fix: use core deposit action and object for authorization

GaloyMoney · Jan 13, 2025 · 1b3d6a9 · 1b3d6a9
1 parent 87a17b9
commit 1b3d6a9
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 67 deletions.
diff --git a/lana/app/src/authorization/mod.rs b/lana/app/src/authorization/mod.rs
@@ -5,6 +5,7 @@ use crate::audit::Audit;
 pub use authz::error;
 use authz::error::AuthorizationError;
 pub use core_user::{CoreUserAction, UserObject};
+use deposit::{CoreDepositAction, CoreDepositObject};
 use governance::{GovernanceAction, GovernanceObject};
 pub use rbac_types::{AppAction as Action, AppObject as Object, *};
 
@@ -53,20 +54,25 @@ pub async fn get_visible_navigation_items(
         deposit: authz
             .check_all_permissions(
                 sub,
-                Object::Deposit,
+                CoreDepositObject::all_deposits(),
                 &[
-                    Action::Deposit(DepositAction::Read),
-                    Action::Deposit(DepositAction::List),
+                    CoreDepositAction::DEPOSIT_READ,
+                    CoreDepositAction::DEPOSIT_LIST,
+                    CoreDepositAction::DEPOSIT_CREATE,
                 ],
             )
             .await?,
         withdraw: authz
             .check_all_permissions(
                 sub,
-                Object::Withdrawal,
+                CoreDepositObject::all_withdrawals(),
                 &[
-                    Action::Withdrawal(WithdrawalAction::Read),
-                    Action::Withdrawal(WithdrawalAction::List),
+                    CoreDepositAction::WITHDRAWAL_READ,
+                    CoreDepositAction::WITHDRAWAL_LIST,
+                    CoreDepositAction::WITHDRAWAL_INITIATE,
+                    CoreDepositAction::WITHDRAWAL_CONFIRM,
+                    CoreDepositAction::WITHDRAWAL_CANCEL,
+                    CoreDepositAction::WITHDRAWAL_CONCLUDE_APPROVAL_PROCESS,
                 ],
             )
             .await?,

diff --git a/lana/app/src/authorization/seed.rs b/lana/app/src/authorization/seed.rs
@@ -262,30 +262,6 @@ async fn add_permissions_for_bank_manager(authz: &Authorization) -> Result<(), A
             CustomerAction::Update,
         )
         .await?;
-    authz
-        .add_permission_to_role(&role, Object::Deposit, DepositAction::Record)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Deposit, DepositAction::Read)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Deposit, DepositAction::List)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::Initiate)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::Confirm)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::Cancel)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::Read)
-        .await?;
-    authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::List)
-        .await?;
     authz
         .add_permission_to_role(&role, Object::Document, DocumentAction::Create)
         .await?;
@@ -391,7 +367,7 @@ async fn add_permissions_for_bank_manager(authz: &Authorization) -> Result<(), A
     authz
         .add_permission_to_role(
             &role,
-            CoreDepositObject::all_deposit_accounts(),
+            CoreDepositObject::all_deposits(),
             CoreDepositAction::DEPOSIT_LIST,
         )
         .await?;
@@ -476,16 +452,32 @@ async fn add_permissions_for_accountant(authz: &Authorization) -> Result<(), Aut
         )
         .await?;
     authz
-        .add_permission_to_role(&role, Object::Deposit, DepositAction::Read)
+        .add_permission_to_role(
+            &role,
+            CoreDepositObject::all_deposits(),
+            CoreDepositAction::DEPOSIT_READ,
+        )
         .await?;
     authz
-        .add_permission_to_role(&role, Object::Deposit, DepositAction::List)
+        .add_permission_to_role(
+            &role,
+            CoreDepositObject::all_deposits(),
+            CoreDepositAction::DEPOSIT_LIST,
+        )
         .await?;
     authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::Read)
+        .add_permission_to_role(
+            &role,
+            CoreDepositObject::all_withdrawals(),
+            CoreDepositAction::WITHDRAWAL_READ,
+        )
         .await?;
     authz
-        .add_permission_to_role(&role, Object::Withdrawal, WithdrawalAction::List)
+        .add_permission_to_role(
+            &role,
+            CoreDepositObject::all_withdrawals(),
+            CoreDepositAction::WITHDRAWAL_LIST,
+        )
         .await?;
     authz
         .add_permission_to_role(&role, Object::Document, DocumentAction::Read)

diff --git a/lana/rbac-types/src/action.rs b/lana/rbac-types/src/action.rs
@@ -104,8 +104,6 @@ macro_rules! impl_trivial_action {
 pub enum AppAction {
     TermsTemplate(TermsTemplateAction),
     Customer(CustomerAction),
-    Deposit(DepositAction),
-    Withdrawal(WithdrawalAction),
     Report(ReportAction),
     Audit(AuditAction),
     Ledger(LedgerAction),
@@ -120,8 +118,6 @@ impl Display for AppAction {
         match self {
             TermsTemplate(action) => action.fmt(f),
             Customer(action) => action.fmt(f),
-            Deposit(action) => action.fmt(f),
-            Withdrawal(action) => action.fmt(f),
             Report(action) => action.fmt(f),
             Audit(action) => action.fmt(f),
             Ledger(action) => action.fmt(f),
@@ -142,8 +138,6 @@ impl FromStr for AppAction {
         let res = match entity.parse()? {
             TermsTemplate => AppAction::from(action.parse::<TermsTemplateAction>()?),
             Customer => AppAction::from(action.parse::<CustomerAction>()?),
-            Deposit => AppAction::from(action.parse::<DepositAction>()?),
-            Withdrawal => AppAction::from(action.parse::<WithdrawalAction>()?),
             Report => AppAction::from(action.parse::<ReportAction>()?),
             Audit => AppAction::from(action.parse::<AuditAction>()?),
             Ledger => AppAction::from(action.parse::<LedgerAction>()?),
@@ -208,16 +202,6 @@ pub enum CustomerAction {
 
 impl_trivial_action!(CustomerAction, Customer);
 
-#[derive(PartialEq, Clone, Copy, Debug, strum::Display, strum::EnumString)]
-#[strum(serialize_all = "kebab-case")]
-pub enum DepositAction {
-    Read,
-    Record,
-    List,
-}
-
-impl_trivial_action!(DepositAction, Deposit);
-
 #[derive(PartialEq, Clone, Copy, Debug, strum::Display, strum::EnumString)]
 #[strum(serialize_all = "kebab-case")]
 pub enum DocumentAction {
@@ -231,19 +215,6 @@ pub enum DocumentAction {
 
 impl_trivial_action!(DocumentAction, Document);
 
-#[derive(PartialEq, Clone, Copy, Debug, strum::Display, strum::EnumString)]
-#[strum(serialize_all = "kebab-case")]
-pub enum WithdrawalAction {
-    Read,
-    ConcludeApprovalProcess,
-    Initiate,
-    Confirm,
-    List,
-    Cancel,
-}
-
-impl_trivial_action!(WithdrawalAction, Withdrawal);
-
 #[derive(PartialEq, Clone, Copy, Debug, strum::Display, strum::EnumString)]
 #[strum(serialize_all = "kebab-case")]
 pub enum ReportAction {
@@ -282,10 +253,10 @@ mod test {
 
     #[test]
     fn action_serialization() -> anyhow::Result<()> {
-        // Deposit
+        // Report
         test_to_and_from_string(
-            LanaAction::App(AppAction::Deposit(DepositAction::List)),
-            "app:deposit:list",
+            LanaAction::App(AppAction::Report(ReportAction::List)),
+            "app:report:list",
         )?;
         Ok(())
     }