refactor(analytics): Create new permissions for Generate Report APIs

[ThisIsMani]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates
• Documentation
• CI/CD

Description

Currently, internal users are unable to access payment generate report as it requires PaymentWrite.

And other reports are having Analytics permission, but in the Front-end, the option is in Operations tab.

Because Generate reports option is present in both Analytics and Operations, there will be a new permission, which will be available for both Operations and Analytics groups.

Additional Changes

• This PR modifies the API contract
• This PR modifies the database schema
• This PR modifies application configuration/environment variables

Motivation and Context

Closes #5177.

How did you test it?

curl 'http://localhost:8080/analytics/v1/report/payments' \
  -H 'authorization: Bearer Internal user JWT' \
  --data-raw '{"timeRange":{"startTime":"2024-07-01T11:34:38Z","endTime":"2024-07-02T11:34:38.441Z"},"dimensions":[]}'

When this API is hit by a internal user, this API should send email with report.

Checklist

• I formatted the code cargo +nightly fmt --all
• I addressed lints thrown by cargo clippy
• I reviewed the submitted code
• I added unit tests for my changes where possible

[ivor-juspay]

will users with RefundWrite get RefundRead permission too?

[ThisIsMani]

User Roles are made up of groups, and those groups consists of a set of permissions.

So if there is a group names OperationsWrite, then in that group, we put all the read and write permissions for operations like payments, refunds, etc..

So, users will never have only RefundWrite permission, if they have it, they will also have RefundRead as well. As both of them will be in the same group.