PolymeshAssociation · adamdossa · Feb 25, 2025 · Feb 25, 2025 · Feb 25, 2025
diff --git a/pallets/asset/src/lib.rs b/pallets/asset/src/lib.rs
@@ -1668,6 +1668,8 @@ pub mod pallet {
         AssetIsAlreadyLinkedToATicker,
         /// The given ticker is not linked to the given asset.
         TickerIsNotLinkedToTheAsset,
+        /// The extrinsic expected a different `AuthorizationType` than what the `data.auth_type()` is.
+        BadAuthorizationType,
     }
 
     pub trait WeightInfo {

diff --git a/pallets/external-agents/src/lib.rs b/pallets/external-agents/src/lib.rs
@@ -193,6 +193,8 @@ pub mod pallet {
         RemovingLastFullAgent,
         /// The caller's secondary key does not have the required asset permission.
         SecondaryKeyNotAuthorizedForAsset,
+        /// The extrinsic expected a different `AuthorizationType` than what the `data.auth_type()` is.
+        BadAuthorizationType,
     }
 
     #[pallet::call]
@@ -329,9 +331,9 @@ pub mod pallet {
         /// - `auth_id` identifying the authorization to accept.
         ///
         /// # Errors
-        /// - `AuthorizationError::Invalid` if `auth_id` does not exist for the given caller.
-        /// - `AuthorizationError::Expired` if `auth_id` is for an auth that has expired.
-        /// - `AuthorizationError::BadType` if `auth_id` was not for a `BecomeAgent` auth type.
+        /// - `Error::InvalidAuthorization` if `auth_id` does not exist for the given caller.
+        /// - `Error::AuthorizationExpired` if `auth_id` is for an auth that has expired.
+        /// - `Error::BadAuthorizationType` if `auth_id` was not for a `BecomeAgent` auth type.
         /// - `UnauthorizedAgent` if "Alice" is not permissioned to provide the auth.
         /// - `NoSuchAG` if the group referred to a custom that does not exist.
         /// - `AlreadyAnAgent` if the caller is already an agent of the asset.

diff --git a/pallets/identity/src/auth.rs b/pallets/identity/src/auth.rs
@@ -20,9 +20,7 @@ use crate::{
 use frame_support::dispatch::DispatchResult;
 use frame_support::ensure;
 use frame_system::ensure_signed;
-use polymesh_primitives::{
-    Authorization, AuthorizationData, AuthorizationError, IdentityId, Signatory,
-};
+use polymesh_primitives::{Authorization, AuthorizationData, IdentityId, Signatory};
 use sp_core::Get;
 use sp_runtime::DispatchError;
 use sp_std::vec::Vec;
@@ -173,7 +171,7 @@ impl<T: Config> Pallet<T> {
     /// Given that `auth_by` is the DID that issued an authorization,
     /// ensure that it matches `from`, or otherwise return an error.
     pub fn ensure_auth_by(auth_by: IdentityId, from: IdentityId) -> DispatchResult {
-        ensure!(auth_by == from, AuthorizationError::Unauthorized);
+        ensure!(auth_by == from, Error::<T>::Unauthorized);
         Ok(())
     }
 
@@ -190,7 +188,7 @@ impl<T: Config> Pallet<T> {
         // Ensure that `auth.expiry`, if provided, is in the future.
         if let Some(expiry) = auth.expiry {
             let now = <pallet_timestamp::Pallet<T>>::get();
-            ensure!(expiry > now, AuthorizationError::Expired);
+            ensure!(expiry > now, Error::<T>::AuthorizationExpired);
         }
 
         // Run custom per-type validation and updates.
@@ -215,12 +213,12 @@ impl<T: Config> Pallet<T> {
         target: &Signatory<T::AccountId>,
         auth_id: u64,
     ) -> Result<Authorization<T::AccountId, T::Moment>, DispatchError> {
-        let auth =
-            Authorizations::<T>::get(target, auth_id).ok_or_else(|| AuthorizationError::Invalid)?;
+        let auth = Authorizations::<T>::get(target, auth_id)
+            .ok_or_else(|| Error::<T>::InvalidAuthorization)?;
         // Ensures the authorization is not outdated
         if let Some(outdated_id) = OutdatedAuthorizations::<T>::get(target) {
             if auth_id <= outdated_id {
-                return Err(AuthorizationError::Invalid.into());
+                return Err(Error::<T>::InvalidAuthorization.into());
             }
         }
         Ok(auth)

diff --git a/pallets/identity/src/lib.rs b/pallets/identity/src/lib.rs
@@ -1083,6 +1083,11 @@ pub mod pallet {
         ExceptNotAllowedForExtrinsics,
         /// Maximum number of given authorizations was exceeded.
         ExceededNumberOfGivenAuths,
+        /// The extrinsic expected a different `AuthorizationType` than what the `data.auth_type()` is.
+        BadAuthorizationType,
+        /// Auth identified by an `auth_id` for a given `target` does not exist.
+        /// The `target` might be wrong or the `auth_id` was never created at all.
+        InvalidAuthorization,
     }
 }
 

diff --git a/pallets/multisig/src/lib.rs b/pallets/multisig/src/lib.rs
@@ -729,6 +729,8 @@ pub mod pallet {
         InvalidatedProposal,
         /// Multisig has no admin.
         AdminNotFound,
+        /// The extrinsic expected a different `AuthorizationType` than what the `data.auth_type()` is.
+        BadAuthorizationType,
     }
 
     /// Nonce to ensure unique MultiSig addresses are generated; starts from 1.

diff --git a/pallets/portfolio/src/lib.rs b/pallets/portfolio/src/lib.rs
@@ -380,6 +380,8 @@ pub mod pallet {
         InvalidTransferSenderIdMatchesReceiverId,
         /// Adding itself as an AllowedCustodian is not permitted.
         SelfAdditionNotAllowed,
+        /// The extrinsic expected a different `AuthorizationType` than what the `data.auth_type()` is.
+        BadAuthorizationType,
     }
 
     #[pallet::call]

diff --git a/pallets/relayer/src/lib.rs b/pallets/relayer/src/lib.rs
@@ -189,9 +189,9 @@ pub mod pallet {
         /// - `auth_id` the authorization id to accept a `paying_key`.
         ///
         /// # Errors
-        /// - `AuthorizationError::Invalid` if `auth_id` does not exist for the given caller.
-        /// - `AuthorizationError::Expired` if `auth_id` the authorization has expired.
-        /// - `AuthorizationError::BadType` if `auth_id` was not a `AddRelayerPayingKey` authorization.
+        /// - `Error::InvalidAuthorization` if `auth_id` does not exist for the given caller.
+        /// - `Error::AuthorizationExpired` if `auth_id` the authorization has expired.
+        /// - `Error::BadAuthorizationType` if `auth_id` was not a `AddRelayerPayingKey` authorization.
         /// - `NotAuthorizedForUserKey` if `origin` is not authorized to accept the authorization for the `user_key`.
         /// - `NotAuthorizedForPayingKey` if the authorization was created an identity different from the `paying_key`'s identity.
         /// - `UserKeyCddMissing` if the `user_key` is not attached to a CDD'd identity.
@@ -303,6 +303,8 @@ pub mod pallet {
         NotAuthorizedForUserKey,
         /// The remaining POLYX for `user_key` overflowed.
         Overflow,
+        /// The extrinsic expected a different `AuthorizationType` than what the `data.auth_type()` is.
+        BadAuthorizationType,
     }
 }
 

diff --git a/pallets/runtime/tests/src/asset_pallet/accept_ticker_transfer.rs b/pallets/runtime/tests/src/asset_pallet/accept_ticker_transfer.rs
@@ -14,6 +14,7 @@ use crate::{ExtBuilder, TestStorage};
 type Asset = pallet_asset::Pallet<TestStorage>;
 type AssetError = pallet_asset::Error<TestStorage>;
 type Identity = pallet_identity::Pallet<TestStorage>;
+type IdentityError = pallet_identity::Error<TestStorage>;
 
 #[test]
 fn accept_ticker_transfer() {
@@ -61,7 +62,7 @@ fn accept_ticker_transfer_missing_auth() {
         assert_ok!(Asset::register_unique_ticker(alice.origin(), ticker,));
         assert_noop!(
             Asset::accept_ticker_transfer(bob.origin(), 1,),
-            "Authorization does not exist"
+            IdentityError::InvalidAuthorization
         );
     });
 }
@@ -107,7 +108,7 @@ fn accept_ticker_transfer_auth_expired() {
         .unwrap();
         assert_noop!(
             Asset::accept_ticker_transfer(bob.origin(), bob_auth_id,),
-            "Authorization expired"
+            IdentityError::AuthorizationExpired
         );
     });
 }
@@ -161,7 +162,7 @@ fn accept_ticker_transfer_illegal_auth() {
         assert_ok!(Asset::accept_ticker_transfer(bob.origin(), bob_auth_id,),);
         assert_noop!(
             Asset::accept_ticker_transfer(dave.origin(), dave_auth_id,),
-            "Illegal use of Authorization"
+            IdentityError::Unauthorized
         );
     });
 }
@@ -190,7 +191,7 @@ fn accept_ticker_transfer_bad_type() {
         .unwrap();
         assert_noop!(
             Asset::accept_ticker_transfer(bob.origin(), bob_auth_id,),
-            "Authorization type is wrong"
+            AssetError::BadAuthorizationType
         );
     });
 }
diff --git a/pallets/runtime/tests/src/asset_test.rs b/pallets/runtime/tests/src/asset_test.rs
@@ -45,8 +45,8 @@ use polymesh_primitives::statistics::StatType;
 use polymesh_primitives::statistics::{Stat1stKey, Stat2ndKey};
 use polymesh_primitives::traits::AssetFnTrait;
 use polymesh_primitives::{
-    AssetIdentifier, AssetPermissions, AuthorizationData, AuthorizationError, Document, DocumentId,
-    Fund, FundDescription, IdentityId, Memo, Moment, NFTCollectionKeys, Permissions, PortfolioId,
+    AssetIdentifier, AssetPermissions, AuthorizationData, Document, DocumentId, Fund,
+    FundDescription, IdentityId, Memo, Moment, NFTCollectionKeys, Permissions, PortfolioId,
     PortfolioKind, PortfolioName, PortfolioNumber, Signatory, Ticker, WeightMeter,
 };
 use sp_keyring::AccountKeyring;
@@ -64,6 +64,7 @@ use crate::storage::{
 
 type BaseError = pallet_base::Error<TestStorage>;
 type Identity = pallet_identity::Pallet<TestStorage>;
+type IdentityError = pallet_identity::Error<TestStorage>;
 type Balances = pallet_balances::Pallet<TestStorage>;
 type Asset = pallet_asset::Pallet<TestStorage>;
 type Timestamp = pallet_timestamp::Pallet<TestStorage>;
@@ -461,7 +462,7 @@ fn transfer_token_ownership() {
 
         assert_noop!(
             Asset::accept_asset_ownership_transfer(alice.origin(), auth_id_alice + 1),
-            "Authorization does not exist"
+            IdentityError::InvalidAuthorization
         );
 
         assert_eq!(
@@ -504,7 +505,7 @@ fn transfer_token_ownership() {
 
         assert_noop!(
             Asset::accept_asset_ownership_transfer(bob.origin(), auth_id),
-            "Authorization expired"
+            IdentityError::AuthorizationExpired
         );
 
         // Try accepting the wrong authorization type.
@@ -518,7 +519,7 @@ fn transfer_token_ownership() {
 
         assert_eq!(
             Asset::accept_asset_ownership_transfer(bob.origin(), auth_id),
-            Err(AuthorizationError::BadType.into())
+            Err(AssetError::BadAuthorizationType.into())
         );
 
         auth_id = Identity::add_auth(

diff --git a/pallets/runtime/tests/src/portfolio.rs b/pallets/runtime/tests/src/portfolio.rs
@@ -14,9 +14,9 @@ use polymesh_primitives::asset_metadata::{
 };
 use polymesh_primitives::settlement::{Leg, SettlementType};
 use polymesh_primitives::{
-    traits::PortfolioSubTrait, AuthorizationData, AuthorizationError, Fund, FundDescription, Memo,
-    NFTCollectionKeys, NFTId, NFTMetadataAttribute, NFTs, PortfolioId, PortfolioKind,
-    PortfolioName, PortfolioNumber, Signatory,
+    traits::PortfolioSubTrait, AuthorizationData, Fund, FundDescription, Memo, NFTCollectionKeys,
+    NFTId, NFTMetadataAttribute, NFTs, PortfolioId, PortfolioKind, PortfolioName, PortfolioNumber,
+    Signatory,
 };
 
