diff --git a/crates/common_enums/src/enums.rs b/crates/common_enums/src/enums.rs index a42a266114..2cbd3a9e54 100644 --- a/crates/common_enums/src/enums.rs +++ b/crates/common_enums/src/enums.rs @@ -8420,12 +8420,6 @@ pub enum PermissionGroup { AnalyticsView, UsersView, UsersManage, - // TODO: To be deprecated, make sure DB is migrated before removing - MerchantDetailsView, - // TODO: To be deprecated, make sure DB is migrated before removing - MerchantDetailsManage, - // TODO: To be deprecated, make sure DB is migrated before removing - OrganizationManage, AccountView, AccountManage, ReconReportsView, diff --git a/crates/router/src/services/authorization/info.rs b/crates/router/src/services/authorization/info.rs index 49c315221c..a76f24bee1 100644 --- a/crates/router/src/services/authorization/info.rs +++ b/crates/router/src/services/authorization/info.rs @@ -41,9 +41,8 @@ fn get_group_description(group: PermissionGroup) -> Option<&'static str> { PermissionGroup::AnalyticsView => Some("View Analytics"), PermissionGroup::UsersView => Some("View Users"), PermissionGroup::UsersManage => Some("Manage and invite Users to the Team"), - PermissionGroup::MerchantDetailsView | PermissionGroup::AccountView => Some("View Merchant Details"), - PermissionGroup::MerchantDetailsManage | PermissionGroup::AccountManage => Some("Create, modify and delete Merchant Details like api keys, webhooks, etc"), - PermissionGroup::OrganizationManage => Some("Manage organization level tasks like create new Merchant accounts, Organization level roles, etc"), + PermissionGroup::AccountView => Some("View Merchant Details"), + PermissionGroup::AccountManage => Some("Create, modify and delete Merchant Details like api keys, webhooks, etc"), PermissionGroup::ReconReportsView => Some("View reconciliation reports and analytics"), PermissionGroup::ReconReportsManage => Some("Manage reconciliation reports"), PermissionGroup::ReconOpsView => Some("View and access all reconciliation operations including reports and analytics"), diff --git a/crates/router/src/services/authorization/permission_groups.rs b/crates/router/src/services/authorization/permission_groups.rs index 6a2ce1c839..7767373dce 100644 --- a/crates/router/src/services/authorization/permission_groups.rs +++ b/crates/router/src/services/authorization/permission_groups.rs @@ -20,7 +20,6 @@ impl PermissionGroupExt for PermissionGroup { | Self::WorkflowsView | Self::AnalyticsView | Self::UsersView - | Self::MerchantDetailsView | Self::AccountView | Self::ReconOpsView | Self::ReconReportsView @@ -30,8 +29,6 @@ impl PermissionGroupExt for PermissionGroup { | Self::ConnectorsManage | Self::WorkflowsManage | Self::UsersManage - | Self::MerchantDetailsManage - | Self::OrganizationManage | Self::AccountManage | Self::ReconOpsManage | Self::ReconReportsManage @@ -47,11 +44,7 @@ impl PermissionGroupExt for PermissionGroup { Self::WorkflowsView | Self::WorkflowsManage => ParentGroup::Workflows, Self::AnalyticsView => ParentGroup::Analytics, Self::UsersView | Self::UsersManage => ParentGroup::Users, - Self::MerchantDetailsView - | Self::OrganizationManage - | Self::MerchantDetailsManage - | Self::AccountView - | Self::AccountManage => ParentGroup::Account, + Self::AccountView | Self::AccountManage => ParentGroup::Account, Self::ThemeView | Self::ThemeManage => ParentGroup::Theme, Self::ReconOpsView | Self::ReconOpsManage => ParentGroup::ReconOps, @@ -96,13 +89,6 @@ impl PermissionGroupExt for PermissionGroup { Self::ReconReportsView => vec![Self::ReconReportsView], Self::ReconReportsManage => vec![Self::ReconReportsView, Self::ReconReportsManage], - Self::MerchantDetailsView => vec![Self::MerchantDetailsView], - Self::MerchantDetailsManage => { - vec![Self::MerchantDetailsView, Self::MerchantDetailsManage] - } - - Self::OrganizationManage => vec![Self::OrganizationManage], - Self::AccountView => vec![Self::AccountView], Self::AccountManage => vec![Self::AccountView, Self::AccountManage], diff --git a/crates/router/src/services/authorization/roles/predefined_roles.rs b/crates/router/src/services/authorization/roles/predefined_roles.rs index 853b4d3f8a..83e1b94a22 100644 --- a/crates/router/src/services/authorization/roles/predefined_roles.rs +++ b/crates/router/src/services/authorization/roles/predefined_roles.rs @@ -22,11 +22,8 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, - PermissionGroup::OrganizationManage, PermissionGroup::ReconOpsView, PermissionGroup::ReconOpsManage, PermissionGroup::ReconReportsView, @@ -51,7 +48,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::WorkflowsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, @@ -75,7 +71,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::WorkflowsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, @@ -106,11 +101,8 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, - PermissionGroup::OrganizationManage, PermissionGroup::ReconOpsView, PermissionGroup::ReconOpsManage, PermissionGroup::ReconReportsView, @@ -141,11 +133,8 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, - PermissionGroup::OrganizationManage, PermissionGroup::ReconOpsView, PermissionGroup::ReconOpsManage, PermissionGroup::ReconReportsView, @@ -178,9 +167,7 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, PermissionGroup::ReconOpsView, PermissionGroup::ReconOpsManage, @@ -206,7 +193,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::WorkflowsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, @@ -229,7 +215,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, ], role_id: consts::user_role::ROLE_ID_MERCHANT_IAM_ADMIN.to_string(), @@ -250,9 +235,7 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::ConnectorsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, @@ -277,7 +260,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::WorkflowsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, PermissionGroup::ReconOpsView, PermissionGroup::ReconOpsManage, @@ -300,7 +282,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::OperationsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, @@ -330,9 +311,7 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, ], role_id: consts::user_role::ROLE_ID_PROFILE_ADMIN.to_string(), @@ -354,7 +333,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::WorkflowsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, ], role_id: consts::user_role::ROLE_ID_PROFILE_VIEW_ONLY.to_string(), @@ -375,7 +353,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::AnalyticsView, PermissionGroup::UsersView, PermissionGroup::UsersManage, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, ], role_id: consts::user_role::ROLE_ID_PROFILE_IAM_ADMIN.to_string(), @@ -396,9 +373,7 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::ConnectorsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, ], role_id: consts::user_role::ROLE_ID_PROFILE_DEVELOPER.to_string(), @@ -421,7 +396,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::WorkflowsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, ], role_id: consts::user_role::ROLE_ID_PROFILE_OPERATOR.to_string(), @@ -441,7 +415,6 @@ pub static PREDEFINED_ROLES: LazyLock> = LazyLoc PermissionGroup::OperationsView, PermissionGroup::AnalyticsView, PermissionGroup::UsersView, - PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, ], role_id: consts::user_role::ROLE_ID_PROFILE_CUSTOMER_SUPPORT.to_string(), diff --git a/crates/router/src/utils/user_role.rs b/crates/router/src/utils/user_role.rs index f9a5f77807..659460e53b 100644 --- a/crates/router/src/utils/user_role.rs +++ b/crates/router/src/utils/user_role.rs @@ -40,9 +40,7 @@ pub fn validate_role_groups(groups: &[PermissionGroup]) -> UserResult<()> { let unique_groups: HashSet<_> = groups.iter().copied().collect(); - if unique_groups.contains(&PermissionGroup::OrganizationManage) - || unique_groups.contains(&PermissionGroup::InternalManage) - { + if unique_groups.contains(&PermissionGroup::InternalManage) { return Err(report!(UserErrors::InvalidRoleOperation)) .attach_printable("Invalid groups present in the custom role"); } diff --git a/migrations/2025-10-06-111411_deprecated_roles_backfill/down.sql b/migrations/2025-10-06-111411_deprecated_roles_backfill/down.sql new file mode 100644 index 0000000000..c7c9cbeb40 --- /dev/null +++ b/migrations/2025-10-06-111411_deprecated_roles_backfill/down.sql @@ -0,0 +1,2 @@ +-- This file should undo anything in `up.sql` +SELECT 1; \ No newline at end of file diff --git a/migrations/2025-10-06-111411_deprecated_roles_backfill/up.sql b/migrations/2025-10-06-111411_deprecated_roles_backfill/up.sql new file mode 100644 index 0000000000..1fb2b9fb0d --- /dev/null +++ b/migrations/2025-10-06-111411_deprecated_roles_backfill/up.sql @@ -0,0 +1,12 @@ +-- Your SQL goes here +UPDATE roles +SET groups = array_replace(groups, 'merchant_details_view', 'account_view') +WHERE 'merchant_details_view' = ANY(groups); + +UPDATE roles +SET groups = array_replace(groups, 'merchant_details_manage', 'account_manage') +WHERE 'merchant_details_manage' = ANY(groups); + +UPDATE roles +SET groups = array_replace(groups, 'organization_manage', 'account_manage') +WHERE 'organization_manage' = ANY(groups); \ No newline at end of file