feat(payouts): Add user roles for payouts (juspay#4167)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
Sachinnegi825 · Mar 22, 2024 · 13fe584 · 13fe584
1 parent 5afd2c2
commit 13fe584
Show file tree

Hide file tree

Showing 9 changed files with 119 additions and 68 deletions.
diff --git a/crates/api_models/src/user_role.rs b/crates/api_models/src/user_role.rs
@@ -32,6 +32,8 @@ pub enum Permission {
  UsersWrite,
  MerchantAccountCreate,
  WebhookEventRead,
+ PayoutWrite,
+ PayoutRead,
 }
 
 #[derive(Debug, serde::Serialize)]
@@ -48,6 +50,7 @@ pub enum PermissionModule {
  ThreeDsDecisionManager,
  SurchargeDecisionManager,
  AccountCreate,
+ Payouts,
 }
 
 #[derive(Debug, serde::Serialize)]

diff --git a/crates/router/src/routes/payouts.rs b/crates/router/src/routes/payouts.rs
@@ -9,7 +9,7 @@ use super::app::AppState;
 use crate::types::api::payments as payment_types;
 use crate::{
  core::{api_locking, payouts::*},
- services::{api, authentication as auth},
+ services::{api, authentication as auth, authorization::permissions::Permission},
  types::api::payouts as payout_types,
 };
 
@@ -77,7 +77,11 @@ pub async fn payouts_retrieve(
  &req,
  payout_retrieve_request,
  |state, auth, req| payouts_retrieve_core(state, auth.merchant_account, auth.key_store, req),
- &auth::ApiKeyAuth,
+ auth::auth_type(
+ &auth::ApiKeyAuth,
+ &auth::JWTAuth(Permission::PayoutRead),
+ req.headers(),
+ ),
  api_locking::LockAction::NotApplicable,
  ))
  .await
@@ -225,7 +229,11 @@ pub async fn payouts_list(
  &req,
  payload,
  |state, auth, req| payouts_list_core(state, auth.merchant_account, req),
- &auth::ApiKeyAuth,
+ auth::auth_type(
+ &auth::ApiKeyAuth,
+ &auth::JWTAuth(Permission::PayoutRead),
+ req.headers(),
+ ),
  api_locking::LockAction::NotApplicable,
  ))
  .await
@@ -259,7 +267,11 @@ pub async fn payouts_list_by_filter(
  &req,
  payload,
  |state, auth, req| payouts_filtered_list_core(state, auth.merchant_account, req),
- &auth::ApiKeyAuth,
+ auth::auth_type(
+ &auth::ApiKeyAuth,
+ &auth::JWTAuth(Permission::PayoutRead),
+ req.headers(),
+ ),
  api_locking::LockAction::NotApplicable,
  ))
  .await
@@ -293,7 +305,11 @@ pub async fn payouts_list_available_filters(
  &req,
  payload,
  |state, auth, req| payouts_list_available_filters_core(state, auth.merchant_account, req),
- &auth::ApiKeyAuth,
+ auth::auth_type(
+ &auth::ApiKeyAuth,
+ &auth::JWTAuth(Permission::PayoutRead),
+ req.headers(),
+ ),
  api_locking::LockAction::NotApplicable,
  ))
  .await

diff --git a/crates/router/src/services/authorization/info.rs b/crates/router/src/services/authorization/info.rs
@@ -41,6 +41,7 @@ pub enum PermissionModule {
  ThreeDsDecisionManager,
  SurchargeDecisionManager,
  AccountCreate,
+ Payouts,
 }
 
