PolymeshAssociation · sansan · Dec 13, 2024 · polymath-eric · Dec 13, 2024 · sansan
@@ -81,6 +81,7 @@ export async function getAuthorization(
 
   return {
     permissions: {
+      // TODO: on chain just checks if is signed by primary key -> so we should check in prepareAddSecondaryKeysWithAuth if signer is the target primary key
       transactions: [TxTags.identity.AddSecondaryKeysWithAuthorization],
       assets: [],
       portfolios: [],

@@ -329,21 +329,26 @@ export async function getAuthorization(
   const transactions: (AssetTx | StatisticsTx)[] = [TxTags.asset.CreateAsset];
 
   if (status === TickerReservationStatus.Free) {
+    // OK runs with identity perms
     transactions.push(TxTags.asset.RegisterUniqueTicker);
   }
   if (status !== TickerReservationStatus.AssetCreated) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.asset.LinkTickerToAssetId);
   }
 
   if (documents?.length) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.asset.AddDocuments);
   }
 
   if (customTypeData?.rawId.isEmpty) {
+    // OK runs with identity perms
     transactions.push(TxTags.asset.RegisterCustomAssetType);
   }
 
   if (initialStatistics?.length) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.statistics.SetActiveAssetStats);
   }
 

@@ -111,6 +111,7 @@ export async function getAuthorization(
 
   return {
     permissions: {
+      // TODO: might need just check if caller is parent of the child to be created -> Self::ensure_primary_key -> so checks primary key of the signer -> no extra perm checks performed -> so tx could be removed `pallets/identity/src/keys.rs` 506
       transactions: [TxTags.identity.CreateChildIdentities],
       assets: [],
       portfolios: [],

@@ -119,6 +119,7 @@ export async function getAuthorization(
 
   return {
     permissions: {
+      // TODO: might need just check if caller is parent of the child to be created -> Self::ensure_primary_key -> so checks primary key of the signer -> no extra perm checks performed -> so tx could be removed `pallets/identity/src/keys.rs` 458
       transactions: [TxTags.identity.CreateChildIdentity],
       assets: [],
       portfolios: [],

@@ -311,22 +311,27 @@ export async function getAuthorization(
   }
 
   if (status === TickerReservationStatus.Free) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.asset.RegisterUniqueTicker);
   }
   if (status !== TickerReservationStatus.AssetCreated) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.asset.LinkTickerToAssetId);
   }
 
   if (needsLocalMetadata) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.asset.RegisterAssetMetadataLocalType);
   }
 
   if (documents?.length) {
+    // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well
     transactions.push(TxTags.asset.AddDocuments);
   }
 
   const permissions = {
     transactions,
+    // TODO: might need asset perms -> `pallets/nft/src/lib.rs` 268 "Verifies if the caller has asset permission and if the asset is an NFT."
     assets: [],
     portfolios: [],
   };

@@ -99,6 +99,7 @@ export function getAuthorization(
     permissions: {
       transactions: [TxTags.nft.IssueNft],
       assets: [collection],
+      // TODO: might need portfolio perms "ensure_origin_asset_and_portfolio_permissions" `pallets/nft/src/lib.rs` 359
       portfolios: [],
     },
   };

@@ -72,6 +72,7 @@ export function getAuthorization(
     permissions: {
       transactions: [TxTags.asset.Issue],
       assets: [asset],
+      // TODO: might need portfolio perms "ensure_origin_asset_and_portfolio_permissions" `pallets/asset/src/lib.rs` 1020 -> though since it is called by the signing did, should be fine
       portfolios: [],
     },
   };

@@ -195,16 +195,19 @@ export function getAuthorization(
     storage: { signersToAdd, signersToRemove },
   } = this;
 
