From 3e3c3261c305ddafacee7ae521c056d508ab16c9 Mon Sep 17 00:00:00 2001
From: Mani Chandra <84711804+ThisIsMani@users.noreply.github.com>
Date: Sun, 29 Sep 2024 18:20:22 +0530
Subject: [PATCH] fix(user_roles): Send only same and below Entity Level Users
 in List Users API (#6147)

---
 crates/router/src/core/user_role.rs  | 10 ++++++++
 crates/router/src/utils/user_role.rs | 34 +++++++++-------------------
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/crates/router/src/core/user_role.rs b/crates/router/src/core/user_role.rs
index b841f88eca1..e10fa0eb81c 100644
--- a/crates/router/src/core/user_role.rs
+++ b/crates/router/src/core/user_role.rs
@@ -736,6 +736,16 @@ pub async fn list_users_in_lineage(
         }
     };
 
+    // This filtering is needed because for org level users in V1, merchant_id is present.
+    // Due to this, we get org level users in merchant level users list.
+    let user_roles_set = user_roles_set
+        .into_iter()
+        .filter_map(|user_role| {
+            let (_entity_id, entity_type) = user_role.get_entity_id_and_type()?;
+            (entity_type <= requestor_role_info.get_entity_type()).then_some(user_role)
+        })
+        .collect::<HashSet<_>>();
+
     let mut email_map = state
         .global_store
         .find_users_by_user_ids(
diff --git a/crates/router/src/utils/user_role.rs b/crates/router/src/utils/user_role.rs
index f2aae68fcbc..b6db8340775 100644
--- a/crates/router/src/utils/user_role.rs
+++ b/crates/router/src/utils/user_role.rs
@@ -1,4 +1,4 @@
-use std::collections::HashSet;
+use std::{cmp, collections::HashSet};
 
 use api_models::user_role as user_role_api;
 use common_enums::{EntityType, PermissionGroup};
@@ -418,28 +418,16 @@ pub fn get_min_entity(
     user_entity: EntityType,
     filter_entity: Option<EntityType>,
 ) -> UserResult<EntityType> {
-    match (user_entity, filter_entity) {
-        (EntityType::Organization, None)
-        | (EntityType::Organization, Some(EntityType::Organization)) => {
-            Ok(EntityType::Organization)
-        }
+    let Some(filter_entity) = filter_entity else {
+        return Ok(user_entity);
+    };
 
-        (EntityType::Merchant, None)
-        | (EntityType::Organization, Some(EntityType::Merchant))
-        | (EntityType::Merchant, Some(EntityType::Merchant)) => Ok(EntityType::Merchant),
-
-        (EntityType::Profile, None)
-        | (EntityType::Organization, Some(EntityType::Profile))
-        | (EntityType::Merchant, Some(EntityType::Profile))
-        | (EntityType::Profile, Some(EntityType::Profile)) => Ok(EntityType::Profile),
-
-        (EntityType::Merchant, Some(EntityType::Organization))
-        | (EntityType::Profile, Some(EntityType::Organization))
-        | (EntityType::Profile, Some(EntityType::Merchant)) => {
-            Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
-                "{} level user requesting data for {:?} level",
-                user_entity, filter_entity
-            ))
-        }
+    if user_entity < filter_entity {
+        return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
+            "{} level user requesting data for {:?} level",
+            user_entity, filter_entity
+        ));
     }
+
+    Ok(cmp::min(user_entity, filter_entity))
 }