implemented execute_execute_messages (1/n)

contracts/dao/neutron-chain-manager/src/contract.rs

@@ -5,7 +5,7 @@ use cosmwasm_std::{
     StdResult,
 };
 use cw2::set_contract_version;
-use neutron_sdk::bindings::msg::NeutronMsg;
+use neutron_sdk::bindings::msg::{AdminProposal, NeutronMsg};
 
 use crate::error::ContractError;
 use crate::msg::{ExecuteMsg, InstantiateMsg, MigrateMsg, QueryMsg, Strategy};
@@ -111,12 +111,68 @@ pub fn execute_remove_strategy(
 }
 
 pub fn execute_execute_messages(
-    _deps: DepsMut,
+    deps: DepsMut,
     _env: Env,
-    _info: MessageInfo,
-    _messages: Vec<CosmosMsg<NeutronMsg>>,
-) -> Result<Response, ContractError> {
-    Ok(Response::new().add_attribute("action", "execute_execute_messages"))
+    info: MessageInfo,
+    messages: Vec<CosmosMsg<NeutronMsg>>,
+) -> Result<Response<NeutronMsg>, ContractError> {
+    if STRATEGIES_ALLOW_ALL.has(deps.storage, info.sender.clone()) {
+        return Ok(Response::new()
+            .add_attribute("action", "execute_execute_messages")
+            .add_attribute("strategy", "allow_all")
+            .add_attribute("address", info.sender.clone())
+            .add_messages(messages))
+    }
+
+    if !STRATEGIES_ALLOW_ONLY.has(deps.storage, info.sender.clone()) {
+        return Err(ContractError::Unauthorized {})
+    }
+
+    let strategy = STRATEGIES_ALLOW_ONLY.load(deps.storage, info.sender)?;
+    // For every message, check whether we have the permission to execute it.
+    // Any missing permission aborts the execution.
+    for msg in messages {
+        match msg {
+            CosmosMsg::Custom(neutron_msg) => {
+                match neutron_msg {
+                    NeutronMsg::AddSchedule => {
+                        if !strategy.has_cron_add_schedule_permission() {
+                            return Err(ContractError::Unauthorized {})
+                        }
+                    }
+                    NeutronMsg::RemoveSchedule => {
+                        if !strategy.has_cron_remove_schedule_permission() {
+                            return Err(ContractError::Unauthorized {})
+                        }
+                    }
+                    NeutronMsg::SubmitAdminProposal{admin_proposal} => {
+                        match admin_proposal {
+                            AdminProposal::ParamChangeProposal(proposal) => {
+                                for param_change in proposal.param_changes {
+                                    if !strategy.has_param_change_permission(param_change) {
+                                        return Err(ContractError::Unauthorized {})
+                                    }
+                                }
+                            },
+                            AdminProposal::ProposalExecuteMessage(proposal) => {
+
+                            }
+                            _ => {}
+                        }
+                    }
+                    _ => {}
+                }
+            }
+            _ => {}
+        }
+    }
+
+
+    Ok(Response::new()
+        .add_attribute("action", "execute_execute_messages")
+        .add_attribute("strategy", "allow_only")
+        .add_attribute("address", info.sender.clone())
+        .add_messages(messages))
 }
 
 #[cfg_attr(not(feature = "library"), entry_point)]

contracts/dao/neutron-chain-manager/src/msg.rs

@@ -1,8 +1,9 @@
 use cosmwasm_schema::{cw_serde, QueryResponses};
 use cosmwasm_std::{Addr, CosmosMsg};
-use neutron_sdk::bindings::msg::NeutronMsg;
+use neutron_sdk::bindings::msg::{NeutronMsg, ParamChange};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
+use crate::error::ContractError;
 
 #[derive(Serialize, Deserialize, JsonSchema, Debug, Clone)]
 pub struct InstantiateMsg {
@@ -40,21 +41,65 @@ pub struct Strategy {
     pub permissions: Vec<Permission>,
 }
 
+impl Strategy {
+    pub fn has_cron_add_schedule_permission(&self) -> bool {
+        for permission in self.permissions {
+            match permission {
+                Permission::CronPermission(cron_permission) => {
+                    cron_permission.add_schedule
+                }
+                _ => {}
+            }
+        }
+
+        false
+    }
+    pub fn has_cron_remove_schedule_permission(&self) -> bool {
+        for permission in self.permissions {
+            match permission {
+                Permission::CronPermission(cron_permission) => {
+                    cron_permission.remove_schedule
+                }
+                _ => {}
+            }
+        }
+
+        false
+    }
+    pub fn has_param_change_permission(&self, param_change: ParamChange) -> bool {
+        for permission in self.permissions {
+            match permission {
+                Permission::ParamChangePermission(param_change_permissions) => {
+                    for param_change_permission in param_change_permissions.params {
+                        if param_change.subspace == param_change_permission.subspace &&
+                            param_change.key == param_change_permission.key {
+                            return true
+                        }
+                    }
+                }
+                _ => {}
+            }
+        }
+
+        false
+    }
+}
+
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, JsonSchema)]
 pub enum Permission {
-    // Deprecated
+    // Deprecated, for legacy parameter updates using `params` module.
     ParamChangePermission(ParamChangePermission),
     UpdateParamsPermission(UpdateParamsPermission),
     CronPermission(CronPermission),
 }
 
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, JsonSchema)]
 pub struct ParamChangePermission {
-    pub params: Vec<LegacyParamPermission>,
+    pub params: Vec<ParamPermission>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, JsonSchema)]
-pub struct LegacyParamPermission {
+pub struct ParamPermission {
     pub subspace: String,
     pub key: String,
 }