Skip to content

Commit

Permalink
refactor(users): remove lineage checks in roles get operations (#6701)
Browse files Browse the repository at this point in the history 
Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
  • Loading branch information
@Riddhiagrawal001 @hyperswitch-bot
Riddhiagrawal001 and hyperswitch-bot[bot] authored Dec 10, 2024
1 parent c620779 commit f96a87d
Show file tree
Hide file tree
Showing 15 changed files with 188 additions and 149 deletions.
36 changes: 30 additions & 6 deletions crates/diesel_models/src/query/role.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ impl Role {
.await
}

// TODO: Remove once find_by_role_id_in_lineage is stable
pub async fn find_by_role_id_in_merchant_scope(
conn: &PgPooledConn,
role_id: &str,
Expand All @@ -43,7 +44,27 @@ impl Role {
.await
}

pub async fn find_by_role_id_in_org_scope(
pub async fn find_by_role_id_in_lineage(
conn: &PgPooledConn,
role_id: &str,
merchant_id: &id_type::MerchantId,
org_id: &id_type::OrganizationId,
) -> StorageResult<Self> {
generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
conn,
dsl::role_id
.eq(role_id.to_owned())
.and(dsl::org_id.eq(org_id.to_owned()))
.and(
dsl::scope.eq(RoleScope::Organization).or(dsl::merchant_id
.eq(merchant_id.to_owned())
.and(dsl::scope.eq(RoleScope::Merchant))),
),
)
.await
}

pub async fn find_by_role_id_and_org_id(
conn: &PgPooledConn,
role_id: &str,
org_id: &id_type::OrganizationId,
Expand Down Expand Up @@ -88,9 +109,11 @@ impl Role {
merchant_id: &id_type::MerchantId,
org_id: &id_type::OrganizationId,
) -> StorageResult<Vec<Self>> {
let predicate = dsl::merchant_id.eq(merchant_id.to_owned()).or(dsl::org_id
.eq(org_id.to_owned())
.and(dsl::scope.eq(RoleScope::Organization)));
let predicate = dsl::org_id.eq(org_id.to_owned()).and(
dsl::scope.eq(RoleScope::Organization).or(dsl::merchant_id
.eq(merchant_id.to_owned())
.and(dsl::scope.eq(RoleScope::Merchant))),
);

generics::generic_filter::<<Self as HasTable>::Table, _, _, _>(
conn,
Expand All @@ -115,9 +138,10 @@ impl Role {

if let Some(merchant_id) = merchant_id {
query = query.filter(
dsl::merchant_id
(dsl::merchant_id
.eq(merchant_id)
.or(dsl::scope.eq(RoleScope::Organization)),
.and(dsl::scope.eq(RoleScope::Merchant)))
.or(dsl::scope.eq(RoleScope::Organization)),
);
}

Expand Down
11 changes: 7 additions & 4 deletions crates/diesel_models/src/user_role.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,19 @@ pub struct UserRole {

impl UserRole {
pub fn get_entity_id_and_type(&self) -> Option<(String, EntityType)> {
match (self.version, self.role_id.as_str()) {
(enums::UserRoleVersion::V1, consts::ROLE_ID_ORGANIZATION_ADMIN) => {
match (self.version, self.entity_type, self.role_id.as_str()) {
(enums::UserRoleVersion::V1, None, consts::ROLE_ID_ORGANIZATION_ADMIN) => {
let org_id = self.org_id.clone()?.get_string_repr().to_string();
Some((org_id, EntityType::Organization))
}
(enums::UserRoleVersion::V1, _) => {
(enums::UserRoleVersion::V1, None, _) => {
let merchant_id = self.merchant_id.clone()?.get_string_repr().to_string();
Some((merchant_id, EntityType::Merchant))
}
(enums::UserRoleVersion::V2, _) => self.entity_id.clone().zip(self.entity_type),
(enums::UserRoleVersion::V1, Some(_), _) => {
self.entity_id.clone().zip(self.entity_type)
}
(enums::UserRoleVersion::V2, _, _) => self.entity_id.clone().zip(self.entity_type),
}
}
}
Expand Down
30 changes: 10 additions & 20 deletions crates/router/src/analytics.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1847,15 +1847,10 @@ pub mod routes {
json_payload.into_inner(),
|state, auth: UserFromToken, req, _| async move {
let role_id = auth.role_id;
let role_info = RoleInfo::from_role_id_in_merchant_scope(
&state,
&role_id,
&auth.merchant_id,
&auth.org_id,
)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)?;
let role_info = RoleInfo::from_role_id_and_org_id(&state, &role_id, &auth.org_id)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)?;
let permission_groups = role_info.get_permission_groups();
if !permission_groups.contains(&common_enums::PermissionGroup::OperationsView) {
return Err(OpenSearchError::AccessForbiddenError)?;
Expand Down Expand Up @@ -1887,7 +1882,7 @@ pub mod routes {
let role_id = user_role.role_id.clone();
let org_id = user_role.org_id.clone().unwrap_or_default();
async move {
RoleInfo::from_role_id_in_org_scope(&state, &role_id, &org_id)
RoleInfo::from_role_id_and_org_id(&state, &role_id, &org_id)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)
Expand Down Expand Up @@ -1974,15 +1969,10 @@ pub mod routes {
indexed_req,
|state, auth: UserFromToken, req, _| async move {
let role_id = auth.role_id;
let role_info = RoleInfo::from_role_id_in_merchant_scope(
&state,
&role_id,
&auth.merchant_id,
&auth.org_id,
)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)?;
let role_info = RoleInfo::from_role_id_and_org_id(&state, &role_id, &auth.org_id)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)?;
let permission_groups = role_info.get_permission_groups();
if !permission_groups.contains(&common_enums::PermissionGroup::OperationsView) {
return Err(OpenSearchError::AccessForbiddenError)?;
Expand Down Expand Up @@ -2013,7 +2003,7 @@ pub mod routes {
let role_id = user_role.role_id.clone();
let org_id = user_role.org_id.clone().unwrap_or_default();
async move {
RoleInfo::from_role_id_in_org_scope(&state, &role_id, &org_id)
RoleInfo::from_role_id_and_org_id(&state, &role_id, &org_id)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)
Expand Down
48 changes: 14 additions & 34 deletions crates/router/src/core/user.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,9 @@ pub async fn get_user_details(
) -> UserResponse<user_api::GetUserDetailsResponse> {
let user = user_from_token.get_user_from_db(&state).await?;
let verification_days_left = utils::user::get_verification_days_left(&state, &user)?;
let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -553,7 +552,7 @@ async fn handle_invitation(
.into());
}

