From fc9a1535b8d8ece4aa762b8bee40af96207db1bb Mon Sep 17 00:00:00 2001 From: Mani Chandra Dulam Date: Fri, 24 Nov 2023 18:11:35 +0530 Subject: [PATCH] refactor: remove permissions for payment link and add for apple pay --- crates/router/src/consts.rs | 3 +++ crates/router/src/consts/user.rs | 5 ----- crates/router/src/core/user.rs | 4 +--- crates/router/src/routes/payment_link.rs | 8 ++------ crates/router/src/routes/verification.rs | 14 +++++++++++--- .../src/services/authorization/permissions.rs | 2 -- .../authorization/predefined_permissions.rs | 3 +-- 7 files changed, 18 insertions(+), 21 deletions(-) diff --git a/crates/router/src/consts.rs b/crates/router/src/consts.rs index 4e3a1fd050fe..c5490ee00e63 100644 --- a/crates/router/src/consts.rs +++ b/crates/router/src/consts.rs @@ -1,3 +1,4 @@ +#[cfg(feature = "olap")] pub mod user; // ID generation @@ -57,3 +58,5 @@ pub const LOCKER_REDIS_EXPIRY_SECONDS: u32 = 60 * 15; // 15 minutes #[cfg(any(feature = "olap", feature = "oltp"))] pub const JWT_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days + +pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin"; diff --git a/crates/router/src/consts/user.rs b/crates/router/src/consts/user.rs index 174684db2b40..c570aca76038 100644 --- a/crates/router/src/consts/user.rs +++ b/crates/router/src/consts/user.rs @@ -1,7 +1,2 @@ -#[cfg(feature = "olap")] pub const MAX_NAME_LENGTH: usize = 70; -#[cfg(feature = "olap")] pub const MAX_COMPANY_NAME_LENGTH: usize = 70; - -// USER ROLES -pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin"; diff --git a/crates/router/src/core/user.rs b/crates/router/src/core/user.rs index 710dc9281bfa..8b4cf45fe5ef 100644 --- a/crates/router/src/core/user.rs +++ b/crates/router/src/core/user.rs @@ -5,9 +5,7 @@ use masking::{ExposeInterface, Secret}; use router_env::env; use super::errors::{UserErrors, UserResponse}; -use crate::{ - consts::user as consts, routes::AppState, services::ApplicationResponse, types::domain, -}; +use crate::{consts, routes::AppState, services::ApplicationResponse, types::domain}; pub async fn connect_account( state: AppState, diff --git a/crates/router/src/routes/payment_link.rs b/crates/router/src/routes/payment_link.rs index 85a701e85990..d45d67568b89 100644 --- a/crates/router/src/routes/payment_link.rs +++ b/crates/router/src/routes/payment_link.rs @@ -3,7 +3,7 @@ use router_env::{instrument, tracing, Flow}; use crate::{ core::{api_locking, payment_link::*}, - services::{api, authentication as auth, authorization::permissions::Permission}, + services::{api, authentication as auth}, AppState, }; @@ -118,11 +118,7 @@ pub async fn payments_link_list( &req, payload, |state, auth, payload| list_payment_link(state, auth.merchant_account, payload), - auth::auth_type( - &auth::ApiKeyAuth, - &auth::JWTAuth(Permission::PaymentLinkRead), - req.headers(), - ), + &auth::ApiKeyAuth, api_locking::LockAction::NotApplicable, ) .await diff --git a/crates/router/src/routes/verification.rs b/crates/router/src/routes/verification.rs index e3f88b26a1aa..4bcbacdf9912 100644 --- a/crates/router/src/routes/verification.rs +++ b/crates/router/src/routes/verification.rs @@ -5,7 +5,7 @@ use router_env::{instrument, tracing, Flow}; use super::app::AppState; use crate::{ core::{api_locking, verification}, - services::{api, authentication as auth}, + services::{api, authentication as auth, authorization::permissions::Permission}, }; #[instrument(skip_all, fields(flow = ?Flow::Verification))] @@ -32,7 +32,11 @@ pub async fn apple_pay_merchant_registration( merchant_id.clone(), ) }, - &auth::ApiKeyAuth, + auth::auth_type( + &auth::ApiKeyAuth, + &auth::JWTAuth(Permission::MerchantAccountWrite), + req.headers(), + ), api_locking::LockAction::NotApplicable, )) .await @@ -60,7 +64,11 @@ pub async fn retrieve_apple_pay_verified_domains( mca_id.to_string(), ) }, - &auth::ApiKeyAuth, + auth::auth_type( + &auth::ApiKeyAuth, + &auth::JWTAuth(Permission::MerchantAccountRead), + req.headers(), + ), api_locking::LockAction::NotApplicable, ) .await diff --git a/crates/router/src/services/authorization/permissions.rs b/crates/router/src/services/authorization/permissions.rs index e03ba8bafe31..708da97e1e39 100644 --- a/crates/router/src/services/authorization/permissions.rs +++ b/crates/router/src/services/authorization/permissions.rs @@ -29,7 +29,6 @@ pub enum Permission { UsersRead, UsersWrite, MerchantAccountCreate, - PaymentLinkRead, } impl Permission { @@ -70,7 +69,6 @@ impl Permission { Self::UsersRead => Some("View all the users for a merchant"), Self::UsersWrite => Some("Invite users, assign and update roles"), Self::MerchantAccountCreate => None, - Self::PaymentLinkRead => Some("View all Payment Links"), } } } diff --git a/crates/router/src/services/authorization/predefined_permissions.rs b/crates/router/src/services/authorization/predefined_permissions.rs index 504a06de7147..89fa2c8f739c 100644 --- a/crates/router/src/services/authorization/predefined_permissions.rs +++ b/crates/router/src/services/authorization/predefined_permissions.rs @@ -28,7 +28,7 @@ impl RoleInfo { pub static PREDEFINED_PERMISSIONS: Lazy> = Lazy::new(|| { let mut roles = HashMap::new(); roles.insert( - consts::user::ROLE_ID_ORGANIZATION_ADMIN, + consts::ROLE_ID_ORGANIZATION_ADMIN, RoleInfo { permissions: vec![ Permission::PaymentRead, @@ -58,7 +58,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy> = Lazy: Permission::UsersRead, Permission::UsersWrite, Permission::MerchantAccountCreate, - Permission::PaymentLinkRead, ], name: Some("Organization Admin"), is_invitable: false,