rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-31 01:57:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(payouts): Add user roles for payouts (#4167)

Browse Source 
Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
This commit is contained in:
chikke srujan
2024-03-22 16:21:18 +05:30
committed by GitHub
parent 5afd2c2a67
commit 13fe58450b
9 changed files with 119 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/api_models/src/user_role.rs
View File

@ -32,6 +32,8 @@ pub enum Permission {
UsersWrite, UsersWrite,
MerchantAccountCreate, MerchantAccountCreate,
WebhookEventRead, WebhookEventRead,
PayoutWrite,
PayoutRead,
} }
#[derive(Debug, serde::Serialize)] #[derive(Debug, serde::Serialize)]
@ -48,6 +50,7 @@ pub enum PermissionModule {
ThreeDsDecisionManager, ThreeDsDecisionManager,
SurchargeDecisionManager, SurchargeDecisionManager,
AccountCreate, AccountCreate,
Payouts,
} }
#[derive(Debug, serde::Serialize)] #[derive(Debug, serde::Serialize)]

26
crates/router/src/routes/payouts.rs
View File

@ -9,7 +9,7 @@ use super::app::AppState;
use crate::types::api::payments as payment_types; use crate::types::api::payments as payment_types;
use crate::{ use crate::{
core::{api_locking, payouts::*}, core::{api_locking, payouts::*},
services::{api, authentication as auth}, services::{api, authentication as auth, authorization::permissions::Permission},
types::api::payouts as payout_types, types::api::payouts as payout_types,
}; };
@ -77,7 +77,11 @@ pub async fn payouts_retrieve(
&req, &req,
payout_retrieve_request, payout_retrieve_request,
|state, auth, req| payouts_retrieve_core(state, auth.merchant_account, auth.key_store, req), |state, auth, req| payouts_retrieve_core(state, auth.merchant_account, auth.key_store, req),
&auth::ApiKeyAuth, auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::PayoutRead),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await
@ -225,7 +229,11 @@ pub async fn payouts_list(
&req, &req,
payload, payload,
|state, auth, req| payouts_list_core(state, auth.merchant_account, req), |state, auth, req| payouts_list_core(state, auth.merchant_account, req),
&auth::ApiKeyAuth, auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::PayoutRead),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await
@ -259,7 +267,11 @@ pub async fn payouts_list_by_filter(
&req, &req,
payload, payload,
|state, auth, req| payouts_filtered_list_core(state, auth.merchant_account, req), |state, auth, req| payouts_filtered_list_core(state, auth.merchant_account, req),
&auth::ApiKeyAuth, auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::PayoutRead),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await
@ -293,7 +305,11 @@ pub async fn payouts_list_available_filters(
&req, &req,
payload, payload,
|state, auth, req| payouts_list_available_filters_core(state, auth.merchant_account, req), |state, auth, req| payouts_list_available_filters_core(state, auth.merchant_account, req),
&auth::ApiKeyAuth, auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::PayoutRead),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await

16
crates/router/src/services/authorization/info.rs
View File

@ -41,6 +41,7 @@ pub enum PermissionModule {
ThreeDsDecisionManager, ThreeDsDecisionManager,
SurchargeDecisionManager, SurchargeDecisionManager,
AccountCreate, AccountCreate,
Payouts,
} }
impl PermissionModule { impl PermissionModule {
@ -57,7 +58,8 @@ impl PermissionModule {
Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module", Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant", Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
Self::SurchargeDecisionManager =>"View and configure surcharge decision rules configured for a merchant", Self::SurchargeDecisionManager =>"View and configure surcharge decision rules configured for a merchant",
Self::AccountCreate => "Create new account within your organization" Self::AccountCreate => "Create new account within your organization",
Self::Payouts => "Everything related to payouts - like creating and viewing payout related information are within this module"
} }
} }
} }
@ -168,6 +170,14 @@ impl ModuleInfo {
Permission::MerchantAccountCreate, Permission::MerchantAccountCreate,
]), ]),
}, },
PermissionModule::Payouts => Self {
module: module_name,
description,
permissions: get_permission_info_from_permissions(&[
Permission::PayoutRead,
Permission::PayoutWrite,
]),
},
} }
} }
} }
@ -184,10 +194,10 @@ fn get_group_info_from_permission_group(group: PermissionGroup) -> GroupInfo {
fn get_group_description(group: PermissionGroup) -> &'static str { fn get_group_description(group: PermissionGroup) -> &'static str {
match group { match group {
PermissionGroup::OperationsView => { PermissionGroup::OperationsView => {
"View Payments, Refunds, Mandates, Disputes and Customers" "View Payments, Refunds, Payouts, Mandates, Disputes and Customers"
} }
PermissionGroup::OperationsManage => { PermissionGroup::OperationsManage => {
"Create, modify and delete Payments, Refunds, Mandates, Disputes and Customers" "Create, modify and delete Payments, Refunds, Payouts, Mandates, Disputes and Customers"
} }
PermissionGroup::ConnectorsView => { PermissionGroup::ConnectorsView => {
"View connected Payment Processors, Payout Processors and Fraud & Risk Manager details" "View connected Payment Processors, Payout Processors and Fraud & Risk Manager details"

