diff --git a/crates/common_enums/src/enums.rs b/crates/common_enums/src/enums.rs index f9bdf61b6c..b3a671329f 100644 --- a/crates/common_enums/src/enums.rs +++ b/crates/common_enums/src/enums.rs @@ -2798,7 +2798,6 @@ pub enum PermissionGroup { OrganizationManage, AccountView, AccountManage, - ReconTokenView, ReconReportsView, ReconReportsManage, ReconOpsView, @@ -2815,7 +2814,6 @@ pub enum ParentGroup { Workflows, Analytics, Users, - Recon, ReconOps, ReconReports, Account, diff --git a/crates/router/src/services/authorization/info.rs b/crates/router/src/services/authorization/info.rs index a4314e128b..2d808a4377 100644 --- a/crates/router/src/services/authorization/info.rs +++ b/crates/router/src/services/authorization/info.rs @@ -40,7 +40,6 @@ fn get_group_description(group: PermissionGroup) -> &'static str { PermissionGroup::MerchantDetailsView | PermissionGroup::AccountView => "View Merchant Details", PermissionGroup::MerchantDetailsManage | PermissionGroup::AccountManage => "Create, modify and delete Merchant Details like api keys, webhooks, etc", PermissionGroup::OrganizationManage => "Manage organization level tasks like create new Merchant accounts, Organization level roles, etc", - PermissionGroup::ReconTokenView => "Generate and Verify reconciliation tokens", PermissionGroup::ReconReportsView => "View and access reconciliation reports and analytics", PermissionGroup::ReconReportsManage => "Manage reconciliation reports", PermissionGroup::ReconOpsView => "View and access reconciliation operations", @@ -56,7 +55,6 @@ pub fn get_parent_group_description(group: ParentGroup) -> &'static str { ParentGroup::Analytics => "View Analytics", ParentGroup::Users => "Manage and invite Users to the Team", ParentGroup::Account => "Create, modify and delete Merchant Details like api keys, webhooks, etc", - ParentGroup::Recon => "Generate and verify reconciliation tokens", ParentGroup::ReconOps => "View, manage reconciliation operations like upload and process files, run reconciliation etc", ParentGroup::ReconReports => "View, manage reconciliation reports and analytics", } diff --git a/crates/router/src/services/authorization/permission_groups.rs b/crates/router/src/services/authorization/permission_groups.rs index 68e185ffa6..c05d24ef15 100644 --- a/crates/router/src/services/authorization/permission_groups.rs +++ b/crates/router/src/services/authorization/permission_groups.rs @@ -22,7 +22,6 @@ impl PermissionGroupExt for PermissionGroup { | Self::UsersView | Self::MerchantDetailsView | Self::AccountView - | Self::ReconTokenView | Self::ReconOpsView | Self::ReconReportsView => PermissionScope::Read, @@ -50,7 +49,6 @@ impl PermissionGroupExt for PermissionGroup { | Self::MerchantDetailsManage | Self::AccountView | Self::AccountManage => ParentGroup::Account, - Self::ReconTokenView => ParentGroup::Recon, Self::ReconOpsView | Self::ReconOpsManage => ParentGroup::ReconOps, Self::ReconReportsView | Self::ReconReportsManage => ParentGroup::ReconReports, } @@ -82,8 +80,6 @@ impl PermissionGroupExt for PermissionGroup { vec![Self::UsersView, Self::UsersManage] } - Self::ReconTokenView => vec![Self::ReconTokenView], - Self::ReconOpsView => vec![Self::ReconOpsView], Self::ReconOpsManage => vec![Self::ReconOpsView, Self::ReconOpsManage], @@ -120,7 +116,6 @@ impl ParentGroupExt for ParentGroup { Self::Analytics => ANALYTICS.to_vec(), Self::Users => USERS.to_vec(), Self::Account => ACCOUNT.to_vec(), - Self::Recon => RECON.to_vec(), Self::ReconOps => RECON_OPS.to_vec(), Self::ReconReports => RECON_REPORTS.to_vec(), } @@ -181,8 +176,6 @@ pub static USERS: [Resource; 2] = [Resource::User, Resource::Account]; pub static ACCOUNT: [Resource; 3] = [Resource::Account, Resource::ApiKey, Resource::WebhookEvent]; -pub