chore: resolve comments

crates/common_enums/src/enums.rs

@@ -2798,7 +2798,6 @@ pub enum PermissionGroup {
     OrganizationManage,
     AccountView,
     AccountManage,
-    ReconTokenView,
     ReconReportsView,
     ReconReportsManage,
     ReconOpsView,
@@ -2815,7 +2814,6 @@ pub enum ParentGroup {
     Workflows,
     Analytics,
     Users,
-    Recon,
     ReconOps,
     ReconReports,
     Account,

crates/router/src/services/authorization/info.rs

@@ -40,7 +40,6 @@ fn get_group_description(group: PermissionGroup) -> &'static str {
         PermissionGroup::MerchantDetailsView | PermissionGroup::AccountView => "View Merchant Details",
         PermissionGroup::MerchantDetailsManage | PermissionGroup::AccountManage => "Create, modify and delete Merchant Details like api keys, webhooks, etc",
         PermissionGroup::OrganizationManage => "Manage organization level tasks like create new Merchant accounts, Organization level roles, etc",
-        PermissionGroup::ReconTokenView => "Generate and Verify reconciliation tokens",
         PermissionGroup::ReconReportsView => "View and access reconciliation reports and analytics",
         PermissionGroup::ReconReportsManage => "Manage reconciliation reports",
         PermissionGroup::ReconOpsView => "View and access reconciliation operations",
@@ -56,7 +55,6 @@ pub fn get_parent_group_description(group: ParentGroup) -> &'static str {
         ParentGroup::Analytics => "View Analytics",
         ParentGroup::Users =>  "Manage and invite Users to the Team",
         ParentGroup::Account => "Create, modify and delete Merchant Details like api keys, webhooks, etc",
-        ParentGroup::Recon => "Generate and verify reconciliation tokens",
         ParentGroup::ReconOps => "View, manage reconciliation operations like upload and process files, run reconciliation etc",
         ParentGroup::ReconReports => "View, manage reconciliation reports and analytics",
     }

crates/router/src/services/authorization/permission_groups.rs

@@ -22,7 +22,6 @@ impl PermissionGroupExt for PermissionGroup {
             | Self::UsersView
             | Self::MerchantDetailsView
             | Self::AccountView
-            | Self::ReconTokenView
             | Self::ReconOpsView
             | Self::ReconReportsView => PermissionScope::Read,
 
@@ -50,7 +49,6 @@ impl PermissionGroupExt for PermissionGroup {
             | Self::MerchantDetailsManage
             | Self::AccountView
             | Self::AccountManage => ParentGroup::Account,
-            Self::ReconTokenView => ParentGroup::Recon,
             Self::ReconOpsView | Self::ReconOpsManage => ParentGroup::ReconOps,
             Self::ReconReportsView | Self::ReconReportsManage => ParentGroup::ReconReports,
         }
@@ -82,8 +80,6 @@ impl PermissionGroupExt for PermissionGroup {
                 vec![Self::UsersView, Self::UsersManage]
             }
 
-            Self::ReconTokenView => vec![Self::ReconTokenView],
-
             Self::ReconOpsView => vec![Self::ReconOpsView],
             Self::ReconOpsManage => vec![Self::ReconOpsView, Self::ReconOpsManage],
 
@@ -120,7 +116,6 @@ impl ParentGroupExt for ParentGroup {
             Self::Analytics => ANALYTICS.to_vec(),
             Self::Users => USERS.to_vec(),
             Self::Account => ACCOUNT.to_vec(),
-            Self::Recon => RECON.to_vec(),
             Self::ReconOps => RECON_OPS.to_vec(),
             Self::ReconReports => RECON_REPORTS.to_vec(),
         }
@@ -181,8 +176,6 @@ pub static USERS: [Resource; 2] = [Resource::User, Resource::Account];
 
 pub static ACCOUNT: [Resource; 3] = [Resource::Account, Resource::ApiKey, Resource::WebhookEvent];
 
