feat(user_role): Add APIs for user roles (#3013)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
juspay · Nov 30, 2023 · 3fa0bdf · 3fa0bdf
1 parent 2e2dbe4
commit 3fa0bdf
Show file tree

Hide file tree

Showing 24 changed files with 1,207 additions and 46 deletions.
diff --git a/crates/api_models/src/events.rs b/crates/api_models/src/events.rs
@@ -7,6 +7,7 @@ pub mod payouts;
 pub mod refund;
 pub mod routing;
 pub mod user;
+pub mod user_role;
 
 use common_utils::{
     events::{ApiEventMetric, ApiEventsType},

diff --git a/crates/api_models/src/events/user.rs b/crates/api_models/src/events/user.rs
@@ -5,6 +5,7 @@ use crate::user::{
         GetMetaDataRequest, GetMetaDataResponse, GetMultipleMetaDataPayload, SetMetaDataRequest,
     },
     ChangePasswordRequest, ConnectAccountRequest, ConnectAccountResponse,
+    CreateInternalUserRequest, SwitchMerchantIdRequest, UserMerchantCreate,
 };
 
 impl ApiEventMetric for ConnectAccountResponse {
@@ -23,5 +24,8 @@ common_utils::impl_misc_api_event_type!(
     GetMultipleMetaDataPayload,
     GetMetaDataResponse,
     GetMetaDataRequest,
-    SetMetaDataRequest
+    SetMetaDataRequest,
+    SwitchMerchantIdRequest,
+    CreateInternalUserRequest,
+    UserMerchantCreate
 );
diff --git a/crates/api_models/src/events/user_role.rs b/crates/api_models/src/events/user_role.rs
@@ -0,0 +1,14 @@
+use common_utils::events::{ApiEventMetric, ApiEventsType};
+
+use crate::user_role::{
+    AuthorizationInfoResponse, GetRoleRequest, ListRolesResponse, RoleInfoResponse,
+    UpdateUserRoleRequest,
+};
+
+common_utils::impl_misc_api_event_type!(
+    ListRolesResponse,
+    RoleInfoResponse,
+    GetRoleRequest,
+    AuthorizationInfoResponse,
+    UpdateUserRoleRequest
+);
diff --git a/crates/api_models/src/lib.rs b/crates/api_models/src/lib.rs
@@ -26,6 +26,7 @@ pub mod refunds;
 pub mod routing;
 pub mod surcharge_decision_configs;
 pub mod user;
+pub mod user_role;
 pub mod verifications;
 pub mod verify_connector;
 pub mod webhooks;
diff --git a/crates/api_models/src/user.rs b/crates/api_models/src/user.rs
@@ -26,3 +26,20 @@ pub struct ChangePasswordRequest {
     pub new_password: Secret<String>,
     pub old_password: Secret<String>,
 }
+
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct SwitchMerchantIdRequest {
+    pub merchant_id: String,
+}
+
+#[derive(serde::Deserialize, Debug, serde::Serialize)]
+pub struct CreateInternalUserRequest {
+    pub name: Secret<String>,
+    pub email: pii::Email,
+    pub password: Secret<String>,
+}
+
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct UserMerchantCreate {
+    pub company_name: String,
+}
diff --git a/crates/api_models/src/user_role.rs b/crates/api_models/src/user_role.rs
@@ -0,0 +1,82 @@
+#[derive(Debug, serde::Serialize)]
+pub struct ListRolesResponse(pub Vec<RoleInfoResponse>);
+
+#[derive(Debug, serde::Serialize)]
+pub struct RoleInfoResponse {
+    pub role_id: &'static str,
+    pub permissions: Vec<Permission>,
+    pub role_name: &'static str,
+}
+
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct GetRoleRequest {
+    pub role_id: String,
+}
+
+#[derive(Debug, serde::Serialize)]
+pub enum Permission {
+    PaymentRead,
+    PaymentWrite,
+    RefundRead,
+    RefundWrite,
+    ApiKeyRead,
+    ApiKeyWrite,
+    MerchantAccountRead,
+    MerchantAccountWrite,
+    MerchantConnectorAccountRead,
+    MerchantConnectorAccountWrite,
+    ForexRead,
+    RoutingRead,
+    RoutingWrite,
+    DisputeRead,
+    DisputeWrite,
+    MandateRead,
+    MandateWrite,
+    FileRead,
+    FileWrite,
+    Analytics,
+    ThreeDsDecisionManagerWrite,
+    ThreeDsDecisionManagerRead,
+    SurchargeDecisionManagerWrite,
+    SurchargeDecisionManagerRead,
+    UsersRead,
+    UsersWrite,
+}
+
+#[derive(Debug, serde::Serialize)]
+pub enum PermissionModule {
+    Payments,
+    Refunds,
+    MerchantAccount,
+    Forex,
+    Connectors,
+    Routing,
+    Analytics,
+    Mandates,
+    Disputes,
+    Files,
+    ThreeDsDecisionManager,
+    SurchargeDecisionManager,
+}
+
+#[derive(Debug, serde::Serialize)]
+pub struct AuthorizationInfoResponse(pub Vec<ModuleInfo>);
+
+#[derive(Debug, serde::Serialize)]
+pub struct ModuleInfo {
+    pub module: PermissionModule,
+    pub description: &'static str,
+    pub permissions: Vec<PermissionInfo>,
+}
+
+#[derive(Debug, serde::Serialize)]
+pub struct PermissionInfo {
+    pub enum_name: Permission,
+    pub description: &'static str,
+}
+
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct UpdateUserRoleRequest {
+    pub user_id: String,
+    pub role_id: String,
+}
diff --git a/crates/router/src/consts.rs b/crates/router/src/consts.rs
@@ -1,5 +1,6 @@
 #[cfg(feature = "olap")]
 pub mod user;
+pub mod user_role;
 
