From f3424b7576554215945f61b52f38e43bb1e5a8b7 Mon Sep 17 00:00:00 2001
From: Mani Chandra <84711804+ThisIsMani@users.noreply.github.com>
Date: Wed, 27 Nov 2024 19:37:10 +0530
Subject: [PATCH] fix(users): Check lineage across entities in invite (#6677)

---
 crates/router/src/core/user.rs | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/crates/router/src/core/user.rs b/crates/router/src/core/user.rs
index c6501dac3b..2087d01dbb 100644
--- a/crates/router/src/core/user.rs
+++ b/crates/router/src/core/user.rs
@@ -642,6 +642,38 @@ async fn handle_existing_user_invitation(
         return Err(UserErrors::UserExists.into());
     }
 
+    let (org_id, merchant_id, profile_id) = match role_info.get_entity_type() {
+        EntityType::Organization => (Some(&user_from_token.org_id), None, None),
+        EntityType::Merchant => (
+            Some(&user_from_token.org_id),
+            Some(&user_from_token.merchant_id),
+            None,
+        ),
+        EntityType::Profile => (
+            Some(&user_from_token.org_id),
+            Some(&user_from_token.merchant_id),
+            Some(&user_from_token.profile_id),
+        ),
+    };
+
+    if state
+        .global_store
+        .list_user_roles_by_user_id(ListUserRolesByUserIdPayload {
+            user_id: invitee_user_from_db.get_user_id(),
+            org_id,
+            merchant_id,
+            profile_id,
+            entity_id: None,
+            version: None,
+            status: None,
+            limit: Some(1),
+        })
+        .await
+        .is_ok_and(|data| data.is_empty().not())
+    {
+        return Err(UserErrors::UserExists.into());
+    }
+
     let user_role = domain::NewUserRole {
         user_id: invitee_user_from_db.get_user_id().to_owned(),
         role_id: request.role_id.clone(),