static RECON: [Resource; 1] = [Resource::ReconToken]; - pub static RECON_OPS: [Resource; 5] = [ Resource::ReconToken, Resource::ReconFiles, diff --git a/crates/router/src/services/authorization/roles.rs b/crates/router/src/services/authorization/roles.rs index c22af6cf21..f6c4f4b9ef 100644 --- a/crates/router/src/services/authorization/roles.rs +++ b/crates/router/src/services/authorization/roles.rs @@ -7,6 +7,8 @@ use api_models::enums::ReconPermissionScope; use common_enums::{EntityType, PermissionGroup, Resource, RoleScope}; use common_utils::{errors::CustomResult, id_type}; +#[cfg(feature = "recon")] +use super::permission_groups::{RECON_OPS, RECON_REPORTS}; use super::{permission_groups::PermissionGroupExt, permissions::Permission}; use crate::{core::errors, routes::SessionState}; @@ -85,14 +87,16 @@ impl RoleInfo { #[cfg(feature = "recon")] pub fn get_recon_acl(&self) -> HashMap { let mut acl: HashMap = HashMap::new(); + let mut recon_resources = RECON_OPS.to_vec(); + recon_resources.extend(RECON_REPORTS); + let recon_internal_resources = [Resource::ReconToken]; self.get_permission_groups() .iter() - .for_each(|permission_group| match permission_group { - PermissionGroup::ReconOpsView - | PermissionGroup::ReconOpsManage - | PermissionGroup::ReconReportsView - | PermissionGroup::ReconReportsManage => { - permission_group.resources().iter().for_each(|resource| { + .for_each(|permission_group| { + permission_group.resources().iter().for_each(|resource| { + if recon_resources.contains(resource) + && !recon_internal_resources.contains(resource) + { let scope = match resource { Resource::ReconAndSettlementAnalytics => ReconPermissionScope::Read, _ => ReconPermissionScope::from(permission_group.scope()), @@ -106,9 +110,8 @@ impl RoleInfo { } }) .or_insert(scope); - }) - } - _ => (), + } + }) }); acl } diff --git a/crates/router/src/services/authorization/roles/predefined_roles.rs b/crates/router/src/services/authorization/roles/predefined_roles.rs index ea55590509..17fd844354 100644 --- a/crates/router/src/services/authorization/roles/predefined_roles.rs +++ b/crates/router/src/services/authorization/roles/predefined_roles.rs @@ -28,7 +28,6 @@ pub static PREDEFINED_ROLES: Lazy> = Lazy::new(| PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, PermissionGroup::OrganizationManage, - PermissionGroup::ReconTokenView, PermissionGroup::ReconOpsManage, PermissionGroup::ReconReportsManage, ], @@ -53,7 +52,6 @@ pub static PREDEFINED_ROLES: Lazy> = Lazy::new(| PermissionGroup::UsersView, PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::ReconTokenView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, ], @@ -87,7 +85,6 @@ pub static PREDEFINED_ROLES: Lazy> = Lazy::new(| PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, PermissionGroup::OrganizationManage, - PermissionGroup::ReconTokenView, PermissionGroup::ReconOpsManage, PermissionGroup::ReconReportsManage, ], @@ -120,7 +117,6 @@ pub static PREDEFINED_ROLES: Lazy> = Lazy::new(| PermissionGroup::AccountView, PermissionGroup::MerchantDetailsManage, PermissionGroup::AccountManage, - PermissionGroup::ReconTokenView, PermissionGroup::ReconOpsManage, PermissionGroup::ReconReportsManage, ], @@ -145,7 +141,6 @@ pub static PREDEFINED_ROLES: Lazy> = Lazy::new(| PermissionGroup::UsersView, PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::ReconTokenView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, ], @@ -287,7 +282,6 @@ pub static PREDEFINED_ROLES: Lazy> = Lazy::new(| PermissionGroup::UsersView, PermissionGroup::MerchantDetailsView, PermissionGroup::AccountView, - PermissionGroup::ReconTokenView, PermissionGroup::ReconOpsView, PermissionGroup::ReconReportsView, ],