mirror of
https://github.com/juspay/hyperswitch.git
synced 2025-11-03 21:37:41 +08:00
feat(users): New profile level roles (#5843)
Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
This commit is contained in:
Mani Chandra
@ -419,7 +419,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -465,7 +465,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -545,7 +545,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -591,7 +591,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -671,7 +671,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -717,7 +717,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -931,7 +931,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -967,7 +967,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1056,7 +1056,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1092,7 +1092,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1179,7 +1179,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1213,7 +1213,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1245,7 +1245,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1776,7 +1776,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1808,7 +1808,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1851,7 +1851,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1894,7 +1894,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1961,7 +1961,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -1990,7 +1990,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -2077,7 +2077,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -2116,7 +2116,7 @@ pub mod routes {
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::Analytics,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Organization,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
|
||||
@ -5,6 +5,13 @@ pub const ROLE_ID_MERCHANT_IAM_ADMIN: &str = "merchant_iam_admin";
|
||||
pub const ROLE_ID_MERCHANT_DEVELOPER: &str = "merchant_developer";
|
||||
pub const ROLE_ID_MERCHANT_OPERATOR: &str = "merchant_operator";
|
||||
pub const ROLE_ID_MERCHANT_CUSTOMER_SUPPORT: &str = "merchant_customer_support";
|
||||
|
||||
pub const ROLE_ID_PROFILE_ADMIN: &str = "profile_admin";
|
||||
pub const ROLE_ID_PROFILE_VIEW_ONLY: &str = "profile_view_only";
|
||||
pub const ROLE_ID_PROFILE_IAM_ADMIN: &str = "profile_iam_admin";
|
||||
pub const ROLE_ID_PROFILE_DEVELOPER: &str = "profile_developer";
|
||||
pub const ROLE_ID_PROFILE_OPERATOR: &str = "profile_operator";
|
||||
pub const ROLE_ID_PROFILE_CUSTOMER_SUPPORT: &str = "profile_customer_support";
|
||||
|
||||
pub const INTERNAL_USER_MERCHANT_ID: &str = "juspay000";
|
||||
pub const MAX_ROLE_NAME_LENGTH: usize = 64;
|
||||
|
||||
@ -2652,6 +2652,7 @@ pub async fn create_connector(
|
||||
state: SessionState,
|
||||
req: api::MerchantConnectorCreate,
|
||||
merchant_account: domain::MerchantAccount,
|
||||
auth_profile_id: Option<id_type::ProfileId>,
|
||||
key_store: domain::MerchantKeyStore,
|
||||
) -> RouterResponse<api_models::admin::MerchantConnectorResponse> {
|
||||
let store = state.store.as_ref();
|
||||
@ -2683,6 +2684,8 @@ pub async fn create_connector(
|
||||
.validate_and_get_business_profile(&merchant_account, store, key_manager_state, &key_store)
|
||||
.await?;
|
||||
|
||||
core_utils::validate_profile_id_from_auth_layer(auth_profile_id, &business_profile)?;
|
||||
|
||||
let pm_auth_config_validation = PMAuthConfigValidation {
|
||||
connector_type: &req.connector_type,
|
||||
pm_auth_config: &req.pm_auth_config,
|
||||
|
||||
@ -226,14 +226,20 @@ pub async fn connector_create(
|
||||
&req,
|
||||
payload,
|
||||
|state, auth_data, req, _| {
|
||||
create_connector(state, req, auth_data.merchant_account, auth_data.key_store)
|
||||
create_connector(
|
||||
state,
|
||||
req,
|
||||
auth_data.merchant_account,
|
||||
auth_data.profile_id,
|
||||
auth_data.key_store,
|
||||
)
|
||||
},
|
||||
auth::auth_type(
|
||||
&auth::AdminApiAuthWithMerchantIdFromRoute(merchant_id.clone()),
|
||||
