You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, a profile level user is able to see the other profile payments list when using global-search, irrespective of whether he has permissions or not. But the user will not be able to view the details related to the payments upon clicking the particular payment.
This behaviour should be fixed by restricting the profiles / merchants to be searched based on the user roles associated with the role_id and the permissions associated with the user role
Now, only if the use role has the necessary READ permissions to access the indexes, he would be able to search the payments related to that particular profile/merchant.
The search_params should now be constructed with only those ProfileLevel / MerchantLevel / OrgLevel entities which will be searched through the opensearch query.
The text was updated successfully, but these errors were encountered:
To fix the issue raised here: https://github.com/juspay/hyperswitch-cloud/issues/6759
Currently, a profile level user is able to see the other profile payments list when using global-search, irrespective of whether he has permissions or not. But the user will not be able to view the details related to the payments upon clicking the particular payment.
This behaviour should be fixed by restricting the profiles / merchants to be searched based on the user roles associated with the role_id and the permissions associated with the user role
Now, only if the use role has the necessary READ permissions to access the indexes, he would be able to search the payments related to that particular profile/merchant.
The search_params should now be constructed with only those ProfileLevel / MerchantLevel / OrgLevel entities which will be searched through the opensearch query.
The text was updated successfully, but these errors were encountered: