core/protocol: use thiserror, use common authorization error struct

2025-12-15 14:25:22 +09:00
parent 1991e7bfd8
commit bf6027f507
23 changed files with 367 additions and 317 deletions
--- a/src/core/protocol/commands/check_authorization.rs
+++ b/src/core/protocol/commands/check_authorization.rs
@@ -2,22 +2,17 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

-use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
-    types::DbOrUser,
-};
+use crate::core::{protocol::request_validation::AuthorizationError, types::DbOrUser};

 pub type CheckAuthorizationRequest = Vec<DbOrUser>;

 pub type CheckAuthorizationResponse = BTreeMap<DbOrUser, Result<(), CheckAuthorizationError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
-pub enum CheckAuthorizationError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
-    // AuthorizationHandlerError(String),
-}
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[error("Authorization error: {0}")]
+pub struct CheckAuthorizationError(#[from] pub AuthorizationError);

 pub fn print_check_authorization_output_status(output: &CheckAuthorizationResponse) {
    for (db_or_user, result) in output {
@@ -63,30 +58,10 @@ pub fn print_check_authorization_output_status_json(output: &CheckAuthorizationR

 impl CheckAuthorizationError {
    pub fn to_error_message(&self, db_or_user: &DbOrUser) -> String {
-        match self {
-            CheckAuthorizationError::SanitizationError(err) => {
-                err.to_error_message(db_or_user.clone())
-            }
-            CheckAuthorizationError::OwnershipError(err) => {
-                err.to_error_message(db_or_user.clone())
-            } // CheckAuthorizationError::AuthorizationHandlerError(msg) => {
-              //     format!(
-              //         "Authorization handler error for '{}': {}",
-              //         db_or_user.name(),
-              //         msg
-              //     )
-              // }
-        }
+        self.0.to_error_message(db_or_user.clone())
    }

    pub fn error_type(&self) -> String {
-        match self {
-            CheckAuthorizationError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            CheckAuthorizationError::OwnershipError(err) => {
-                format!("ownership-error/{}", err.error_type())
-            } // CheckAuthorizationError::AuthorizationHandlerError(_) => "authorization-handler-error".to_string(),
-        }
+        self.0.error_type()
    }
 }
--- a/src/core/protocol/commands/create_databases.rs
+++ b/src/core/protocol/commands/create_databases.rs
@@ -2,9 +2,10 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLDatabase},
 };

@@ -12,11 +13,15 @@ pub type CreateDatabasesRequest = Vec<MySQLDatabase>;

 pub type CreateDatabasesResponse = BTreeMap<MySQLDatabase, Result<(), CreateDatabaseError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum CreateDatabaseError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("Database already exists")]
    DatabaseAlreadyExists,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -60,10 +65,7 @@ pub fn print_create_databases_output_status_json(output: &CreateDatabasesRespons
 impl CreateDatabaseError {
    pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String {
        match self {
-            CreateDatabaseError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::Database(database_name.clone()))
-            }
-            CreateDatabaseError::OwnershipError(err) => {
+            CreateDatabaseError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::Database(database_name.clone()))
            }
            CreateDatabaseError::DatabaseAlreadyExists => {
@@ -77,12 +79,7 @@ impl CreateDatabaseError {

    pub fn error_type(&self) -> String {
        match self {
-            CreateDatabaseError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            CreateDatabaseError::OwnershipError(err) => {
-                format!("ownership-error/{}", err.error_type())
-            }
+            CreateDatabaseError::AuthorizationError(err) => err.error_type(),
            CreateDatabaseError::DatabaseAlreadyExists => "database-already-exists".to_string(),
            CreateDatabaseError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/create_users.rs
+++ b/src/core/protocol/commands/create_users.rs
@@ -2,9 +2,10 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLUser},
 };

@@ -12,11 +13,15 @@ pub type CreateUsersRequest = Vec<MySQLUser>;

 pub type CreateUsersResponse = BTreeMap<MySQLUser, Result<(), CreateUserError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum CreateUserError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("User already exists")]
    UserAlreadyExists,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -60,10 +65,7 @@ pub fn print_create_users_output_status_json(output: &CreateUsersResponse) {
 impl CreateUserError {
    pub fn to_error_message(&self, username: &MySQLUser) -> String {
        match self {
-            CreateUserError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            CreateUserError::OwnershipError(err) => {
+            CreateUserError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            CreateUserError::UserAlreadyExists => {
@@ -77,10 +79,7 @@ impl CreateUserError {

    pub fn error_type(&self) -> String {
        match self {
-            CreateUserError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            CreateUserError::OwnershipError(err) => format!("ownership-error/{}", err.error_type()),
+            CreateUserError::AuthorizationError(err) => err.error_type(),
            CreateUserError::UserAlreadyExists => "user-already-exists".to_string(),
            CreateUserError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/drop_databases.rs
+++ b/src/core/protocol/commands/drop_databases.rs
@@ -2,9 +2,10 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLDatabase},
 };

@@ -12,11 +13,15 @@ pub type DropDatabasesRequest = Vec<MySQLDatabase>;

 pub type DropDatabasesResponse = BTreeMap<MySQLDatabase, Result<(), DropDatabaseError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum DropDatabaseError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("Database does not exist")]
    DatabaseDoesNotExist,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -63,10 +68,7 @@ pub fn print_drop_databases_output_status_json(output: &DropDatabasesResponse) {
 impl DropDatabaseError {
    pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String {
        match self {
-            DropDatabaseError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::Database(database_name.clone()))
-            }
-            DropDatabaseError::OwnershipError(err) => {
+            DropDatabaseError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::Database(database_name.clone()))
            }
            DropDatabaseError::DatabaseDoesNotExist => {
@@ -80,12 +82,7 @@ impl DropDatabaseError {

    pub fn error_type(&self) -> String {
        match self {
-            DropDatabaseError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            DropDatabaseError::OwnershipError(err) => {
-                format!("ownership-error/{}", err.error_type())
-            }
+            DropDatabaseError::AuthorizationError(err) => err.error_type(),
            DropDatabaseError::DatabaseDoesNotExist => "database-does-not-exist".to_string(),
            DropDatabaseError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/drop_users.rs
+++ b/src/core/protocol/commands/drop_users.rs
@@ -2,9 +2,10 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLUser},
 };

@@ -12,11 +13,15 @@ pub type DropUsersRequest = Vec<MySQLUser>;

 pub type DropUsersResponse = BTreeMap<MySQLUser, Result<(), DropUserError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum DropUserError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("User does not exist")]
    UserDoesNotExist,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -60,10 +65,7 @@ pub fn print_drop_users_output_status_json(output: &DropUsersResponse) {
 impl DropUserError {
    pub fn to_error_message(&self, username: &MySQLUser) -> String {
        match self {
-            DropUserError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            DropUserError::OwnershipError(err) => {
+            DropUserError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            DropUserError::UserDoesNotExist => {
@@ -77,10 +79,7 @@ impl DropUserError {

    pub fn error_type(&self) -> String {
        match self {
-            DropUserError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            DropUserError::OwnershipError(err) => format!("ownership-error/{}", err.error_type()),
+            DropUserError::AuthorizationError(err) => err.error_type(),
            DropUserError::UserDoesNotExist => "user-does-not-exist".to_string(),
            DropUserError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/list_all_databases.rs
+++ b/src/core/protocol/commands/list_all_databases.rs
@@ -1,11 +1,13 @@
 use serde::{Deserialize, Serialize};
+use thiserror::Error;

 use crate::server::sql::database_operations::DatabaseRow;

 pub type ListAllDatabasesResponse = Result<Vec<DatabaseRow>, ListAllDatabasesError>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum ListAllDatabasesError {
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

--- a/src/core/protocol/commands/list_all_privileges.rs
+++ b/src/core/protocol/commands/list_all_privileges.rs
@@ -1,12 +1,14 @@
 use serde::{Deserialize, Serialize};
+use thiserror::Error;

 use crate::core::database_privileges::DatabasePrivilegeRow;

 pub type ListAllPrivilegesResponse =
    Result<Vec<DatabasePrivilegeRow>, GetAllDatabasesPrivilegeDataError>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum GetAllDatabasesPrivilegeDataError {
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

--- a/src/core/protocol/commands/list_all_users.rs
+++ b/src/core/protocol/commands/list_all_users.rs
@@ -1,11 +1,13 @@
 use serde::{Deserialize, Serialize};
+use thiserror::Error;

 use crate::server::sql::user_operations::DatabaseUser;

 pub type ListAllUsersResponse = Result<Vec<DatabaseUser>, ListAllUsersError>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum ListAllUsersError {
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

--- a/src/core/protocol/commands/list_databases.rs
+++ b/src/core/protocol/commands/list_databases.rs
@@ -4,10 +4,11 @@ use itertools::Itertools;
 use prettytable::Table;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::{
    core::{
-        protocol::request_validation::{NameValidationError, OwnerValidationError},
+        protocol::request_validation::AuthorizationError,
        types::{DbOrUser, MySQLDatabase},
    },
    server::sql::database_operations::DatabaseRow,
@@ -17,11 +18,15 @@ pub type ListDatabasesRequest = Option<Vec<MySQLDatabase>>;

 pub type ListDatabasesResponse = BTreeMap<MySQLDatabase, Result<DatabaseRow, ListDatabasesError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum ListDatabasesError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("Database does not exist")]
    DatabaseDoesNotExist,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -99,10 +104,7 @@ pub fn print_list_databases_output_status_json(output: &ListDatabasesResponse) {
 impl ListDatabasesError {
    pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String {
        match self {
-            ListDatabasesError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::Database(database_name.clone()))
-            }
-            ListDatabasesError::OwnershipError(err) => {
+            ListDatabasesError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::Database(database_name.clone()))
            }
            ListDatabasesError::DatabaseDoesNotExist => {
@@ -116,12 +118,7 @@ impl ListDatabasesError {

    pub fn error_type(&self) -> String {
        match self {
-            ListDatabasesError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            ListDatabasesError::OwnershipError(err) => {
-                format!("ownership-error/{}", err.error_type())
-            }
+            ListDatabasesError::AuthorizationError(err) => err.error_type(),
            ListDatabasesError::DatabaseDoesNotExist => "database-does-not-exist".to_string(),
            ListDatabasesError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/list_privileges.rs
+++ b/src/core/protocol/commands/list_privileges.rs
@@ -8,6 +8,7 @@ use itertools::Itertools;
 use prettytable::{Cell, Row, Table};
 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
    common::yn,
@@ -15,7 +16,7 @@ use crate::core::{
        DATABASE_PRIVILEGE_FIELDS, DatabasePrivilegeRow, db_priv_field_human_readable_name,
        db_priv_field_single_character_name,
    },
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLDatabase},
 };

@@ -115,21 +116,22 @@ pub fn print_list_privileges_output_status_json(output: &ListPrivilegesResponse)
    );
 }

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum GetDatabasesPrivilegeDataError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("Database does not exist")]
    DatabaseDoesNotExist,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

 impl GetDatabasesPrivilegeDataError {
    pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String {
        match self {
-            GetDatabasesPrivilegeDataError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::Database(database_name.clone()))
-            }
-            GetDatabasesPrivilegeDataError::OwnershipError(err) => {
+            GetDatabasesPrivilegeDataError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::Database(database_name.clone()))
            }
            GetDatabasesPrivilegeDataError::DatabaseDoesNotExist => {
@@ -143,12 +145,7 @@ impl GetDatabasesPrivilegeDataError {

    pub fn error_type(&self) -> String {
        match self {
-            GetDatabasesPrivilegeDataError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            GetDatabasesPrivilegeDataError::OwnershipError(err) => {
-                format!("ownership-error/{}", err.error_type())
-            }
+            GetDatabasesPrivilegeDataError::AuthorizationError(err) => err.error_type(),
            GetDatabasesPrivilegeDataError::DatabaseDoesNotExist => {
                "database-does-not-exist".to_string()
            }
--- a/src/core/protocol/commands/list_users.rs
+++ b/src/core/protocol/commands/list_users.rs
@@ -3,10 +3,11 @@ use std::collections::BTreeMap;
 use prettytable::Table;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::{
    core::{
-        protocol::request_validation::{NameValidationError, OwnerValidationError},
+        protocol::request_validation::AuthorizationError,
        types::{DbOrUser, MySQLUser},
    },
    server::sql::user_operations::DatabaseUser,
@@ -16,11 +17,15 @@ pub type ListUsersRequest = Option<Vec<MySQLUser>>;

 pub type ListUsersResponse = BTreeMap<MySQLUser, Result<DatabaseUser, ListUsersError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum ListUsersError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("User does not exist")]
    UserDoesNotExist,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -94,10 +99,7 @@ pub fn print_list_users_output_status_json(output: &ListUsersResponse) {
 impl ListUsersError {
    pub fn to_error_message(&self, username: &MySQLUser) -> String {
        match self {
-            ListUsersError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            ListUsersError::OwnershipError(err) => {
+            ListUsersError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            ListUsersError::UserDoesNotExist => {
@@ -111,10 +113,7 @@ impl ListUsersError {

    pub fn error_type(&self) -> String {
        match self {
-            ListUsersError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            ListUsersError::OwnershipError(err) => format!("ownership-error/{}", err.error_type()),
+            ListUsersError::AuthorizationError(err) => err.error_type(),
            ListUsersError::UserDoesNotExist => "user-does-not-exist".to_string(),
            ListUsersError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/lock_users.rs
+++ b/src/core/protocol/commands/lock_users.rs
@@ -2,9 +2,10 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLUser},
 };

@@ -12,12 +13,18 @@ pub type LockUsersRequest = Vec<MySQLUser>;

 pub type LockUsersResponse = BTreeMap<MySQLUser, Result<(), LockUserError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum LockUserError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("User does not exist")]
    UserDoesNotExist,
+
+    #[error("User is already locked")]
    UserIsAlreadyLocked,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -61,10 +68,7 @@ pub fn print_lock_users_output_status_json(output: &LockUsersResponse) {
 impl LockUserError {
    pub fn to_error_message(&self, username: &MySQLUser) -> String {
        match self {
-            LockUserError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            LockUserError::OwnershipError(err) => {
+            LockUserError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            LockUserError::UserDoesNotExist => {
@@ -81,10 +85,7 @@ impl LockUserError {

    pub fn error_type(&self) -> String {
        match self {
-            LockUserError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            LockUserError::OwnershipError(err) => format!("ownership-error/{}", err.error_type()),
+            LockUserError::AuthorizationError(err) => err.error_type(),
            LockUserError::UserDoesNotExist => "user-does-not-exist".to_string(),
            LockUserError::UserIsAlreadyLocked => "user-is-already-locked".to_string(),
            LockUserError::MySqlError(_) => "mysql-error".to_string(),
--- a/src/core/protocol/commands/modify_privileges.rs
+++ b/src/core/protocol/commands/modify_privileges.rs
@@ -1,10 +1,11 @@
 use std::collections::{BTreeMap, BTreeSet};

 use serde::{Deserialize, Serialize};
+use thiserror::Error;

 use crate::core::{
    database_privileges::{DatabasePrivilegeRow, DatabasePrivilegeRowDiff, DatabasePrivilegesDiff},
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLDatabase, MySQLUser},
 };

@@ -13,23 +14,37 @@ pub type ModifyPrivilegesRequest = BTreeSet<DatabasePrivilegesDiff>;
 pub type ModifyPrivilegesResponse =
    BTreeMap<(MySQLDatabase, MySQLUser), Result<(), ModifyDatabasePrivilegesError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum ModifyDatabasePrivilegesError {
-    DatabaseSanitizationError(NameValidationError),
-    DatabaseOwnershipError(OwnerValidationError),
-    UserSanitizationError(NameValidationError),
-    UserOwnershipError(OwnerValidationError),
+    #[error("Database authorization error: {0}")]
+    DatabaseAuthorizationError(AuthorizationError),
+
+    #[error("User authorization error: {0}")]
+    UserAuthorizationError(AuthorizationError),
+
+    #[error("Database does not exist")]
    DatabaseDoesNotExist,
+
+    #[error("User does not exist")]
    UserDoesNotExist,
+
+    #[error("Diff does not apply: {0}")]
    DiffDoesNotApply(DiffDoesNotApplyError),
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

 #[allow(clippy::enum_variant_names)]
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum DiffDoesNotApplyError {
+    #[error("Privileges row already exists for database '{0}' and user '{1}'")]
    RowAlreadyExists(MySQLDatabase, MySQLUser),
+
+    #[error("Privileges row does not exist for database '{0}' and user '{1}'")]
    RowDoesNotExist(MySQLDatabase, MySQLUser),
+
+    #[error("Privilege change '{0:?}' does not apply to row '{1:?}'")]
    RowPrivilegeChangeDoesNotApply(DatabasePrivilegeRowDiff, DatabasePrivilegeRow),
 }

@@ -54,16 +69,10 @@ pub fn print_modify_database_privileges_output_status(output: &ModifyPrivilegesR
 impl ModifyDatabasePrivilegesError {
    pub fn to_error_message(&self, database_name: &MySQLDatabase, username: &MySQLUser) -> String {
        match self {
-            ModifyDatabasePrivilegesError::DatabaseSanitizationError(err) => {
+            ModifyDatabasePrivilegesError::DatabaseAuthorizationError(err) => {
                err.to_error_message(DbOrUser::Database(database_name.clone()))
            }
-            ModifyDatabasePrivilegesError::DatabaseOwnershipError(err) => {
-                err.to_error_message(DbOrUser::Database(database_name.clone()))
-            }
-            ModifyDatabasePrivilegesError::UserSanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            ModifyDatabasePrivilegesError::UserOwnershipError(err) => {
+            ModifyDatabasePrivilegesError::UserAuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            ModifyDatabasePrivilegesError::DatabaseDoesNotExist => {
@@ -87,18 +96,9 @@ impl ModifyDatabasePrivilegesError {
    #[allow(dead_code)]
    pub fn error_type(&self) -> String {
        match self {
-            ModifyDatabasePrivilegesError::DatabaseSanitizationError(err) => {
-                format!("database-sanitization-error/{}", err.error_type())
-            }
-            ModifyDatabasePrivilegesError::DatabaseOwnershipError(err) => {
-                format!("database-ownership-error/{}", err.error_type())
-            }
-            ModifyDatabasePrivilegesError::UserSanitizationError(err) => {
-                format!("user-sanitization-error/{}", err.error_type())
-            }
-            ModifyDatabasePrivilegesError::UserOwnershipError(err) => {
-                format!("user-ownership-error/{}", err.error_type())
-            }
+            // TODO: should these be subtyped?
+            ModifyDatabasePrivilegesError::DatabaseAuthorizationError(err) => err.error_type(),
+            ModifyDatabasePrivilegesError::UserAuthorizationError(err) => err.error_type(),
            ModifyDatabasePrivilegesError::DatabaseDoesNotExist => {
                "database-does-not-exist".to_string()
            }
--- a/src/core/protocol/commands/passwd_user.rs
+++ b/src/core/protocol/commands/passwd_user.rs
@@ -1,7 +1,8 @@
 use serde::{Deserialize, Serialize};
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLUser},
 };

@@ -9,11 +10,15 @@ pub type SetUserPasswordRequest = (MySQLUser, String);

 pub type SetUserPasswordResponse = Result<(), SetPasswordError>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum SetPasswordError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("User does not exist")]
    UserDoesNotExist,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -32,10 +37,7 @@ pub fn print_set_password_output_status(output: &SetUserPasswordResponse, userna
 impl SetPasswordError {
    pub fn to_error_message(&self, username: &MySQLUser) -> String {
        match self {
-            SetPasswordError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            SetPasswordError::OwnershipError(err) => {
+            SetPasswordError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            SetPasswordError::UserDoesNotExist => {
@@ -50,12 +52,7 @@ impl SetPasswordError {
    #[allow(dead_code)]
    pub fn error_type(&self) -> String {
        match self {
-            SetPasswordError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            SetPasswordError::OwnershipError(err) => {
-                format!("ownership-error/{}", err.error_type())
-            }
+            SetPasswordError::AuthorizationError(err) => err.error_type(),
            SetPasswordError::UserDoesNotExist => "user-does-not-exist".to_string(),
            SetPasswordError::MySqlError(_) => "mysql-error".to_string(),
        }
--- a/src/core/protocol/commands/unlock_users.rs
+++ b/src/core/protocol/commands/unlock_users.rs
@@ -2,9 +2,10 @@ use std::collections::BTreeMap;

 use serde::{Deserialize, Serialize};
 use serde_json::json;
+use thiserror::Error;

 use crate::core::{
-    protocol::request_validation::{NameValidationError, OwnerValidationError},
+    protocol::request_validation::AuthorizationError,
    types::{DbOrUser, MySQLUser},
 };

@@ -12,12 +13,18 @@ pub type UnlockUsersRequest = Vec<MySQLUser>;

 pub type UnlockUsersResponse = BTreeMap<MySQLUser, Result<(), UnlockUserError>>;

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum UnlockUserError {
-    SanitizationError(NameValidationError),
-    OwnershipError(OwnerValidationError),
+    #[error("Authorization error: {0}")]
+    AuthorizationError(#[from] AuthorizationError),
+
+    #[error("User does not exist")]
    UserDoesNotExist,
+
+    #[error("User is already unlocked")]
    UserIsAlreadyUnlocked,
+
+    #[error("MySQL error: {0}")]
    MySqlError(String),
 }

@@ -61,10 +68,7 @@ pub fn print_unlock_users_output_status_json(output: &UnlockUsersResponse) {
 impl UnlockUserError {
    pub fn to_error_message(&self, username: &MySQLUser) -> String {
        match self {
-            UnlockUserError::SanitizationError(err) => {
-                err.to_error_message(DbOrUser::User(username.clone()))
-            }
-            UnlockUserError::OwnershipError(err) => {
+            UnlockUserError::AuthorizationError(err) => {
                err.to_error_message(DbOrUser::User(username.clone()))
            }
            UnlockUserError::UserDoesNotExist => {
@@ -81,10 +85,7 @@ impl UnlockUserError {

    pub fn error_type(&self) -> String {
        match self {
-            UnlockUserError::SanitizationError(err) => {
-                format!("sanitization-error/{}", err.error_type())
-            }
-            UnlockUserError::OwnershipError(err) => format!("ownership-error/{}", err.error_type()),
+            UnlockUserError::AuthorizationError(err) => err.error_type(),
            UnlockUserError::UserDoesNotExist => "user-does-not-exist".to_string(),
            UnlockUserError::UserIsAlreadyUnlocked => "user-is-already-unlocked".to_string(),
            UnlockUserError::MySqlError(_) => "mysql-error".to_string(),
--- a/src/core/protocol/request_validation.rs
+++ b/src/core/protocol/request_validation.rs
@@ -1,13 +1,21 @@
 use indoc::indoc;
 use itertools::Itertools;
 use serde::{Deserialize, Serialize};
+use thiserror::Error;

 use crate::core::{common::UnixUser, types::DbOrUser};

-#[derive(Debug, PartialEq, Eq, Clone, Copy, Serialize, Deserialize)]
+#[derive(Error, Debug, PartialEq, Eq, Clone, Copy, Serialize, Deserialize)]
 pub enum NameValidationError {
+    #[error("Name cannot be empty.")]
    EmptyString,
+
+    #[error(
+        "Name contains invalid characters. Only A-Z, a-z, 0-9, _ (underscore) and - (dash) are permitted."
+    )]
    InvalidCharacters,
+
+    #[error("Name is too long. Maximum length is 64 characters.")]
    TooLong,
 }

@@ -44,6 +52,15 @@ impl NameValidationError {
    }
 }

+#[derive(Error, Debug, PartialEq, Eq, Clone, Copy, Serialize, Deserialize)]
+pub enum OwnerValidationError {
+    #[error("No matching owner prefix found")]
+    NoMatch,
+
+    #[error("Name cannot be empty")]
+    StringEmpty,
+}
+
 impl OwnerValidationError {
    pub fn to_error_message(self, db_or_user: DbOrUser) -> String {
        let user = UnixUser::from_enviroment();
@@ -98,11 +115,42 @@ impl OwnerValidationError {
    }
 }

-#[derive(Debug, PartialEq, Eq, Clone, Copy, Serialize, Deserialize)]
-pub enum OwnerValidationError {
-    // The name is valid, but none of the given prefixes matched the name
-    NoMatch,
+#[derive(Error, Debug, PartialEq, Eq, Clone, Copy, Serialize, Deserialize)]
+pub enum AuthorizationError {
+    #[error("Sanitization error: {0}")]
+    SanitizationError(NameValidationError),

-    // The name is empty, which is invalid
-    StringEmpty,
+    #[error("Ownership error: {0}")]
+    OwnershipError(OwnerValidationError),
+    // AuthorizationHandlerError(String),
+}
+
+impl AuthorizationError {
+    pub fn to_error_message(&self, db_or_user: DbOrUser) -> String {
+        match self {
+            AuthorizationError::SanitizationError(err) => err.to_error_message(db_or_user),
+            AuthorizationError::OwnershipError(err) => err.to_error_message(db_or_user),
+            // AuthorizationError::AuthorizationHandlerError(msg) => {
+            //     format!(
+            //         "Authorization handler error for '{}': {}",
+            //         db_or_user.name(),
+            //         msg
+            //     )
+            // }
+        }
+    }
+
+    pub fn error_type(&self) -> String {
+        match self {
+            AuthorizationError::SanitizationError(err) => {
+                format!("sanitization-error/{}", err.error_type())
+            }
+            // TODO: maybe rename this to authorization error?
+            AuthorizationError::OwnershipError(err) => {
+                format!("ownership-error/{}", err.error_type())
+            } // AuthorizationError::AuthorizationHandlerError(_) => {
+              //     "authorization-handler-error".to_string()
+              // }
+        }
+    }
 }