&auth::JWTAuthMerchantFromRoute {
|
||||
merchant_id: merchant_id.clone(),
|
||||
required_permission: Permission::MerchantConnectorAccountWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
@ -259,7 +265,13 @@ pub async fn connector_create(
|
||||
&req,
|
||||
payload,
|
||||
|state, auth_data, req, _| {
|
||||
create_connector(state, req, auth_data.merchant_account, auth_data.key_store)
|
||||
create_connector(
|
||||
state,
|
||||
req,
|
||||
auth_data.merchant_account,
|
||||
None,
|
||||
auth_data.key_store,
|
||||
)
|
||||
},
|
||||
auth::auth_type(
|
||||
&auth::AdminApiAuthWithMerchantIdFromHeader,
|
||||
@ -526,7 +538,7 @@ pub async fn connector_update(
|
||||
&auth::JWTAuthMerchantFromRoute {
|
||||
merchant_id: merchant_id.clone(),
|
||||
required_permission: Permission::MerchantConnectorAccountWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
@ -889,8 +901,8 @@ pub async fn business_profile_update(
|
||||
&auth::JWTAuthMerchantAndProfileFromRoute {
|
||||
merchant_id: merchant_id.clone(),
|
||||
profile_id: profile_id.clone(),
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
required_permission: Permission::MerchantAccountWrite,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
|
||||
@ -666,14 +666,14 @@ pub async fn list_countries_currencies_for_connector_payment_method(
|
||||
&auth::HeaderAuth(auth::ApiKeyAuth),
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::MerchantConnectorAccountWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
#[cfg(feature = "release")]
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::MerchantConnectorAccountWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
|
||||
@ -45,14 +45,14 @@ pub async fn routing_create_config(
|
||||
&auth::HeaderAuth(auth::ApiKeyAuth),
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
#[cfg(feature = "release")]
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -88,14 +88,14 @@ pub async fn routing_link_config(
|
||||
&auth::HeaderAuth(auth::ApiKeyAuth),
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
#[cfg(feature = "release")]
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -352,14 +352,14 @@ pub async fn routing_unlink_config(
|
||||
&auth::HeaderAuth(auth::ApiKeyAuth),
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
#[cfg(feature = "release")]
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -478,7 +478,7 @@ pub async fn routing_retrieve_default_config(
|
||||
&auth::JWTAuthProfileFromRoute {
|
||||
profile_id: path,
|
||||
required_permission: Permission::RoutingRead,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
@ -486,7 +486,7 @@ pub async fn routing_retrieve_default_config(
|
||||
&auth::JWTAuthProfileFromRoute {
|
||||
profile_id: path,
|
||||
required_permission: Permission::RoutingRead,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -963,7 +963,7 @@ pub async fn routing_update_default_config_for_profile(
|
||||
&auth::JWTAuthProfileFromRoute {
|
||||
profile_id: routing_payload_wrapper.profile_id,
|
||||
required_permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
req.headers(),
|
||||
),
|
||||
@ -971,7 +971,7 @@ pub async fn routing_update_default_config_for_profile(
|
||||
&auth::JWTAuthProfileFromRoute {
|
||||
profile_id: routing_payload_wrapper.profile_id,
|
||||
required_permission: Permission::RoutingWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
|
||||
@ -177,7 +177,7 @@ pub async fn set_dashboard_metadata(
|
||||
user_core::dashboard_metadata::set_metadata,
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::MerchantAccountWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -365,7 +365,7 @@ pub async fn list_user_roles_details(
|
||||
user_core::list_user_roles_details,
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersRead,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -468,7 +468,7 @@ pub async fn invite_multiple_user(
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -494,7 +494,7 @@ pub async fn resend_invite(
