feat(users): Add new API get the user and role details of specific user (#3988)

crates/api_models/src/events/user.rs

@@ -11,11 +11,11 @@ use crate::user::{
         GetMetaDataRequest, GetMetaDataResponse, GetMultipleMetaDataPayload, SetMetaDataRequest,
     },
     AcceptInviteFromEmailRequest, AuthorizeResponse, ChangePasswordRequest, ConnectAccountRequest,
-    CreateInternalUserRequest, DashboardEntryResponse, ForgotPasswordRequest, GetUsersResponse,
+    CreateInternalUserRequest, DashboardEntryResponse, ForgotPasswordRequest,
-    InviteUserRequest, InviteUserResponse, ReInviteUserRequest, ResetPasswordRequest,
+    GetUserDetailsRequest, GetUserDetailsResponse, InviteUserRequest, InviteUserResponse,
-    SendVerifyEmailRequest, SignInResponse, SignUpRequest, SignUpWithMerchantIdRequest,
+    ListUsersResponse, ReInviteUserRequest, ResetPasswordRequest, SendVerifyEmailRequest,
-    SwitchMerchantIdRequest, UpdateUserAccountDetailsRequest, UserMerchantCreate,
+    SignInResponse, SignUpRequest, SignUpWithMerchantIdRequest, SwitchMerchantIdRequest,
-    VerifyEmailRequest,
+    UpdateUserAccountDetailsRequest, UserMerchantCreate, VerifyEmailRequest,
 };
 
 impl ApiEventMetric for DashboardEntryResponse {
@@ -48,7 +48,7 @@ common_utils::impl_misc_api_event_type!(
     SwitchMerchantIdRequest,
     CreateInternalUserRequest,
     UserMerchantCreate,
-    GetUsersResponse,
+    ListUsersResponse,
     AuthorizeResponse,
     ConnectAccountRequest,
     ForgotPasswordRequest,
@@ -60,7 +60,9 @@ common_utils::impl_misc_api_event_type!(
     SendVerifyEmailRequest,
     AcceptInviteFromEmailRequest,
     SignInResponse,
-    UpdateUserAccountDetailsRequest
+    UpdateUserAccountDetailsRequest,
+    GetUserDetailsRequest,
+    GetUserDetailsResponse
 );
 
 #[cfg(feature = "dummy_connector")]

crates/api_models/src/user.rs

@@ -1,3 +1,4 @@
+use common_enums::{PermissionGroup, RoleScope};
 use common_utils::{crypto::OptionalEncryptableName, pii};
 use masking::Secret;
 
@@ -141,7 +142,7 @@ pub struct UserMerchantCreate {
 }
 
 #[derive(Debug, serde::Serialize)]
-pub struct GetUsersResponse(pub Vec<UserDetails>);
+pub struct ListUsersResponse(pub Vec<UserDetails>);
 
 #[derive(Debug, serde::Serialize)]
 pub struct UserDetails {
@@ -154,6 +155,24 @@ pub struct UserDetails {
     pub last_modified_at: time::PrimitiveDateTime,
 }
 
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct GetUserDetailsRequest {
+    pub email: pii::Email,
+}
+
+#[derive(Debug, serde::Serialize)]
+pub struct GetUserDetailsResponse {
+    pub email: pii::Email,
+    pub name: Secret<String>,
+    pub role_id: String,
+    pub role_name: String,
+    pub status: UserStatus,
+    #[serde(with = "common_utils::custom_serde::iso8601")]
+    pub last_modified_at: time::PrimitiveDateTime,
+    pub groups: Vec<PermissionGroup>,
+    pub role_scope: RoleScope,
+}
+
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
 pub struct VerifyEmailRequest {
     pub token: Secret<String>,

