From 6b3938549bea360188a68253cb66d49365bde1f7 Mon Sep 17 00:00:00 2001
From: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
Date: Sun, 17 Nov 2024 00:32:55 +0900
Subject: [PATCH] review: early `deny!`

Signed-off-by: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
---
 crates/iroha_executor/src/default/mod.rs | 62 ++++++++++++------------
 1 file changed, 30 insertions(+), 32 deletions(-)

diff --git a/crates/iroha_executor/src/default/mod.rs b/crates/iroha_executor/src/default/mod.rs
index 7a8479a8ee3..09f700390df 100644
--- a/crates/iroha_executor/src/default/mod.rs
+++ b/crates/iroha_executor/src/default/mod.rs
@@ -1254,51 +1254,49 @@ pub mod role {
             }
 
             if role.id().name().as_ref().starts_with(MULTISIG_SIGNATORY) {
-                if let Some(multisig_account) = multisig_account_from(role.id()) {
-                    if is_domain_owner(
-                        multisig_account.domain(),
-                        &executor.context().authority,
-                        executor.host(),
-                    )
-                    .unwrap_or_default()
-                    {
-                        let isi = &Register::role(new_role);
-                        if let Err(err) = executor.host().submit(isi) {
-                            deny!(executor, err);
-                        }
-                        execute!(executor, grant_role);
+                let Some(multisig_account) = multisig_account_from(role.id()) else {
+                    deny!(executor, "violates multisig role name format")
+                };
+                if is_domain_owner(
+                    multisig_account.domain(),
+                    &executor.context().authority,
+                    executor.host(),
+                )
+                .unwrap_or_default()
+                {
+                    let isi = &Register::role(new_role);
+                    if let Err(err) = executor.host().submit(isi) {
+                        deny!(executor, err);
                     }
-                    deny!(
-                        executor,
-                        "only the domain owner can register multisig roles"
-                    )
+                    execute!(executor, grant_role);
                 }
-                deny!(executor, "violates multisig role name format")
+                deny!(
+                    executor,
+                    "only the domain owner can register multisig roles"
+                )
             }
         }
 
         for permission in role.inner().permissions() {
             iroha_smart_contract::log::debug!(&format!("Checking `{permission:?}`"));
 
-            if let Ok(any_permission) = AnyPermission::try_from(permission) {
-                if !executor.context().curr_block.is_genesis() {
-                    if let Err(error) = crate::permission::ValidateGrantRevoke::validate_grant(
-                        &any_permission,
-                        role.grant_to(),
-                        executor.context(),
-                        executor.host(),
-                    ) {
-                        deny!(executor, error);
-                    }
-                }
-
-                new_role = new_role.add_permission(any_permission);
-            } else {
+            let Ok(any_permission) = AnyPermission::try_from(permission) else {
                 deny!(
                     executor,
                     ValidationFail::NotPermitted(format!("{permission:?}: Unknown permission"))
                 );
+            };
+            if !executor.context().curr_block.is_genesis() {
+                if let Err(error) = crate::permission::ValidateGrantRevoke::validate_grant(
+                    &any_permission,
+                    role.grant_to(),
+                    executor.context(),
+                    executor.host(),
+                ) {
+                    deny!(executor, error);
+                }
             }
+            new_role = new_role.add_permission(any_permission);
         }
 
         if executor.context().curr_block.is_genesis()