rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-29 00:49:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor(permissions): Remove permissions for utility APIs (#3730)

Browse Source 
Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
This commit is contained in:
Mani Chandra
2024-02-21 12:50:42 +05:30
committed by GitHub
parent f3b90ee17f
commit 4ae28e48cd
18 changed files with 179 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
crates/api_models/src/user_role.rs
View File

@ -29,7 +29,6 @@ pub enum Permission {
MerchantAccountWrite, MerchantAccountWrite,
MerchantConnectorAccountRead, MerchantConnectorAccountRead,
MerchantConnectorAccountWrite, MerchantConnectorAccountWrite,
ForexRead,
RoutingRead, RoutingRead,
RoutingWrite, RoutingWrite,
DisputeRead, DisputeRead,
@ -38,8 +37,6 @@ pub enum Permission {
MandateWrite, MandateWrite,
CustomerRead, CustomerRead,
CustomerWrite, CustomerWrite,
FileRead,
FileWrite,
Analytics, Analytics,
ThreeDsDecisionManagerWrite, ThreeDsDecisionManagerWrite,
ThreeDsDecisionManagerRead, ThreeDsDecisionManagerRead,
@ -55,14 +52,12 @@ pub enum PermissionModule {
Payments, Payments,
Refunds, Refunds,
MerchantAccount, MerchantAccount,
Forex,
Connectors, Connectors,
Routing, Routing,
Analytics, Analytics,
Mandates, Mandates,
Customer, Customer,
Disputes, Disputes,
Files,
ThreeDsDecisionManager, ThreeDsDecisionManager,
SurchargeDecisionManager, SurchargeDecisionManager,
AccountCreate, AccountCreate,

48
crates/common_enums/src/enums.rs
View File

@ -2167,3 +2167,51 @@ pub enum ConnectorStatus {
Inactive, Inactive,
Active, Active,
} }
#[derive(
Clone,
Copy,
Debug,
Eq,
PartialEq,
serde::Deserialize,
serde::Serialize,
strum::Display,
strum::EnumString,
)]
#[router_derive::diesel_enum(storage_type = "db_enum")]
#[serde(rename_all = "snake_case")]
#[strum(serialize_all = "snake_case")]
pub enum RoleScope {
Merchant,
Organization,
}
#[derive(
Clone,
Copy,
Debug,
Eq,
PartialEq,
serde::Serialize,
serde::Deserialize,
strum::Display,
strum::EnumString,
)]
#[router_derive::diesel_enum(storage_type = "text")]
#[serde(rename_all = "snake_case")]
#[strum(serialize_all = "snake_case")]
pub enum PermissionGroup {
OperationsView,
OperationsManage,
ConnectorsView,
ConnectorsManage,
WorkflowsView,
WorkflowsManage,
AnalyticsView,
UsersView,
UsersManage,
MerchantDetailsView,
MerchantDetailsManage,
OrganizationManage,
}

50
crates/diesel_models/src/enums.rs
View File

@ -501,53 +501,3 @@ pub enum DashboardMetadata {
IsMultipleConfiguration, IsMultipleConfiguration,
IsChangePasswordRequired, IsChangePasswordRequired,
} }
#[derive(
Clone,
Copy,
Debug,
Eq,
PartialEq,
serde::Deserialize,
serde::Serialize,
strum::Display,
strum::EnumString,
frunk::LabelledGeneric,
)]
#[diesel_enum(storage_type = "db_enum")]
#[serde(rename_all = "snake_case")]
#[strum(serialize_all = "snake_case")]
pub enum RoleScope {
Merchant,
Organization,
}
#[derive(
Clone,
Copy,
Debug,
Eq,
PartialEq,
serde::Serialize,
serde::Deserialize,
strum::Display,
strum::EnumString,
frunk::LabelledGeneric,
)]
#[diesel_enum(storage_type = "text")]
#[serde(rename_all = "snake_case")]
#[strum(serialize_all = "snake_case")]
pub enum PermissionGroup {
OperationsView,
OperationsManage,
ConnectorsView,
ConnectorsManage,
WorkflowsView,
WorkflowsManage,
AnalyticsView,
UsersView,
UsersManage,
MerchantDetailsView,
MerchantDetailsManage,
OrganizationManage,
}

