mirror of
https://github.com/juspay/hyperswitch.git
synced 2025-10-30 09:38:33 +08:00
refactor(users): remove deprecated permission groups (#9604)
This commit is contained in:
Kanika Bansal
@ -8420,12 +8420,6 @@ pub enum PermissionGroup {
|
|||||||
AnalyticsView,
|
AnalyticsView,
|
||||||
UsersView,
|
UsersView,
|
||||||
UsersManage,
|
UsersManage,
|
||||||
// TODO: To be deprecated, make sure DB is migrated before removing
|
|
||||||
MerchantDetailsView,
|
|
||||||
// TODO: To be deprecated, make sure DB is migrated before removing
|
|
||||||
MerchantDetailsManage,
|
|
||||||
// TODO: To be deprecated, make sure DB is migrated before removing
|
|
||||||
OrganizationManage,
|
|
||||||
AccountView,
|
AccountView,
|
||||||
AccountManage,
|
AccountManage,
|
||||||
ReconReportsView,
|
ReconReportsView,
|
||||||
|
|||||||
@ -41,9 +41,8 @@ fn get_group_description(group: PermissionGroup) -> Option<&'static str> {
|
|||||||
PermissionGroup::AnalyticsView => Some("View Analytics"),
|
PermissionGroup::AnalyticsView => Some("View Analytics"),
|
||||||
PermissionGroup::UsersView => Some("View Users"),
|
PermissionGroup::UsersView => Some("View Users"),
|
||||||
PermissionGroup::UsersManage => Some("Manage and invite Users to the Team"),
|
PermissionGroup::UsersManage => Some("Manage and invite Users to the Team"),
|
||||||
PermissionGroup::MerchantDetailsView | PermissionGroup::AccountView => Some("View Merchant Details"),
|
PermissionGroup::AccountView => Some("View Merchant Details"),
|
||||||
PermissionGroup::MerchantDetailsManage | PermissionGroup::AccountManage => Some("Create, modify and delete Merchant Details like api keys, webhooks, etc"),
|
PermissionGroup::AccountManage => Some("Create, modify and delete Merchant Details like api keys, webhooks, etc"),
|
||||||
PermissionGroup::OrganizationManage => Some("Manage organization level tasks like create new Merchant accounts, Organization level roles, etc"),
|
|
||||||
PermissionGroup::ReconReportsView => Some("View reconciliation reports and analytics"),
|
PermissionGroup::ReconReportsView => Some("View reconciliation reports and analytics"),
|
||||||
PermissionGroup::ReconReportsManage => Some("Manage reconciliation reports"),
|
PermissionGroup::ReconReportsManage => Some("Manage reconciliation reports"),
|
||||||
PermissionGroup::ReconOpsView => Some("View and access all reconciliation operations including reports and analytics"),
|
PermissionGroup::ReconOpsView => Some("View and access all reconciliation operations including reports and analytics"),
|
||||||
|
|||||||
@ -20,7 +20,6 @@ impl PermissionGroupExt for PermissionGroup {
|
|||||||
| Self::WorkflowsView
|
| Self::WorkflowsView
|
||||||
| Self::AnalyticsView
|
| Self::AnalyticsView
|
||||||
| Self::UsersView
|
| Self::UsersView
|
||||||
| Self::MerchantDetailsView
|
|
||||||
| Self::AccountView
|
| Self::AccountView
|
||||||
| Self::ReconOpsView
|
| Self::ReconOpsView
|
||||||
| Self::ReconReportsView
|
| Self::ReconReportsView
|
||||||
@ -30,8 +29,6 @@ impl PermissionGroupExt for PermissionGroup {
|
|||||||
| Self::ConnectorsManage
|
| Self::ConnectorsManage
|
||||||
| Self::WorkflowsManage
|
| Self::WorkflowsManage
|
||||||
| Self::UsersManage
|
| Self::UsersManage
|
||||||
| Self::MerchantDetailsManage
|
|
||||||
| Self::OrganizationManage
|
|
||||||
| Self::AccountManage
|
| Self::AccountManage
|
||||||
| Self::ReconOpsManage
|
| Self::ReconOpsManage
|
||||||
| Self::ReconReportsManage
|
| Self::ReconReportsManage
|
||||||
@ -47,11 +44,7 @@ impl PermissionGroupExt for PermissionGroup {
|
|||||||
Self::WorkflowsView | Self::WorkflowsManage => ParentGroup::Workflows,
|
Self::WorkflowsView | Self::WorkflowsManage => ParentGroup::Workflows,
|
||||||
Self::AnalyticsView => ParentGroup::Analytics,
|
