-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(users): custom role at profile read #6875
base: main
Are you sure you want to change the base?
Conversation
…ay/hyperswitch into custom-role-at-profile-read
} else if requestor_entity_from_role_scope < role_entity_type { | ||
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!( | ||
"User is trying to create role of type {} and scope {}", | ||
requestor_entity_from_role_scope, role_entity_type | ||
)); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be checked first.
let profile_id = | ||
matches!(role_entity_type, EntityType::Profile).then_some(user_from_token.profile_id); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make this a match instead.
if user_entity_type < role_entity_type { | ||
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!( | ||
"{} is trying to create {} ", | ||
user_entity_type, role_entity_type | ||
)); | ||
} else if user_entity_type < requestor_entity_from_role_scope { | ||
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!( | ||
"{} is trying to create role of scope {} ", | ||
user_entity_type, requestor_entity_from_role_scope | ||
)); | ||
} else if requestor_entity_from_role_scope < role_entity_type { | ||
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!( | ||
"User is trying to create role of type {} and scope {}", | ||
requestor_entity_from_role_scope, role_entity_type | ||
)); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Separate these if
s.
"{} is trying to update {} ", | ||
user_role_info.get_entity_type(), | ||
role_info.get_entity_type() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Print scope
as well here.
let user_role_info = user_from_token.get_role_info_from_db(&state).await?; | ||
|
||
let max_from_scope_and_entity = cmp::max( | ||
user_role_info.get_entity_type(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be taken from role_info
.
crates/router/src/db/role.rs
Outdated
.profile_id | ||
.as_ref() | ||
.map(|profile_id_from_role| { | ||
profile_id_from_role == profile_id | ||
&& role.scope == RoleScope::Profile | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use is_some_and
.
DieselError::NotFound => { | ||
Err(report!(err)).change_context(errors::DatabaseError::NotFound) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this throw error if nothing is found?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This case wont come as it will resolve in Ok when value is [] . Hence will remove this
crates/router/src/db/role.rs
Outdated
Ok(roles_list) | ||
roles_list.ok_or( | ||
errors::StorageError::ValueNotFound( | ||
"No role available with role_name={role_name} in org_id = {org_id:?}".to_string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe printing the EntityTypePayload
is more appropriate here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed the query as not needed anymore
.eq(RoleScope::Organization) | ||
.or(dsl::scope.eq(RoleScope::Merchant)) | ||
.or(dsl::scope.eq(RoleScope::Profile)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we make scopes also a Vec? Will that improve readability?
Converting to Vec will give us an advantage, we don't have to change the query if scopes are added or removed. But I assume, we won't be changing scopes anytime soon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated the query with the discussed changes
EntityType::Profile, | ||
EntityType::Merchant, | ||
EntityType::Organization, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These entity types should be based on the Payload's entity type.
If we run this query for profile level Payload, we will also search for org level entity_types which is wrong (correct me if I am wrong).
And if it is not based on the payload, then this query is technically a subset for the list query.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its been modified to check with list query
…tom-role-at-profile-read
…ay/hyperswitch into custom-role-at-profile-read
if requested_entity_from_role_scope < requested_role_entity_type { | ||
return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!( | ||
"User is trying to create role of type {} and scope {}", | ||
requested_entity_from_role_scope, requested_role_entity_type | ||
)); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do not need this check as this will be checked while creating
Type of Change
Description
This pr adds the functionality to read custom role at profile level
Additional Changes
Motivation and Context
Closes #6488
How did you test it?
Request
Response
If a role with the same name is created either below me or in my lineage , then i wouldn't be able to create the role with that same name
Request
Response
Checklist
cargo +nightly fmt --all
cargo clippy