refactor(permissions): Remove permissions field from permission info API response (#6376)

crates/api_models/src/user_role.rs

@@ -4,42 +4,6 @@ use masking::Secret;
 
 pub mod role;
 
-#[derive(Debug, serde::Serialize)]
-pub enum Permission {
-    PaymentRead,
-    PaymentWrite,
-    RefundRead,
-    RefundWrite,
-    ApiKeyRead,
-    ApiKeyWrite,
-    MerchantAccountRead,
-    MerchantAccountWrite,
-    MerchantConnectorAccountRead,
-    MerchantConnectorAccountWrite,
-    RoutingRead,
-    RoutingWrite,
-    DisputeRead,
-    DisputeWrite,
-    MandateRead,
-    MandateWrite,
-    CustomerRead,
-    CustomerWrite,
-    Analytics,
-    ThreeDsDecisionManagerWrite,
-    ThreeDsDecisionManagerRead,
-    SurchargeDecisionManagerWrite,
-    SurchargeDecisionManagerRead,
-    UsersRead,
-    UsersWrite,
-    MerchantAccountCreate,
-    WebhookEventRead,
-    PayoutWrite,
-    PayoutRead,
-    WebhookEventWrite,
-    GenerateReport,
-    ReconAdmin,
-}
-
 #[derive(Clone, Debug, serde::Serialize, PartialEq, Eq, Hash)]
 pub enum ParentGroup {
     Operations,
@@ -69,7 +33,6 @@ pub enum AuthorizationInfo {
 pub struct GroupInfo {
     pub group: PermissionGroup,
     pub description: &'static str,
-    pub permissions: Vec<PermissionInfo>,
 }
 
 #[derive(Debug, serde::Serialize, Clone)]
@@ -79,12 +42,6 @@ pub struct ParentInfo {
     pub groups: Vec<PermissionGroup>,
 }
 
-#[derive(Debug, serde::Serialize)]
-pub struct PermissionInfo {
-    pub enum_name: Permission,
-    pub description: &'static str,
-}
-
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
 pub struct UpdateUserRoleRequest {
     pub email: pii::Email,

crates/router/src/services/authorization/info.rs

@@ -1,9 +1,7 @@
-use api_models::user_role::{GroupInfo, ParentGroup, PermissionInfo};
+use api_models::user_role::{GroupInfo, ParentGroup};
 use common_enums::PermissionGroup;
 use strum::IntoEnumIterator;
 
-use super::{permission_groups::get_permissions_vec, permissions::Permission};
-
 // TODO: To be deprecated
 pub fn get_group_authorization_info() -> Vec<GroupInfo> {
     PermissionGroup::iter()
@@ -11,25 +9,10 @@ pub fn get_group_authorization_info() -> Vec<GroupInfo> {
         .collect()
 }
 
-// TODO: To be deprecated
-pub fn get_permission_info_from_permissions(permissions: &[Permission]) -> Vec<PermissionInfo> {
-    permissions
-        .iter()
-        .map(|&per| PermissionInfo {
-            description: Permission::get_permission_description(&per),
-            enum_name: per.into(),
-        })
-        .collect()
-}
-
 // TODO: To be deprecated
 fn get_group_info_from_permission_group(group: PermissionGroup) -> GroupInfo {
     let description = get_group_description(group);
-    GroupInfo {
+    GroupInfo { group, description }
-        group,
-        description,
-        permissions: get_permission_info_from_permissions(get_permissions_vec(&group)),
-    }
 }
 
