feat(roles): Add groups for get_from_token api (#3872)

crates/api_models/src/events/user_role.rs

@@ -2,8 +2,8 @@ use common_utils::events::{ApiEventMetric, ApiEventsType};
 
 use crate::user_role::{
     role::{
-        CreateRoleRequest, GetRoleRequest, ListRolesResponse, RoleInfoResponse,
-        RoleInfoWithPermissionsResponse, UpdateRoleRequest,
+        CreateRoleRequest, GetRoleFromTokenResponse, GetRoleRequest, ListRolesResponse,
+        RoleInfoResponse, RoleInfoWithPermissionsResponse, UpdateRoleRequest,
     },
     AcceptInvitationRequest, AuthorizationInfoResponse, DeleteUserRoleRequest,
     TransferOrgOwnershipRequest, UpdateUserRoleRequest,
@@ -20,5 +20,6 @@ common_utils::impl_misc_api_event_type!(
     CreateRoleRequest,
     UpdateRoleRequest,
     ListRolesResponse,
-    RoleInfoResponse
+    RoleInfoResponse,
+    GetRoleFromTokenResponse
 );

crates/api_models/src/user_role/role.rs

@@ -23,6 +23,13 @@ pub struct GetGroupsQueryParam {
     pub groups: Option<bool>,
 }
 
+#[derive(Debug, serde::Serialize)]
+#[serde(untagged)]
+pub enum GetRoleFromTokenResponse {
+    Permissions(Vec<Permission>),
+    Groups(Vec<PermissionGroup>),
+}
+
 #[derive(Debug, serde::Serialize)]
 #[serde(untagged)]
 pub enum RoleInfoResponse {

crates/router/src/core/user_role/role.rs

@@ -1,7 +1,4 @@
-use api_models::user_role::{
-    role::{self as role_api},
-    Permission,
-};
+use api_models::user_role::role::{self as role_api};
 use common_enums::RoleScope;
 use common_utils::generate_id_with_default_len;
 use diesel_models::role::{RoleNew, RoleUpdate};
@@ -20,10 +17,10 @@ use crate::{
     utils,
 };
 
-pub async fn get_role_from_token(
+pub async fn get_role_from_token_with_permissions(
     state: AppState,
     user_from_token: UserFromToken,
-) -> UserResponse<Vec<Permission>> {
+) -> UserResponse<role_api::GetRoleFromTokenResponse> {
     let role_info = user_from_token
         .get_role_info_from_db(&state)
         .await
@@ -35,7 +32,25 @@ pub async fn get_role_from_token(
         .map(Into::into)
         .collect();
 
-    Ok(ApplicationResponse::Json(permissions))
+    Ok(ApplicationResponse::Json(
+        role_api::GetRoleFromTokenResponse::Permissions(permissions),
+    ))
+}
+
+pub async fn get_role_from_token_with_groups(
+    state: AppState,
+    user_from_token: UserFromToken,
+) -> UserResponse<role_api::GetRoleFromTokenResponse> {
+    let role_info = user_from_token
+        .get_role_info_from_db(&state)
+        .await
+        .attach_printable("Invalid role_id in JWT")?;
+
+    let permissions = role_info.get_permission_groups().to_vec();
+
+    Ok(ApplicationResponse::Json(
+        role_api::GetRoleFromTokenResponse::Groups(permissions),
+    ))
 }
 
 pub async fn create_role(

crates/router/src/routes/user_role.rs

@@ -41,14 +41,27 @@ pub async fn get_authorization_info(
     .await
 }
 
-pub async fn get_role_from_token(state: web::Data<AppState>, req: HttpRequest) -> HttpResponse {
+pub async fn get_role_from_token(
+    state: web::Data<AppState>,
+    req: HttpRequest,
+    query: web::Query<role_api::GetGroupsQueryParam>,
+) -> HttpResponse {
     let flow = Flow::GetRoleFromToken;
+    let respond_with_groups = query.into_inner().groups.unwrap_or(false);
+
     Box::pin(api::server_wrap(
         flow,
         state.clone(),
         &req,
         (),
-        |state, user, _| role_core::get_role_from_token(state, user),
+        |state, user, _| async move {
+            // TODO: Permissions to be deprecated once groups are stable
+            if respond_with_groups {
+                role_core::get_role_from_token_with_groups(state, user).await
+            } else {
+                role_core::get_role_from_token_with_permissions(state, user).await
+            }
+        },
         &auth::DashboardNoPermissionAuth,
         api_locking::LockAction::NotApplicable,
     ))