Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(users): add profile level custom role #6380

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

feat(users): add profile level custom role #6380

wants to merge 11 commits into from

Conversation

Riddhiagrawal001
Copy link
Contributor

@Riddhiagrawal001 Riddhiagrawal001 commented Oct 21, 2024
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Earlier we only had access to create Merchant level custom role at Org and Merchant scope . But after this user can be able to create custom role at Profile level at Organization , Merchant and Profile scope

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Closes 6488

How did you test it?

Create Custom role at profile level

curl --location 'http://localhost:8080/user/role' \
--header 'authorization: Bearer user JWT Token' \
--data '{
  "role_scope": "organization",
  "groups": [
    "operations_view",
    "operations_manage",
    "connectors_view"
  ],
  "role_name": "org-scope-profile-role-org-user",
  "entity_type":"profile"
}'

Response :

{
    "role_id": "some_role_id",
    "groups": [
        "operations_view",
        "operations_manage",
        "connectors_view"
    ],
    "role_name": "org-scope-profile-role-org-user",
    "role_scope": "organization",
    "entity_type": "profile"
}

To create a profile level custom role , the following scenarios the operation should be allowed

Role scope Org level user merchant level user Profile level user
Org true false false
Merchant true true false
Profile true true true

Create Custom role at merchant level

curl --location 'http://localhost:8080/user/role' \
--header 'authorization: Bearer user JWT Token' \
--data '{
  "role_scope": "organization",
  "groups": [
    "operations_view",
    "operations_manage",
    "connectors_view"
  ],
  "role_name": "org-scope-merchnant-role-org-user",
  "entity_type":"merchant"
}'

Response :

{
    "role_id": "some_role_id",
    "groups": [
        "operations_view",
        "operations_manage",
        "connectors_view"
    ],
    "role_name": "org-scope-merchnant-role-org-user",
    "role_scope": "organization",
    "entity_type": "merchant"
}

To create a merchant level custom role , the following scenarios the operation should be allowed

Role scope Org level user merchant level user Profile level user
Org true false false
Merchant true true false
Profile false false false

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@Riddhiagrawal001 Riddhiagrawal001 self-assigned this Oct 21, 2024
@Riddhiagrawal001 Riddhiagrawal001 requested review from a team as code owners October 21, 2024 12:06
@semanticdiff-com SemanticDiff.com
Copy link

semanticdiff-com bot commented Oct 21, 2024
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/core/user_role/role.rs  21% smaller
  crates/common_enums/src/enums.rs  15% smaller
  crates/router/src/db/role.rs  8% smaller
  crates/api_models/src/user_role/role.rs  0% smaller
  crates/diesel_models/src/query/role.rs  0% smaller
  crates/diesel_models/src/role.rs  0% smaller
  crates/diesel_models/src/schema.rs  0% smaller
  crates/diesel_models/src/schema_v2.rs  0% smaller
  crates/router/src/db/kafka_store.rs  0% smaller
  crates/router/src/routes/user_role.rs  0% smaller
  migrations/2024-10-17-073555_add-profile-id-to-roles/down.sql Unsupported file format
  migrations/2024-10-17-073555_add-profile-id-to-roles/up.sql Unsupported file format
  migrations/2024-10-17-123943_add-profile-enum-in-role-scope/down.sql Unsupported file format
  migrations/2024-10-17-123943_add-profile-enum-in-role-scope/up.sql Unsupported file format

@hyperswitch-bot hyperswitch-bot bot added the M-database-changes Metadata: This PR involves database schema changes label Oct 21, 2024
@Riddhiagrawal001 Riddhiagrawal001 changed the title feat(users): Add profile level custom role feat(users): add profile level custom role Oct 28, 2024
apoorvdixit88
apoorvdixit88 reviewed Nov 4, 2024
View reviewed changes
crates/api_models/src/user_role/role.rs
@@ -21,6 +22,7 @@ pub struct RoleInfoWithGroupsResponse {
pub groups: Vec<PermissionGroup>,
pub role_name: String,
pub role_scope: RoleScope,
pub entity_type: Option<EntityType>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why entity_type is option here? We have it non option in DB, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because in the request its optional , so thought in response also it should be optional

crates/diesel_models/src/query/role.rs
.or(dsl::scope.eq(RoleScope::Merchant))
.or(dsl::scope.eq(RoleScope::Profile)),
)
.filter(dsl::entity_type.eq_any(entity_in_vec))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for clarity, In case when is_lineage data_required true case this query will return same result as we will getting without applying this eq_any filter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

crates/router/src/core/user_role/role.rs Outdated
user_from_token.org_id,
user_from_token.merchant_id,
),
request.entity_type.is_none(),
None,
)
.await
.change_context(UserErrors::InternalServerError)
.attach_printable("Failed to get roles")?,
// TODO: Populate this from Db function when support for profile id and profile level custom roles is added
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove this todo now?

migrations/2024-10-17-073555_add-profile-id-to-roles/up.sql Outdated
@@ -0,0 +1,2 @@
-- Your SQL goes here
ALTER TABLE roles ADD profile_id Varchar(64);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick:

  • To keep drop.sql and up.sql consistent we can either use COLUMN keyword in both, or drop it for both, since it is optional.
  • We can also use IF EXISTs and IF NOT EXISTs (Optional change)

@Riddhiagrawal001 Riddhiagrawal001 linked an issue Nov 6, 2024 that may be closed by this pull request
feat(users): Add profile level custom role #6488
Open
ThisIsMani
ThisIsMani reviewed Nov 6, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure that old db functions will work without any issues with the new data?

crates/router/src/core/user_role/role.rs Outdated
Comment on lines 96 to 98
if !(user_entity_type >= role_entity_type
&& user_entity_type >= requestor_entity_from_role_scope
&& requestor_entity_from_role_scope >= role_entity_type)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we split this conditional.

@ThisIsMani
Copy link
Contributor

  1. Please add indices similar to merchant and org.
  2. As this PR affects the older queries (new data will be read by old queries), if a rollback happens, there is a high chance that application will break. Please check if the newer data breaks the old application. If yes, the older queries should be changed and deployed first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThisIsMani ThisIsMani ThisIsMani left review comments

@apoorvdixit88 apoorvdixit88 apoorvdixit88 left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@Riddhiagrawal001 Riddhiagrawal001

Labels
M-database-changes Metadata: This PR involves database schema changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(users): Add profile level custom role
3 participants
@Riddhiagrawal001 @ThisIsMani @apoorvdixit88