Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add resources and granular permission groups for reconciliation #6591

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

feat: add resources and granular permission groups for reconciliation #6591

wants to merge 22 commits into from

Conversation

kashif-m
Copy link
Contributor

@kashif-m kashif-m commented Nov 18, 2024
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Described in #6524

This PR includes below changes

  • Extending resources enum (for specifying the resource being consumed from the dashboard)
  • Extending granular permission groups for recon
  • Populating acl field in the recon token

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Helps maintain and configure permissions for recon module granularly.

How did you test it?

  • Verify the generated recon token has acl
  • GET /verify_token response to have acl
Check /verify_token response

cURL

curl --location --request GET 'http://localhost:8080/recon/verify_token' \
    --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiZGJjMzJmMmYtYmI5Ni00MDI0LTliYTUtNjhkOTc3MzM0N2U5IiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzMxOTk2NjQ4Iiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTczMjE4MzU4Miwib3JnX2lkIjoib3JnX0htMmY5dERZM2lGN0ZRckZUYUxKIiwicHJvZmlsZV9pZCI6InByb19GY0NaN1c4MllZVmNXMU1DSjZIOCIsInRlbmFudF9pZCI6InB1YmxpYyIsImFjbCI6IntcInJlY29uX2ZpbGVzXCI6XCJSV1wiLFwicmVjb25fY29uZmlnXCI6XCJSV1wiLFwicmVjb25fdG9rZW5cIjpcIlJXXCIsXCJyZWNvbl9yZXBvcnRzXCI6XCJSV1wiLFwicmVjb25fdXBsb2FkXCI6XCJSV1wiLFwicnVuX3JlY29uXCI6XCJSV1wiLFwicmVjb25fYW5kX3NldHRsZW1lbnRfYW5hbHl0aWNzXCI6XCJSXCJ9In0.wvS97F0dXwY7Y5uKSk8PEqHOhoAAPlR0coX_kIGyM2I'

Response

{
    "merchant_id": "merchant_1731996648",
    "user_email": "kashif2@juspay.in",
    "acl": "{\"recon_reports\":\"RW\",\"recon_files\":\"RW\",\"run_recon\":\"RW\",\"recon_and_settlement_analytics\":\"R\",\"recon_token\":\"RW\",\"recon_upload\":\"RW\",\"recon_config\":\"RW\"}"
}

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@kashif-m kashif-m requested review from a team as code owners November 18, 2024 06:24
@semanticdiff-com SemanticDiff.com
Copy link

semanticdiff-com bot commented Nov 18, 2024
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/routes/app.rs  96% smaller
  crates/router/src/core/recon.rs  76% smaller
  crates/router/src/services/authorization/info.rs  42% smaller
  crates/router/src/services/authorization/permission_groups.rs  40% smaller
  crates/api_models/src/events/recon.rs  32% smaller
  crates/common_enums/src/enums.rs  19% smaller
  crates/router/src/services/authorization/roles/predefined_roles.rs  18% smaller
  crates/router/src/services/authorization/permissions.rs  16% smaller
  crates/router/src/routes/recon.rs  10% smaller
  crates/api_models/src/recon.rs  4% smaller
  crates/api_models/src/enums.rs  0% smaller
  crates/api_models/src/events/user.rs  0% smaller
  crates/api_models/src/user.rs  0% smaller
  crates/router/src/core/user.rs  0% smaller
  crates/router/src/routes/user.rs  0% smaller
  crates/router/src/services/authentication.rs  0% smaller
  crates/router/src/services/authorization/roles.rs  0% smaller
  crates/router/src/services/email/types.rs  0% smaller

@kashif-m kashif-m linked an issue Nov 19, 2024 that may be closed by this pull request
[FEATURE] add permissions for operations in recon module #6524
Open
2 tasks
ThisIsMani
ThisIsMani requested changes Nov 19, 2024
View reviewed changes
crates/common_enums/src/enums.rs Outdated Show resolved Hide resolved
crates/router/src/core/recon.rs Outdated Show resolved Hide resolved
crates/router/src/services/authorization/permission_groups.rs Outdated Show resolved Hide resolved
crates/router/src/services/authorization/permission_groups.rs Outdated Show resolved Hide resolved
crates/router/src/services/authorization/permission_groups.rs Outdated Show resolved Hide resolved
crates/router/src/routes/recon.rs Outdated Show resolved Hide resolved
crates/router/src/routes/user.rs Outdated Show resolved Hide resolved
crates/router/src/services/authentication.rs Show resolved Hide resolved
@kashif-m kashif-m self-assigned this Nov 19, 2024
ThisIsMani
ThisIsMani reviewed Nov 19, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove the new group and Recon parent.

crates/api_models/src/user.rs Outdated Show resolved Hide resolved
crates/common_enums/src/enums.rs Outdated Show resolved Hide resolved
crates/common_enums/src/enums.rs Outdated Show resolved Hide resolved
@kashif-m kashif-m requested a review from a team as a code owner November 20, 2024 06:49
sahkal
sahkal previously approved these changes Nov 21, 2024
View reviewed changes
Copy link
Contributor

@sahkal sahkal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

core part LGTM!

ThisIsMani
ThisIsMani reviewed Nov 21, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me know once you get approvals from PMs regarding recon groups in roles. I'll approve.

crates/router/src/services/authorization/roles.rs Show resolved Hide resolved
@ThisIsMani
Copy link
Contributor

Other than that, LGTM.

ThisIsMani
ThisIsMani reviewed Nov 21, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kashif-m, can you add view variants as well where we added manage groups in roles. This will maintain consistency with other roles.

crates/router/src/services/authorization/roles/predefined_roles.rs Outdated Show resolved Hide resolved
crates/router/src/services/authorization/roles/predefined_roles.rs Outdated Show resolved Hide resolved
ThisIsMani
ThisIsMani previously approved these changes Nov 21, 2024
View reviewed changes
@kashif-m kashif-m requested a review from sahkal November 21, 2024 11:07
SanchithHegde
SanchithHegde reviewed Nov 21, 2024
View reviewed changes
crates/router/src/core/recon.rs Outdated Show resolved Hide resolved
crates/router/src/core/recon.rs Outdated Show resolved Hide resolved
crates/router/src/core/recon.rs Outdated Show resolved Hide resolved
crates/router/src/services/authentication.rs Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sahkal sahkal Awaiting requested review from sahkal

@SanchithHegde SanchithHegde Awaiting requested review from SanchithHegde

@ThisIsMani ThisIsMani Awaiting requested review from ThisIsMani

At least 2 approving reviews are required to merge this pull request.

Assignees

@kashif-m kashif-m

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] add permissions for operations in recon module
4 participants
@kashif-m @ThisIsMani @SanchithHegde @sahkal