From 835a36267aa852a82a0ef11c8c4e1a4d8ff17747 Mon Sep 17 00:00:00 2001
From: Mani Chandra Dulam <mani.dchandra@juspay.in>
Date: Thu, 30 Nov 2023 17:59:56 +0530
Subject: [PATCH] refactor: add authorization in JWTAuth with UserFromToken and
 remove unused api types in user_role api_models

---
 crates/api_models/src/events/user_role.rs    |  5 +--
 crates/api_models/src/user_role.rs           | 40 --------------------
 crates/router/src/core/errors/user.rs        |  2 +-
 crates/router/src/services/authentication.rs |  3 ++
 crates/router/src/types/domain/user.rs       | 29 +-------------
 5 files changed, 7 insertions(+), 72 deletions(-)

diff --git a/crates/api_models/src/events/user_role.rs b/crates/api_models/src/events/user_role.rs
index 64c0eb34e8b4..aa8d13dab6df 100644
--- a/crates/api_models/src/events/user_role.rs
+++ b/crates/api_models/src/events/user_role.rs
@@ -1,8 +1,8 @@
 use common_utils::events::{ApiEventMetric, ApiEventsType};
 
 use crate::user_role::{
-    AuthorizationInfoResponse, GetRoleRequest, GetUsersResponse, ListRolesResponse,
-    RoleInfoResponse, UpdateUserRoleRequest,
+    AuthorizationInfoResponse, GetRoleRequest, ListRolesResponse, RoleInfoResponse,
+    UpdateUserRoleRequest,
 };
 
 common_utils::impl_misc_api_event_type!(
@@ -10,6 +10,5 @@ common_utils::impl_misc_api_event_type!(
     RoleInfoResponse,
     GetRoleRequest,
     AuthorizationInfoResponse,
-    GetUsersResponse,
     UpdateUserRoleRequest
 );
diff --git a/crates/api_models/src/user_role.rs b/crates/api_models/src/user_role.rs
index e7926f27f571..521d17e73428 100644
--- a/crates/api_models/src/user_role.rs
+++ b/crates/api_models/src/user_role.rs
@@ -1,6 +1,3 @@
-use common_utils::pii;
-use masking::Secret;
-
 #[derive(Debug, serde::Serialize)]
 pub struct ListRolesResponse(pub Vec<RoleInfoResponse>);
 
@@ -78,43 +75,6 @@ pub struct PermissionInfo {
     pub description: &'static str,
 }
 
-#[derive(Debug, serde::Serialize)]
-pub struct GetUsersResponse(pub Vec<UserDetails>);
-
-#[derive(Debug, serde::Serialize)]
-pub enum UserStatus {
-    Active,
-    InvitationSent,
-}
-
-#[derive(Debug, serde::Serialize)]
-pub struct UserDetails {
-    pub user_id: String,
-    pub email: pii::Email,
-    pub name: Secret<String>,
-    pub role_id: String,
-    pub role_name: String,
-    pub status: UserStatus,
-    #[serde(with = "common_utils::custom_serde::iso8601")]
-    pub last_modified_at: time::PrimitiveDateTime,
-}
-
-#[derive(Debug, serde::Deserialize, serde::Serialize)]
-pub struct InviteUserRequest {
-    pub email: pii::Email,
-    pub name: Secret<String>,
-    pub role_id: String,
-}
-#[derive(Debug, serde::Deserialize, serde::Serialize)]
-pub struct ReInviteUserRequest {
-    pub user_id: String,
-}
-
-#[derive(Debug, serde::Serialize)]
-pub struct InviteUserResponse {
-    pub is_email_sent: bool,
-}
-
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
 pub struct UpdateUserRoleRequest {
     pub user_id: String,
diff --git a/crates/router/src/core/errors/user.rs b/crates/router/src/core/errors/user.rs
index ba600917ecca..e96ac6876676 100644
--- a/crates/router/src/core/errors/user.rs
+++ b/crates/router/src/core/errors/user.rs
@@ -68,7 +68,7 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
             Self::InvalidOldPassword => AER::BadRequest(ApiError::new(
                 sub_code,
                 6,
-                "Old password incorrect. Please enter the correct password",
+                "Old password incorrect. Pleasesymotion-f) enter the correct password",
                 None,
             )),
             Self::EmailParsingError => {
diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs
index b01e3762bfab..8a0cd7c729e9 100644
--- a/crates/router/src/services/authentication.rs
+++ b/crates/router/src/services/authentication.rs
@@ -444,6 +444,9 @@ where
     ) -> RouterResult<(UserFromToken, AuthenticationType)> {
         let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
 
+        let permissions = authorization::get_permissions(&payload.role_id)?;
+        authorization::check_authorization(&self.0, permissions)?;
+
         Ok((
             UserFromToken {
                 user_id: payload.user_id.clone(),
diff --git a/crates/router/src/types/domain/user.rs b/crates/router/src/types/domain/user.rs
index 35280e55bb0b..0c7760f84d36 100644
--- a/crates/router/src/types/domain/user.rs
+++ b/crates/router/src/types/domain/user.rs
@@ -27,7 +27,7 @@ use crate::{
     routes::AppState,
     services::{
         authentication::{AuthToken, UserFromToken},
-        authorization::{info, predefined_permissions},
+        authorization::info,
     },
     types::transformers::ForeignFrom,
     utils::user::password,
@@ -626,33 +626,6 @@ impl UserFromStorage {
     }
 }
 
-pub struct UserAndRoleJoined(pub storage_user::User, pub UserRole);
-
-impl TryFrom<UserAndRoleJoined> for user_role_api::UserDetails {
-    type Error = ();
-    fn try_from(user_and_role: UserAndRoleJoined) -> Result<Self, Self::Error> {
-        let status = match user_and_role.1.status {
-            UserStatus::Active => user_role_api::UserStatus::Active,
-            UserStatus::InvitationSent => user_role_api::UserStatus::InvitationSent,
-        };
-
-        let role_id = user_and_role.1.role_id;
-        let role_name = predefined_permissions::get_role_name_from_id(role_id.as_str())
-            .ok_or(())?
-            .to_string();
-
-        Ok(Self {
-            user_id: user_and_role.0.user_id,
-            email: user_and_role.0.email,
-            name: user_and_role.0.name,
-            role_id,
-            status,
-            role_name,
-            last_modified_at: user_and_role.1.last_modified_at,
-        })
-    }
-}
-
 impl TryFrom<info::ModuleInfo> for user_role_api::ModuleInfo {
     type Error = ();
     fn try_from(value: info::ModuleInfo) -> Result<Self, Self::Error> {