rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-30 01:27:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(user): improve role validation to prevent duplicate groups (#3949)

Browse Source
This commit is contained in:
Apoorv Dixit
2024-03-06 13:00:12 +05:30
committed by GitHub
parent 8154a611ef
commit 05a475271a
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/common_enums/src/enums.rs
View File

@ -2329,6 +2329,7 @@ pub enum RoleScope {
Debug, Debug,
Eq, Eq,
PartialEq, PartialEq,
Hash,
serde::Serialize, serde::Serialize,
serde::Deserialize, serde::Deserialize,
strum::Display, strum::Display,

11
crates/router/src/utils/user_role.rs
View File

@ -1,3 +1,5 @@
use std::collections::HashSet;
use api_models::user_role as user_role_api; use api_models::user_role as user_role_api;
use common_enums::PermissionGroup; use common_enums::PermissionGroup;
use diesel_models::user_role::UserRole; use diesel_models::user_role::UserRole;
@ -51,11 +53,18 @@ pub fn validate_role_groups(groups: &[PermissionGroup]) -> UserResult<()> {
.attach_printable("Role groups cannot be empty"); .attach_printable("Role groups cannot be empty");
} }
if groups.contains(&PermissionGroup::OrganizationManage) { let unique_groups: HashSet<_> = groups.iter().cloned().collect();
if unique_groups.contains(&PermissionGroup::OrganizationManage) {
return Err(UserErrors::InvalidRoleOperation.into()) return Err(UserErrors::InvalidRoleOperation.into())
.attach_printable("Organization manage group cannot be added to role"); .attach_printable("Organization manage group cannot be added to role");
} }
if unique_groups.len() != groups.len() {
return Err(UserErrors::InvalidRoleOperation.into())
.attach_printable("Duplicate permission group found");
}
Ok(()) Ok(())
} }