review changes

proto/cosmos/authz/v1beta1/authz.proto

@@ -61,3 +61,11 @@ message GrantQueueItem {
 message AllowedGrantRulesKeys {
   repeated cosmos.authz.v1beta1.Rule keys = 1;
 }
+
+// AppAuthzRules is rules passed to the authz app.
+message AppAuthzRules {
+  repeated string allowed_recipients       = 1;
+  repeated string max_amount               = 2;
+  repeated string allowed_stake_validators = 3;
+  repeated string allowed_max_stake_amount = 4;
+}

proto/cosmos/authz/v1beta1/tx.proto

@@ -44,7 +44,7 @@ message MsgGrant {
   cosmos.authz.v1beta1.Grant grant = 3 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true];
 
   // rules are conditions to execute the grant.
-  repeated cosmos.authz.v1beta1.Rule rules = 4;
+  bytes rules = 4;
 }
 
 // MsgGrantResponse defines the Msg/MsgGrant response type.

x/authz/client/cli/tx.go

@@ -1,7 +1,6 @@
 package cli
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
@@ -10,7 +9,6 @@ import (
 
 	"github.com/spf13/cobra"
 
-	bankv1beta1 "cosmossdk.io/api/cosmos/bank/v1beta1"
 	"cosmossdk.io/core/address"
 
 	"github.com/cosmos/cosmos-sdk/client"
@@ -218,12 +216,7 @@ Examples:
 					return err
 				}
 
-				rules, err := buildRules(args[1], contents)
-				if err != nil {
-					return err
-				}
-
-				msg.SetAuthzRules(rules)
+				msg.SetAuthzRules(contents)
 			}
 
 			return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg)
@@ -240,38 +233,6 @@ Examples:
 	return cmd
 }
 
-func buildRules(msg string, rulesBytes []byte) ([]*authz.Rule, error) {
-	type internalRules struct {
-		AllowedRecipients      []string `json:"allowed_recepients"`
-		MaxAmount              []string `json:"max_amount"`
-		AllowedStakeValidators []string `json:"allowed_stake_validators"`
-		AllowedMaxStakeAmount  []string `json:"allowed_max_stake_amount"`
-	}
-
-	var rulesJson internalRules
-	err := json.Unmarshal(rulesBytes, &rulesJson)
-	if err != nil {
-		return nil, err
-	}
-
-	switch msg {
-	case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}):
-		return []*authz.Rule{
-			{Key: authz.AllowedRecipients, Values: rulesJson.AllowedRecipients},
-			{Key: authz.MaxAmount, Values: rulesJson.MaxAmount},
-		}, nil
-
-	case sdk.MsgTypeURL(&staking.MsgDelegate{}):
-		return []*authz.Rule{
-			{Key: authz.AllowedStakeValidators, Values: rulesJson.AllowedStakeValidators},
-			{Key: authz.AllowedMaxStakeAmount, Values: rulesJson.AllowedMaxStakeAmount},
-		}, nil
-
-	default:
-		return []*authz.Rule{}, nil
-	}
-}
-
 func getExpireTime(cmd *cobra.Command) (*time.Time, error) {
 	exp, err := cmd.Flags().GetInt64(FlagExpiration)
 	if err != nil {

x/authz/keeper/msg_server.go

@@ -2,16 +2,19 @@ package keeper
 
 import (
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"reflect"
 	"strings"
 
 	errorsmod "cosmossdk.io/errors"
 
+	bankv1beta1 "cosmossdk.io/api/cosmos/bank/v1beta1"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	"github.com/cosmos/cosmos-sdk/x/authz"
+	staking "github.com/cosmos/cosmos-sdk/x/staking/types"
 )
 
 var _ authz.MsgServer = Keeper{}
@@ -54,14 +57,16 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra
 		return nil, sdkerrors.ErrInvalidType.Wrapf("%s doesn't exist.", t)
 	}
 
+	var rules []*authz.Rule
 	if msg.Rules != nil {
-		err := k.VerifyTheRules(goCtx, msg.Grant.Authorization.GetTypeUrl(), msg.Rules)
+		var err error
+		err, rules = k.VerifyAndBuildRules(goCtx, msg.Grant.Authorization.GetTypeUrl(), msg.Rules)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	err = k.SaveGrant(ctx, grantee, granter, authorization, msg.Grant.Expiration, msg.Rules)
+	err = k.SaveGrant(ctx, grantee, granter, authorization, msg.Grant.Expiration, rules)
 	if err != nil {
 		return nil, err
 	}
@@ -70,10 +75,31 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra
 }
 
 // VerifyTheRules checks the keys of rules provided are allowed
-func (k Keeper) VerifyTheRules(goCtx context.Context, msg string, rules []*authz.Rule) error {
+func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesBytes []byte) (error, []*authz.Rule) {
+	var rulesJson authz.AppAuthzRules
+	err := json.Unmarshal(rulesBytes, &rulesJson)
+	if err != nil {
+		return err, nil
+	}
+
+	var rules []*authz.Rule
+	switch msg {
+	case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}):
+		rules = []*authz.Rule{
+			{Key: authz.AllowedRecipients, Values: rulesJson.AllowedRecipients},
+			{Key: authz.MaxAmount, Values: rulesJson.MaxAmount},
+		}
+
+	case sdk.MsgTypeURL(&staking.MsgDelegate{}):
+		rules = []*authz.Rule{
+			{Key: authz.AllowedStakeValidators, Values: rulesJson.AllowedStakeValidators},
+			{Key: authz.AllowedMaxStakeAmount, Values: rulesJson.AllowedMaxStakeAmount},
+		}
+	}
+
 	registeredRules, err := k.GetAuthzRulesKeys(goCtx)
 	if err != nil {
-		return err
+		return err, nil
 	}
 
 	var values []string
@@ -85,10 +111,10 @@ func (k Keeper) VerifyTheRules(goCtx context.Context, msg string, rules []*authz
 	}
 
 	if err := checkStructKeys(rules, values); err != nil {
-		return err
+		return err, nil
 	}
 
-	return nil
+	return nil, rules
 }
 
 func checkStructKeys(s interface{}, allowedKeys []string) error {

x/authz/msgs.go

@@ -33,7 +33,7 @@ func NewMsgGrant(granter, grantee sdk.AccAddress, a Authorization, expiration *t
 	return m, nil
 }
 
-func (msg *MsgGrant) SetAuthzRules(rules []*Rule) {
+func (msg *MsgGrant) SetAuthzRules(rules []byte) {
 	msg.Rules = rules
 }