fix(user_roles): Send only same and below Entity Level Users in List Users API (#6147)

2025-11-02 12:06:56 +08:00 · 2024-09-29 18:20:22 +05:30
parent 34a1e2a840
commit 3e3c3261c3
2 changed files with 21 additions and 23 deletions
--- a/crates/router/src/core/user_role.rs
+++ b/crates/router/src/core/user_role.rs
@ -736,6 +736,16 @@ pub async fn list_users_in_lineage(
        }
    };

+    // This filtering is needed because for org level users in V1, merchant_id is present.
+    // Due to this, we get org level users in merchant level users list.
+    let user_roles_set = user_roles_set
+        .into_iter()
+        .filter_map(|user_role| {
+            let (_entity_id, entity_type) = user_role.get_entity_id_and_type()?;
+            (entity_type <= requestor_role_info.get_entity_type()).then_some(user_role)
+        })
+        .collect::<HashSet<_>>();
+
    let mut email_map = state
        .global_store
        .find_users_by_user_ids(
--- a/crates/router/src/utils/user_role.rs
+++ b/crates/router/src/utils/user_role.rs
@ -1,4 +1,4 @@
-use std::collections::HashSet;
+use std::{cmp, collections::HashSet};

 use api_models::user_role as user_role_api;
 use common_enums::{EntityType, PermissionGroup};
@ -418,28 +418,16 @@ pub fn get_min_entity(
    user_entity: EntityType,
    filter_entity: Option<EntityType>,
 ) -> UserResult<EntityType> {
-    match (user_entity, filter_entity) {
-        (EntityType::Organization, None)
-        | (EntityType::Organization, Some(EntityType::Organization)) => {
-            Ok(EntityType::Organization)
-        }
+    let Some(filter_entity) = filter_entity else {
+        return Ok(user_entity);
+    };

-        (EntityType::Merchant, None)
-        | (EntityType::Organization, Some(EntityType::Merchant))
-        | (EntityType::Merchant, Some(EntityType::Merchant)) => Ok(EntityType::Merchant),
-
-        (EntityType::Profile, None)
-        | (EntityType::Organization, Some(EntityType::Profile))
-        | (EntityType::Merchant, Some(EntityType::Profile))
-        | (EntityType::Profile, Some(EntityType::Profile)) => Ok(EntityType::Profile),
-
-        (EntityType::Merchant, Some(EntityType::Organization))
-        | (EntityType::Profile, Some(EntityType::Organization))
-        | (EntityType::Profile, Some(EntityType::Merchant)) => {
-            Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
-                "{} level user requesting data for {:?} level",
-                user_entity, filter_entity
-            ))
-        }
+    if user_entity < filter_entity {
+        return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
+            "{} level user requesting data for {:?} level",
+            user_entity, filter_entity
+        ));
    }
+
+    Ok(cmp::min(user_entity, filter_entity))
 }