Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(users): add tenant id reads in user roles #6661

Merged
merged 8 commits into from
Nov 29, 2024
Merged

feat(users): add tenant id reads in user roles #6661

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3fa7de1
feat(users): add tenant id reads in user roles
apoorvdixit88 Nov 26, 2024
c125cff
fix: resolve review comments
apoorvdixit88 Nov 26, 2024
d2065f3
fix: v2 check
apoorvdixit88 Nov 26, 2024
92f5791
Merge branch 'main' into add-tenant-id-in-user-roles-queries
apoorvdixit88 Nov 26, 2024
19301fd
fix: v2 with main
apoorvdixit88 Nov 26, 2024
1ccef95
chore: run formatter
hyperswitch-bot[bot] Nov 26, 2024
f5365b1
Merge branch 'main' into add-tenant-id-in-user-roles-queries
apoorvdixit88 Nov 27, 2024
998f369
fix: new check changes
apoorvdixit88 Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
210 changes: 106 additions & 104 deletions crates/diesel_models/src/query/user_role.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
use async_bb8_diesel::AsyncRunQueryDsl;
use common_utils::id_type;
use diesel::{
associations::HasTable, debug_query, pg::Pg, result::Error as DieselError,
associations::HasTable,
debug_query,
pg::Pg,
result::Error as DieselError,
sql_types::{Bool, Nullable},
BoolExpressionMethods, ExpressionMethods, QueryDsl,
};
use error_stack::{report, ResultExt};
Expand All @@ -22,89 +26,70 @@
}

impl UserRole {
pub async fn find_by_user_id(
conn: &PgPooledConn,
user_id: String,
version: UserRoleVersion,
) -> StorageResult<Self> {
generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
conn,
dsl::user_id.eq(user_id).and(dsl::version.eq(version)),
)
.await
}

pub async fn find_by_user_id_merchant_id(
conn: &PgPooledConn,
user_id: String,
merchant_id: id_type::MerchantId,
version: UserRoleVersion,
) -> StorageResult<Self> {
generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
conn,
dsl::user_id
.eq(user_id)
.and(dsl::merchant_id.eq(merchant_id))
.and(dsl::version.eq(version)),
)
.await
}

pub async fn list_by_user_id(
conn: &PgPooledConn,
user_id: String,
version: UserRoleVersion,
) -> StorageResult<Vec<Self>> {
generics::generic_filter::<<Self as HasTable>::Table, _, _, _>(
conn,
dsl::user_id.eq(user_id).and(dsl::version.eq(version)),
None,
None,
Some(dsl::created_at.asc()),
fn check_user_in_lineage(
tenant_id: id_type::TenantId,
org_id: Option<id_type::OrganizationId>,
merchant_id: Option<id_type::MerchantId>,
profile_id: Option<id_type::ProfileId>,
) -> Box<
dyn diesel::BoxableExpression<<Self as HasTable>::Table, Pg, SqlType = Nullable<Bool>>
+ 'static,
> {
// Checking in user roles, for a user in token hierarchy, only one of the relations will be true:
// either tenant level, org level, merchant level, or profile level
// Tenant-level: (tenant_id = ? && org_id = null && merchant_id = null && profile_id = null)
// Org-level: (org_id = ? && merchant_id = null && profile_id = null)
// Merchant-level: (org_id = ? && merchant_id = ? && profile_id = null)
// Profile-level: (org_id = ? && merchant_id = ? && profile_id = ?)
Box::new(
// Tenant-level condtion

Check warning on line 45 in crates/diesel_models/src/query/user_role.rs

View workflow job for this annotation

GitHub Actions / Spell check 

"condtion" should be "condition".
dsl::tenant_id
.eq(tenant_id.clone())
.and(dsl::org_id.is_null())
.and(dsl::merchant_id.is_null())
.and(dsl::profile_id.is_null())
.or(
// Org-level condition
dsl::tenant_id
.eq(tenant_id.clone())
.and(dsl::org_id.eq(org_id.clone()))
.and(dsl::merchant_id.is_null())
.and(dsl::profile_id.is_null()),
)
.or(
// Merchant-level condition
dsl::tenant_id
.eq(tenant_id.clone())
.and(dsl::org_id.eq(org_id.clone()))
.and(dsl::merchant_id.eq(merchant_id.clone()))
.and(dsl::profile_id.is_null()),
)
.or(
// Profile-level condition
dsl::tenant_id
.eq(tenant_id)
.and(dsl::org_id.eq(org_id))
.and(dsl::merchant_id.eq(merchant_id))
.and(dsl::profile_id.eq(profile_id)),
),
)
.await
}