6
crates/router/src/services/authorization/permission_groups.rs
View File

@ -19,22 +19,24 @@ pub fn get_permissions_vec(permission_group: &PermissionGroup) -> &[Permission]
} }
} }
pub static OPERATIONS_VIEW: [Permission; 6] = [ pub static OPERATIONS_VIEW: [Permission; 7] = [
Permission::PaymentRead, Permission::PaymentRead,
Permission::RefundRead, Permission::RefundRead,
Permission::MandateRead, Permission::MandateRead,
Permission::DisputeRead, Permission::DisputeRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::PayoutRead,
]; ];
pub static OPERATIONS_MANAGE: [Permission; 6] = [ pub static OPERATIONS_MANAGE: [Permission; 7] = [
Permission::PaymentWrite, Permission::PaymentWrite,
Permission::RefundWrite, Permission::RefundWrite,
Permission::MandateWrite, Permission::MandateWrite,
Permission::DisputeWrite, Permission::DisputeWrite,
Permission::CustomerWrite, Permission::CustomerWrite,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::PayoutWrite,
]; ];
pub static CONNECTORS_VIEW: [Permission; 2] = [ pub static CONNECTORS_VIEW: [Permission; 2] = [

4
crates/router/src/services/authorization/permissions.rs
View File

@ -31,6 +31,8 @@ pub enum Permission {
UsersWrite, UsersWrite,
MerchantAccountCreate, MerchantAccountCreate,
WebhookEventRead, WebhookEventRead,
PayoutRead,
PayoutWrite,
} }
impl Permission { impl Permission {
@ -69,6 +71,8 @@ impl Permission {
Self::UsersWrite => "Invite users, assign and update roles", Self::UsersWrite => "Invite users, assign and update roles",
Self::MerchantAccountCreate => "Create merchant account", Self::MerchantAccountCreate => "Create merchant account",
Self::WebhookEventRead => "View webhook events", Self::WebhookEventRead => "View webhook events",
Self::PayoutRead => "View all payouts",
Self::PayoutWrite => "Create payout, download payout data",
} }
} }
} }

