diff --git a/crates/common_enums/src/enums.rs b/crates/common_enums/src/enums.rs index 0234fbea6d..1faa3b90aa 100644 --- a/crates/common_enums/src/enums.rs +++ b/crates/common_enums/src/enums.rs @@ -2936,8 +2936,6 @@ pub enum PermissionGroup { ReconReportsManage, ReconOpsView, ReconOpsManage, - // TODO: To be deprecated, make sure DB is migrated before removing - ReconOps, } #[derive(Clone, Debug, serde::Serialize, PartialEq, Eq, Hash, strum::EnumIter)] diff --git a/crates/router/src/services/authorization/info.rs b/crates/router/src/services/authorization/info.rs index e02838b3e0..b4413dfa3b 100644 --- a/crates/router/src/services/authorization/info.rs +++ b/crates/router/src/services/authorization/info.rs @@ -40,10 +40,10 @@ fn get_group_description(group: PermissionGroup) -> &'static str { PermissionGroup::MerchantDetailsView | PermissionGroup::AccountView => "View Merchant Details", PermissionGroup::MerchantDetailsManage | PermissionGroup::AccountManage => "Create, modify and delete Merchant Details like api keys, webhooks, etc", PermissionGroup::OrganizationManage => "Manage organization level tasks like create new Merchant accounts, Organization level roles, etc", - PermissionGroup::ReconReportsView => "View and access reconciliation reports and analytics", + PermissionGroup::ReconReportsView => "View reconciliation reports and analytics", PermissionGroup::ReconReportsManage => "Manage reconciliation reports", - PermissionGroup::ReconOpsView => "View and access reconciliation operations", - PermissionGroup::ReconOpsManage | PermissionGroup::ReconOps => "Manage reconciliation operations", + PermissionGroup::ReconOpsView => "View and access all reconciliation operations including reports and analytics", + PermissionGroup::ReconOpsManage => "Manage all reconciliation operations including reports and analytics", } } diff --git a/crates/router/src/services/authorization/permission_groups.rs b/crates/router/src/services/authorization/permission_groups.rs index ceb943950d..0cdb68ec8d 100644 --- a/crates/router/src/services/authorization/permission_groups.rs +++ b/crates/router/src/services/authorization/permission_groups.rs @@ -33,7 +33,6 @@ impl PermissionGroupExt for PermissionGroup { | Self::OrganizationManage | Self::AccountManage | Self::ReconOpsManage - | Self::ReconOps | Self::ReconReportsManage => PermissionScope::Write, } } @@ -50,7 +49,7 @@ impl PermissionGroupExt for PermissionGroup { | Self::MerchantDetailsManage | Self::AccountView | Self::AccountManage => ParentGroup::Account, - Self::ReconOpsView | Self::ReconOpsManage | Self::ReconOps => ParentGroup::ReconOps, + Self::ReconOpsView | Self::ReconOpsManage => ParentGroup::ReconOps, Self::ReconReportsView | Self::ReconReportsManage => ParentGroup::ReconReports, } } @@ -86,7 +85,7 @@ impl PermissionGroupExt for PermissionGroup { } Self::ReconOpsView => vec![Self::ReconOpsView], - Self::ReconOpsManage | Self::ReconOps => vec![Self::ReconOpsView, Self::ReconOpsManage], + Self::ReconOpsManage => vec![Self::ReconOpsView, Self::ReconOpsManage], Self::ReconReportsView => vec![Self::ReconReportsView], Self::ReconReportsManage => vec![Self::ReconReportsView, Self::ReconReportsManage], diff --git a/migrations/2025-01-03-104019_migrate_permission_group_for_recon/down.sql b/migrations/2025-01-03-104019_migrate_permission_group_for_recon/down.sql new file mode 100644 index 0000000000..e0ac49d1ec --- /dev/null +++ b/migrations/2025-01-03-104019_migrate_permission_group_for_recon/down.sql @@ -0,0 +1 @@ +SELECT 1; diff --git a/migrations/2025-01-03-104019_migrate_permission_group_for_recon/up.sql b/migrations/2025-01-03-104019_migrate_permission_group_for_recon/up.sql new file mode 100644 index 0000000000..0fa04632dc --- /dev/null +++ b/migrations/2025-01-03-104019_migrate_permission_group_for_recon/up.sql @@ -0,0 +1,3 @@ +UPDATE roles +SET groups = array_replace(groups, 'recon_ops', 'recon_ops_manage') +WHERE 'recon_ops' = ANY(groups);