refactor(authz): Make connector list accessible by operation groups (#…

…6792)
juspay · Dec 16, 2024 · 6081283 · 6081283
1 parent 71574a8
commit 6081283
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/crates/router/src/routes/admin.rs b/crates/router/src/routes/admin.rs
@@ -431,7 +431,10 @@ pub async fn connector_retrieve(
             &auth::AdminApiAuthWithMerchantIdFromHeader,
             &auth::JWTAuthMerchantFromRoute {
                 merchant_id,
-                required_permission: Permission::ProfileConnectorRead,
+                // This should ideally be ProfileConnectorRead, but since this API responds with
+                // sensitive data, keeping this as ProfileConnectorWrite
+                // TODO: Convert this to ProfileConnectorRead once data is masked.
+                required_permission: Permission::ProfileConnectorWrite,
             },
             req.headers(),
         ),

diff --git a/crates/router/src/services/authorization/permission_groups.rs b/crates/router/src/services/authorization/permission_groups.rs
@@ -61,8 +61,12 @@ impl PermissionGroupExt for PermissionGroup {
 
     fn accessible_groups(&self) -> Vec<Self> {
         match self {
-            Self::OperationsView => vec![Self::OperationsView],
-            Self::OperationsManage => vec![Self::OperationsView, Self::OperationsManage],
+            Self::OperationsView => vec![Self::OperationsView, Self::ConnectorsView],
+            Self::OperationsManage => vec![
+                Self::OperationsView,
+                Self::OperationsManage,
+                Self::ConnectorsView,
+            ],
 
             Self::ConnectorsView => vec![Self::ConnectorsView],
             Self::ConnectorsManage => vec![Self::ConnectorsView, Self::ConnectorsManage],