refactor(users): refactor find_by_role_id_in_merchant_scope query for custom roles #6701
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review changes with Changed Files
|
ThisIsMani
requested changes
Nov 29, 2024
crates/router/src/core/user_role.rs
Outdated
| .await | ||
| .to_not_found_response(UserErrors::InvalidRoleId)?; | ||
| let role_info = | ||
| roles::RoleInfo::from_role_id_and_org_id(&state, &req.role_id, &user_from_token.org_id) |
There was a problem hiding this comment.
There should be lineage check here.
Comment on lines
207
to
208
| if matches!(role_info.get_scope(), RoleScope::Organization) | ||
| && user_from_token.role_id != common_utils::consts::ROLE_ID_ORGANIZATION_ADMIN |
There was a problem hiding this comment.
Can we check this with entity type instead of role_id.
Comment on lines
202
to
205
| let role_info = | ||
| roles::RoleInfo::from_role_id_and_org_id(&state, role_id, &user_from_token.org_id) | ||
| .await | ||
| .to_not_found_response(UserErrors::InvalidRoleOperation)?; |
There was a problem hiding this comment.
We should also check if user has access to update this role. This can be done by getting the role using the lineage.
crates/router/src/utils/user_role.rs
Outdated
| } | ||
|
|
||
| pub async fn set_role_permissions_in_cache_by_role_id_merchant_id_org_id( | ||
| pub async fn set_role_permissions_in_cache_by_role_id_org_id( |
There was a problem hiding this comment.
Can we rename these functions to set_role_info... instead of set_permissions....
hyperswitch-bot
bot
added
the
M-database-changes
ThisIsMani
reviewed
Dec 2, 2024
| @@ -26,6 +26,7 @@ impl Role { | |||
| .await | |||
| } | |||
|
|
|||
| // TODO:remove once find_by_role_id_in_lineage is stable | |||
There was a problem hiding this comment.
Suggested change
| // TODO:remove once find_by_role_id_in_lineage is stable | |
| // TODO: Remove once find_by_role_id_in_lineage is stable |
Comment on lines
+32
to
44
| match self.version { | ||
| enums::UserRoleVersion::V1 if self.entity_type.is_none() => { | ||
| match self.role_id.as_str() { | ||
| consts::ROLE_ID_ORGANIZATION_ADMIN => { | ||
| let org_id = self.org_id.clone()?.get_string_repr().to_string(); | ||
| Some((org_id, EntityType::Organization)) | ||
| } | ||
| _ => { | ||
| let merchant_id = self.merchant_id.clone()?.get_string_repr().to_string(); | ||
| Some((merchant_id, EntityType::Merchant)) | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Suggested change
| match self.version { | |
| enums::UserRoleVersion::V1 if self.entity_type.is_none() => { | |
| match self.role_id.as_str() { | |
| consts::ROLE_ID_ORGANIZATION_ADMIN => { | |
| let org_id = self.org_id.clone()?.get_string_repr().to_string(); | |
| Some((org_id, EntityType::Organization)) | |
| } | |
| _ => { | |
| let merchant_id = self.merchant_id.clone()?.get_string_repr().to_string(); | |
| Some((merchant_id, EntityType::Merchant)) | |
| } | |
| } | |
| } | |
| match (self.version, self.entity_type, self.role_id) { | |
| (enums::UserRoleVersion::V1, None, ...) => ... | |
| ... => ... |
| @@ -489,7 +485,7 @@ pub async fn delete_user_role( | |||
| .attach_printable("User deleting himself"); | |||
| } | |||
|
|
|||
| let deletion_requestor_role_info = roles::RoleInfo::from_role_id_in_merchant_scope( | |||
| let deletion_requestor_role_info = roles::RoleInfo::from_role_id_in_lineage( | |||
There was a problem hiding this comment.
lineage check is not required here.
| @@ -527,10 +523,9 @@ pub async fn delete_user_role( | |||
| }; | |||
|
|
|||
| if let Some(role_to_be_deleted) = user_role_v2 { | |||
| let target_role_info = roles::RoleInfo::from_role_id_in_merchant_scope( | |||
| let target_role_info = roles::RoleInfo::from_role_id_and_org_id( | |||
There was a problem hiding this comment.
lineage check should be here instead.
| @@ -597,10 +592,9 @@ pub async fn delete_user_role( | |||
| }; | |||
|
|
|||
| if let Some(role_to_be_deleted) = user_role_v1 { | |||
| let target_role_info = roles::RoleInfo::from_role_id_in_merchant_scope( | |||
| let target_role_info = roles::RoleInfo::from_role_id_and_org_id( | |||
Comment on lines
+211
to
+217
| let user_from_token_role_info = roles::RoleInfo::from_role_id_and_org_id( | ||
| &state, | ||
| &user_from_token.role_id, | ||
| &user_from_token.org_id, | ||
| ) | ||
| .await | ||
| .to_not_found_response(UserErrors::InvalidRoleId)?; |
There was a problem hiding this comment.
There is a function already implemented on UserFromToken which will give the role_info.
You can use that instead.
| @@ -216,8 +208,16 @@ pub async fn update_role( | |||
| .await | |||
| .to_not_found_response(UserErrors::InvalidRoleOperation)?; | |||
|
|
|||
| let user_from_token_role_info = roles::RoleInfo::from_role_id_and_org_id( | |||
There was a problem hiding this comment.
Suggested change
| let user_from_token_role_info = roles::RoleInfo::from_role_id_and_org_id( | |
| let user_role_info = roles::RoleInfo::from_role_id_and_org_id( |
| @@ -72,31 +72,21 @@ pub async fn set_role_permissions_in_cache_by_user_role( | |||
| state: &SessionState, | |||
There was a problem hiding this comment.
This function name also should be changed.
| @@ -105,18 +95,16 @@ pub async fn set_role_permissions_in_cache_by_role_id_merchant_id_org_id( | |||
| pub async fn set_role_permissions_in_cache_if_required( | |||
|
Can you change the title of the PR. |
|
As this supposed to be intermediate PR, shouldn't you add |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
Description
Refactor the find_by_role_id_in_merchant_scope query to make it a generic query that uses only org_id and role_id as parameters.
Additional Changes
Motivation and Context
Closes 6702
How did you test it?
Using dashboard . All the below should work as before
Cases to test :
Checklist
cargo +nightly fmt --allcargo clippy