13
crates/router/src/services/authorization/predefined_permissions.rs
View File

@ -64,6 +64,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
Permission::MerchantAccountCreate, Permission::MerchantAccountCreate,
Permission::PayoutRead,
Permission::PayoutWrite,
], ],
name: None, name: None,
is_invitable: false, is_invitable: false,
@ -88,6 +90,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::UsersRead, Permission::UsersRead,
Permission::PayoutRead,
], ],
name: None, name: None,
is_invitable: false, is_invitable: false,
@ -126,6 +129,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
Permission::MerchantAccountCreate, Permission::MerchantAccountCreate,
Permission::PayoutRead,
Permission::PayoutWrite,
], ],
name: Some("Organization Admin"), name: Some("Organization Admin"),
is_invitable: false, is_invitable: false,
@ -164,6 +169,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
Permission::PayoutRead,
Permission::PayoutWrite,
], ],
name: Some("Admin"), name: Some("Admin"),
is_invitable: true, is_invitable: true,
@ -188,6 +195,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::CustomerRead, Permission::CustomerRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::PayoutRead,
], ],
name: Some("View Only"), name: Some("View Only"),
is_invitable: true, is_invitable: true,
@ -213,6 +221,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
Permission::PayoutRead,
], ],
name: Some("IAM"), name: Some("IAM"),
is_invitable: true, is_invitable: true,
@ -238,6 +247,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::CustomerRead, Permission::CustomerRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::PayoutRead,
], ],
name: Some("Developer"), name: Some("Developer"),
is_invitable: true, is_invitable: true,
@ -268,6 +278,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::CustomerRead, Permission::CustomerRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::PayoutRead,
Permission::PayoutWrite,
], ],
name: Some("Operator"), name: Some("Operator"),
is_invitable: true, is_invitable: true,
@ -289,6 +301,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::Analytics, Permission::Analytics,
Permission::PayoutRead,
], ],
name: Some("Customer Support"), name: Some("Customer Support"),
is_invitable: true, is_invitable: true,

1
crates/router/src/types/domain/user.rs
View File

@ -808,6 +808,7 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager, info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,
info::PermissionModule::SurchargeDecisionManager => Self::SurchargeDecisionManager, info::PermissionModule::SurchargeDecisionManager => Self::SurchargeDecisionManager,
info::PermissionModule::AccountCreate => Self::AccountCreate, info::PermissionModule::AccountCreate => Self::AccountCreate,
info::PermissionModule::Payouts => Self::Payouts,
} }
} }
} }

2
crates/router/src/utils/user_role.rs
View File

@ -44,6 +44,8 @@ impl From<Permission> for user_role_api::Permission {
Permission::UsersWrite => Self::UsersWrite, Permission::UsersWrite => Self::UsersWrite,
Permission::MerchantAccountCreate => Self::MerchantAccountCreate, Permission::MerchantAccountCreate => Self::MerchantAccountCreate,
Permission::WebhookEventRead => Self::WebhookEventRead, Permission::WebhookEventRead => Self::WebhookEventRead,
Permission::PayoutRead => Self::PayoutRead,
Permission::PayoutWrite => Self::PayoutWrite,
} }
} }
} }

116
openapi/openapi_spec.json
View File

@ -3866,64 +3866,6 @@
] ]
} }
}, },
"/payouts/list": {
"get": {
"tags": [
"Payouts"
],
"summary": "Payouts - List",
"description": "Payouts - List",
"operationId": "List payouts",
"responses": {
"200": {
"description": "Payouts listed",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PayoutListResponse"
}
}
}
},
"404": {
"description": "Payout not found"
}
},
"security": [
{
"api_key": []
}
]
},
"post": {
"tags": [
"Payouts"
],
"summary": "Payouts - Filter",
"description": "Payouts - Filter",
"operationId": "Filter payouts",
"responses": {
"200": {
"description": "Payouts filtered",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PayoutListResponse"
}
}
}
},
"404": {
"description": "Payout not found"
}
},
"security": [
{
"api_key": []
}
]
}
},
"/payouts/{payout_id}": { "/payouts/{payout_id}": {
"get": { "get": {
"tags": [ "tags": [
@ -4116,6 +4058,64 @@
] ]
} }
}, },
"/payouts/list": {
"get": {
"tags": [
"Payouts"
],
"summary": "Payouts - List",
"description": "Payouts - List",
"operationId": "List payouts",
"responses": {
"200": {
"description": "Payouts listed",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PayoutListResponse"
}
}
}
},
"404": {
"description": "Payout not found"
}
},
"security": [
{
"api_key": []
}
]
},
"post": {
"tags": [
"Payouts"
],
"summary": "Payouts - Filter",
"description": "Payouts - Filter",
"operationId": "Filter payouts",
"responses": {
"200": {
"description": "Payouts filtered",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PayoutListResponse"
}
}
}
},
"404": {
"description": "Payout not found"
}
},
"security": [
{
"api_key": []
}
]
}
},
"/api_keys/{merchant_id)": { "/api_keys/{merchant_id)": {
"post": { "post": {
"tags": [ "tags": [