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
|
||||
@ -114,7 +114,7 @@ pub async fn get_role(
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersRead,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -160,7 +160,7 @@ pub async fn update_user_role(
|
||||
user_role_core::update_user_role,
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -261,7 +261,7 @@ pub async fn delete_user_role(
|
||||
user_role_core::delete_user_role,
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersWrite,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -284,7 +284,8 @@ pub async fn get_role_information(
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersRead,
|
||||
minimum_entity_level: EntityType::Merchant},
|
||||
minimum_entity_level: EntityType::Profile
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
.await
|
||||
@ -318,7 +319,7 @@ pub async fn list_roles_with_info(state: web::Data<AppState>, req: HttpRequest)
|
||||
|state, user_from_token, _, _| role_core::list_roles_with_info(state, user_from_token),
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersRead,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -347,7 +348,7 @@ pub async fn list_invitable_roles_at_entity_level(
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersRead,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
@ -376,7 +377,7 @@ pub async fn list_updatable_roles_at_entity_level(
|
||||
},
|
||||
&auth::JWTAuth {
|
||||
permission: Permission::UsersRead,
|
||||
minimum_entity_level: EntityType::Merchant,
|
||||
minimum_entity_level: EntityType::Profile,
|
||||
},
|
||||
api_locking::LockAction::NotApplicable,
|
||||
))
|
||||
|
||||
@ -8,6 +8,8 @@ use crate::consts;
|
||||
|
||||
pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|| {
|
||||
let mut roles = HashMap::new();
|
||||
|
||||
// Internal Roles
|
||||
roles.insert(
|
||||
common_utils::consts::ROLE_ID_INTERNAL_ADMIN,
|
||||
RoleInfo {
|
||||
@ -58,6 +60,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
},
|
||||
);
|
||||
|
||||
// Merchant Roles
|
||||
roles.insert(
|
||||
common_utils::consts::ROLE_ID_ORGANIZATION_ADMIN,
|
||||
RoleInfo {
|
||||
@ -106,7 +109,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
PermissionGroup::ReconOps,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_MERCHANT_ADMIN.to_string(),
|
||||
role_name: "admin".to_string(),
|
||||
role_name: "merchant_admin".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Merchant,
|
||||
is_invitable: true,
|
||||
@ -127,7 +130,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_MERCHANT_VIEW_ONLY.to_string(),
|
||||
role_name: "view_only".to_string(),
|
||||
role_name: "merchant_view_only".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Merchant,
|
||||
is_invitable: true,
|
||||
@ -147,7 +150,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_MERCHANT_IAM_ADMIN.to_string(),
|
||||
role_name: "iam".to_string(),
|
||||
role_name: "merchant_iam".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Merchant,
|
||||
is_invitable: true,
|
||||
@ -168,7 +171,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
PermissionGroup::MerchantDetailsManage,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_MERCHANT_DEVELOPER.to_string(),
|
||||
role_name: "developer".to_string(),
|
||||
role_name: "merchant_developer".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Merchant,
|
||||
is_invitable: true,
|
||||
@ -190,7 +193,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_MERCHANT_OPERATOR.to_string(),
|
||||
role_name: "operator".to_string(),
|
||||
role_name: "merchant_operator".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Merchant,
|
||||
is_invitable: true,
|
||||
@ -218,17 +221,129 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
|
||||
is_internal: false,
|
||||
},
|
||||
);
|
||||
|
||||
// Profile Roles
|
||||
roles.insert(
|
||||
consts::user_role::ROLE_ID_PROFILE_CUSTOMER_SUPPORT,
|
||||
