refactor: add authorization in JWTAuth with UserFromToken and remove …

…unused api types in user_role api_models
juspay · Nov 30, 2023 · 835a362 · 835a362
1 parent 25d20c2
commit 835a362
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 72 deletions.
diff --git a/crates/api_models/src/events/user_role.rs b/crates/api_models/src/events/user_role.rs
@@ -1,15 +1,14 @@
 use common_utils::events::{ApiEventMetric, ApiEventsType};
 
 use crate::user_role::{
-    AuthorizationInfoResponse, GetRoleRequest, GetUsersResponse, ListRolesResponse,
-    RoleInfoResponse, UpdateUserRoleRequest,
+    AuthorizationInfoResponse, GetRoleRequest, ListRolesResponse, RoleInfoResponse,
+    UpdateUserRoleRequest,
 };
 
 common_utils::impl_misc_api_event_type!(
     ListRolesResponse,
     RoleInfoResponse,
     GetRoleRequest,
     AuthorizationInfoResponse,
-    GetUsersResponse,
     UpdateUserRoleRequest
 );
diff --git a/crates/api_models/src/user_role.rs b/crates/api_models/src/user_role.rs
@@ -1,6 +1,3 @@
-use common_utils::pii;
-use masking::Secret;
-
 #[derive(Debug, serde::Serialize)]
 pub struct ListRolesResponse(pub Vec<RoleInfoResponse>);
 
@@ -78,43 +75,6 @@ pub struct PermissionInfo {
     pub description: &'static str,
 }
 
-#[derive(Debug, serde::Serialize)]
-pub struct GetUsersResponse(pub Vec<UserDetails>);
-
-#[derive(Debug, serde::Serialize)]
-pub enum UserStatus {
-    Active,
-    InvitationSent,
-}
-
-#[derive(Debug, serde::Serialize)]
-pub struct UserDetails {
-    pub user_id: String,
-    pub email: pii::Email,
-    pub name: Secret<String>,
-    pub role_id: String,
-    pub role_name: String,
-    pub status: UserStatus,
-    #[serde(with = "common_utils::custom_serde::iso8601")]
-    pub last_modified_at: time::PrimitiveDateTime,
-}
-
-#[derive(Debug, serde::Deserialize, serde::Serialize)]
-pub struct InviteUserRequest {
-    pub email: pii::Email,
-    pub name: Secret<String>,
-    pub role_id: String,
-}
-#[derive(Debug, serde::Deserialize, serde::Serialize)]
-pub struct ReInviteUserRequest {
-    pub user_id: String,
-}
-
-#[derive(Debug, serde::Serialize)]
-pub struct InviteUserResponse {
-    pub is_email_sent: bool,
-}
-
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
 pub struct UpdateUserRoleRequest {
     pub user_id: String,

diff --git a/crates/router/src/core/errors/user.rs b/crates/router/src/core/errors/user.rs
@@ -68,7 +68,7 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
             Self::InvalidOldPassword => AER::BadRequest(ApiError::new(
                 sub_code,
                 6,
-                "Old password incorrect. Please enter the correct password",
+                "Old password incorrect. Pleasesymotion-f) enter the correct password",
                 None,
             )),
             Self::EmailParsingError => {

diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs
@@ -444,6 +444,9 @@ where
     ) -> RouterResult<(UserFromToken, AuthenticationType)> {
         let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
 
+        let permissions = authorization::get_permissions(&payload.role_id)?;
+        authorization::check_authorization(&self.0, permissions)?;
+
         Ok((
             UserFromToken {
                 user_id: payload.user_id.clone(),

diff --git a/crates/router/src/types/domain/user.rs b/crates/router/src/types/domain/user.rs
@@ -27,7 +27,7 @@ use crate::{
     routes::AppState,
     services::{
         authentication::{AuthToken, UserFromToken},
-        authorization::{info, predefined_permissions},
+        authorization::info,
     },
     types::transformers::ForeignFrom,
     utils::user::password,
@@ -626,33 +626,6 @@ impl UserFromStorage {
     }
 }
 
-pub struct UserAndRoleJoined(pub storage_user::User, pub UserRole);
-
-impl TryFrom<UserAndRoleJoined> for user_role_api::UserDetails {
-    type Error = ();
-    fn try_from(user_and_role: UserAndRoleJoined) -> Result<Self, Self::Error> {
-        let status = match user_and_role.1.status {
-            UserStatus::Active => user_role_api::UserStatus::Active,
-            UserStatus::InvitationSent => user_role_api::UserStatus::InvitationSent,
-        };
-
-        let role_id = user_and_role.1.role_id;
-        let role_name = predefined_permissions::get_role_name_from_id(role_id.as_str())
-            .ok_or(())?
-            .to_string();
-
-        Ok(Self {
-            user_id: user_and_role.0.user_id,
-            email: user_and_role.0.email,
-            name: user_and_role.0.name,
-            role_id,
-            status,
-            role_name,
-            last_modified_at: user_and_role.1.last_modified_at,
-        })
-    }
-}
-
 impl TryFrom<info::ModuleInfo> for user_role_api::ModuleInfo {
     type Error = ();
     fn try_from(value: info::ModuleInfo) -> Result<Self, Self::Error> {