17
crates/diesel_models/src/query/role.rs
View File

@ -21,6 +21,23 @@ impl Role {
.await .await
} }
pub async fn find_by_role_id_in_merchant_scope(
conn: &PgPooledConn,
role_id: &str,
merchant_id: &str,
org_id: &str,
) -> StorageResult<Self> {
generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
conn,
dsl::role_id.eq(role_id.to_owned()).and(
dsl::merchant_id.eq(merchant_id.to_owned()).or(dsl::org_id
.eq(org_id.to_owned())
.and(dsl::scope.eq(RoleScope::Organization))),
),
)
.await
}
pub async fn update_by_role_id( pub async fn update_by_role_id(
conn: &PgPooledConn, conn: &PgPooledConn,
role_id: &str, role_id: &str,

8
crates/router/src/core/user.rs
View File

@ -617,9 +617,9 @@ async fn handle_invitation(
user_from_token: &auth::UserFromToken, user_from_token: &auth::UserFromToken,
request: &user_api::InviteUserRequest, request: &user_api::InviteUserRequest,
) -> UserResult<InviteMultipleUserResponse> { ) -> UserResult<InviteMultipleUserResponse> {
let inviter_user = user_from_token.get_user(state).await?; let inviter_user = user_from_token.get_user_from_db(state).await?;
if inviter_user.email == request.email { if inviter_user.get_email() == request.email {
return Err(UserErrors::InvalidRoleOperationWithMessage( return Err(UserErrors::InvalidRoleOperationWithMessage(
"User Inviting themselves".to_string(), "User Inviting themselves".to_string(),
) )
@ -926,7 +926,7 @@ pub async fn switch_merchant_id(
.filter(|role| role.status == UserStatus::Active) .filter(|role| role.status == UserStatus::Active)
.collect::<Vec<_>>(); .collect::<Vec<_>>();
let user = user_from_token.get_user(&state).await?.into(); let user = user_from_token.get_user_from_db(&state).await?;
let (token, role_id) = if utils::user_role::is_internal_role(&user_from_token.role_id) { let (token, role_id) = if utils::user_role::is_internal_role(&user_from_token.role_id) {
let key_store = state let key_store = state
@ -995,7 +995,7 @@ pub async fn create_merchant_account(
user_from_token: auth::UserFromToken, user_from_token: auth::UserFromToken,
req: user_api::UserMerchantCreate, req: user_api::UserMerchantCreate,
) -> UserResponse<()> { ) -> UserResponse<()> {
let user_from_db: domain::UserFromStorage = user_from_token.get_user(&state).await?.into(); let user_from_db = user_from_token.get_user_from_db(&state).await?;
let new_user = domain::NewUser::try_from((user_from_db, req, user_from_token))?; let new_user = domain::NewUser::try_from((user_from_db, req, user_from_token))?;
let new_merchant = new_user.get_new_merchant(); let new_merchant = new_user.get_new_merchant();

4
crates/router/src/core/user/dashboard_metadata.rs
View File

@ -459,8 +459,8 @@ async fn insert_metadata(
#[cfg(feature = "email")] #[cfg(feature = "email")]
{ {
let user_data = user.get_user(state).await?; let user_data = user.get_user_from_db(state).await?;
let user_email = domain::UserEmail::from_pii_email(user_data.email.clone()) let user_email = domain::UserEmail::from_pii_email(user_data.get_email())
.change_context(UserErrors::InternalServerError)? .change_context(UserErrors::InternalServerError)?
.get_secret() .get_secret()
.expose(); .expose();

2
crates/router/src/core/user_role.rs
View File

@ -172,7 +172,7 @@ pub async fn transfer_org_ownership(
auth::blacklist::insert_user_in_blacklist(&state, user_to_be_updated.get_user_id()).await?; auth::blacklist::insert_user_in_blacklist(&state, user_to_be_updated.get_user_id()).await?;
auth::blacklist::insert_user_in_blacklist(&state, &user_from_token.user_id).await?; auth::blacklist::insert_user_in_blacklist(&state, &user_from_token.user_id).await?;
let user_from_db = domain::UserFromStorage::from(user_from_token.get_user(&state).await?); let user_from_db = user_from_token.get_user_from_db(&state).await?;
let user_role = user_from_db let user_role = user_from_db
.get_role_from_db_by_merchant_id(&state, &user_from_token.merchant_id) .get_role_from_db_by_merchant_id(&state, &user_from_token.merchant_id)
.await .await

