refactor(role): determine level of role entity (#5488)

crates/router/src/core/user_role/role.rs

@@ -87,6 +87,7 @@ pub async fn create_role(
             org_id: user_from_token.org_id,
             groups: req.groups,
             scope: req.role_scope,
+            entity_type: req.entity_type,
             created_by: user_from_token.user_id.clone(),
             last_modified_by: user_from_token.user_id,
             created_at: now,

crates/router/src/db/role.rs

@@ -144,6 +144,7 @@ impl RoleInterface for MockDb {
             org_id: role.org_id,
             groups: role.groups,
             scope: role.scope,
+            entity_type: role.entity_type,
             created_by: role.created_by,
             created_at: role.created_at,
             last_modified_at: role.last_modified_at,

crates/router/src/services/authorization/roles.rs

@@ -1,6 +1,6 @@
 use std::collections::HashSet;
 
-use common_enums::{PermissionGroup, RoleScope};
+use common_enums::{EntityType, PermissionGroup, RoleScope};
 use common_utils::{errors::CustomResult, id_type};
 
 use super::{permission_groups::get_permissions_vec, permissions::Permission};
@@ -14,6 +14,7 @@ pub struct RoleInfo {
     role_name: String,
     groups: Vec<PermissionGroup>,
     scope: RoleScope,
+    entity_type: EntityType,
     is_invitable: bool,
     is_deletable: bool,
     is_updatable: bool,
@@ -37,6 +38,10 @@ impl RoleInfo {
         self.scope
     }
 
+    pub fn get_entity_type(&self) -> EntityType {
+        self.entity_type
+    }
+
     pub fn is_invitable(&self) -> bool {
         self.is_invitable
     }
@@ -91,6 +96,7 @@ impl From<diesel_models::role::Role> for RoleInfo {
             role_name: role.role_name,
             groups: role.groups.into_iter().map(Into::into).collect(),
             scope: role.scope,
+            entity_type: role.entity_type.unwrap_or(EntityType::Merchant),
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,

crates/router/src/services/authorization/roles/predefined_roles.rs

@@ -1,6 +1,6 @@
 use std::collections::HashMap;
 
-use common_enums::{PermissionGroup, RoleScope};
+use common_enums::{EntityType, PermissionGroup, RoleScope};
 use once_cell::sync::Lazy;
 
 use super::RoleInfo;
@@ -28,6 +28,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_INTERNAL_ADMIN.to_string(),
             role_name: "internal_admin".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Internal,
             is_invitable: false,
             is_deletable: false,
             is_updatable: false,
@@ -48,6 +49,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_INTERNAL_VIEW_ONLY_USER.to_string(),
             role_name: "internal_view_only".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Internal,
             is_invitable: false,
             is_deletable: false,
             is_updatable: false,
@@ -75,6 +77,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_ORGANIZATION_ADMIN.to_string(),
             role_name: "organization_admin".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Organization,
             is_invitable: false,
             is_deletable: false,
             is_updatable: false,
@@ -102,6 +105,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_MERCHANT_ADMIN.to_string(),
             role_name: "admin".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Merchant,
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,
@@ -122,6 +126,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_MERCHANT_VIEW_ONLY.to_string(),
             role_name: "view_only".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Merchant,
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,
@@ -141,6 +146,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_MERCHANT_IAM_ADMIN.to_string(),
             role_name: "iam".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Merchant,
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,
@@ -161,6 +167,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_MERCHANT_DEVELOPER.to_string(),
             role_name: "developer".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Merchant,
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,
@@ -182,6 +189,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_MERCHANT_OPERATOR.to_string(),
             role_name: "operator".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Merchant,
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,
@@ -200,6 +208,7 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
             role_id: consts::user_role::ROLE_ID_MERCHANT_CUSTOMER_SUPPORT.to_string(),
             role_name: "customer_support".to_string(),
             scope: RoleScope::Organization,
+            entity_type: EntityType::Merchant,
             is_invitable: true,
             is_deletable: true,
             is_updatable: true,