Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(roles): add list support for roles #5754

Merged
merged 9 commits into from
Sep 2, 2024
Merged

feat(roles): add list support for roles #5754

merged 9 commits into from
Sep 2, 2024

Conversation

apoorvdixit88
Copy link
Contributor

@apoorvdixit88 apoorvdixit88 commented Aug 30, 2024
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Add support to

  • List available roles with info for the user
  • List roles at entity level for the user

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Closes #5753

How did you test it?

To List roles available roles in hierarchy with info:

curl --location 'http://localhost:8080/user/role/v2/list' \
--header 'Authorization: Bearer JWT'

Response

[
    {
        "role_id": "merchant_operator",
        "role_name": "operator",
        "entity_type": "merchant",
        "groups": [
            "operations_view",
            "operations_manage",
            "connectors_view",
            "workflows_view",
            "analytics_view",
            "users_view",
            "merchant_details_view"
        ],
        "scope": "organization"
    },
    {
        "role_id": "merchant_developer",
        "role_name": "developer",
        "entity_type": "merchant",
        "groups": [
            "operations_view",
            "connectors_view",
            "analytics_view",
            "users_view",
            "merchant_details_view",
            "merchant_details_manage"
        ],
        "scope": "organization"
    },
    {
        "role_id": "merchant_iam_admin",
        "role_name": "iam",
        "entity_type": "merchant",
        "groups": [
            "operations_view",
            "analytics_view",
            "users_view",
            "users_manage",
            "merchant_details_view"
        ],
        "scope": "organization"
    },
    {
        "role_id": "merchant_view_only",
        "role_name": "view_only",
        "entity_type": "merchant",
        "groups": [
            "operations_view",
            "connectors_view",
            "workflows_view",
            "analytics_view",
            "users_view",
            "merchant_details_view"
        ],
        "scope": "organization"
    },
    {
        "role_id": "merchant_customer_support",
        "role_name": "customer_support",
        "entity_type": "merchant",
        "groups": [
            "operations_view",
            "analytics_view",
            "users_view",
            "merchant_details_view"
        ],
        "scope": "organization"
    },
    {
        "role_id": "merchant_admin",
        "role_name": "admin",
        "entity_type": "merchant",
        "groups": [
            "operations_view",
            "operations_manage",
            "connectors_view",
            "connectors_manage",
            "workflows_view",
            "workflows_manage",
            "analytics_view",
            "users_view",
            "users_manage",
            "merchant_details_view",
            "merchant_details_manage"
        ],
        "scope": "organization"
    },
    {
        "role_id": "org_admin",
        "role_name": "organization_admin",
        "entity_type": "organization",
        "groups": [
            "operations_view",
            "operations_manage",
            "connectors_view",
            "connectors_manage",
            "workflows_view",
            "workflows_manage",
            "analytics_view",
            "users_view",
            "users_manage",
            "merchant_details_view",
            "merchant_details_manage",
            "organization_manage"
        ],
        "scope": "organization"
    }
]

To list roles at entity level for invite:

curl --location 'http://localhost:8080/user/role/list/invite?entity_type=merchant' \
--header 'Authorization: Bearer JWT'

Entity type can be organization, merchant or profile
Response:

[
    {
        "role_id": "merchant_customer_support",
        "role_name": "customer_support"
    },
    {
        "role_id": "merchant_admin",
        "role_name": "admin"
    },
    {
        "role_id": "merchant_view_only",
        "role_name": "view_only"
    },
    {
        "role_id": "merchant_developer",
        "role_name": "developer"
    },
    {
        "role_id": "merchant_iam_admin",
        "role_name": "iam"
    },
    {
        "role_id": "merchant_operator",
        "role_name": "operator"
    }
]

To list all roles at entity level for update

curl --location 'http://localhost:8080/user/role/list/update?entity_type=merchant' \
--header 'Authorization: Bearer JWT'

Response:

[
    {
        "role_id": "merchant_customer_support",
        "role_name": "customer_support"
    },
    {
        "role_id": "merchant_admin",
        "role_name": "admin"
    },
    {
        "role_id": "merchant_view_only",
        "role_name": "view_only"
    },
    {
        "role_id": "merchant_developer",
        "role_name": "developer"
    },
    {
        "role_id": "merchant_iam_admin",
        "role_name": "iam"
    },
    {
        "role_id": "merchant_operator",
        "role_name": "operator"
    }
]

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@apoorvdixit88 apoorvdixit88 added C-feature Category: Feature request or enhancement S-waiting-on-review Status: This PR has been implemented and needs to be reviewed A-users Area: Users labels Aug 30, 2024
@apoorvdixit88 apoorvdixit88 self-assigned this Aug 30, 2024
@apoorvdixit88 apoorvdixit88 requested review from a team as code owners August 30, 2024 11:27
@semanticdiff-com SemanticDiff.com
Copy link

semanticdiff-com bot commented Aug 30, 2024
edited
Loading

Review changes with SemanticDiff.

Analyzed 13 of 13 files.

Overall, the semantic diff is 5% smaller than the GitHub diff.