11
crates/router/src/db/kafka_store.rs
View File

@ -2274,6 +2274,17 @@ impl RoleInterface for KafkaStore {
self.diesel_store.find_role_by_role_id(role_id).await self.diesel_store.find_role_by_role_id(role_id).await
} }
async fn find_role_by_role_id_in_merchant_scope(
&self,
role_id: &str,
merchant_id: &str,
org_id: &str,
) -> CustomResult<storage::Role, errors::StorageError> {
self.diesel_store
.find_role_by_role_id_in_merchant_scope(role_id, merchant_id, org_id)
.await
}
async fn update_role_by_role_id( async fn update_role_by_role_id(
&self, &self,
role_id: &str, role_id: &str,

45
crates/router/src/db/role.rs
View File

@ -1,3 +1,4 @@
use common_enums::enums;
use diesel_models::role as storage; use diesel_models::role as storage;
use error_stack::{IntoReport, ResultExt}; use error_stack::{IntoReport, ResultExt};
@ -20,6 +21,13 @@ pub trait RoleInterface {
role_id: &str, role_id: &str,
) -> CustomResult<storage::Role, errors::StorageError>; ) -> CustomResult<storage::Role, errors::StorageError>;
async fn find_role_by_role_id_in_merchant_scope(
&self,
role_id: &str,
merchant_id: &str,
org_id: &str,
) -> CustomResult<storage::Role, errors::StorageError>;
async fn update_role_by_role_id( async fn update_role_by_role_id(
&self, &self,
role_id: &str, role_id: &str,
@ -59,6 +67,19 @@ impl RoleInterface for Store {
.into_report() .into_report()
} }
async fn find_role_by_role_id_in_merchant_scope(
&self,
role_id: &str,
merchant_id: &str,
org_id: &str,
) -> CustomResult<storage::Role, errors::StorageError> {
let conn = connection::pg_connection_write(self).await?;
storage::Role::find_by_role_id_in_merchant_scope(&conn, role_id, merchant_id, org_id)
.await
.map_err(Into::into)
.into_report()
}
async fn update_role_by_role_id( async fn update_role_by_role_id(
&self, &self,
role_id: &str, role_id: &str,
@ -149,6 +170,30 @@ impl RoleInterface for MockDb {
) )
} }
async fn find_role_by_role_id_in_merchant_scope(
&self,
role_id: &str,
merchant_id: &str,
org_id: &str,
) -> CustomResult<storage::Role, errors::StorageError> {
let roles = self.roles.lock().await;
roles
.iter()
.find(|role| {
role.role_id == role_id
&& (role.merchant_id == merchant_id
|| (role.org_id == org_id && role.scope == enums::RoleScope::Organization))
})
.cloned()
.ok_or(
errors::StorageError::ValueNotFound(format!(
"No role available in merchant scope for role_id = {role_id}, \
merchant_id = {merchant_id} and org_id = {org_id}"
))
.into(),
)
}
async fn update_role_by_role_id( async fn update_role_by_role_id(
&self, &self,
role_id: &str, role_id: &str,

6
crates/router/src/routes/currency.rs
View File

@ -4,7 +4,7 @@ use router_env::Flow;
use crate::{ use crate::{
core::{api_locking, currency}, core::{api_locking, currency},
routes::AppState, routes::AppState,
services::{api, authentication as auth, authorization::permissions::Permission}, services::{api, authentication as auth},
}; };
pub async fn retrieve_forex(state: web::Data<AppState>, req: HttpRequest) -> HttpResponse { pub async fn retrieve_forex(state: web::Data<AppState>, req: HttpRequest) -> HttpResponse {
@ -17,7 +17,7 @@ pub async fn retrieve_forex(state: web::Data<AppState>, req: HttpRequest) -> Htt
|state, _auth: auth::AuthenticationData, _| currency::retrieve_forex(state), |state, _auth: auth::AuthenticationData, _| currency::retrieve_forex(state),
auth::auth_type( auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::ForexRead), &auth::DashboardNoPermissionAuth,
req.headers(), req.headers(),
), ),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
@ -49,7 +49,7 @@ pub async fn convert_forex(
}, },
auth::auth_type( auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::ForexRead), &auth::DashboardNoPermissionAuth,
req.headers(), req.headers(),
), ),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,