crates/router/src/core/user.rs

@@ -1200,10 +1200,53 @@ pub async fn list_merchant_ids_for_user(
     ))
 }
 
-pub async fn get_users_for_merchant_account(
+pub async fn get_user_details_in_merchant_account(
     state: AppState,
     user_from_token: auth::UserFromToken,
-) -> UserResponse<user_api::GetUsersResponse> {
+    request: user_api::GetUserDetailsRequest,
+) -> UserResponse<user_api::GetUserDetailsResponse> {
+    let required_user = utils::user::get_user_from_db_by_email(&state, request.email.try_into()?)
+        .await
+        .to_not_found_response(UserErrors::InvalidRoleOperation)?;
+
+    let required_user_role = state
+        .store
+        .find_user_role_by_user_id_merchant_id(
+            required_user.get_user_id(),
+            &user_from_token.merchant_id,
+        )
+        .await
+        .to_not_found_response(UserErrors::InvalidRoleOperation)
+        .attach_printable("User not found in the merchant account")?;
+
+    let role_info = roles::RoleInfo::from_role_id(
+        &state,
+        &required_user_role.role_id,
+        &user_from_token.merchant_id,
+        &user_from_token.org_id,
+    )
+    .await
+    .change_context(UserErrors::InternalServerError)
+    .attach_printable("User role exists but the corresponding role doesn't")?;
+
+    Ok(ApplicationResponse::Json(
+        user_api::GetUserDetailsResponse {
+            email: required_user.get_email(),
+            name: required_user.get_name(),
+            role_id: role_info.get_role_id().to_string(),
+            role_name: role_info.get_role_name().to_string(),
+            status: required_user_role.status.foreign_into(),
+            last_modified_at: required_user_role.last_modified,
+            groups: role_info.get_permission_groups().to_vec(),
+            role_scope: role_info.get_scope(),
+        },
+    ))
+}
+
+pub async fn list_users_for_merchant_account(
+    state: AppState,
+    user_from_token: auth::UserFromToken,
+) -> UserResponse<user_api::ListUsersResponse> {
     let users_and_user_roles = state
         .store
         .find_users_and_roles_by_merchant_id(user_from_token.merchant_id.as_str())
@@ -1242,7 +1285,7 @@ pub async fn get_users_for_merchant_account(
         })
         .collect();
 
-    Ok(ApplicationResponse::Json(user_api::GetUsersResponse(
+    Ok(ApplicationResponse::Json(user_api::ListUsersResponse(
         user_details_vec,
     )))
 }

crates/router/src/routes/app.rs

@@ -1120,7 +1120,10 @@ impl User {
         // User management
         route = route.service(
             web::scope("/user")
-                .service(web::resource("/list").route(web::get().to(get_user_details)))
+                .service(web::resource("").route(web::get().to(get_user_role_details)))
+                .service(
+                    web::resource("/list").route(web::get().to(list_users_for_merchant_account)),
+                )
                 .service(web::resource("/invite").route(web::post().to(invite_user)))
                 .service(
                     web::resource("/invite_multiple").route(web::post().to(invite_multiple_user)),

crates/router/src/routes/lock_utils.rs

@@ -185,6 +185,7 @@ impl From<Flow> for ApiIdentifier {
             | Flow::DeleteSampleData
             | Flow::UserMerchantAccountList
             | Flow::GetUserDetails
+            | Flow::ListUsersForMerchantAccount
             | Flow::ForgotPassword
             | Flow::ResetPassword
             | Flow::InviteUser

crates/router/src/routes/user.rs

@@ -314,14 +314,35 @@ pub async fn list_merchant_ids_for_user(
     .await
 }
 
-pub async fn get_user_details(state: web::Data<AppState>, req: HttpRequest) -> HttpResponse {
+pub async fn get_user_role_details(
+    state: web::Data<AppState>,
+    req: HttpRequest,
+    payload: web::Query<user_api::GetUserDetailsRequest>,
+) -> HttpResponse {
     let flow = Flow::GetUserDetails;
+    Box::pin(api::server_wrap(
+        flow,
+        state.clone(),
+        &req,
+        payload.into_inner(),
+        user_core::get_user_details_in_merchant_account,
+        &auth::JWTAuth(Permission::UsersRead),
+        api_locking::LockAction::NotApplicable,
+    ))
+    .await
+}
+
+pub async fn list_users_for_merchant_account(
+    state: web::Data<AppState>,
+    req: HttpRequest,
+) -> HttpResponse {
+    let flow = Flow::ListUsersForMerchantAccount;
     Box::pin(api::server_wrap(
         flow,
         state.clone(),
         &req,
         (),
-        |state, user, _| user_core::get_users_for_merchant_account(state, user),
+        |state, user, _| user_core::list_users_for_merchant_account(state, user),
         &auth::JWTAuth(Permission::UsersRead),
         api_locking::LockAction::NotApplicable,
     ))

crates/router_env/src/logger/types.rs

@@ -336,8 +336,10 @@ pub enum Flow {
     DeleteSampleData,
     /// List merchant accounts for user
     UserMerchantAccountList,
-    /// Get users for merchant account
+    /// Get details of a user in a merchant account
     GetUserDetails,
+    /// List users for merchant account
+    ListUsersForMerchantAccount,
     /// PaymentMethodAuth Link token create
     PmAuthLinkTokenCreate,
     /// PaymentMethodAuth Exchange token create