 impl PermissionModule {
@@ -57,7 +58,8 @@ impl PermissionModule {
  Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
  Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
  Self::SurchargeDecisionManager =>"View and configure surcharge decision rules configured for a merchant",
- Self::AccountCreate => "Create new account within your organization"
+ Self::AccountCreate => "Create new account within your organization",
+ Self::Payouts => "Everything related to payouts - like creating and viewing payout related information are within this module"
  }
  }
 }
@@ -168,6 +170,14 @@ impl ModuleInfo {
  Permission::MerchantAccountCreate,
  ]),
  },
+ PermissionModule::Payouts => Self {
+ module: module_name,
+ description,
+ permissions: get_permission_info_from_permissions(&[
+ Permission::PayoutRead,
+ Permission::PayoutWrite,
+ ]),
+ },
  }
  }
 }
@@ -184,10 +194,10 @@ fn get_group_info_from_permission_group(group: PermissionGroup) -> GroupInfo {
 fn get_group_description(group: PermissionGroup) -> &'static str {
  match group {
  PermissionGroup::OperationsView => {
- "View Payments, Refunds, Mandates, Disputes and Customers"
+ "View Payments, Refunds, Payouts, Mandates, Disputes and Customers"
  }
  PermissionGroup::OperationsManage => {
- "Create, modify and delete Payments, Refunds, Mandates, Disputes and Customers"
+ "Create, modify and delete Payments, Refunds, Payouts, Mandates, Disputes and Customers"
  }
  PermissionGroup::ConnectorsView => {
  "View connected Payment Processors, Payout Processors and Fraud & Risk Manager details"

diff --git a/crates/router/src/services/authorization/permission_groups.rs b/crates/router/src/services/authorization/permission_groups.rs
@@ -19,22 +19,24 @@ pub fn get_permissions_vec(permission_group: &PermissionGroup) -> &[Permission]
  }
 }
 
-pub static OPERATIONS_VIEW: [Permission; 6] = [
+pub static OPERATIONS_VIEW: [Permission; 7] = [
  Permission::PaymentRead,
  Permission::RefundRead,
  Permission::MandateRead,
  Permission::DisputeRead,
  Permission::CustomerRead,
  Permission::MerchantAccountRead,
+ Permission::PayoutRead,
 ];
 
-pub static OPERATIONS_MANAGE: [Permission; 6] = [
+pub static OPERATIONS_MANAGE: [Permission; 7] = [
  Permission::PaymentWrite,
  Permission::RefundWrite,
  Permission::MandateWrite,
  Permission::DisputeWrite,
  Permission::CustomerWrite,
  Permission::MerchantAccountRead,
+ Permission::PayoutWrite,
 ];
 
 pub static CONNECTORS_VIEW: [Permission; 2] = [

diff --git a/crates/router/src/services/authorization/permissions.rs b/crates/router/src/services/authorization/permissions.rs
@@ -31,6 +31,8 @@ pub enum Permission {
  UsersWrite,
  MerchantAccountCreate,
  WebhookEventRead,
+ PayoutRead,
+ PayoutWrite,
 }
 
 impl Permission {
@@ -69,6 +71,8 @@ impl Permission {
  Self::UsersWrite => "Invite users, assign and update roles",
  Self::MerchantAccountCreate => "Create merchant account",
  Self::WebhookEventRead => "View webhook events",
+ Self::PayoutRead => "View all payouts",
+ Self::PayoutWrite => "Create payout, download payout data",
  }
  }
 }
diff --git a/crates/router/src/services/authorization/predefined_permissions.rs b/crates/router/src/services/authorization/predefined_permissions.rs
@@ -64,6 +64,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::UsersRead,
  Permission::UsersWrite,
  Permission::MerchantAccountCreate,
+ Permission::PayoutRead,
+ Permission::PayoutWrite,
  ],
  name: None,
  is_invitable: false,
@@ -88,6 +90,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::MandateRead,
  Permission::CustomerRead,
  Permission::UsersRead,
+ Permission::PayoutRead,
  ],
  name: None,
  is_invitable: false,
@@ -126,6 +129,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::UsersRead,
  Permission::UsersWrite,
  Permission::MerchantAccountCreate,
+ Permission::PayoutRead,
+ Permission::PayoutWrite,
  ],
  name: Some("Organization Admin"),
  is_invitable: false,
@@ -164,6 +169,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::Analytics,
  Permission::UsersRead,
  Permission::UsersWrite,
+ Permission::PayoutRead,
+ Permission::PayoutWrite,
  ],
  name: Some("Admin"),
  is_invitable: true,
@@ -188,6 +195,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::CustomerRead,
  Permission::Analytics,
  Permission::UsersRead,
+ Permission::PayoutRead,
  ],
  name: Some("View Only"),
  is_invitable: true,
@@ -213,6 +221,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::Analytics,
  Permission::UsersRead,
  Permission::UsersWrite,
+ Permission::PayoutRead,
  ],
  name: Some("IAM"),
  is_invitable: true,
@@ -238,6 +247,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::CustomerRead,
  Permission::Analytics,
  Permission::UsersRead,
+ Permission::PayoutRead,
  ],
  name: Some("Developer"),
  is_invitable: true,
@@ -268,6 +278,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::CustomerRead,
  Permission::Analytics,
  Permission::UsersRead,
+ Permission::PayoutRead,
+ Permission::PayoutWrite,
  ],
  name: Some("Operator"),
  is_invitable: true,
@@ -289,6 +301,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
  Permission::MandateRead,
  Permission::CustomerRead,
  Permission::Analytics,
+ Permission::PayoutRead,
  ],
  name: Some("Customer Support"),
  is_invitable: true,