8
crates/router/src/routes/files.rs
View File

@ -2,7 +2,7 @@ use actix_multipart::Multipart;
use actix_web::{web, HttpRequest, HttpResponse}; use actix_web::{web, HttpRequest, HttpResponse};
use router_env::{instrument, tracing, Flow}; use router_env::{instrument, tracing, Flow};
use crate::{core::api_locking, services::authorization::permissions::Permission}; use crate::core::api_locking;
pub mod transformers; pub mod transformers;
use super::app::AppState; use super::app::AppState;
@ -47,7 +47,7 @@ pub async fn files_create(
|state, auth, req| files_create_core(state, auth.merchant_account, auth.key_store, req), |state, auth, req| files_create_core(state, auth.merchant_account, auth.key_store, req),
auth::auth_type( auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::FileWrite), &auth::DashboardNoPermissionAuth,
req.headers(), req.headers(),
), ),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
@ -89,7 +89,7 @@ pub async fn files_delete(
|state, auth, req| files_delete_core(state, auth.merchant_account, req), |state, auth, req| files_delete_core(state, auth.merchant_account, req),
auth::auth_type( auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::FileWrite), &auth::DashboardNoPermissionAuth,
req.headers(), req.headers(),
), ),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
@ -131,7 +131,7 @@ pub async fn files_retrieve(
|state, auth, req| files_retrieve_core(state, auth.merchant_account, auth.key_store, req), |state, auth, req| files_retrieve_core(state, auth.merchant_account, auth.key_store, req),
auth::auth_type( auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::FileRead), &auth::DashboardNoPermissionAuth,
req.headers(), req.headers(),
), ),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,

42
crates/router/src/services/authentication.rs
View File

@ -749,6 +749,48 @@ where
} }
} }
#[async_trait]
impl<A> AuthenticateAndFetch<AuthenticationData, A> for DashboardNoPermissionAuth
where
A: AppStateInfo + Sync,
{
async fn authenticate_and_fetch(
&self,
request_headers: &HeaderMap,
state: &A,
) -> RouterResult<(AuthenticationData, AuthenticationType)> {
let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
let key_store = state
.store()
.get_merchant_key_store_by_merchant_id(
&payload.merchant_id,
&state.store().get_master_key().to_vec().into(),
)
.await
.change_context(errors::ApiErrorResponse::Unauthorized)
.attach_printable("Failed to fetch merchant key store for the merchant id")?;
let merchant = state
.store()
.find_merchant_account_by_merchant_id(&payload.merchant_id, &key_store)
.await
.to_not_found_response(errors::ApiErrorResponse::Unauthorized)?;
let auth = AuthenticationData {
merchant_account: merchant,
key_store,
};
Ok((
auth.clone(),
AuthenticationType::MerchantJwt {
merchant_id: auth.merchant_account.merchant_id.clone(),
user_id: Some(payload.user_id),
},
))
}
}
pub trait ClientSecretFetch { pub trait ClientSecretFetch {
fn get_client_secret(&self) -> Option<&String>; fn get_client_secret(&self) -> Option<&String>;
} }

