feat(users): add support for tenant level users #6708
+701
−128
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apoorvdixit88
added
C-feature
ThisIsMani
reviewed
Dec 2, 2024
crates/router/src/core/user_role.rs
Outdated
Comment on lines
874
to
879
| EntityType::Tenant => { | ||
| return Err(UserErrors::InvalidRoleOperationWithMessage( | ||
| "Tenant roles are not allowed for this operation".to_string(), | ||
| ) | ||
| .into()); | ||
| } |
There was a problem hiding this comment.
Should we throw error here? Is dashboard handling this?
There was a problem hiding this comment.
The query above it will fetch 0 user_roles for entity type tenant where status is invitation_sent, so we should throw error here instead of sending empty vector, if we have such user role.
crates/router/src/services/authorization/roles/predefined_roles.rs
Outdated
Show resolved
Hide resolved
ThisIsMani
reviewed
Dec 3, 2024
ThisIsMani
reviewed
Dec 3, 2024
racnan
reviewed
Dec 3, 2024
crates/api_models/src/user.rs
Outdated
| pub organization_name: String, | ||
| pub organization_details: Option<pii::SecretSerdeValue>, | ||
| pub metadata: Option<pii::SecretSerdeValue>, | ||
| pub merchant_name: String, |
crates/router/src/core/user_role.rs
Outdated
Comment on lines
874
to
879
| EntityType::Tenant => { | ||
| return Err(UserErrors::InvalidRoleOperationWithMessage( | ||
| "Tenant roles are not allowed for this operation".to_string(), | ||
| ) | ||
| .into()); | ||
| } |
crates/router/src/routes/app.rs
Outdated
| @@ -1869,6 +1869,10 @@ impl User { | |||
| .service( | |||
| web::resource("/internal_signup").route(web::post().to(user::internal_user_signup)), | |||
| ) | |||
| .service( | |||
| web::resource("/create_tenant").route(web::post().to(user::create_tenant_user)), | |||
There was a problem hiding this comment.
create_merchant -> creates merchant account
create_org -> creates org account
create_tenant -> creates user ??
| @@ -124,18 +124,34 @@ impl JWTFlow { | |||
| next_flow: &NextFlow, | |||
| user_role: &UserRole, | |||
| ) -> UserResult<Secret<String>> { | |||
| let (merchant_id, profile_id) = | |||
| utils::user_role::get_single_merchant_id_and_profile_id(state, user_role).await?; | |||
| let (org_id, merchant_id, profile_id) = match user_role.entity_type { | |||
crates/router/src/core/user.rs
Outdated
Comment on lines
1285
to
1301
| let key_store = state | ||
| .store | ||
| .get_merchant_key_store_by_merchant_id( | ||
| key_manager_state, | ||
| &merchant_id, | ||
| &state.store.get_master_key().to_vec().into(), | ||
| ) | ||
| .await | ||
| .change_context(UserErrors::InternalServerError) | ||
| .attach_printable("Error while fetching the key store by merchant_id")?; | ||
|
|
||
| let merchant_account = state | ||
| .store | ||
| .find_merchant_account_by_merchant_id(key_manager_state, &merchant_id, &key_store) | ||
| .await | ||
| .change_context(UserErrors::InternalServerError) | ||
| .attach_printable("Error while fetching the merchant_account by merchant_id")?; |
There was a problem hiding this comment.
this can be skipped is below function only requires merchant id and org id and not the whole merchant account.
ThisIsMani
previously approved these changes
Dec 4, 2024
racnan
approved these changes
Dec 4, 2024
ThisIsMani
approved these changes
Dec 4, 2024
tsdk02
approved these changes
Dec 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
Description
Additional Changes
Motivation and Context
Closes #6707
How did you test it?
Api for create tenant:
Response: 200 Ok, if tenant_admin got created successfully
A tenant can login with email and password and continue with 2FA, he will land into any one of organization existing for tenant.
Create Org Api, (works for tenant users only)
Response will be 200 OK if the org got created success fully (1 org with 1 merchant and 1 profile)
After getting the login token tenant admin can switch to any org in the tenancy.
Checklist
cargo +nightly fmt --allcargo clippy