 use super::asset_pallet::setup::{create_and_issue_sample_asset, ISSUE_AMOUNT};
@@ -28,6 +28,7 @@ use super::ExtBuilder;
 type Asset = pallet_asset::Pallet<TestStorage>;
 type Error = pallet_portfolio::Error<TestStorage>;
 type Identity = pallet_identity::Pallet<TestStorage>;
+type IdentityError = pallet_identity::Error<TestStorage>;
 type Origin = <TestStorage as frame_system::Config>::RuntimeOrigin;
 type Portfolio = pallet_portfolio::Pallet<TestStorage>;
 type Settlement = pallet_settlement::Pallet<TestStorage>;
@@ -531,13 +532,13 @@ fn can_take_custody_of_portfolios() {
         let auth_id = add_auth(bob, bob);
         assert_eq!(
             Portfolio::accept_portfolio_custody(bob.origin(), auth_id),
-            Err(AuthorizationError::Unauthorized.into())
+            Err(IdentityError::Unauthorized.into())
         );
 
         // Can not accept an invalid auth
         assert_noop!(
             Portfolio::accept_portfolio_custody(bob.origin(), auth_id + 1),
-            AuthorizationError::Invalid
+            IdentityError::InvalidAuthorization
         );
 
         // Can accept a valid custody transfer auth
@@ -570,7 +571,7 @@ fn can_take_custody_of_portfolios() {
         let auth_id = add_auth(owner, owner);
         assert_eq!(
             Portfolio::accept_portfolio_custody(owner.origin(), auth_id),
-            Err(AuthorizationError::Unauthorized.into())
+            Err(IdentityError::Unauthorized.into())
         );
 
         // Bob transfers portfolio custody back to Alice.

diff --git a/primitives/src/authorization.rs b/primitives/src/authorization.rs
@@ -14,7 +14,6 @@
 // along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 use codec::{Decode, Encode};
-use frame_support::dispatch::DispatchError;
 use scale_info::TypeInfo;
 #[cfg(feature = "std")]
 use serde::{Deserialize, Serialize};
@@ -103,35 +102,6 @@ pub enum AuthorizationType {
     RotatePrimaryKeyToSecondary,
 }
 
-/// Status of an Authorization after consume is called on it.
-#[derive(Encode, Decode, Clone, PartialEq, Eq, Debug, PartialOrd, Ord)]
-pub enum AuthorizationError {
-    /// Auth identified by an `auth_id` for a given `target` does not exist.
-    /// The `target` might be wrong or the `auth_id` was never created at all.
-    Invalid,
-    /// Caller not authorized or the identity who created
-    /// this authorization is not authorized to create this authorization.
-    Unauthorized,
-    /// Auth expired already.
-    Expired,
-    /// The extrinsic expected a different `AuthorizationType`
-    /// than what the `data.auth_type()` is.
-    BadType,
-}
-
-impl From<AuthorizationError> for DispatchError {
-    fn from(error: AuthorizationError) -> DispatchError {
-        match error {
-            AuthorizationError::Invalid => DispatchError::Other("Authorization does not exist"),
-            AuthorizationError::Unauthorized => {
-                DispatchError::Other("Illegal use of Authorization")
-            }
-            AuthorizationError::Expired => DispatchError::Other("Authorization expired"),
-            AuthorizationError::BadType => DispatchError::Other("Authorization type is wrong"),
-        }
-    }
-}
-
 /// Authorization struct
 #[derive(Encode, Decode, TypeInfo, Clone, PartialEq, Debug)]
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
@@ -158,13 +128,13 @@ macro_rules! extract_auth {
     ($data:expr, $variant:ident ( $($f:ident),*) ) => {
         match $data {
             $crate::authorization::AuthorizationData::$variant($($f),*) => ($($f),*),
-            _ => frame_support::fail!($crate::authorization::AuthorizationError::BadType),
+            _ => frame_support::fail!(Error::<T>::BadAuthorizationType),
         }
     };
     ($data:expr, $variant:ident ) => {
         match $data {
             $crate::authorization::AuthorizationData::$variant => (),
-            _ => frame_support::fail!($crate::authorization::AuthorizationError::BadType),
+            _ => frame_support::fail!(Error::<T>::BadAuthorizationType),
         }
     };
 }
diff --git a/primitives/src/lib.rs b/primitives/src/lib.rs
@@ -220,7 +220,7 @@ pub use subset::{LatticeOrd, LatticeOrdering, SubsetRestriction};
 
 /// Generic authorization data types for all two step processes
 pub mod authorization;
-pub use authorization::{Authorization, AuthorizationData, AuthorizationError, AuthorizationType};
+pub use authorization::{Authorization, AuthorizationData, AuthorizationType};
 
 /// Pub Traits
 pub mod traits;