pub async fn list_by_merchant_id(
conn: &PgPooledConn,
merchant_id: id_type::MerchantId,
version: UserRoleVersion,
) -> StorageResult<Vec<Self>> {
generics::generic_filter::<<Self as HasTable>::Table, _, _, _>(
conn,
dsl::merchant_id
.eq(merchant_id)
.and(dsl::version.eq(version)),
None,
None,
Some(dsl::created_at.asc()),
)
.await
}

pub async fn find_by_user_id_org_id_merchant_id_profile_id(
pub async fn find_by_user_id_tenant_id_org_id_merchant_id_profile_id(
conn: &PgPooledConn,
user_id: String,
tenant_id: id_type::TenantId,
org_id: id_type::OrganizationId,
merchant_id: id_type::MerchantId,
profile_id: id_type::ProfileId,
version: UserRoleVersion,
) -> StorageResult<Self> {
// Checking in user roles, for a user in token hierarchy, only one of the relation will be true, either org level, merchant level or profile level
// (org_id = ? && merchant_id = null && profile_id = null) || (org_id = ? && merchant_id = ? && profile_id = null) || (org_id = ? && merchant_id = ? && profile_id = ?)
let check_lineage = dsl::org_id
.eq(org_id.clone())
.and(dsl::merchant_id.is_null().and(dsl::profile_id.is_null()))
.or(dsl::org_id.eq(org_id.clone()).and(
dsl::merchant_id
.eq(merchant_id.clone())
.and(dsl::profile_id.is_null()),
))
.or(dsl::org_id.eq(org_id).and(
dsl::merchant_id
.eq(merchant_id)
.and(dsl::profile_id.eq(profile_id)),
));
let check_lineage = Self::check_user_in_lineage(
tenant_id,
Some(org_id),
Some(merchant_id),
Some(profile_id),
);

let predicate = dsl::user_id
.eq(user_id)
Expand All @@ -114,30 +99,45 @@
generics::generic_find_one::<<Self as HasTable>::Table, _, _>(conn, predicate).await
}

pub async fn update_by_user_id_org_id_merchant_id_profile_id(
pub async fn update_by_user_id_tenant_id_org_id_merchant_id_profile_id(
conn: &PgPooledConn,
user_id: String,
tenant_id: id_type::TenantId,
org_id: id_type::OrganizationId,
merchant_id: Option<id_type::MerchantId>,
profile_id: Option<id_type::ProfileId>,
update: UserRoleUpdate,
version: UserRoleVersion,
) -> StorageResult<Self> {
// Checking in user roles, for a user in token hierarchy, only one of the relation will be true, either org level, merchant level or profile level
// (org_id = ? && merchant_id = null && profile_id = null) || (org_id = ? && merchant_id = ? && profile_id = null) || (org_id = ? && merchant_id = ? && profile_id = ?)
let check_lineage = dsl::org_id
.eq(org_id.clone())
.and(dsl::merchant_id.is_null().and(dsl::profile_id.is_null()))
.or(dsl::org_id.eq(org_id.clone()).and(
dsl::merchant_id
.eq(merchant_id.clone())
let check_lineage = dsl::tenant_id
.eq(tenant_id.clone())
.and(dsl::org_id.is_null())
.and(dsl::merchant_id.is_null())
.and(dsl::profile_id.is_null())
.or(
// Org-level condition
dsl::tenant_id
.eq(tenant_id.clone())
.and(dsl::org_id.eq(org_id.clone()))
.and(dsl::merchant_id.is_null())
.and(dsl::profile_id.is_null()),
))
.or(dsl::org_id.eq(org_id).and(
dsl::merchant_id
.eq(merchant_id)
)
.or(
// Merchant-level condition
dsl::tenant_id
.eq(tenant_id.clone())
.and(dsl::org_id.eq(org_id.clone()))
.and(dsl::merchant_id.eq(merchant_id.clone()))
.and(dsl::profile_id.is_null()),
)
.or(
// Profile-level condition
dsl::tenant_id
.eq(tenant_id)
.and(dsl::org_id.eq(org_id))
.and(dsl::merchant_id.eq(merchant_id))
.and(dsl::profile_id.eq(profile_id)),
));
);