consts::user_role::ROLE_ID_PROFILE_ADMIN,
|
||||
RoleInfo {
|
||||
groups: vec![
|
||||
PermissionGroup::OperationsView,
|
||||
PermissionGroup::OperationsManage,
|
||||
PermissionGroup::ConnectorsView,
|
||||
PermissionGroup::ConnectorsManage,
|
||||
PermissionGroup::WorkflowsView,
|
||||
PermissionGroup::WorkflowsManage,
|
||||
PermissionGroup::AnalyticsView,
|
||||
PermissionGroup::UsersView,
|
||||
PermissionGroup::UsersManage,
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
PermissionGroup::MerchantDetailsManage,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_PROFILE_ADMIN.to_string(),
|
||||
role_name: "profile_admin".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Profile,
|
||||
is_invitable: true,
|
||||
is_deletable: true,
|
||||
is_updatable: true,
|
||||
is_internal: false,
|
||||
},
|
||||
);
|
||||
roles.insert(
|
||||
consts::user_role::ROLE_ID_PROFILE_VIEW_ONLY,
|
||||
RoleInfo {
|
||||
groups: vec![
|
||||
PermissionGroup::OperationsView,
|
||||
PermissionGroup::ConnectorsView,
|
||||
PermissionGroup::WorkflowsView,
|
||||
PermissionGroup::AnalyticsView,
|
||||
PermissionGroup::UsersView,
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_PROFILE_VIEW_ONLY.to_string(),
|
||||
role_name: "profile_view_only".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Profile,
|
||||
is_invitable: true,
|
||||
is_deletable: true,
|
||||
is_updatable: true,
|
||||
is_internal: false,
|
||||
},
|
||||
);
|
||||
roles.insert(
|
||||
consts::user_role::ROLE_ID_PROFILE_IAM_ADMIN,
|
||||
RoleInfo {
|
||||
groups: vec![
|
||||
PermissionGroup::OperationsView,
|
||||
PermissionGroup::AnalyticsView,
|
||||
PermissionGroup::UsersView,
|
||||
PermissionGroup::UsersManage,
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_PROFILE_IAM_ADMIN.to_string(),
|
||||
role_name: "profile_iam".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Profile,
|
||||
is_invitable: true,
|
||||
is_deletable: true,
|
||||
is_updatable: true,
|
||||
is_internal: false,
|
||||
},
|
||||
);
|
||||
roles.insert(
|
||||
consts::user_role::ROLE_ID_PROFILE_DEVELOPER,
|
||||
RoleInfo {
|
||||
groups: vec![
|
||||
PermissionGroup::OperationsView,
|
||||
PermissionGroup::ConnectorsView,
|
||||
PermissionGroup::AnalyticsView,
|
||||
PermissionGroup::UsersView,
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
PermissionGroup::MerchantDetailsManage,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_PROFILE_DEVELOPER.to_string(),
|
||||
role_name: "profile_developer".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Profile,
|
||||
is_invitable: true,
|
||||
is_deletable: true,
|
||||
is_updatable: true,
|
||||
is_internal: false,
|
||||
},
|
||||
);
|
||||
roles.insert(
|
||||
consts::user_role::ROLE_ID_PROFILE_OPERATOR,
|
||||
RoleInfo {
|
||||
groups: vec![
|
||||
PermissionGroup::OperationsView,
|
||||
PermissionGroup::OperationsManage,
|
||||
PermissionGroup::ConnectorsView,
|
||||
PermissionGroup::WorkflowsView,
|
||||
PermissionGroup::AnalyticsView,
|
||||
PermissionGroup::UsersView,
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_PROFILE_OPERATOR.to_string(),
|
||||
role_name: "profile_operator".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Profile,
|
||||
is_invitable: true,
|
||||
is_deletable: true,
|
||||
is_updatable: true,
|
||||
is_internal: false,
|
||||
},
|
||||
);
|
||||
roles.insert(
|
||||
consts::user_role::ROLE_ID_PROFILE_CUSTOMER_SUPPORT,
|
||||
RoleInfo {
|
||||
groups: vec![
|
||||
PermissionGroup::OperationsView,
|
||||
PermissionGroup::AnalyticsView,
|
||||
PermissionGroup::UsersView,
|
||||
PermissionGroup::MerchantDetailsView,
|
||||
],
|
||||
role_id: consts::user_role::ROLE_ID_PROFILE_CUSTOMER_SUPPORT.to_string(),
|
||||
role_name: "profile_support".to_string(),
|
||||
role_name: "profile_customer_support".to_string(),
|
||||
scope: RoleScope::Organization,
|
||||
entity_type: EntityType::Profile,
|
||||
is_invitable: true,
|
||||
|
||||
Reference in New Issue
Block a user