Self::AnalyticsView => ParentGroup::Analytics,
|
||||||
Self::UsersView | Self::UsersManage => ParentGroup::Users,
|
Self::UsersView | Self::UsersManage => ParentGroup::Users,
|
||||||
Self::MerchantDetailsView
|
Self::AccountView | Self::AccountManage => ParentGroup::Account,
|
||||||
| Self::OrganizationManage
|
|
||||||
| Self::MerchantDetailsManage
|
|
||||||
| Self::AccountView
|
|
||||||
| Self::AccountManage => ParentGroup::Account,
|
|
||||||
|
|
||||||
Self::ThemeView | Self::ThemeManage => ParentGroup::Theme,
|
Self::ThemeView | Self::ThemeManage => ParentGroup::Theme,
|
||||||
Self::ReconOpsView | Self::ReconOpsManage => ParentGroup::ReconOps,
|
Self::ReconOpsView | Self::ReconOpsManage => ParentGroup::ReconOps,
|
||||||
@ -96,13 +89,6 @@ impl PermissionGroupExt for PermissionGroup {
|
|||||||
Self::ReconReportsView => vec![Self::ReconReportsView],
|
Self::ReconReportsView => vec![Self::ReconReportsView],
|
||||||
Self::ReconReportsManage => vec![Self::ReconReportsView, Self::ReconReportsManage],
|
Self::ReconReportsManage => vec![Self::ReconReportsView, Self::ReconReportsManage],
|
||||||
|
|
||||||
Self::MerchantDetailsView => vec![Self::MerchantDetailsView],
|
|
||||||
Self::MerchantDetailsManage => {
|
|
||||||
vec![Self::MerchantDetailsView, Self::MerchantDetailsManage]
|
|
||||||
}
|
|
||||||
|
|
||||||
Self::OrganizationManage => vec![Self::OrganizationManage],
|
|
||||||
|
|
||||||
Self::AccountView => vec![Self::AccountView],
|
Self::AccountView => vec![Self::AccountView],
|
||||||
Self::AccountManage => vec![Self::AccountView, Self::AccountManage],
|
Self::AccountManage => vec![Self::AccountView, Self::AccountManage],
|
||||||
|
|
||||||
|
|||||||
@ -22,11 +22,8 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
PermissionGroup::OrganizationManage,
|
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconOpsManage,
|
PermissionGroup::ReconOpsManage,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -51,7 +48,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::WorkflowsView,
|
PermissionGroup::WorkflowsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -75,7 +71,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::WorkflowsView,
|
PermissionGroup::WorkflowsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -106,11 +101,8 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
PermissionGroup::OrganizationManage,
|
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconOpsManage,
|
PermissionGroup::ReconOpsManage,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -141,11 +133,8 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
PermissionGroup::OrganizationManage,
|
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconOpsManage,
|
PermissionGroup::ReconOpsManage,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -178,9 +167,7 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconOpsManage,
|
PermissionGroup::ReconOpsManage,
|
||||||
@ -206,7 +193,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::WorkflowsView,
|
PermissionGroup::WorkflowsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -229,7 +215,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_MERCHANT_IAM_ADMIN.to_string(),
|
role_id: consts::user_role::ROLE_ID_MERCHANT_IAM_ADMIN.to_string(),
|
||||||
@ -250,9 +235,7 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::ConnectorsView,
|
PermissionGroup::ConnectorsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -277,7 +260,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::WorkflowsView,
|
PermissionGroup::WorkflowsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconOpsManage,
|
PermissionGroup::ReconOpsManage,
|
||||||
@ -300,7 +282,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::OperationsView,
|