14
crates/router/src/services/authorization/info.rs
View File

@ -31,13 +31,11 @@ pub enum PermissionModule {
Refunds, Refunds,
MerchantAccount, MerchantAccount,
Connectors, Connectors,
Forex,
Routing, Routing,
Analytics, Analytics,
Mandates, Mandates,
Customer, Customer,
Disputes, Disputes,
Files,
ThreeDsDecisionManager, ThreeDsDecisionManager,
SurchargeDecisionManager, SurchargeDecisionManager,
AccountCreate, AccountCreate,
@ -51,12 +49,10 @@ impl PermissionModule {
Self::MerchantAccount => "Accounts module permissions allow the user to view and update account details, configure webhooks and much more", Self::MerchantAccount => "Accounts module permissions allow the user to view and update account details, configure webhooks and much more",
Self::Connectors => "All connector related actions - like configuring new connectors, viewing and updating connector configuration lies with this module", Self::Connectors => "All connector related actions - like configuring new connectors, viewing and updating connector configuration lies with this module",
Self::Routing => "All actions related to new, active, and past routing stacks take place here", Self::Routing => "All actions related to new, active, and past routing stacks take place here",
Self::Forex => "Forex module permissions allow the user to view and query the forex rates",
Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.", Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.",
Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module", Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module",
Self::Customer => "Everything related to customers - like creating and viewing customer related information are within this module", Self::Customer => "Everything related to customers - like creating and viewing customer related information are within this module",
Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module", Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
Self::Files => "Permissions for uploading, deleting and viewing files for disputes",
Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant", Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
Self::SurchargeDecisionManager =>"View and configure surcharge decision rules configured for a merchant", Self::SurchargeDecisionManager =>"View and configure surcharge decision rules configured for a merchant",
Self::AccountCreate => "Create new account within your organization" Self::AccountCreate => "Create new account within your organization"
@ -108,11 +104,6 @@ impl ModuleInfo {
Permission::MerchantConnectorAccountWrite, Permission::MerchantConnectorAccountWrite,
]), ]),
}, },
PermissionModule::Forex => Self {
module: module_name,
description,
permissions: PermissionInfo::new(&[Permission::ForexRead]),
},
PermissionModule::Routing => Self { PermissionModule::Routing => Self {
module: module_name, module: module_name,
description, description,
@ -150,11 +141,6 @@ impl ModuleInfo {
Permission::DisputeWrite, Permission::DisputeWrite,
]), ]),
}, },
PermissionModule::Files => Self {
module: module_name,
description,
permissions: PermissionInfo::new(&[Permission::FileRead, Permission::FileWrite]),
},
PermissionModule::ThreeDsDecisionManager => Self { PermissionModule::ThreeDsDecisionManager => Self {
module: module_name, module: module_name,
description, description,

6
crates/router/src/services/authorization/permissions.rs
View File

@ -12,7 +12,6 @@ pub enum Permission {
MerchantAccountWrite, MerchantAccountWrite,
MerchantConnectorAccountRead, MerchantConnectorAccountRead,
MerchantConnectorAccountWrite, MerchantConnectorAccountWrite,
ForexRead,
RoutingRead, RoutingRead,
RoutingWrite, RoutingWrite,
DisputeRead, DisputeRead,
@ -21,8 +20,6 @@ pub enum Permission {
MandateWrite, MandateWrite,
CustomerRead, CustomerRead,
CustomerWrite, CustomerWrite,
FileRead,
FileWrite,
Analytics, Analytics,
ThreeDsDecisionManagerWrite, ThreeDsDecisionManagerWrite,
ThreeDsDecisionManagerRead, ThreeDsDecisionManagerRead,
@ -50,7 +47,6 @@ impl Permission {
Self::MerchantConnectorAccountWrite => { Self::MerchantConnectorAccountWrite => {
"Create, update, verify and delete connector configurations" "Create, update, verify and delete connector configurations"
} }
Self::ForexRead => "Query Forex data",
Self::RoutingRead => "View routing configuration", Self::RoutingRead => "View routing configuration",
Self::RoutingWrite => "Create and activate routing configurations", Self::RoutingWrite => "Create and activate routing configurations",
Self::DisputeRead => "View disputes", Self::DisputeRead => "View disputes",
@ -59,8 +55,6 @@ impl Permission {
Self::MandateWrite => "Create and update mandates", Self::MandateWrite => "Create and update mandates",
Self::CustomerRead => "View customers", Self::CustomerRead => "View customers",
Self::CustomerWrite => "Create, update and delete customers", Self::CustomerWrite => "Create, update and delete customers",
Self::FileRead => "View files",
Self::FileWrite => "Create, update and delete files",
Self::Analytics => "Access to analytics module", Self::Analytics => "Access to analytics module",
Self::ThreeDsDecisionManagerWrite => "Create and update 3DS decision rules", Self::ThreeDsDecisionManagerWrite => "Create and update 3DS decision rules",
Self::ThreeDsDecisionManagerRead => { Self::ThreeDsDecisionManagerRead => {