 // TODO: To be deprecated

crates/router/src/services/authorization/permissions.rs

@@ -37,48 +37,3 @@ pub enum Permission {
     GenerateReport,
     ReconAdmin,
 }
-
-impl Permission {
-    pub fn get_permission_description(&self) -> &'static str {
-        match self {
-            Self::PaymentRead => "View all payments",
-            Self::PaymentWrite => "Create payment, download payments data",
-            Self::RefundRead => "View all refunds",
-            Self::RefundWrite => "Create refund, download refunds data",
-            Self::ApiKeyRead => "View API keys",
-            Self::ApiKeyWrite => "Create and update API keys",
-            Self::MerchantAccountRead => "View merchant account details",
-            Self::MerchantAccountWrite => {
-                "Update merchant account details, configure webhooks, manage api keys"
-            }
-            Self::MerchantConnectorAccountRead => "View connectors configured",
-            Self::MerchantConnectorAccountWrite => {
-                "Create, update, verify and delete connector configurations"
-            }
-            Self::RoutingRead => "View routing configuration",
-            Self::RoutingWrite => "Create and activate routing configurations",
-            Self::DisputeRead => "View disputes",
-            Self::DisputeWrite => "Create and update disputes",
-            Self::MandateRead => "View mandates",
-            Self::MandateWrite => "Create and update mandates",
-            Self::CustomerRead => "View customers",
-            Self::CustomerWrite => "Create, update and delete customers",
-            Self::Analytics => "Access to analytics module",
-            Self::ThreeDsDecisionManagerWrite => "Create and update 3DS decision rules",
-            Self::ThreeDsDecisionManagerRead => {
-                "View all 3DS decision rules configured for a merchant"
-            }
-            Self::SurchargeDecisionManagerWrite => "Create and update the surcharge decision rules",
-            Self::SurchargeDecisionManagerRead => "View all the surcharge decision rules",
-            Self::UsersRead => "View all the users for a merchant",
-            Self::UsersWrite => "Invite users, assign and update roles",
-            Self::MerchantAccountCreate => "Create merchant account",
-            Self::WebhookEventRead => "View webhook events",
-            Self::WebhookEventWrite => "Trigger retries for webhook events",
-            Self::PayoutRead => "View all payouts",
-            Self::PayoutWrite => "Create payout, download payout data",
-            Self::GenerateReport => "Generate reports for payments, refunds and disputes",
-            Self::ReconAdmin => "View and manage reconciliation reports",
-        }
-    }
-}

crates/router/src/utils/user_role.rs

@@ -1,6 +1,5 @@
 use std::{cmp, collections::HashSet};
 
-use api_models::user_role as user_role_api;
 use common_enums::{EntityType, PermissionGroup};
 use common_utils::id_type;
 use diesel_models::{
@@ -16,49 +15,10 @@ use crate::{
     core::errors::{UserErrors, UserResult},
     db::user_role::{ListUserRolesByOrgIdPayload, ListUserRolesByUserIdPayload},
     routes::SessionState,
-    services::authorization::{self as authz, permissions::Permission, roles},
+    services::authorization::{self as authz, roles},
     types::domain,
 };
 
-impl From<Permission> for user_role_api::Permission {
-    fn from(value: Permission) -> Self {
-        match value {
-            Permission::PaymentRead => Self::PaymentRead,
-            Permission::PaymentWrite => Self::PaymentWrite,
-            Permission::RefundRead => Self::RefundRead,
-            Permission::RefundWrite => Self::RefundWrite,
-            Permission::ApiKeyRead => Self::ApiKeyRead,
-            Permission::ApiKeyWrite => Self::ApiKeyWrite,
-            Permission::MerchantAccountRead => Self::MerchantAccountRead,
-            Permission::MerchantAccountWrite => Self::MerchantAccountWrite,
-            Permission::MerchantConnectorAccountRead => Self::MerchantConnectorAccountRead,
-            Permission::MerchantConnectorAccountWrite => Self::MerchantConnectorAccountWrite,
-            Permission::RoutingRead => Self::RoutingRead,
-            Permission::RoutingWrite => Self::RoutingWrite,
-            Permission::DisputeRead => Self::DisputeRead,
-            Permission::DisputeWrite => Self::DisputeWrite,
-            Permission::MandateRead => Self::MandateRead,
-            Permission::MandateWrite => Self::MandateWrite,
-            Permission::CustomerRead => Self::CustomerRead,
-            Permission::CustomerWrite => Self::CustomerWrite,
-            Permission::Analytics => Self::Analytics,
-            Permission::ThreeDsDecisionManagerWrite => Self::ThreeDsDecisionManagerWrite,
-            Permission::ThreeDsDecisionManagerRead => Self::ThreeDsDecisionManagerRead,
-            Permission::SurchargeDecisionManagerWrite => Self::SurchargeDecisionManagerWrite,
-            Permission::SurchargeDecisionManagerRead => Self::SurchargeDecisionManagerRead,
-            Permission::UsersRead => Self::UsersRead,
-            Permission::UsersWrite => Self::UsersWrite,
-            Permission::MerchantAccountCreate => Self::MerchantAccountCreate,
-            Permission::WebhookEventRead => Self::WebhookEventRead,
-            Permission::WebhookEventWrite => Self::WebhookEventWrite,
-            Permission::PayoutRead => Self::PayoutRead,
-            Permission::PayoutWrite => Self::PayoutWrite,
-            Permission::GenerateReport => Self::GenerateReport,
-            Permission::ReconAdmin => Self::ReconAdmin,
-        }
-    }
-}
-
 pub fn validate_role_groups(groups: &[PermissionGroup]) -> UserResult<()> {
     if groups.is_empty() {
         return Err(report!(UserErrors::InvalidRoleOperation))