Skip to content

Commit

Permalink
getting user permissions using in-built functions
Browse files Browse the repository at this point in the history
  • Loading branch information
tsdk02 committed Jun 25, 2024
1 parent 952fe3c commit 34d56c2
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 51 deletions.
8 changes: 8 additions & 0 deletions crates/analytics/src/opensearch.rs
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ pub enum OpenSearchError {
DeserialisationError,
#[error("Opensearch index access not present error: {0:?}")]
IndexAccessNotPermittedError(SearchIndex),
#[error("Opensearch unknown error")]
UnknownError,
}

impl ErrorSwitch<OpenSearchError> for QueryBuildingError {
Expand Down Expand Up @@ -128,6 +130,12 @@ impl ErrorSwitch<ApiErrorResponse> for OpenSearchError {
None,
))
}
Self::UnknownError => ApiErrorResponse::InternalServerError(ApiError::new(
"IR",
4,
"Unknown error",
None,
)),
}
}
}
Expand Down
26 changes: 19 additions & 7 deletions crates/router/src/analytics.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,13 @@ pub mod routes {
use error_stack::ResultExt;

use crate::{
core::api_locking,
core::{api_locking, errors::user::UserErrors},
db::user::UserInterface,
routes::AppState,
services::{
api,
authentication::{self as auth, AuthenticationData, UserWithPermissions},
authorization::permissions::Permission,
authentication::{self as auth, AuthenticationData, UserFromToken},
authorization::{permissions::Permission, roles::RoleInfo},
ApplicationResponse,
},
types::domain::UserEmail,
Expand Down Expand Up @@ -653,7 +653,13 @@ pub mod routes {
state.clone(),
&req,
json_payload.into_inner(),
|state, auth: UserWithPermissions, req, _| async move {
|state, auth: UserFromToken, req, _| async move {
let role_id = auth.role_id;
let role_info = RoleInfo::from_role_id(&state, &role_id, &auth.merchant_id, &auth.org_id)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)?;
let permissions = role_info.get_permissions_set();
let accessible_indexes: Vec<_> = vec![
(
SearchIndex::PaymentAttempts,
Expand All @@ -673,7 +679,7 @@ pub mod routes {
),
]
.into_iter()
.filter(|(_, perm)| perm.iter().any(|p| auth.permissions.contains(p)))
.filter(|(_, perm)| perm.iter().any(|p| permissions.contains(p)))
.map(|i| i.0)
.collect();

Expand Down Expand Up @@ -709,7 +715,13 @@ pub mod routes {
state.clone(),
&req,
indexed_req,
|state, auth: UserWithPermissions, req, _| async move {
|state, auth: UserFromToken, req, _| async move {
let role_id = auth.role_id;
let role_info = RoleInfo::from_role_id(&state, &role_id, &auth.merchant_id, &auth.org_id)
.await
.change_context(UserErrors::InternalServerError)
.change_context(OpenSearchError::UnknownError)?;
let permissions = role_info.get_permissions_set();
let _ = vec![
(
SearchIndex::PaymentAttempts,
Expand All @@ -730,7 +742,7 @@ pub mod routes {
]
.into_iter()
.filter(|(ind, _)| *ind == index)
.find(|i| i.1.iter().any(|p| auth.permissions.contains(p)))
.find(|i| i.1.iter().any(|p| permissions.contains(p)))
.ok_or(OpenSearchError::IndexAccessNotPermittedError(index))?;
analytics::search::search_results(&state.opensearch_client, req, &auth.merchant_id)
.await
Expand Down
44 changes: 0 additions & 44 deletions crates/router/src/services/authentication.rs
Original file line number Diff line number Diff line change
Expand Up @@ -195,15 +195,6 @@ pub struct UserFromToken {
pub org_id: String,
}

#[derive(Clone)]
pub struct UserWithPermissions {
pub user_id: String,
pub merchant_id: String,
pub role_id: String,
pub org_id: String,
pub permissions: Vec<Permission>,
}

pub struct UserIdFromAuth {
pub user_id: String,
}
Expand Down Expand Up @@ -637,41 +628,6 @@ where
}
}

#[cfg(feature = "olap")]
#[async_trait]
impl<A> AuthenticateAndFetch<UserWithPermissions, A> for JWTAuth
where
A: SessionStateInfo + Sync,
{
async fn authenticate_and_fetch(
&self,
request_headers: &HeaderMap,
state: &A,
) -> RouterResult<(UserWithPermissions, AuthenticationType)> {
let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
if payload.check_in_blacklist(state).await? {
return Err(errors::ApiErrorResponse::InvalidJwtToken.into());
}

let permissions = authorization::get_permissions(state, &payload).await?;
authorization::check_authorization(&self.0, &permissions)?;

Ok((
UserWithPermissions {
user_id: payload.user_id.clone(),
merchant_id: payload.merchant_id.clone(),
org_id: payload.org_id,
role_id: payload.role_id,
permissions,
},
AuthenticationType::MerchantJwt {
merchant_id: payload.merchant_id,
user_id: Some(payload.user_id),
},
))
}
}

pub struct JWTAuthMerchantFromRoute {
pub merchant_id: String,
pub required_permission: Permission,
Expand Down

0 comments on commit 34d56c2

Please sign in to comment.