+  // TODO: not sure if we need to check for tx here -> permissions checks for did of caller and if the signer is multisig admin, though might need to look how transactions listed here are checked.. there are additional checks in the pallet that check for cdd auth and if the the signer to add is not a primary key of another acc
   const transactions = [];
   if (signersToAdd.length > 0) {
     transactions.push(TxTags.multiSig.AddMultisigSignersViaCreator);
   }
 
   if (signersToRemove.length > 0) {
+    // similar here
     transactions.push(TxTags.multiSig.RemoveMultisigSignersViaCreator);
   }
 
   if (newRequiredSignatures) {
+    // same here
     transactions.push(TxTags.multiSig.ChangeSigsRequiredViaCreator);
   }
 

@@ -86,6 +86,7 @@ export async function getAuthorization(
 
   return {
     permissions: {
+      // TODO: while set_permission_to_signer is mentioned in benchmark data, didn't find it in pallet -> might it be `set_secondary_key_permissions` ? `pallets/identity/src/lib.rs` 499 -> if so then not sure if we need to have the tx here as it checks "ensure_primary_key" and "ensure_secondary_key" plus some other validation
       transactions: [TxTags.identity.SetPermissionToSigner],
       assets: [],
       portfolios: [],

@@ -108,6 +108,7 @@ export async function getAuthorization(
   return {
     permissions: {
       transactions: [TxTags.capitalDistribution.PushBenefit],
+      // TODO: might need asset perms as it checks it with agent permissions & that checks for the asset as well `pallets/corporate-actions/src/distribution/mod.rs` 437
       assets: [],
       portfolios: [],
     },

@@ -64,6 +64,7 @@ export function getAuthorization(
     storage: { portfolioId },
   } = this;
   return {
+    // TODO: chain checks if identity can execute tx and if it is custodian -> so no reason for checking portfolio -> roles should be fine
     permissions: {
       transactions: [TxTags.portfolio.QuitPortfolioCustody],
       assets: [],

@@ -103,6 +103,7 @@ export function getAuthorization(this: Procedure<Params, void, Storage>): Proced
   const transactions = [];
 
   if (isMultiSigSigner) {
+    // TODO: might not need these -> chain checks if signer is multisig, checks if paying did exists and then deposits event -> so prepareRemoveMultiSigPayer does the required checks
     transactions.push(TxTags.multiSig.RemovePayer);
   } else {
     transactions.push(TxTags.multiSig.RemovePayerViaPayer);

@@ -55,6 +55,7 @@ export async function prepareRemoveSecondaryAccounts(
 export const removeSecondaryAccounts = (): Procedure<RemoveSecondaryAccountsParams> =>
   new Procedure(prepareRemoveSecondaryAccounts, {
     permissions: {
+      // TODO: might not need this -> chain checks if called by primary key, checks if secondary key exists and can be unlinked, then unlinks
       transactions: [TxTags.identity.RemoveSecondaryKeys],
       assets: [],
       portfolios: [],

@@ -100,8 +100,10 @@ export async function prepareSetMultiSigAdmin(
 export function getAuthorization(this: Procedure<Params>, args: Params): ProcedureAuthorization {
   const transactions = [];
   if (args.admin) {
+    // TODO: not sure if we need this -> ms checks if signer is ms, checks if ms has did and then inserts -> `pallets/multisig/src/lib.rs` 426
     transactions.push(TxTags.multiSig.AddAdmin);
   } else {
+    // TODO: same here -> plus checks if called by admin
     transactions.push(TxTags.multiSig.RemoveAdminViaAdmin);
   }
 

@@ -98,6 +98,7 @@ export async function prepareTransferPolyx(
 export function getAuthorization({ memo }: TransferPolyxParams): ProcedureAuthorization {
   return {
     permissions: {
+      // TODO: might not need these the chain checks for cdd, then tries transfer
       transactions: [memo ? TxTags.balances.TransferWithMemo : TxTags.balances.Transfer],
       assets: [],
       portfolios: [],

@@ -80,6 +80,7 @@ export async function getAuthorization(
 
   return {
     permissions: {
+      // TODO: might not need these as prepareUnlinkChildIdentity checks if signer is primary key of either the child or parent which the same as done on chain
       transactions: [TxTags.identity.UnlinkChildIdentity],
       assets: [],
       portfolios: [],