-pub static RECON: [Resource; 1] = [Resource::ReconToken];
-
 pub static RECON_OPS: [Resource; 5] = [
     Resource::ReconToken,
     Resource::ReconFiles,

crates/router/src/services/authorization/roles.rs

@@ -7,6 +7,8 @@ use api_models::enums::ReconPermissionScope;
 use common_enums::{EntityType, PermissionGroup, Resource, RoleScope};
 use common_utils::{errors::CustomResult, id_type};
 
+#[cfg(feature = "recon")]
+use super::permission_groups::{RECON_OPS, RECON_REPORTS};
 use super::{permission_groups::PermissionGroupExt, permissions::Permission};
 use crate::{core::errors, routes::SessionState};
 
@@ -85,14 +87,16 @@ impl RoleInfo {
     #[cfg(feature = "recon")]
     pub fn get_recon_acl(&self) -> HashMap<Resource, ReconPermissionScope> {
         let mut acl: HashMap<Resource, ReconPermissionScope> = HashMap::new();
+        let mut recon_resources = RECON_OPS.to_vec();
+        recon_resources.extend(RECON_REPORTS);
+        let recon_internal_resources = [Resource::ReconToken];
         self.get_permission_groups()
             .iter()
-            .for_each(|permission_group| match permission_group {
-                PermissionGroup::ReconOpsView
-                | PermissionGroup::ReconOpsManage
-                | PermissionGroup::ReconReportsView
-                | PermissionGroup::ReconReportsManage => {
-                    permission_group.resources().iter().for_each(|resource| {
+            .for_each(|permission_group| {
+                permission_group.resources().iter().for_each(|resource| {
+                    if recon_resources.contains(resource)
+                        && !recon_internal_resources.contains(resource)
+                    {
                         let scope = match resource {
                             Resource::ReconAndSettlementAnalytics => ReconPermissionScope::Read,
                             _ => ReconPermissionScope::from(permission_group.scope()),
@@ -106,9 +110,8 @@ impl RoleInfo {
                                 }
                             })
                             .or_insert(scope);
-                    })
-                }
-                _ => (),
+                    }
+                })
             });
         acl
     }

crates/router/src/services/authorization/roles/predefined_roles.rs

@@ -28,7 +28,6 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
                 PermissionGroup::MerchantDetailsManage,
                 PermissionGroup::AccountManage,
                 PermissionGroup::OrganizationManage,
-                PermissionGroup::ReconTokenView,
                 PermissionGroup::ReconOpsManage,
                 PermissionGroup::ReconReportsManage,
             ],
@@ -53,7 +52,6 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
                 PermissionGroup::UsersView,
                 PermissionGroup::MerchantDetailsView,
                 PermissionGroup::AccountView,
-                PermissionGroup::ReconTokenView,
                 PermissionGroup::ReconOpsView,
                 PermissionGroup::ReconReportsView,
             ],
@@ -87,7 +85,6 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
                 PermissionGroup::MerchantDetailsManage,
                 PermissionGroup::AccountManage,
                 PermissionGroup::OrganizationManage,
-                PermissionGroup::ReconTokenView,
                 PermissionGroup::ReconOpsManage,
                 PermissionGroup::ReconReportsManage,
             ],
@@ -120,7 +117,6 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
                 PermissionGroup::AccountView,
                 PermissionGroup::MerchantDetailsManage,
                 PermissionGroup::AccountManage,
-                PermissionGroup::ReconTokenView,
                 PermissionGroup::ReconOpsManage,
                 PermissionGroup::ReconReportsManage,
             ],
@@ -145,7 +141,6 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
                 PermissionGroup::UsersView,
                 PermissionGroup::MerchantDetailsView,
                 PermissionGroup::AccountView,
-                PermissionGroup::ReconTokenView,
                 PermissionGroup::ReconOpsView,
                 PermissionGroup::ReconReportsView,
             ],
@@ -287,7 +282,6 @@ pub static PREDEFINED_ROLES: Lazy<HashMap<&'static str, RoleInfo>> = Lazy::new(|
                 PermissionGroup::UsersView,
                 PermissionGroup::MerchantDetailsView,
                 PermissionGroup::AccountView,
-                PermissionGroup::ReconTokenView,
                 PermissionGroup::ReconOpsView,
                 PermissionGroup::ReconReportsView,
             ],