let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_in_lineage(
state,
&request.role_id,
&user_from_token.merchant_id,
Expand Down Expand Up @@ -1371,10 +1370,9 @@ pub async fn list_user_roles_details(
.await
.to_not_found_response(UserErrors::InvalidRoleOperation)?;

let requestor_role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let requestor_role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -1526,7 +1524,7 @@ pub async fn list_user_roles_details(
.collect::<HashSet<_>>()
.into_iter()
.map(|role_id| async {
let role_info = roles::RoleInfo::from_role_id_in_org_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&role_id,
&user_from_token.org_id,
Expand Down Expand Up @@ -2533,10 +2531,9 @@ pub async fn list_orgs_for_user(
state: SessionState,
user_from_token: auth::UserFromToken,
) -> UserResponse<Vec<user_api::ListOrgsForUserResponse>> {
let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -2611,10 +2608,9 @@ pub async fn list_merchants_for_user_in_org(
state: SessionState,
user_from_token: auth::UserFromToken,
) -> UserResponse<Vec<user_api::ListMerchantsForUserInOrgResponse>> {
let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -2687,10 +2683,9 @@ pub async fn list_profiles_for_user_in_org_and_merchant_account(
state: SessionState,
user_from_token: auth::UserFromToken,
) -> UserResponse<Vec<user_api::ListProfilesForUserInOrgAndMerchantAccountResponse>> {
let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -2780,10 +2775,9 @@ pub async fn switch_org_for_user(
.into());
}

let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -2876,13 +2870,8 @@ pub async fn switch_org_for_user(
)
.await?;

utils::user_role::set_role_permissions_in_cache_by_role_id_merchant_id_org_id(
&state,
&role_id,
&merchant_id,
&request.org_id,
)
.await;
utils::user_role::set_role_info_in_cache_by_role_id_org_id(&state, &role_id, &request.org_id)
.await;

let response = user_api::TokenResponse {
token: token.clone(),
Expand All @@ -2905,10 +2894,9 @@ pub async fn switch_merchant_for_user_in_org(
}

let key_manager_state = &(&state).into();
let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -3065,13 +3053,7 @@ pub async fn switch_merchant_for_user_in_org(
)
.await?;

utils::user_role::set_role_permissions_in_cache_by_role_id_merchant_id_org_id(
&state,
&role_id,
&merchant_id,
&org_id,
)
.await;
utils::user_role::set_role_info_in_cache_by_role_id_org_id(&state, &role_id, &org_id).await;

let response = user_api::TokenResponse {
token: token.clone(),
Expand All @@ -3094,10 +3076,9 @@ pub async fn switch_profile_for_user_in_org_and_merchant(
}

let key_manager_state = &(&state).into();
let role_info = roles::RoleInfo::from_role_id_in_merchant_scope(
let role_info = roles::RoleInfo::from_role_id_and_org_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
Expand Down Expand Up @@ -3175,10 +3156,9 @@ pub async fn switch_profile_for_user_in_org_and_merchant(
)
.await?;

utils::user_role::set_role_permissions_in_cache_by_role_id_merchant_id_org_id(
utils::user_role::set_role_info_in_cache_by_role_id_org_id(
&state,
&role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await;
Expand Down
Loading

0 comments on commit f96a87d

Please sign in to comment.