22
crates/router/src/services/authorization/predefined_permissions.rs
View File

@ -50,7 +50,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantConnectorAccountWrite, Permission::MerchantConnectorAccountWrite,
Permission::RoutingRead, Permission::RoutingRead,
Permission::RoutingWrite, Permission::RoutingWrite,
Permission::ForexRead,
Permission::ThreeDsDecisionManagerWrite, Permission::ThreeDsDecisionManagerWrite,
Permission::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead,
Permission::SurchargeDecisionManagerWrite, Permission::SurchargeDecisionManagerWrite,
@ -61,8 +60,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MandateWrite, Permission::MandateWrite,
Permission::CustomerRead, Permission::CustomerRead,
Permission::CustomerWrite, Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
@ -84,14 +81,12 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::RoutingRead, Permission::RoutingRead,
Permission::ForexRead,
Permission::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead,
Permission::SurchargeDecisionManagerRead, Permission::SurchargeDecisionManagerRead,
Permission::Analytics, Permission::Analytics,
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::FileRead,
Permission::UsersRead, Permission::UsersRead,
], ],
name: None, name: None,
@ -117,7 +112,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantConnectorAccountWrite, Permission::MerchantConnectorAccountWrite,
Permission::RoutingRead, Permission::RoutingRead,
Permission::RoutingWrite, Permission::RoutingWrite,
Permission::ForexRead,
Permission::ThreeDsDecisionManagerWrite, Permission::ThreeDsDecisionManagerWrite,
Permission::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead,
Permission::SurchargeDecisionManagerWrite, Permission::SurchargeDecisionManagerWrite,
@ -128,8 +122,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MandateWrite, Permission::MandateWrite,
Permission::CustomerRead, Permission::CustomerRead,
Permission::CustomerWrite, Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
@ -156,7 +148,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::MerchantAccountWrite, Permission::MerchantAccountWrite,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::ForexRead,
Permission::MerchantConnectorAccountWrite, Permission::MerchantConnectorAccountWrite,
Permission::RoutingRead, Permission::RoutingRead,
Permission::RoutingWrite, Permission::RoutingWrite,
@ -170,8 +161,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MandateWrite, Permission::MandateWrite,
Permission::CustomerRead, Permission::CustomerRead,
Permission::CustomerWrite, Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
@ -190,7 +179,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::RefundRead, Permission::RefundRead,
Permission::ApiKeyRead, Permission::ApiKeyRead,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::ForexRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::RoutingRead, Permission::RoutingRead,
Permission::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead,
@ -198,7 +186,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
], ],
@ -216,7 +203,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::RefundRead, Permission::RefundRead,
Permission::ApiKeyRead, Permission::ApiKeyRead,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::ForexRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::RoutingRead, Permission::RoutingRead,
Permission::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead,
@ -224,7 +210,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
Permission::UsersWrite, Permission::UsersWrite,
@ -244,7 +229,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::ApiKeyRead, Permission::ApiKeyRead,
Permission::ApiKeyWrite, Permission::ApiKeyWrite,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::ForexRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::RoutingRead, Permission::RoutingRead,
Permission::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead,
@ -252,7 +236,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
], ],
@ -272,7 +255,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::RefundWrite, Permission::RefundWrite,
Permission::ApiKeyRead, Permission::ApiKeyRead,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::ForexRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::MerchantConnectorAccountWrite, Permission::MerchantConnectorAccountWrite,
Permission::RoutingRead, Permission::RoutingRead,
@ -284,7 +266,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
], ],
@ -301,15 +282,12 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::PaymentRead, Permission::PaymentRead,
Permission::RefundRead, Permission::RefundRead,
Permission::RefundWrite, Permission::RefundWrite,
Permission::ForexRead,
Permission::DisputeRead, Permission::DisputeRead,
Permission::DisputeWrite, Permission::DisputeWrite,
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead, Permission::CustomerRead,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
], ],
name: Some("Customer Support"), name: Some("Customer Support"),

