorization revokes any authorization corresponding to the provided method name on the
+  // granter's account that has been granted to the grantee.
+  rpc RevokeAuthorization(MsgRevokeAuthorizationRequest) returns (MsgRevokeAuthorizationResponse);
+}
+
+// MsgGrantAuthorizationRequest grants the provided authorization to the grantee on the granter's
+// account with the provided expiration time.
+message MsgGrantAuthorizationRequest {
+  string granter = 1;
+  string grantee = 2;
+
+  google.protobuf.Any       authorization = 3 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 4 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true];
+}
+
+// MsgExecAuthorizedResponse defines the Msg/MsgExecAuthorizedResponse response type.
+message MsgExecAuthorizedResponse {
+  cosmos.base.abci.v1beta1.Result result = 1;
+}
+
+// MsgExecAuthorizedRequest attempts to execute the provided messages using
+// authorizations granted to the grantee. Each message should have only
+// one signer corresponding to the granter of the authorization.
+message MsgExecAuthorizedRequest {
+  string   grantee                  = 1;
+  repeated google.protobuf.Any msgs = 2;
+}
+
+// MsgGrantAuthorizationResponse defines the Msg/MsgGrantAuthorization response type.
+message MsgGrantAuthorizationResponse {}
+
+// MsgRevokeAuthorizationRequest revokes any authorization with the provided sdk.Msg type on the
+// granter's account with that has been granted to the grantee.
+message MsgRevokeAuthorizationRequest {
+  string granter     = 1;
+  string grantee     = 2;
+  string method_name = 3;
+}
+
+// MsgRevokeAuthorizationResponse defines the Msg/MsgRevokeAuthorizationResponse response type.
+message MsgRevokeAuthorizationResponse {}
@@ -0,0 +1,28 @@
+syntax = "proto3";
+package provenance.marker.v1;
+
+import "gogoproto/gogo.proto";
+import "cosmos_proto/cosmos.proto";
+import "cosmos/base/v1beta1/coin.proto";
+
+option go_package = "github.com/provenance-io/provenance/x/marker/types";
+option java_package        = "io.provenance.marker.v1";
+option java_multiple_files = true;
+
+// SendAuthorization allows the grantee to spend up to spend_limit coins from
+// the granter's account.
+message SendAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  repeated cosmos.base.v1beta1.Coin spend_limit = 1
+      [(gogoproto.nullable) = false, (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"];
+}
+
+// MarkerSendAuthorization allows the grantee to spend up to spend_limit coins from
+// the granter's account.
+message MarkerSendAuthorization {
+    option (cosmos_proto.implements_interface) = "Authorization";
+
+    repeated cosmos.base.v1beta1.Coin spend_limit = 1
+    [(gogoproto.nullable) = false, (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"];
+}
@@ -0,0 +1,17 @@
+syntax = "proto3";
+package cosmos.bank.v1beta1;
+
+import "gogoproto/gogo.proto";
+import "cosmos_proto/cosmos.proto";
+import "cosmos/base/v1beta1/coin.proto";
+
+option go_package = "github.com/cosmos/cosmos-sdk/x/bank/types";
+
+// SendAuthorization allows the grantee to spend up to spend_limit coins from
+// the granter's account.
+message SendAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  repeated cosmos.base.v1beta1.Coin spend_limit = 1
+      [(gogoproto.nullable) = false, (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"];
+}