Skip to content

refactor(authz): Make connector list accessible by operation groups#6792

Merged
likhinbopanna merged 3 commits intomainfrom
connectors-view-in-operations
Dec 16, 2024
Merged

refactor(authz): Make connector list accessible by operation groups#6792
likhinbopanna merged 3 commits intomainfrom
connectors-view-in-operations

Conversation

@ThisIsMani
Copy link
Contributor

@ThisIsMani ThisIsMani commented Dec 10, 2024

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

This PR will make connector_view group accessible by operation groups.

This PR will also change the permission of connector_retrieve API from connector_read to connector_write as it contains sensitive data.

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Closes #6788.

How did you test it?

curl 'http://localhost:8080/account/merchant_1733829021/profile/connectors' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiMzgyMWViZTktNGVkZS00Y2Y5LTlkNDQtNDgzZGFjMTM2ODEzIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzMzODI5MDIxIiwicm9sZV9pZCI6InJvbGVfRHZDdGFtenBGanZPdW9oSVpEMUEiLCJleHAiOjE3MzQwMDgzODEsIm9yZ19pZCI6Im9yZ19FWnZWZFJ6NVRxT1FxaWJzUERRZSIsInByb2ZpbGVfaWQiOiJwcm9fN2x3clIwWVVUbU1hbzhpWHJSVEkiLCJ0ZW5hbnRfaWQiOiJwdWJsaWMifQ.GvNXaj3YAwfPYQhoR7EeC-PpQmocZ_y8G02fdN_DuQU' \

The above API should be accessible by users who are in only operations_view group.

curl 'http://localhost:8080/account/merchant_1733829021/connectors/mca_NEyNsfAyBFqewjPVz7sY' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjA0N2I5NGYtYjlmYi00MGY4LWI1NWUtODcwMDdhZDc2M2ZhIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzMzODI5MDIxIiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTczNDAwODcyOCwib3JnX2lkIjoib3JnX0VadlZkUno1VHFPUXFpYnNQRFFlIiwicHJvZmlsZV9pZCI6InByb183bHdyUjBZVVRtTWFvOGlYclJUSSIsInRlbmFudF9pZCI6InB1YmxpYyJ9.GMuhFhjCvP_3aM8IEHuKXH3la3uRgtCU3Q_zVVpEOyQ' \

The above API should not be accessible by users who are not in connector_manage group.

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@ThisIsMani ThisIsMani added C-refactor Category: Refactor A-users Area: Users labels Dec 10, 2024
@ThisIsMani ThisIsMani self-assigned this Dec 10, 2024
@ThisIsMani ThisIsMani requested review from a team as code owners December 10, 2024 13:06
@semanticdiff-com
Copy link

semanticdiff-com bot commented Dec 10, 2024
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/services/authorization/permission_groups.rs  84% smaller
  crates/router/src/routes/admin.rs  38% smaller

@likhinbopanna likhinbopanna added this pull request to the merge queue Dec 16, 2024
Merged via the queue into main with commit 6081283 Dec 16, 2024
@likhinbopanna likhinbopanna deleted the connectors-view-in-operations branch December 16, 2024 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@muditbhutani muditbhutani muditbhutani approved these changes

@SanchithHegde SanchithHegde SanchithHegde approved these changes

@apoorvdixit88 apoorvdixit88 apoorvdixit88 approved these changes

@racnan racnan Awaiting requested review from racnan

Assignees

@ThisIsMani ThisIsMani

Labels

A-users Area: Users C-refactor Category: Refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

refactor(permissions): Give access to connector view group in operation groups

5 participants

@ThisIsMani @muditbhutani @SanchithHegde @apoorvdixit88 @likhinbopanna