From e5710fa084ed5b0a4969a63b14a7f8e3433a3c64 Mon Sep 17 00:00:00 2001 From: Mani Chandra <84711804+ThisIsMani@users.noreply.github.com> Date: Tue, 22 Oct 2024 15:20:43 +0530 Subject: [PATCH] refactor(permissions): Remove permissions field from permission info API response (#6376) --- crates/api_models/src/user_role.rs | 43 ------------------ .../router/src/services/authorization/info.rs | 21 +-------- .../src/services/authorization/permissions.rs | 45 ------------------- crates/router/src/utils/user_role.rs | 42 +---------------- 4 files changed, 3 insertions(+), 148 deletions(-) diff --git a/crates/api_models/src/user_role.rs b/crates/api_models/src/user_role.rs index ab32651e7293..e64639646d1c 100644 --- a/crates/api_models/src/user_role.rs +++ b/crates/api_models/src/user_role.rs @@ -4,42 +4,6 @@ use masking::Secret; pub mod role; -#[derive(Debug, serde::Serialize)] -pub enum Permission { - PaymentRead, - PaymentWrite, - RefundRead, - RefundWrite, - ApiKeyRead, - ApiKeyWrite, - MerchantAccountRead, - MerchantAccountWrite, - MerchantConnectorAccountRead, - MerchantConnectorAccountWrite, - RoutingRead, - RoutingWrite, - DisputeRead, - DisputeWrite, - MandateRead, - MandateWrite, - CustomerRead, - CustomerWrite, - Analytics, - ThreeDsDecisionManagerWrite, - ThreeDsDecisionManagerRead, - SurchargeDecisionManagerWrite, - SurchargeDecisionManagerRead, - UsersRead, - UsersWrite, - MerchantAccountCreate, - WebhookEventRead, - PayoutWrite, - PayoutRead, - WebhookEventWrite, - GenerateReport, - ReconAdmin, -} - #[derive(Clone, Debug, serde::Serialize, PartialEq, Eq, Hash)] pub enum ParentGroup { Operations, @@ -69,7 +33,6 @@ pub enum AuthorizationInfo { pub struct GroupInfo { pub group: PermissionGroup, pub description: &'static str, - pub permissions: Vec, } #[derive(Debug, serde::Serialize, Clone)] @@ -79,12 +42,6 @@ pub struct ParentInfo { pub groups: Vec, } -#[derive(Debug, serde::Serialize)] -pub struct PermissionInfo { - pub enum_name: Permission, - pub description: &'static str, -} - #[derive(Debug, serde::Deserialize, serde::Serialize)] pub struct UpdateUserRoleRequest { pub email: pii::Email, diff --git a/crates/router/src/services/authorization/info.rs b/crates/router/src/services/authorization/info.rs index 7cfde3efeea2..031e0b567290 100644 --- a/crates/router/src/services/authorization/info.rs +++ b/crates/router/src/services/authorization/info.rs @@ -1,9 +1,7 @@ -use api_models::user_role::{GroupInfo, ParentGroup, PermissionInfo}; +use api_models::user_role::{GroupInfo, ParentGroup}; use common_enums::PermissionGroup; use strum::IntoEnumIterator; -use super::{permission_groups::get_permissions_vec, permissions::Permission}; - // TODO: To be deprecated pub fn get_group_authorization_info() -> Vec { PermissionGroup::iter() @@ -11,25 +9,10 @@ pub fn get_group_authorization_info() -> Vec { .collect() } -// TODO: To be deprecated -pub fn get_permission_info_from_permissions(permissions: &[Permission]) -> Vec { - permissions - .iter() - .map(|&per| PermissionInfo { - description: Permission::get_permission_description(&per), - enum_name: per.into(), - }) - .collect() -} - // TODO: To be deprecated fn get_group_info_from_permission_group(group: PermissionGroup) -> GroupInfo { let description = get_group_description(group); - GroupInfo { - group, - description, - permissions: get_permission_info_from_permissions(get_permissions_vec(&group)), - } + GroupInfo { group, description } } // TODO: To be deprecated diff --git a/crates/router/src/services/authorization/permissions.rs b/crates/router/src/services/authorization/permissions.rs index 2f0617557caf..2121ba0f9440 100644 --- a/crates/router/src/services/authorization/permissions.rs +++ b/crates/router/src/services/authorization/permissions.rs @@ -37,48 +37,3 @@ pub enum Permission { GenerateReport, ReconAdmin, } - -impl Permission { - pub fn get_permission_description(&self) -> &'static str { - match self { - Self::PaymentRead => "View all payments", - Self::PaymentWrite => "Create payment, download payments data", - Self::RefundRead => "View all refunds", - Self::RefundWrite => "Create refund, download refunds data", - Self::ApiKeyRead => "View API keys", - Self::ApiKeyWrite => "Create and update API keys", - Self::MerchantAccountRead => "View merchant account details", - Self::MerchantAccountWrite => { - "Update merchant account details, configure