feat: 🎸 add field to expose unmatched permissions

Author: sansan

src/api/entities/CustomPermissionGroup.ts

@@ -79,12 +79,14 @@ export class CustomPermissionGroup extends PermissionGroup {
 
     const rawGroupPermissions = await externalAgents.groupPermissions(rawAssetId, rawAgId);
 
-    const transactions = extrinsicPermissionsToTransactionPermissions(rawGroupPermissions.unwrap());
+    const { permissions } = extrinsicPermissionsToTransactionPermissions(
+      rawGroupPermissions.unwrap()
+    );
 
-    const transactionGroups = transactionPermissionsToTxGroups(transactions);
+    const transactionGroups = transactionPermissionsToTxGroups(permissions);
 
     return {
-      transactions,
+      transactions: permissions,
       transactionGroups,
     };
   }

src/api/entities/Identity/AssetPermissions.ts

@@ -182,7 +182,7 @@ export class AssetPermissions extends Namespace<Identity> {
 
       const groupPermissionsOption = await externalAgents.groupPermissions(rawAssetId, groupId);
 
-      const permissions = extrinsicPermissionsToTransactionPermissions(
+      const { permissions } = extrinsicPermissionsToTransactionPermissions(
         groupPermissionsOption.unwrap()
       );
 

src/api/entities/types.ts

@@ -773,6 +773,7 @@ export interface CheckpointWithData {
 export interface PermissionedAccount {
   account: Account | MultiSig;
   permissions: Permissions;
+  unmatchedPermissions?: string[];
 }
 
 export type PortfolioLike =

src/generated/types.ts

@@ -983,3 +983,9 @@ export const TxTags = {
   stateTrieMigration: StateTrieMigrationTx,
   electionProviderMultiPhase: ElectionProviderMultiPhaseTx,
 };
+
+export const TX_TAG_VALUES: string[] = Object.values(TxTags)
+  .map(v => Object.values(v))
+  .flat();
+
+export const MODULE_NAMES: string[] = Object.values(ModuleName);

src/utils/__tests__/conversion.ts

@@ -2277,7 +2277,8 @@ describe('permissionsToMeshPermissions and meshPermissionsToPermissions', () =>
         entityMockUtils.getAccountInstance(),
         context
       );
-      expect(result).toEqual(fakeResult);
+      expect(result.permissions).toEqual(fakeResult);
+      expect(result.unmatchedPermissions).toEqual([]);
 
       fakeResult = {
         assets: null,
@@ -2295,7 +2296,8 @@ describe('permissionsToMeshPermissions and meshPermissionsToPermissions', () =>
         ]);
 
       result = await meshPermissionsToPermissionsV2(entityMockUtils.getMultiSigInstance(), context);
-      expect(result).toEqual(fakeResult);
+      expect(result.permissions).toEqual(fakeResult);
+      expect(result.unmatchedPermissions).toEqual([]);
 
       fakeResult = {
         assets: {
@@ -2347,13 +2349,16 @@ describe('permissionsToMeshPermissions and meshPermissionsToPermissions', () =>
       ]);
 
       result = await meshPermissionsToPermissionsV2(entityMockUtils.getAccountInstance(), context);
-      expect(result).toEqual(fakeResult);
+      expect(result.permissions).toEqual(fakeResult);
+      expect(result.unmatchedPermissions).toEqual([]);
     });
 
     it('should filter out incorrectly cased modules and extrinsics', async () => {
       const context = dsMockUtils.getContextInstance();
       const rawIdentityName = dsMockUtils.createMockText('identity');
       const rawAuthorshipName = dsMockUtils.createMockText('Asset');
+      const rawUnknownModuleName = dsMockUtils.createMockText('UnknownModule');
+      const rawKnownModuleName = dsMockUtils.createMockText('Checkpoint');
 
       const rawIdentityPermissions = dsMockUtils.createMockPalletPermissions({
         extrinsics: dsMockUtils.createMockExtrinsicName({
@@ -2367,9 +2372,74 @@ describe('permissionsToMeshPermissions and meshPermissionsToPermissions', () =>
         }),
       });
 