Filename Status
✔️ crates/router_env/src/logger/types.rs Analyzed
✔️ crates/router/src/routes/app.rs 26.88% smaller
✔️ crates/router/src/routes/lock_utils.rs Analyzed
✔️ crates/router/src/routes/user_role.rs Analyzed
✔️ crates/router/src/db/kafka_store.rs Analyzed
✔️ crates/router/src/db/role.rs Analyzed
✔️ crates/router/src/core/user_role.rs Analyzed
✔️ crates/router/src/core/user_role/role.rs 0.42% smaller
✔️ crates/diesel_models/src/query/role.rs 14.45% smaller
✔️ crates/api_models/src/user.rs Analyzed
✔️ crates/api_models/src/user_role.rs Analyzed
✔️ crates/api_models/src/user_role/role.rs Analyzed
✔️ crates/api_models/src/events/user_role.rs 63.56% smaller

ThisIsMani
ThisIsMani reviewed Aug 31, 2024
View reviewed changes
crates/router/src/core/user_role/role.rs Outdated
Comment on lines 458 to 462
let role_info = roles::RoleInfo::from(role);
role_api::MinimalRoleInfo {
role_id: role_info.get_role_id().to_string(),
role_name: role_info.get_role_name().to_string(),
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add entity type check and is_updatable / is_invitable.

Copy link
Contributor Author

@apoorvdixit88 apoorvdixit88 Aug 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

entity type check is already handled in db query, added check for invitable/updatable

crates/router/src/routes/app.rs Outdated
.service(
web::scope("/list")
.service(web::resource("").route(web::get().to(list_all_roles)))
.service(web::resource("/v2").route(web::get().to(list_roles_with_info)))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change this to /v2/list if possible.

ThisIsMani
ThisIsMani previously approved these changes Aug 31, 2024
View reviewed changes
crates/router/src/core/user_role/role.rs Outdated
Comment on lines 457 to 471
let custom_roles_map = custom_roles.into_iter().filter_map(|role| {
let role_info = roles::RoleInfo::from(role);

if match check_type {
role_api::RoleCheckType::Invite => role_info.is_invitable(),
role_api::RoleCheckType::Update => role_info.is_updatable(),
} {
Some(role_api::MinimalRoleInfo {
role_id: role_info.get_role_id().to_string(),
role_name: role_info.get_role_name().to_string(),
})
} else {
None
}
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: Push every thing to a vector once and then do these checks.

lsampras
lsampras previously approved these changes Aug 31, 2024
View reviewed changes
racnan
racnan previously approved these changes Aug 31, 2024
View reviewed changes
crates/router/src/routes/user_role.rs Outdated
&req,
(),
|state, user_from_token, _, _| role_core::list_roles_with_info(state, user_from_token),
&auth::DashboardNoPermissionAuth,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UserRead Permission required here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that would be more precise, for now let's keep this auth only.

Narayanbhat166
Narayanbhat166 previously approved these changes Sep 1, 2024
View reviewed changes
@likhinbopanna likhinbopanna added this pull request to the merge queue Sep 1, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to a conflict with the base branch Sep 1, 2024
@apoorvdixit88 apoorvdixit88 dismissed stale reviews from racnan, lsampras, and ThisIsMani via 05e3483 September 1, 2024 17:56
ThisIsMani
ThisIsMani approved these changes Sep 1, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor concerns.

crates/router/src/routes/user_role.rs
@@ -305,7 +305,7 @@ pub async fn list_updatable_roles_at_entity_level(
role_api::RoleCheckType::Update,
)
},
&auth::DashboardNoPermissionAuth,
&auth::JWTAuth(Permission::UsersRead),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be UsersWrite?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it should be read only, invite function will check for write, list should be read only.

crates/router/src/routes/user_role.rs
@@ -279,7 +279,7 @@ pub async fn list_invitable_roles_at_entity_level(
role_api::RoleCheckType::Invite,
)
},
&auth::DashboardNoPermissionAuth,
&auth::JWTAuth(Permission::UsersRead),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be UsersWrite?

racnan
racnan approved these changes Sep 2, 2024
View reviewed changes
crates/router/src/core/user_role/role.rs
let list_role_info_response = role_info_vec
.into_iter()
.filter_map(|role_info| {
if user_role_entity >= role_info.get_entity_type() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can use then on bool.

@likhinbopanna likhinbopanna added this pull request to the merge queue Sep 2, 2024
Merged via the queue into main with commit e4f1fbc Sep 2, 2024
13 of 14 checks passed
@likhinbopanna likhinbopanna deleted the new-roles-list branch September 2, 2024 07:08
@SanchithHegde SanchithHegde removed the S-waiting-on-review Status: This PR has been implemented and needs to be reviewed label Sep 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jarnura jarnura jarnura approved these changes

@racnan racnan racnan approved these changes

@ThisIsMani ThisIsMani ThisIsMani approved these changes

@lsampras lsampras lsampras left review comments

@Narayanbhat166 Narayanbhat166 Narayanbhat166 left review comments

Assignees

@apoorvdixit88 apoorvdixit88

Labels
A-users Area: Users C-feature Category: Feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(roles): add support for roles list
8 participants
@apoorvdixit88 @jarnura @lsampras @Narayanbhat166 @racnan @ThisIsMani @SanchithHegde @likhinbopanna