2
crates/router/src/types/domain/user.rs
View File

@ -802,14 +802,12 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
info::PermissionModule::Payments => Self::Payments, info::PermissionModule::Payments => Self::Payments,
info::PermissionModule::Refunds => Self::Refunds, info::PermissionModule::Refunds => Self::Refunds,
info::PermissionModule::MerchantAccount => Self::MerchantAccount, info::PermissionModule::MerchantAccount => Self::MerchantAccount,
info::PermissionModule::Forex => Self::Forex,
info::PermissionModule::Connectors => Self::Connectors, info::PermissionModule::Connectors => Self::Connectors,
info::PermissionModule::Routing => Self::Routing, info::PermissionModule::Routing => Self::Routing,
info::PermissionModule::Analytics => Self::Analytics, info::PermissionModule::Analytics => Self::Analytics,
info::PermissionModule::Mandates => Self::Mandates, info::PermissionModule::Mandates => Self::Mandates,
info::PermissionModule::Customer => Self::Customer, info::PermissionModule::Customer => Self::Customer,
info::PermissionModule::Disputes => Self::Disputes, info::PermissionModule::Disputes => Self::Disputes,
info::PermissionModule::Files => Self::Files,
info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager, info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,
info::PermissionModule::SurchargeDecisionManager => Self::SurchargeDecisionManager, info::PermissionModule::SurchargeDecisionManager => Self::SurchargeDecisionManager,
info::PermissionModule::AccountCreate => Self::AccountCreate, info::PermissionModule::AccountCreate => Self::AccountCreate,

4
crates/router/src/utils/user.rs
View File

@ -48,13 +48,13 @@ impl UserFromToken {
Ok(merchant_account) Ok(merchant_account)
} }
pub async fn get_user(&self, state: &AppState) -> UserResult<diesel_models::user::User> { pub async fn get_user_from_db(&self, state: &AppState) -> UserResult<UserFromStorage> {
let user = state let user = state
.store .store
.find_user_by_id(&self.user_id) .find_user_by_id(&self.user_id)
.await .await
.change_context(UserErrors::InternalServerError)?; .change_context(UserErrors::InternalServerError)?;
Ok(user) Ok(user.into())
} }
} }

3
crates/router/src/utils/user_role.rs
View File

@ -38,7 +38,6 @@ impl From<Permission> for user_role_api::Permission {
Permission::MerchantAccountWrite => Self::MerchantAccountWrite, Permission::MerchantAccountWrite => Self::MerchantAccountWrite,
Permission::MerchantConnectorAccountRead => Self::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead => Self::MerchantConnectorAccountRead,
Permission::MerchantConnectorAccountWrite => Self::MerchantConnectorAccountWrite, Permission::MerchantConnectorAccountWrite => Self::MerchantConnectorAccountWrite,
Permission::ForexRead => Self::ForexRead,
Permission::RoutingRead => Self::RoutingRead, Permission::RoutingRead => Self::RoutingRead,
Permission::RoutingWrite => Self::RoutingWrite, Permission::RoutingWrite => Self::RoutingWrite,
Permission::DisputeRead => Self::DisputeRead, Permission::DisputeRead => Self::DisputeRead,
@ -47,8 +46,6 @@ impl From<Permission> for user_role_api::Permission {
Permission::MandateWrite => Self::MandateWrite, Permission::MandateWrite => Self::MandateWrite,
Permission::CustomerRead => Self::CustomerRead, Permission::CustomerRead => Self::CustomerRead,
Permission::CustomerWrite => Self::CustomerWrite, Permission::CustomerWrite => Self::CustomerWrite,
Permission::FileRead => Self::FileRead,
Permission::FileWrite => Self::FileWrite,
Permission::Analytics => Self::Analytics, Permission::Analytics => Self::Analytics,
Permission::ThreeDsDecisionManagerWrite => Self::ThreeDsDecisionManagerWrite, Permission::ThreeDsDecisionManagerWrite => Self::ThreeDsDecisionManagerWrite,
Permission::ThreeDsDecisionManagerRead => Self::ThreeDsDecisionManagerRead, Permission::ThreeDsDecisionManagerRead => Self::ThreeDsDecisionManagerRead,