diff --git a/src/api/procedures/addSecondaryAccountsWithAuth.ts b/src/api/procedures/addSecondaryAccountsWithAuth.ts index de43b38ed7..983c3c0b80 100644 --- a/src/api/procedures/addSecondaryAccountsWithAuth.ts +++ b/src/api/procedures/addSecondaryAccountsWithAuth.ts @@ -81,6 +81,7 @@ export async function getAuthorization( return { permissions: { + // TODO: on chain just checks if is signed by primary key -> so we should check in prepareAddSecondaryKeysWithAuth if signer is the target primary key transactions: [TxTags.identity.AddSecondaryKeysWithAuthorization], assets: [], portfolios: [], diff --git a/src/api/procedures/createAsset.ts b/src/api/procedures/createAsset.ts index de215a257b..9bf49c8b05 100644 --- a/src/api/procedures/createAsset.ts +++ b/src/api/procedures/createAsset.ts @@ -329,21 +329,26 @@ export async function getAuthorization( const transactions: (AssetTx | StatisticsTx)[] = [TxTags.asset.CreateAsset]; if (status === TickerReservationStatus.Free) { + // OK runs with identity perms transactions.push(TxTags.asset.RegisterUniqueTicker); } if (status !== TickerReservationStatus.AssetCreated) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.asset.LinkTickerToAssetId); } if (documents?.length) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.asset.AddDocuments); } if (customTypeData?.rawId.isEmpty) { + // OK runs with identity perms transactions.push(TxTags.asset.RegisterCustomAssetType); } if (initialStatistics?.length) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.statistics.SetActiveAssetStats); } diff --git a/src/api/procedures/createChildIdentities.ts b/src/api/procedures/createChildIdentities.ts index 446ab99786..f4e0c90bc9 100644 --- a/src/api/procedures/createChildIdentities.ts +++ b/src/api/procedures/createChildIdentities.ts @@ -111,6 +111,7 @@ export async function getAuthorization( return { permissions: { + // TODO: might need just check if caller is parent of the child to be created -> Self::ensure_primary_key -> so checks primary key of the signer -> no extra perm checks performed -> so tx could be removed `pallets/identity/src/keys.rs` 506 transactions: [TxTags.identity.CreateChildIdentities], assets: [], portfolios: [], diff --git a/src/api/procedures/createChildIdentity.ts b/src/api/procedures/createChildIdentity.ts index 84de0c90e0..fe70067771 100644 --- a/src/api/procedures/createChildIdentity.ts +++ b/src/api/procedures/createChildIdentity.ts @@ -119,6 +119,7 @@ export async function getAuthorization( return { permissions: { + // TODO: might need just check if caller is parent of the child to be created -> Self::ensure_primary_key -> so checks primary key of the signer -> no extra perm checks performed -> so tx could be removed `pallets/identity/src/keys.rs` 458 transactions: [TxTags.identity.CreateChildIdentity], assets: [], portfolios: [], diff --git a/src/api/procedures/createNftCollection.ts b/src/api/procedures/createNftCollection.ts index ff86902c20..46160965cd 100644 --- a/src/api/procedures/createNftCollection.ts +++ b/src/api/procedures/createNftCollection.ts @@ -311,22 +311,27 @@ export async function getAuthorization( } if (status === TickerReservationStatus.Free) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.asset.RegisterUniqueTicker); } if (status !== TickerReservationStatus.AssetCreated) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.asset.LinkTickerToAssetId); } if (needsLocalMetadata) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.asset.RegisterAssetMetadataLocalType); } if (documents?.length) { + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well transactions.push(TxTags.asset.AddDocuments); } const permissions = { transactions, + // TODO: might need asset perms -> `pallets/nft/src/lib.rs` 268 "Verifies if the caller has asset permission and if the asset is an NFT." assets: [], portfolios: [], }; diff --git a/src/api/procedures/issueNft.ts b/src/api/procedures/issueNft.ts index d3d6c0ebdc..04d93bd0cd 100644 --- a/src/api/procedures/issueNft.ts +++ b/src/api/procedures/issueNft.ts @@ -99,6 +99,7 @@ export function getAuthorization( permissions: { transactions: [TxTags.nft.IssueNft], assets: [collection], + // TODO: might need portfolio perms "ensure_origin_asset_and_portfolio_permissions" `pallets/nft/src/lib.rs` 359 portfolios: [], }, }; diff --git a/src/api/procedures/issueTokens.ts b/src/api/procedures/issueTokens.ts index b857631d9e..abe3267240 100644 --- a/src/api/procedures/issueTokens.ts +++ b/src/api/procedures/issueTokens.ts @@ -72,6 +72,7 @@ export function getAuthorization( permissions: { transactions: [TxTags.asset.Issue], assets: [asset], + // TODO: might need portfolio perms "ensure_origin_asset_and_portfolio_permissions" `pallets/asset/src/lib.rs` 1020 -> though since it is called by the signing did, should be fine portfolios: [], }, }; diff --git a/src/api/procedures/modifyMultiSig.ts b/src/api/procedures/modifyMultiSig.ts index e4ffd2b8bf..390520089c 100644 --- a/src/api/procedures/modifyMultiSig.ts +++ b/src/api/procedures/modifyMultiSig.ts @@ -195,16 +195,19 @@ export function getAuthorization( storage: { signersToAdd, signersToRemove }, } = this; + // TODO: not sure if we need to check for tx here -> permissions checks for did of caller and if the signer is multisig admin, though might need to look how transactions listed here are checked.. there are additional