let predicate = dsl::user_id
.eq(user_id)
Expand All @@ -153,29 +153,21 @@
.await
}

pub async fn delete_by_user_id_org_id_merchant_id_profile_id(
pub async fn delete_by_user_id_tenant_id_org_id_merchant_id_profile_id(
conn: &PgPooledConn,
user_id: String,
tenant_id: id_type::TenantId,
org_id: id_type::OrganizationId,
merchant_id: id_type::MerchantId,
profile_id: id_type::ProfileId,
version: UserRoleVersion,
) -> StorageResult<Self> {
// Checking in user roles, for a user in token hierarchy, only one of the relation will be true, either org level, merchant level or profile level
// (org_id = ? && merchant_id = null && profile_id = null) || (org_id = ? && merchant_id = ? && profile_id = null) || (org_id = ? && merchant_id = ? && profile_id = ?)
let check_lineage = dsl::org_id
.eq(org_id.clone())
.and(dsl::merchant_id.is_null().and(dsl::profile_id.is_null()))
.or(dsl::org_id.eq(org_id.clone()).and(
dsl::merchant_id
.eq(merchant_id.clone())
.and(dsl::profile_id.is_null()),
))
.or(dsl::org_id.eq(org_id).and(
dsl::merchant_id
.eq(merchant_id)
.and(dsl::profile_id.eq(profile_id)),
));
let check_lineage = Self::check_user_in_lineage(
tenant_id,
Some(org_id),
Some(merchant_id),
Some(profile_id),
);

let predicate = dsl::user_id
.eq(user_id)
Expand All @@ -190,6 +182,7 @@
pub async fn generic_user_roles_list_for_user(
conn: &PgPooledConn,
user_id: String,
tenant_id: Option<id_type::TenantId>,
apoorvdixit88 marked this conversation as resolved.
Show resolved Hide resolved
org_id: Option<id_type::OrganizationId>,
merchant_id: Option<id_type::MerchantId>,
profile_id: Option<id_type::ProfileId>,
Expand All @@ -202,6 +195,10 @@
.filter(dsl::user_id.eq(user_id))
.into_boxed();

if let Some(tenant_id) = tenant_id {
query = query.filter(dsl::tenant_id.eq(tenant_id));
}

if let Some(org_id) = org_id {
query = query.filter(dsl::org_id.eq(org_id));
}
Expand Down Expand Up @@ -251,6 +248,7 @@
pub async fn generic_user_roles_list_for_org_and_extra(
conn: &PgPooledConn,
user_id: Option<String>,
tenant_id: Option<id_type::TenantId>,
apoorvdixit88 marked this conversation as resolved.
Show resolved Hide resolved
org_id: id_type::OrganizationId,
merchant_id: Option<id_type::MerchantId>,
profile_id: Option<id_type::ProfileId>,
Expand All @@ -261,6 +259,10 @@
.filter(dsl::org_id.eq(org_id))
.into_boxed();

if let Some(tenant_id) = tenant_id {
query = query.filter(dsl::tenant_id.eq(tenant_id));
}

if let Some(user_id) = user_id {
query = query.filter(dsl::user_id.eq(user_id));
}
Expand Down
2 changes: 2 additions & 0 deletions crates/router/src/analytics.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1864,6 +1864,7 @@ pub mod routes {
.global_store
.list_user_roles_by_user_id(ListUserRolesByUserIdPayload {
user_id: &auth.user_id,
tenant_id: Some(auth.tenant_id.as_ref().unwrap_or(&state.tenant.tenant_id)),
org_id: Some(&auth.org_id),
merchant_id: None,
profile_id: None,
Expand Down Expand Up @@ -1987,6 +1988,7 @@ pub mod routes {
.global_store
.list_user_roles_by_user_id(ListUserRolesByUserIdPayload {
user_id: &auth.user_id,
tenant_id: Some(auth.tenant_id.as_ref().unwrap_or(&state.tenant.tenant_id)),
org_id: Some(&auth.org_id),
merchant_id: None,
profile_id: None,
Expand Down
Loading
Loading