 // ID generation
 pub(crate) const ID_LENGTH: usize = 20;
@@ -64,7 +65,6 @@ pub const JWT_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days
 
 #[cfg(feature = "email")]
 pub const EMAIL_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24; // 1 day
-pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin";
 
 #[cfg(feature = "olap")]
 pub const VERIFY_CONNECTOR_ID_PREFIX: &str = "conn_verify";

diff --git a/crates/router/src/consts/user_role.rs b/crates/router/src/consts/user_role.rs
@@ -0,0 +1,11 @@
+// User Roles
+pub const ROLE_ID_INTERNAL_VIEW_ONLY_USER: &str = "internal_view_only";
+pub const ROLE_ID_INTERNAL_ADMIN: &str = "internal_admin";
+pub const ROLE_ID_MERCHANT_ADMIN: &str = "merchant_admin";
+pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin";
+pub const ROLE_ID_MERCHANT_VIEW_ONLY: &str = "merchant_view_only";
+pub const ROLE_ID_MERCHANT_IAM_ADMIN: &str = "merchant_iam_admin";
+pub const ROLE_ID_MERCHANT_DEVELOPER: &str = "merchant_developer";
+pub const ROLE_ID_MERCHANT_OPERATOR: &str = "merchant_operator";
+pub const ROLE_ID_MERCHANT_CUSTOMER_SUPPORT: &str = "merchant_customer_support";
+pub const INTERNAL_USER_MERCHANT_ID: &str = "juspay000";
diff --git a/crates/router/src/core.rs b/crates/router/src/core.rs
@@ -25,6 +25,8 @@ pub mod routing;
 pub mod surcharge_decision_config;
 #[cfg(feature = "olap")]
 pub mod user;
+#[cfg(feature = "olap")]
+pub mod user_role;
 pub mod utils;
 #[cfg(all(feature = "olap", feature = "kms"))]
 pub mod verification;

diff --git a/crates/router/src/core/errors/user.rs b/crates/router/src/core/errors/user.rs
@@ -27,16 +27,22 @@ pub enum UserErrors {
     MerchantAccountCreationError(String),
     #[error("InvalidEmailError")]
     InvalidEmailError,
+    #[error("DuplicateOrganizationId")]
+    DuplicateOrganizationId,
     #[error("MerchantIdNotFound")]
     MerchantIdNotFound,
     #[error("MetadataAlreadySet")]
     MetadataAlreadySet,
-    #[error("DuplicateOrganizationId")]
-    DuplicateOrganizationId,
+    #[error("InvalidRoleId")]
+    InvalidRoleId,
+    #[error("InvalidRoleOperation")]
+    InvalidRoleOperation,
     #[error("IpAddressParsingFailed")]
     IpAddressParsingFailed,
     #[error("InvalidMetadataRequest")]
     InvalidMetadataRequest,
+    #[error("MerchantIdParsingError")]
+    MerchantIdParsingError,
 }
 
 impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorResponse> for UserErrors {
@@ -95,6 +101,15 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
                 "An Organization with the id already exists",
                 None,
             )),
+            Self::InvalidRoleId => {
+                AER::BadRequest(ApiError::new(sub_code, 22, "Invalid Role ID", None))
+            }
+            Self::InvalidRoleOperation => AER::BadRequest(ApiError::new(
+                sub_code,
+                23,
+                "User Role Operation Not Supported",
+                None,
+            )),
             Self::IpAddressParsingFailed => {
                 AER::InternalServerError(ApiError::new(sub_code, 24, "Something Went Wrong", None))
             }
@@ -104,6 +119,9 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
                 "Invalid Metadata Request",
                 None,
             )),
+            Self::MerchantIdParsingError => {
+                AER::BadRequest(ApiError::new(sub_code, 28, "Invalid Merchant Id", None))
+            }
         }
     }
 }