webhooks, manage api keys" - } - Self::MerchantConnectorAccountRead => "View connectors configured", - Self::MerchantConnectorAccountWrite => { - "Create, update, verify and delete connector configurations" - } - Self::RoutingRead => "View routing configuration", - Self::RoutingWrite => "Create and activate routing configurations", - Self::DisputeRead => "View disputes", - Self::DisputeWrite => "Create and update disputes", - Self::MandateRead => "View mandates", - Self::MandateWrite => "Create and update mandates", - Self::CustomerRead => "View customers", - Self::CustomerWrite => "Create, update and delete customers", - Self::Analytics => "Access to analytics module", - Self::ThreeDsDecisionManagerWrite => "Create and update 3DS decision rules", - Self::ThreeDsDecisionManagerRead => { - "View all 3DS decision rules configured for a merchant" - } - Self::SurchargeDecisionManagerWrite => "Create and update the surcharge decision rules", - Self::SurchargeDecisionManagerRead => "View all the surcharge decision rules", - Self::UsersRead => "View all the users for a merchant", - Self::UsersWrite => "Invite users, assign and update roles", - Self::MerchantAccountCreate => "Create merchant account", - Self::WebhookEventRead => "View webhook events", - Self::WebhookEventWrite => "Trigger retries for webhook events", - Self::PayoutRead => "View all payouts", - Self::PayoutWrite => "Create payout, download payout data", - Self::GenerateReport => "Generate reports for payments, refunds and disputes", - Self::ReconAdmin => "View and manage reconciliation reports", - } - } -} diff --git a/crates/router/src/utils/user_role.rs b/crates/router/src/utils/user_role.rs index 0ea423989f5d..6f0d94d2927f 100644 --- a/crates/router/src/utils/user_role.rs +++ b/crates/router/src/utils/user_role.rs @@ -1,6 +1,5 @@ use std::{cmp, collections::HashSet}; -use api_models::user_role as user_role_api; use common_enums::{EntityType, PermissionGroup}; use common_utils::id_type; use diesel_models::{ @@ -16,49 +15,10 @@ use crate::{ core::errors::{UserErrors, UserResult}, db::user_role::{ListUserRolesByOrgIdPayload, ListUserRolesByUserIdPayload}, routes::SessionState, - services::authorization::{self as authz, permissions::Permission, roles}, + services::authorization::{self as authz, roles}, types::domain, }; -impl From for user_role_api::Permission { - fn from(value: Permission) -> Self { - match value { - Permission::PaymentRead => Self::PaymentRead, - Permission::PaymentWrite => Self::PaymentWrite, - Permission::RefundRead => Self::RefundRead, - Permission::RefundWrite => Self::RefundWrite, - Permission::ApiKeyRead => Self::ApiKeyRead, - Permission::ApiKeyWrite => Self::ApiKeyWrite, - Permission::MerchantAccountRead => Self::MerchantAccountRead, - Permission::MerchantAccountWrite => Self::MerchantAccountWrite, - Permission::MerchantConnectorAccountRead => Self::MerchantConnectorAccountRead, - Permission::MerchantConnectorAccountWrite => Self::MerchantConnectorAccountWrite, - Permission::RoutingRead => Self::RoutingRead, - Permission::RoutingWrite => Self::RoutingWrite, - Permission::DisputeRead => Self::DisputeRead, - Permission::DisputeWrite => Self::DisputeWrite, - Permission::MandateRead => Self::MandateRead, - Permission::MandateWrite => Self::MandateWrite, - Permission::CustomerRead => Self::CustomerRead, - Permission::CustomerWrite => Self::CustomerWrite, - Permission::Analytics => Self::Analytics, - Permission::ThreeDsDecisionManagerWrite => Self::ThreeDsDecisionManagerWrite, - Permission::ThreeDsDecisionManagerRead => Self::ThreeDsDecisionManagerRead, - Permission::SurchargeDecisionManagerWrite => Self::SurchargeDecisionManagerWrite, - Permission::SurchargeDecisionManagerRead => Self::SurchargeDecisionManagerRead, - Permission::UsersRead => Self::UsersRead, - Permission::UsersWrite => Self::UsersWrite, - Permission::MerchantAccountCreate => Self::MerchantAccountCreate, - Permission::WebhookEventRead => Self::WebhookEventRead, - Permission::WebhookEventWrite => Self::WebhookEventWrite, - Permission::PayoutRead => Self::PayoutRead, - Permission::PayoutWrite => Self::PayoutWrite, - Permission::GenerateReport => Self::GenerateReport, - Permission::ReconAdmin => Self::ReconAdmin, - } - } -} - pub fn validate_role_groups(groups: &[PermissionGroup]) -> UserResult<()> { if groups.is_empty() { return Err(report!(UserErrors::InvalidRoleOperation))