feat(users): custom role at profile read

crates/api_models/src/user_role/role.rs

@@ -7,6 +7,7 @@ pub struct CreateRoleRequest {
     pub role_name: String,
     pub groups: Vec<PermissionGroup>,
     pub role_scope: RoleScope,
+    pub entity_type: Option<EntityType>,
 }
 
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
@@ -21,6 +22,7 @@ pub struct RoleInfoWithGroupsResponse {
     pub groups: Vec<PermissionGroup>,
     pub role_name: String,
     pub role_scope: RoleScope,
+    pub entity_type: EntityType,
 }
 
 #[derive(Debug, serde::Serialize)]

crates/common_enums/src/enums.rs

@@ -2799,8 +2799,19 @@ pub enum TransactionType {
 #[serde(rename_all = "snake_case")]
 #[strum(serialize_all = "snake_case")]
 pub enum RoleScope {
-    Merchant,
     Organization,
+    Merchant,
+    Profile,
+}
+
+impl From<RoleScope> for EntityType {
+    fn from(role_scope: RoleScope) -> Self {
+        match role_scope {
+            RoleScope::Organization => Self::Organization,
+            RoleScope::Merchant => Self::Merchant,
+            RoleScope::Profile => Self::Profile,
+        }
+    }
 }
 
 /// Indicates the transaction status
@@ -3255,6 +3266,7 @@ pub enum ApiVersion {
     serde::Serialize,
     strum::Display,
     strum::EnumString,
+    strum::EnumIter,
     ToSchema,
     Hash,
 )]

crates/diesel_models/src/query/role.rs

@@ -1,10 +1,12 @@
 use async_bb8_diesel::AsyncRunQueryDsl;
+use common_enums::EntityType;
 use common_utils::id_type;
 use diesel::{
     associations::HasTable, debug_query, pg::Pg, result::Error as DieselError,
     BoolExpressionMethods, ExpressionMethods, QueryDsl,
 };
 use error_stack::{report, ResultExt};
+use strum::IntoEnumIterator;
 
 use crate::{
     enums::RoleScope, errors, query::generics, role::*, schema::roles::dsl, PgPooledConn,
@@ -18,28 +20,23 @@ impl RoleNew {
 }
 
 impl Role {
-    pub async fn find_by_role_id(conn: &PgPooledConn, role_id: &str) -> StorageResult<Self> {
-        generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
-            conn,
-            dsl::role_id.eq(role_id.to_owned()),
-        )
-        .await
+    fn get_entity_list(
+        current_entity: EntityType,
+        is_lineage_data_required: bool,
+    ) -> Vec<EntityType> {
+        is_lineage_data_required
+            .then(|| {
+                EntityType::iter()
+                    .filter(|variant| *variant <= current_entity)
+                    .collect()
+            })
+            .unwrap_or_else(|| vec![current_entity])
     }
 
-    // TODO: Remove once find_by_role_id_in_lineage is stable
-    pub async fn find_by_role_id_in_merchant_scope(
-        conn: &PgPooledConn,
-        role_id: &str,
-        merchant_id: &id_type::MerchantId,
-        org_id: &id_type::OrganizationId,
-    ) -> StorageResult<Self> {
+    pub async fn find_by_role_id(conn: &PgPooledConn, role_id: &str) -> StorageResult<Self> {
         generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
             conn,
-            dsl::role_id.eq(role_id.to_owned()).and(
-                dsl::merchant_id.eq(merchant_id.to_owned()).or(dsl::org_id
-                    .eq(org_id.to_owned())
-                    .and(dsl::scope.eq(RoleScope::Organization))),
-            ),
+            dsl::role_id.eq(role_id.to_owned()),
         )
         .await
     }
@@ -49,16 +46,22 @@ impl Role {
         role_id: &str,
         merchant_id: &id_type::MerchantId,
         org_id: &id_type::OrganizationId,
+        profile_id: &id_type::ProfileId,
     ) -> StorageResult<Self> {
         generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
             conn,
             dsl::role_id
                 .eq(role_id.to_owned())
                 .and(dsl::org_id.eq(org_id.to_owned()))
                 .and(
-                    dsl::scope.eq(RoleScope::Organization).or(dsl::merchant_id
-                        .eq(merchant_id.to_owned())
-                        .and(dsl::scope.eq(RoleScope::Merchant))),
+                    dsl::scope
+                        .eq(RoleScope::Organization)
+                        .or(dsl::merchant_id
+                            .eq(merchant_id.to_owned())
+                            .and(dsl::scope.eq(RoleScope::Merchant)))
+                        .or(dsl::profile_id
+                            .eq(profile_id.to_owned())
+                            .and(dsl::scope.eq(RoleScope::Profile))),
                 ),
         )
         .await
@@ -104,32 +107,12 @@ impl Role {
         .await
     }
 