+      const rawWholePermissions = dsMockUtils.createMockPalletPermissions({
+        extrinsics: dsMockUtils.createMockExtrinsicName('Whole'),
+      });
+
+      const rawUnknownExtrinsicPermissions = dsMockUtils.createMockPalletPermissions({
+        extrinsics: dsMockUtils.createMockExtrinsicName({
+          These: [dsMockUtils.createMockText('unknown_extrinsic')],
+        }),
+      });
+
       const permissionsMap = new Map();
       permissionsMap.set(rawIdentityName, rawIdentityPermissions);
       permissionsMap.set(rawAuthorshipName, rawAssetPermissions);
+      permissionsMap.set(rawUnknownModuleName, rawWholePermissions);
+      permissionsMap.set(rawKnownModuleName, rawUnknownExtrinsicPermissions);
+
+      dsMockUtils.getQueryMultiMock().mockResolvedValue([
+        dsMockUtils.createMockOption(),
+        dsMockUtils.createMockOption(
+          dsMockUtils.createMockExtrinsicPermissions({
+            These: dsMockUtils.createMockBTreeMap(permissionsMap),
+          })
+        ),
+        dsMockUtils.createMockOption(),
+      ]);
+
+      const result = await meshPermissionsToPermissionsV2(
+        entityMockUtils.getAccountInstance(),
+        context
+      );
+      // we are not filtering out the unmatched extrinsics
+      expect(result.permissions?.transactions?.values).toEqual([
+        'unknownModule',
+        'checkpoint.unknownExtrinsic',
+      ]);
+      expect(result.unmatchedPermissions).toEqual([
+        'identity',
+        'Asset.createAsset',
+        // since the module and extrinsic follow the same naming convention, they are converted to lowercase and camel case
+        'unknownModule',
+        'checkpoint.unknownExtrinsic',
+      ]);
+    });
+
+    it('should handle except case for dispatchable names', async () => {
+      const context = dsMockUtils.getContextInstance();
+      const rawIdentityName = dsMockUtils.createMockText('Identity');
+      const rawAssetName = dsMockUtils.createMockText('Asset');
+
+      // Create mock permissions with except case
+      const rawIdentityPermissions = dsMockUtils.createMockPalletPermissions({
+        extrinsics: dsMockUtils.createMockExtrinsicName({
+          Except: [
+            dsMockUtils.createMockText('add_claim'), // valid
+            dsMockUtils.createMockText('some_tag'),
+          ],
+        }),
+      });
+
+      const rawAssetPermissions = dsMockUtils.createMockPalletPermissions({
+        extrinsics: dsMockUtils.createMockExtrinsicName({
+          Except: [dsMockUtils.createMockText('invalid_Tx')],
+        }),
+      });
+
+      const permissionsMap = new Map();
+      permissionsMap.set(rawIdentityName, rawIdentityPermissions);
+      permissionsMap.set(rawAssetName, rawAssetPermissions);
 
       dsMockUtils.getQueryMultiMock().mockResolvedValue([
         dsMockUtils.createMockOption(),
@@ -2385,7 +2455,18 @@ describe('permissionsToMeshPermissions and meshPermissionsToPermissions', () =>
         entityMockUtils.getAccountInstance(),
         context
       );
-      expect(result.transactions?.values).toEqual([]);
+
+      // Verify exceptions are properly handled
+      expect(result.permissions?.transactions?.exceptions).toEqual([
+        'identity.addClaim',
+        'identity.someTag',
+      ]);
+
+      // Verify unmatched permissions are properly concatenated with module name
+      expect(result.unmatchedPermissions).toEqual(['Asset.invalid_Tx', 'identity.someTag']);
+
+      // Verify module level permissions
+      expect(result.permissions?.transactions?.values).toEqual(['identity', 'asset']);
     });
   });
 });

src/utils/__tests__/internal.ts

@@ -1942,6 +1942,7 @@ describe('method: getSecondaryAccountPermissions', () => {
           transactions: null,
           transactionGroups: [],
         },
+        unmatchedPermissions: [],
       },
     ];
 
@@ -1956,10 +1957,13 @@ describe('method: getSecondaryAccountPermissions', () => {
     });
 
     meshPermissionsToPermissionsSpy.mockReturnValue({
-      assets: null,
-      portfolios: null,
-      transactions: null,
-      transactionGroups: [],
+      permissions: {
+        assets: null,
+        portfolios: null,
+        transactions: null,
+        transactionGroups: [],
+      },
+      unmatchedPermissions: [],
     });
     stringToAccountIdSpy.mockReturnValue(dsMockUtils.createMockAccountId(accountId));
   });

src/utils/conversion.ts

@@ -227,6 +227,7 @@ import {
   MetadataType,
   MetadataValue,
   MetadataValueDetails,
+  MODULE_NAMES,
   ModuleName,
   MultiClaimCondition,
   NftMetadataInput,
@@ -274,6 +275,7 @@ import {
   TransferRestrictionType,
   TransferStatus,
   TrustedClaimIssuer,
+  TX_TAG_VALUES,
   TxGroup,
   TxTag,
   TxTags,
@@ -1163,16 +1165,26 @@ const formatTxTag = (dispatchable: string, moduleName: string): TxTag => {
   return `${moduleName}.${camelCase(dispatchable)}` as TxTag;
 };
 
-const processDispatchName = (dispatch: BTreeSet<Text>): string[] => {
-  return [...dispatch].map(name => textToString(name)).filter(name => isSnakeCase(name));
+const processDispatchName = (
+  dispatch: BTreeSet<Text>
+): {
+  dispatchables: string[];
+  unmatchedTags: string[];
+} => {
+  const allMethods = [...dispatch].map(name => textToString(name));
+
+  return {
+    dispatchables: allMethods.filter(name => isSnakeCase(name)),
+    unmatchedTags: allMethods.filter(name => !isSnakeCase(name)),
+  };
 };
 
