refactor: remove permissions for payment link and add for apple pay

juspay · Nov 24, 2023 · fc9a153 · fc9a153
1 parent ce45d0d
commit fc9a153
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 21 deletions.
diff --git a/crates/router/src/consts.rs b/crates/router/src/consts.rs
@@ -1,3 +1,4 @@
+#[cfg(feature = "olap")]
 pub mod user;
 
 // ID generation
@@ -57,3 +58,5 @@ pub const LOCKER_REDIS_EXPIRY_SECONDS: u32 = 60 * 15; // 15 minutes
 
 #[cfg(any(feature = "olap", feature = "oltp"))]
 pub const JWT_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days
+
+pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin";
diff --git a/crates/router/src/consts/user.rs b/crates/router/src/consts/user.rs
@@ -1,7 +1,2 @@
-#[cfg(feature = "olap")]
 pub const MAX_NAME_LENGTH: usize = 70;
-#[cfg(feature = "olap")]
 pub const MAX_COMPANY_NAME_LENGTH: usize = 70;
-
-// USER ROLES
-pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin";
diff --git a/crates/router/src/core/user.rs b/crates/router/src/core/user.rs
@@ -5,9 +5,7 @@ use masking::{ExposeInterface, Secret};
 use router_env::env;
 
 use super::errors::{UserErrors, UserResponse};
-use crate::{
-    consts::user as consts, routes::AppState, services::ApplicationResponse, types::domain,
-};
+use crate::{consts, routes::AppState, services::ApplicationResponse, types::domain};
 
 pub async fn connect_account(
     state: AppState,

diff --git a/crates/router/src/routes/payment_link.rs b/crates/router/src/routes/payment_link.rs
@@ -3,7 +3,7 @@ use router_env::{instrument, tracing, Flow};
 
 use crate::{
     core::{api_locking, payment_link::*},
-    services::{api, authentication as auth, authorization::permissions::Permission},
+    services::{api, authentication as auth},
     AppState,
 };
 
@@ -118,11 +118,7 @@ pub async fn payments_link_list(
         &req,
         payload,
         |state, auth, payload| list_payment_link(state, auth.merchant_account, payload),
-        auth::auth_type(
-            &auth::ApiKeyAuth,
-            &auth::JWTAuth(Permission::PaymentLinkRead),
-            req.headers(),
-        ),
+        &auth::ApiKeyAuth,
         api_locking::LockAction::NotApplicable,
     )
     .await

diff --git a/crates/router/src/routes/verification.rs b/crates/router/src/routes/verification.rs
@@ -5,7 +5,7 @@ use router_env::{instrument, tracing, Flow};
 use super::app::AppState;
 use crate::{
     core::{api_locking, verification},
-    services::{api, authentication as auth},
+    services::{api, authentication as auth, authorization::permissions::Permission},
 };
 
 #[instrument(skip_all, fields(flow = ?Flow::Verification))]
@@ -32,7 +32,11 @@ pub async fn apple_pay_merchant_registration(
                 merchant_id.clone(),
             )
         },
-        &auth::ApiKeyAuth,
+        auth::auth_type(
+            &auth::ApiKeyAuth,
+            &auth::JWTAuth(Permission::MerchantAccountWrite),
+            req.headers(),
+        ),
         api_locking::LockAction::NotApplicable,
     ))
     .await
@@ -60,7 +64,11 @@ pub async fn retrieve_apple_pay_verified_domains(
                 mca_id.to_string(),
             )
         },
-        &auth::ApiKeyAuth,
+        auth::auth_type(
+            &auth::ApiKeyAuth,
+            &auth::JWTAuth(Permission::MerchantAccountRead),
+            req.headers(),
+        ),
         api_locking::LockAction::NotApplicable,
     )
     .await

diff --git a/crates/router/src/services/authorization/permissions.rs b/crates/router/src/services/authorization/permissions.rs
@@ -29,7 +29,6 @@ pub enum Permission {
     UsersRead,
     UsersWrite,
     MerchantAccountCreate,
-    PaymentLinkRead,
 }
 
 impl Permission {
@@ -70,7 +69,6 @@ impl Permission {
             Self::UsersRead => Some("View all the users for a merchant"),
             Self::UsersWrite => Some("Invite users, assign and update roles"),
             Self::MerchantAccountCreate => None,
-            Self::PaymentLinkRead => Some("View all Payment Links"),
         }
     }
 }
diff --git a/crates/router/src/services/authorization/predefined_permissions.rs b/crates/router/src/services/authorization/predefined_permissions.rs
@@ -28,7 +28,7 @@ impl RoleInfo {
 pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|| {
     let mut roles = HashMap::new();
     roles.insert(
-        consts::user::ROLE_ID_ORGANIZATION_ADMIN,
+        consts::ROLE_ID_ORGANIZATION_ADMIN,
         RoleInfo {
             permissions: vec![
                 Permission::PaymentRead,
@@ -58,7 +58,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::UsersRead,
                 Permission::UsersWrite,
                 Permission::MerchantAccountCreate,
-                Permission::PaymentLinkRead,
             ],
             name: Some("Organization Admin"),
             is_invitable: false,