-    pub async fn list_roles(
-        conn: &PgPooledConn,
-        merchant_id: &id_type::MerchantId,
-        org_id: &id_type::OrganizationId,
-    ) -> StorageResult<Vec<Self>> {
-        let predicate = dsl::org_id.eq(org_id.to_owned()).and(
-            dsl::scope.eq(RoleScope::Organization).or(dsl::merchant_id
-                .eq(merchant_id.to_owned())
-                .and(dsl::scope.eq(RoleScope::Merchant))),
-        );
-
-        generics::generic_filter::<<Self as HasTable>::Table, _, _, _>(
-            conn,
-            predicate,
-            None,
-            None,
-            Some(dsl::last_modified_at.asc()),
-        )
-        .await
-    }
-
+    //TODO: Remove once generic_list_roles_by_entity_type is stable
     pub async fn generic_roles_list_for_org(
         conn: &PgPooledConn,
         org_id: id_type::OrganizationId,
         merchant_id: Option<id_type::MerchantId>,
-        entity_type: Option<common_enums::EntityType>,
+        entity_type: Option<EntityType>,
         limit: Option<u32>,
     ) -> StorageResult<Vec<Self>> {
         let mut query = <Self as HasTable>::table()
@@ -170,4 +153,63 @@ impl Role {
             },
         }
     }
+
+    pub async fn generic_list_roles_by_entity_type(
+        conn: &PgPooledConn,
+        payload: ListRolesByEntityPayload,
+        is_lineage_data_required: bool,
+    ) -> StorageResult<Vec<Self>> {
+        let mut query = <Self as HasTable>::table().into_boxed();
+
+        match payload {
+            ListRolesByEntityPayload::Organization(org_id) => {
+                let entity_in_vec =
+                    Self::get_entity_list(EntityType::Organization, is_lineage_data_required);
+                query = query
+                    .filter(dsl::org_id.eq(org_id))
+                    .filter(dsl::entity_type.eq_any(entity_in_vec))
+            }
+
+            ListRolesByEntityPayload::Merchant(org_id, merchant_id) => {
+                let entity_in_vec =
+                    Self::get_entity_list(EntityType::Merchant, is_lineage_data_required);
+                query = query
+                    .filter(dsl::org_id.eq(org_id))
+                    .filter(
+                        dsl::scope
+                            .eq(RoleScope::Organization)
+                            .or(dsl::merchant_id.eq(merchant_id)),
+                    )
+                    .filter(dsl::entity_type.eq_any(entity_in_vec))
+            }
+
+            ListRolesByEntityPayload::Profile(org_id, merchant_id, profile_id) => {
+                let entity_in_vec =
+                    Self::get_entity_list(EntityType::Profile, is_lineage_data_required);
+                query = query
+                    .filter(dsl::org_id.eq(org_id))
+                    .filter(
+                        dsl::scope
+                            .eq(RoleScope::Organization)
+                            .or(dsl::scope
+                                .eq(RoleScope::Merchant)
+                                .and(dsl::merchant_id.eq(merchant_id.clone())))
+                            .or(dsl::profile_id.eq(profile_id)),
+                    )
+                    .filter(dsl::entity_type.eq_any(entity_in_vec))
+            }
+        };
+
+        router_env::logger::debug!(query = %debug_query::<Pg,_>(&query).to_string());
+
+        match generics::db_metrics::track_database_call::<Self, _, _>(
+            query.get_results_async(conn),
+            generics::db_metrics::DatabaseOperation::Filter,
+        )
+        .await
+        {
+            Ok(value) => Ok(value),
+            Err(err) => Err(report!(err)).change_context(errors::DatabaseError::Others),
+        }
+    }
 }

crates/diesel_models/src/role.rs

@@ -19,6 +19,7 @@ pub struct Role {
     pub last_modified_at: PrimitiveDateTime,
     pub last_modified_by: String,
     pub entity_type: enums::EntityType,
+    pub profile_id: Option<id_type::ProfileId>,
 }
 