 /**
  * @hidden
  */
 export function extrinsicPermissionsToTransactionPermissions(
   permissions: PolymeshPrimitivesSecondaryKeyExtrinsicPermissions
-): TransactionPermissions | null {
+): { permissions: TransactionPermissions | null; unmatched: string[] } {
   let extrinsicType: PermissionType;
   let pallets;
   if (permissions.isThese) {
@@ -1185,23 +1197,36 @@ export function extrinsicPermissionsToTransactionPermissions(
 
   let txValues: (ModuleName | TxTag)[] = [];
   let exceptions: TxTag[] = [];
+  const unmatched: string[] = [];
 
   if (pallets) {
     // Note if a pallet or extrinsic has incorrect casing it will get filtered here
     pallets.forEach(({ extrinsics: dispatchableNames }, palletName) => {
       const pallet = textToString(palletName);
+
       if (!startsWithCapital(pallet)) {
+        unmatched.push(pallet);
+
         return; // skip incorrect cased pallets
       }
       const moduleName = stringLowerFirst(pallet);
 
       if (dispatchableNames.isExcept) {
-        const dispatchables = processDispatchName(dispatchableNames.asExcept);
+        const { dispatchables, unmatchedTags } = processDispatchName(dispatchableNames.asExcept);
+
+        if (unmatchedTags.length) {
+          unmatched.push(`${pallet}.${unmatchedTags.join('.')}`);
+        }
 
         exceptions = [...exceptions, ...dispatchables.map(name => formatTxTag(name, moduleName))];
         txValues = [...txValues, moduleName as ModuleName];
       } else if (dispatchableNames.isThese) {
-        const dispatchables = processDispatchName(dispatchableNames.asThese);
+        const { dispatchables, unmatchedTags } = processDispatchName(dispatchableNames.asThese);
+
+        if (unmatchedTags.length) {
+          unmatched.push(`${pallet}.${unmatchedTags.join('.')}`);
+        }
+
         txValues = [...txValues, ...dispatchables.map(name => formatTxTag(name, moduleName))];
       } else {
         txValues = [...txValues, moduleName as ModuleName];
@@ -1214,10 +1239,10 @@ export function extrinsicPermissionsToTransactionPermissions(
       values: txValues,
     };
 
-    return exceptions.length ? { ...result, exceptions } : result;
+    return { permissions: exceptions.length ? { ...result, exceptions } : result, unmatched };
   }
 
-  return null;
+  return { permissions: null, unmatched };
 }
 
 /**
@@ -1253,7 +1278,8 @@ export function meshPermissionsToPermissions(
     };
   }
 
-  transactions = extrinsicPermissionsToTransactionPermissions(extrinsic);
+  const { permissions: transactionPerms } = extrinsicPermissionsToTransactionPermissions(extrinsic);
+  transactions = transactionPerms;
 
   let portfoliosType: PermissionType;
   let portfolioIds;
@@ -1289,14 +1315,15 @@ export function meshPermissionsToPermissions(
 export async function meshPermissionsToPermissionsV2(
   account: Account | MultiSig,
   context: Context
-): Promise<Permissions> {
+): Promise<{ permissions: Permissions; unmatchedPermissions: string[] }> {
   const {
     polymeshApi: {
       query: {
         identity: { keyAssetPermissions, keyExtrinsicPermissions, keyPortfolioPermissions },
       },
     },
   } = context;
+  const unmatchedPermissions: string[] = [];
 
   const rawAccountId = stringToAccountId(account.address, context);
 
@@ -1338,7 +1365,15 @@ export async function meshPermissionsToPermissionsV2(
   }
 
   if (extrinsic.isSome) {
-    transactions = extrinsicPermissionsToTransactionPermissions(extrinsic.unwrap());
+    const { permissions, unmatched } = extrinsicPermissionsToTransactionPermissions(
+      extrinsic.unwrap()
+    );
+
+    transactions = permissions;
+
+    if (unmatched.length) {
+      unmatchedPermissions.push(...unmatched);
+    }
   }
 
   let portfoliosType: PermissionType;
@@ -1364,12 +1399,37 @@ export async function meshPermissionsToPermissionsV2(
     };
   }
 
-  return {
+  // get transaction permissions values and check for undefined tx tags
+  transactions?.values.forEach(value => {
+    if (value.includes('.') && !TX_TAG_VALUES.includes(value)) {
+      unmatchedPermissions.push(value);
+    }
+
+    if (!value.includes('.') && !MODULE_NAMES.includes(value)) {
+      unmatchedPermissions.push(value);
+    }
+  });
+
+  if (transactions?.exceptions) {
+    transactions.exceptions.forEach(value => {
+      if (!TX_TAG_VALUES.includes(value)) {
+        unmatchedPermissions.push(value);
+      }
+    });
+  }
+
+  // Current permission conversion logic
+  const permissions = {
     assets,
     transactions,
     transactionGroups: transactions ? transactionPermissionsToTxGroups(transactions) : [],
     portfolios,
   };
+
+  return {
+    permissions,
+    unmatchedPermissions,
+  };
 }
 
 /**
@@ -5541,6 +5601,7 @@ export function secondaryAccountWithAuthToSecondaryKeyWithAuth(
         {
           account: asAccount(account, context),
           permissions: permissionsLikeToPermissions(permissions, context),
+          unmatchedPermissions: [],
         },
         context
       ),