rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-28 04:04:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(user_role): Restrict updating user role to the same EntityType (#6224)

Browse Source
This commit is contained in:
Mani Chandra
2024-10-07 19:48:56 +05:30
committed by GitHub
parent da6c0ff60b
commit b499287f23
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crates/router/src/core/user_role.rs
View File

@ -153,6 +153,14 @@ pub async fn update_user_role(
));
}
if role_info.get_entity_type() != role_to_be_updated.get_entity_type() {
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
"Upgrade and downgrade of roles is not allowed, user_entity_type = {} req_entity_type = {}",
role_to_be_updated.get_entity_type(),
role_info.get_entity_type(),
));
}
if updator_role.get_entity_type() < role_to_be_updated.get_entity_type() {
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
"Invalid operation, update requestor = {} cannot update target = {}",
@ -218,6 +226,14 @@ pub async fn update_user_role(
));
}
if role_info.get_entity_type() != role_to_be_updated.get_entity_type() {
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
"Upgrade and downgrade of roles is not allowed, user_entity_type = {} req_entity_type = {}",
role_to_be_updated.get_entity_type(),
role_info.get_entity_type(),
));
}
if updator_role.get_entity_type() < role_to_be_updated.get_entity_type() {
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
"Invalid operation, update requestor = {} cannot update target = {}",