check_can_send(): expose for query and helper

[taitruong]

check_can_send() can rn only be used internally. But externals, 3rd party contract, might benefit from this as well. Use case:

• contract (e.g. staking, markeptplace) gets approval by NFT owner
• use calls contract like staking or listing NFT
  • sub call: contract calls cw721-base e.g. transferring NFT to contract or another owner

Even contract is approved to do so, it needs to check whether sender is owner and eligible to do so on contract.

This is boilerplate and covered by check_can_send():

https://github.com/CosmWasm/cw-nfts/blob/588868d74bda898fe4b93ddbb3a74b74e94ca948/contracts/cw721-base/src/execute.rs#L376-L395

we just need to change input param from info: &MessageInfo to sender: String and return a bool, then we can expose this function.

[taitruong]

query should be expose in helpers.rs here: https://github.com/CosmWasm/cw-nfts/blob/main/contracts/cw721-base/src/helpers.rs

[taitruong]

Actually for 3rd party contracts it is quite tedious, since it needs to check and query, sender being:

• owner,
• spender (approval), or
• operator

https://github.com/CosmWasm/cw-nfts/blob/588868d74bda898fe4b93ddbb3a74b74e94ca948/contracts/cw721-base/src/execute.rs#L384-L410

[hoanm]

I found this issue when trying to send nfts between chains. Right after owner of nft allows some operators (contracts) to transfer/send his token, other person can send a message with their information to contract and steal the token.

[taitruong]

partially solved in v19, by exposing functions check_can_send and check_can_approve. But for moving to helper is not done yet. both functions throws a contract error, but it helper it shouldnt. It is a minor thing, but not done yet.