PermissionGroup::OperationsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::ReconOpsView,
|
PermissionGroup::ReconOpsView,
|
||||||
PermissionGroup::ReconReportsView,
|
PermissionGroup::ReconReportsView,
|
||||||
@ -330,9 +311,7 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_PROFILE_ADMIN.to_string(),
|
role_id: consts::user_role::ROLE_ID_PROFILE_ADMIN.to_string(),
|
||||||
@ -354,7 +333,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::WorkflowsView,
|
PermissionGroup::WorkflowsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_PROFILE_VIEW_ONLY.to_string(),
|
role_id: consts::user_role::ROLE_ID_PROFILE_VIEW_ONLY.to_string(),
|
||||||
@ -375,7 +353,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::UsersManage,
|
PermissionGroup::UsersManage,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_PROFILE_IAM_ADMIN.to_string(),
|
role_id: consts::user_role::ROLE_ID_PROFILE_IAM_ADMIN.to_string(),
|
||||||
@ -396,9 +373,7 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::ConnectorsView,
|
PermissionGroup::ConnectorsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
PermissionGroup::MerchantDetailsManage,
|
|
||||||
PermissionGroup::AccountManage,
|
PermissionGroup::AccountManage,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_PROFILE_DEVELOPER.to_string(),
|
role_id: consts::user_role::ROLE_ID_PROFILE_DEVELOPER.to_string(),
|
||||||
@ -421,7 +396,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::WorkflowsView,
|
PermissionGroup::WorkflowsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_PROFILE_OPERATOR.to_string(),
|
role_id: consts::user_role::ROLE_ID_PROFILE_OPERATOR.to_string(),
|
||||||
@ -441,7 +415,6 @@ pub static PREDEFINED_ROLES: LazyLock<HashMap<&'static str, RoleInfo>> = LazyLoc
|
|||||||
PermissionGroup::OperationsView,
|
PermissionGroup::OperationsView,
|
||||||
PermissionGroup::AnalyticsView,
|
PermissionGroup::AnalyticsView,
|
||||||
PermissionGroup::UsersView,
|
PermissionGroup::UsersView,
|
||||||
PermissionGroup::MerchantDetailsView,
|
|
||||||
PermissionGroup::AccountView,
|
PermissionGroup::AccountView,
|
||||||
],
|
],
|
||||||
role_id: consts::user_role::ROLE_ID_PROFILE_CUSTOMER_SUPPORT.to_string(),
|
role_id: consts::user_role::ROLE_ID_PROFILE_CUSTOMER_SUPPORT.to_string(),
|
||||||
|
|||||||
@ -40,9 +40,7 @@ pub fn validate_role_groups(groups: &[PermissionGroup]) -> UserResult<()> {
|
|||||||
|
|
||||||
let unique_groups: HashSet<_> = groups.iter().copied().collect();
|
let unique_groups: HashSet<_> = groups.iter().copied().collect();
|
||||||
|
|
||||||
if unique_groups.contains(&PermissionGroup::OrganizationManage)
|
if unique_groups.contains(&PermissionGroup::InternalManage) {
|
||||||
|| unique_groups.contains(&PermissionGroup::InternalManage)
|
|
||||||
{
|
|
||||||
return Err(report!(UserErrors::InvalidRoleOperation))
|
return Err(report!(UserErrors::InvalidRoleOperation))
|
||||||
.attach_printable("Invalid groups present in the custom role");
|
.attach_printable("Invalid groups present in the custom role");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,2 @@
|
|||||||
|
-- This file should undo anything in `up.sql`
|
||||||
|
SELECT 1;
|
||||||
@ -0,0 +1,12 @@
|
|||||||
|
-- Your SQL goes here
|
||||||
|
UPDATE roles
|
||||||
|
SET groups = array_replace(groups, 'merchant_details_view', 'account_view')
|
||||||
|
WHERE 'merchant_details_view' = ANY(groups);
|
||||||
|
|
||||||
|
UPDATE roles
|
||||||
|
SET groups = array_replace(groups, 'merchant_details_manage', 'account_manage')
|
||||||
|
WHERE 'merchant_details_manage' = ANY(groups);
|
||||||
|
|
||||||
|
UPDATE roles
|
||||||
|
SET groups = array_replace(groups, 'organization_manage', 'account_manage')
|
||||||
|
WHERE 'organization_manage' = ANY(groups);
|
||||||
Reference in New Issue
Block a user