fix(user_role): Restrict updating user role to the same EntityType (#6224)

crates/router/src/core/user_role.rs

@@ -153,6 +153,14 @@ pub async fn update_user_role(
             ));
         }
 
+        if role_info.get_entity_type() != role_to_be_updated.get_entity_type() {
+            return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
+                "Upgrade and downgrade of roles is not allowed, user_entity_type = {} req_entity_type = {}",
+                role_to_be_updated.get_entity_type(),
+                role_info.get_entity_type(),
+            ));
+        }
+
         if updator_role.get_entity_type() < role_to_be_updated.get_entity_type() {
             return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
                 "Invalid operation, update requestor = {} cannot update target = {}",
@@ -218,6 +226,14 @@ pub async fn update_user_role(
             ));
         }
 
+        if role_info.get_entity_type() != role_to_be_updated.get_entity_type() {
+            return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
+                "Upgrade and downgrade of roles is not allowed, user_entity_type = {} req_entity_type = {}",
+                role_to_be_updated.get_entity_type(),
+                role_info.get_entity_type(),
+            ));
+        }
+
         if updator_role.get_entity_type() < role_to_be_updated.get_entity_type() {
             return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
                 "Invalid operation, update requestor = {} cannot update target = {}",