diff --git a/crates/router/src/types/domain/user.rs b/crates/router/src/types/domain/user.rs
@@ -808,6 +808,7 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
  info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,
  info::PermissionModule::SurchargeDecisionManager => Self::SurchargeDecisionManager,
  info::PermissionModule::AccountCreate => Self::AccountCreate,
+ info::PermissionModule::Payouts => Self::Payouts,
  }
  }
 }

diff --git a/crates/router/src/utils/user_role.rs b/crates/router/src/utils/user_role.rs
@@ -44,6 +44,8 @@ impl From<Permission> for user_role_api::Permission {
  Permission::UsersWrite => Self::UsersWrite,
  Permission::MerchantAccountCreate => Self::MerchantAccountCreate,
  Permission::WebhookEventRead => Self::WebhookEventRead,
+ Permission::PayoutRead => Self::PayoutRead,
+ Permission::PayoutWrite => Self::PayoutWrite,
  }
  }
 }

diff --git a/openapi/openapi_spec.json b/openapi/openapi_spec.json
@@ -3866,64 +3866,6 @@
  ]
  }
  },
- "/payouts/list": {
- "get": {
- "tags": [
- "Payouts"
- ],
- "summary": "Payouts - List",
- "description": "Payouts - List",
- "operationId": "List payouts",
- "responses": {
- "200": {
- "description": "Payouts listed",
- "content": {
- "application/json": {
- "schema": {
- "$ref": "#/components/schemas/PayoutListResponse"
- }
- }
- }
- },
- "404": {
- "description": "Payout not found"
- }
- },
- "security": [
- {
- "api_key": []
- }
- ]
- },
- "post": {
- "tags": [
- "Payouts"
- ],
- "summary": "Payouts - Filter",
- "description": "Payouts - Filter",
- "operationId": "Filter payouts",
- "responses": {
- "200": {
- "description": "Payouts filtered",
- "content": {
- "application/json": {
- "schema": {
- "$ref": "#/components/schemas/PayoutListResponse"
- }
- }
- }
- },
- "404": {
- "description": "Payout not found"
- }
- },
- "security": [
- {
- "api_key": []
- }
- ]
- }
- },
  "/payouts/{payout_id}": {
  "get": {
  "tags": [
@@ -4116,6 +4058,64 @@
  ]
  }
  },
+ "/payouts/list": {
+ "get": {
+ "tags": [
+ "Payouts"
+ ],
+ "summary": "Payouts - List",
+ "description": "Payouts - List",
+ "operationId": "List payouts",
+ "responses": {
+ "200": {
+ "description": "Payouts listed",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/PayoutListResponse"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Payout not found"
+ }
+ },
+ "security": [
+ {
+ "api_key": []
+ }
+ ]
+ },
+ "post": {
+ "tags": [
+ "Payouts"
+ ],
+ "summary": "Payouts - Filter",
+ "description": "Payouts - Filter",
+ "operationId": "Filter payouts",
+ "responses": {
+ "200": {
+ "description": "Payouts filtered",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/PayoutListResponse"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Payout not found"
+ }
+ },
+ "security": [
+ {
+ "api_key": []
+ }
+ ]
+ }
+ },
  "/api_keys/{merchant_id)": {
  "post": {
  "tags": [