[1829]: If a marker allows force transfer, but the admin does not hav…

…e force transfer permission, check authz for permission before denying the transfer.

x/marker/keeper/keeper_test.go

@@ -725,12 +725,13 @@ func TestForceTransfer(t *testing.T) {
 		"transfer of non-force-transfer coin from other account back to admin")
 	requireBalances(t, "after failed transfer")
 
-	// Have the admin try a transfer of the force-transfer but without the force-transfer permission.
+	// Have the admin try a transfer of the force-transfer, but without the force-transfer permission.
 	assert.EqualError(t, app.MarkerKeeper.TransferCoin(ctx, other, admin, admin, wForceCoin(7)),
-		fmt.Sprintf("%s is not allowed to force-transfer", admin),
+		fmt.Sprintf("%s account has not been granted authority to withdraw from %s account", admin, other),
 		"transfer of force-transfer coin by account without force-transfer access")
 	requireBalances(t, "after failed force-transfer")
 
+	// Give the admin force transfer permission now.
 	addFTGrant := &types.AccessGrant{Address: admin.String(), Permissions: types.AccessList{types.Access_ForceTransfer}}
 	require.NoError(t, app.MarkerKeeper.AddAccess(ctx, admin, wForceDenom, addFTGrant),
 		"AddAccess to grant admin force-transfer access")

x/marker/keeper/marker.go

@@ -648,13 +648,11 @@ func (k Keeper) TransferCoin(ctx sdk.Context, from, to, admin sdk.AccAddress, am
 	}
 	if !admin.Equals(from) {
 		switch {
-		case !m.AllowsForcedTransfer():
+		case !m.AllowsForcedTransfer() || !m.AddressHasAccess(admin, types.Access_ForceTransfer):
 			err = k.authzHandler(ctx, admin, from, to, amount)
 			if err != nil {
 				return err
 			}
-		case !m.AddressHasAccess(admin, types.Access_ForceTransfer):
-			return fmt.Errorf("%s is not allowed to force-transfer", admin)
 		case !k.canForceTransferFrom(ctx, from):
 			return fmt.Errorf("funds are not allowed to be removed from %s", from)
 		}