 #[derive(router_derive::Setter, Clone, Debug, Insertable, router_derive::DebugAsDisplay)]
@@ -36,6 +37,7 @@ pub struct RoleNew {
     pub last_modified_at: PrimitiveDateTime,
     pub last_modified_by: String,
     pub entity_type: enums::EntityType,
+    pub profile_id: Option<id_type::ProfileId>,
 }
 
 #[derive(Clone, Debug, AsChangeset, router_derive::DebugAsDisplay)]
@@ -73,3 +75,38 @@ impl From<RoleUpdate> for RoleUpdateInternal {
         }
     }
 }
+
+#[derive(Clone, Debug)]
+pub enum ListRolesByEntityPayload {
+    Profile(
+        id_type::OrganizationId,
+        id_type::MerchantId,
+        id_type::ProfileId,
+    ),
+    Merchant(id_type::OrganizationId, id_type::MerchantId),
+    Organization(id_type::OrganizationId),
+}
+
+impl ListRolesByEntityPayload {
+    pub fn get_organization_id(&self) -> Option<id_type::OrganizationId> {
+        match self {
+            Self::Organization(org_id)
+            | Self::Merchant(org_id, _)
+            | Self::Profile(org_id, _, _) => Some(org_id.to_owned()),
+        }
+    }
+    pub fn get_merchant_id(&self) -> Option<id_type::MerchantId> {
+        match self {
+            Self::Organization(_) => None,
+            Self::Merchant(_, merchant_id) | Self::Profile(_, merchant_id, _) => {
+                Some(merchant_id.to_owned())
+            }
+        }
+    }
+    pub fn get_profile_id(&self) -> Option<id_type::ProfileId> {
+        match self {
+            Self::Organization(_) | Self::Merchant(_, _) => None,
+            Self::Profile(_, _, profile_id) => Some(profile_id.to_owned()),
+        }
+    }
+}

crates/diesel_models/src/schema.rs

@@ -1305,6 +1305,8 @@ diesel::table! {
         last_modified_by -> Varchar,
         #[max_length = 64]
         entity_type -> Varchar,
+        #[max_length = 64]
+        profile_id -> Nullable<Varchar>,
     }
 }
 

crates/diesel_models/src/schema_v2.rs

@@ -1252,6 +1252,8 @@ diesel::table! {
         last_modified_by -> Varchar,
         #[max_length = 64]
         entity_type -> Varchar,
+        #[max_length = 64]
+        profile_id -> Nullable<Varchar>,
     }
 }
 

crates/router/src/core/user.rs

@@ -602,6 +602,7 @@ async fn handle_invitation(
         &request.role_id,
         &user_from_token.merchant_id,
         &user_from_token.org_id,
+        &user_from_token.profile_id,
     )
     .await
     .to_not_found_response(UserErrors::InvalidRoleId)?;

crates/router/src/core/user_role.rs

@@ -123,6 +123,7 @@ pub async fn update_user_role(
         &req.role_id,
         &user_from_token.merchant_id,
         &user_from_token.org_id,
+        &user_from_token.profile_id,
     )
     .await
     .to_not_found_response(UserErrors::InvalidRoleId)?;
@@ -527,6 +528,7 @@ pub async fn delete_user_role(
             &role_to_be_deleted.role_id,
             &user_from_token.merchant_id,
             &user_from_token.org_id,
+            &user_from_token.profile_id,
         )
         .await
         .change_context(UserErrors::InternalServerError)?;
@@ -597,6 +599,7 @@ pub async fn delete_user_role(
             &role_to_be_deleted.role_id,
             &user_from_token.merchant_id,
             &user_from_token.org_id,
+            &user_from_token.profile_id,
         )
         .await
         .change_context(UserErrors::InternalServerError)?;