checks in the pallet that check for cdd auth and if the the signer to add is not a primary key of another acc const transactions = []; if (signersToAdd.length > 0) { transactions.push(TxTags.multiSig.AddMultisigSignersViaCreator); } if (signersToRemove.length > 0) { + // similar here transactions.push(TxTags.multiSig.RemoveMultisigSignersViaCreator); } if (newRequiredSignatures) { + // same here transactions.push(TxTags.multiSig.ChangeSigsRequiredViaCreator); } diff --git a/src/api/procedures/modifySignerPermissions.ts b/src/api/procedures/modifySignerPermissions.ts index 7eecb2f43e..689dde8564 100644 --- a/src/api/procedures/modifySignerPermissions.ts +++ b/src/api/procedures/modifySignerPermissions.ts @@ -86,6 +86,7 @@ export async function getAuthorization( return { permissions: { + // TODO: while set_permission_to_signer is mentioned in benchmark data, didn't find it in pallet -> might it be `set_secondary_key_permissions` ? `pallets/identity/src/lib.rs` 499 -> if so then not sure if we need to have the tx here as it checks "ensure_primary_key" and "ensure_secondary_key" plus some other validation transactions: [TxTags.identity.SetPermissionToSigner], assets: [], portfolios: [], diff --git a/src/api/procedures/payDividends.ts b/src/api/procedures/payDividends.ts index 956895d0be..4c9d7e910a 100644 --- a/src/api/procedures/payDividends.ts +++ b/src/api/procedures/payDividends.ts @@ -108,6 +108,7 @@ export async function getAuthorization( return { permissions: { transactions: [TxTags.capitalDistribution.PushBenefit], + // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well `pallets/corporate-actions/src/distribution/mod.rs` 437 assets: [], portfolios: [], }, diff --git a/src/api/procedures/quitCustody.ts b/src/api/procedures/quitCustody.ts index f371dcb1ee..637391e379 100644 --- a/src/api/procedures/quitCustody.ts +++ b/src/api/procedures/quitCustody.ts @@ -64,6 +64,7 @@ export function getAuthorization( storage: { portfolioId }, } = this; return { + // TODO: chain checks if identity can execute tx and if it is custodian -> so no reason for checking portfolio -> roles should be fine permissions: { transactions: [TxTags.portfolio.QuitPortfolioCustody], assets: [], diff --git a/src/api/procedures/removeMultiSigPayer.ts b/src/api/procedures/removeMultiSigPayer.ts index 3bc415e352..783ada4646 100644 --- a/src/api/procedures/removeMultiSigPayer.ts +++ b/src/api/procedures/removeMultiSigPayer.ts @@ -103,6 +103,7 @@ export function getAuthorization(this: Procedure): Proced const transactions = []; if (isMultiSigSigner) { + // TODO: might not need these -> chain checks if signer is multisig, checks if paying did exists and then deposits event -> so prepareRemoveMultiSigPayer does the required checks transactions.push(TxTags.multiSig.RemovePayer); } else { transactions.push(TxTags.multiSig.RemovePayerViaPayer); diff --git a/src/api/procedures/removeSecondaryAccounts.ts b/src/api/procedures/removeSecondaryAccounts.ts index 59b39e69e1..79185b6f60 100644 --- a/src/api/procedures/removeSecondaryAccounts.ts +++ b/src/api/procedures/removeSecondaryAccounts.ts @@ -55,6 +55,7 @@ export async function prepareRemoveSecondaryAccounts( export const removeSecondaryAccounts = (): Procedure => new Procedure(prepareRemoveSecondaryAccounts, { permissions: { + // TODO: might not need this -> chain checks if called by primary key, checks if secondary key exists and can be unlinked, then unlinks transactions: [TxTags.identity.RemoveSecondaryKeys], assets: [], portfolios: [], diff --git a/src/api/procedures/setMultiSigAdmin.ts b/src/api/procedures/setMultiSigAdmin.ts index aff207a309..ba6c9e7b32 100644 --- a/src/api/procedures/setMultiSigAdmin.ts +++ b/src/api/procedures/setMultiSigAdmin.ts @@ -100,8 +100,10 @@ export async function prepareSetMultiSigAdmin( export function getAuthorization(this: Procedure, args: Params): ProcedureAuthorization { const transactions = []; if (args.admin) { + // TODO: not sure if we need this -> ms checks if signer is ms, checks if ms has did and then inserts -> `pallets/multisig/src/lib.rs` 426 transactions.push(TxTags.multiSig.AddAdmin); } else { + // TODO: same here -> plus checks if called by admin transactions.push(TxTags.multiSig.RemoveAdminViaAdmin); } diff --git a/src/api/procedures/transferPolyx.ts b/src/api/procedures/transferPolyx.ts index af2c011e64..a187952533 100644 --- a/src/api/procedures/transferPolyx.ts +++ b/src/api/procedures/transferPolyx.ts @@ -98,6 +98,7 @@ export async function prepareTransferPolyx( export function getAuthorization({ memo }: TransferPolyxParams): ProcedureAuthorization { return { permissions: { + // TODO: might not need these the chain checks for cdd, then tries transfer transactions: [memo ? TxTags.balances.TransferWithMemo : TxTags.balances.Transfer], assets: [], portfolios: [], diff --git a/src/api/procedures/unlinkChildIdentity.ts b/src/api/procedures/unlinkChildIdentity.ts index 2d67a91635..4a4f9a2e49 100644 --- a/src/api/procedures/unlinkChildIdentity.ts +++ b/src/api/procedures/unlinkChildIdentity.ts @@ -80,6 +80,7 @@ export async function getAuthorization( return { permissions: { + // TODO: might not need these as prepareUnlinkChildIdentity checks if signer is primary key of either the child or parent which the same as done on chain transactions: [TxTags.identity.UnlinkChildIdentity], assets: [], portfolios: [],