artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 17:37:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'views' into develop

Browse Source
This commit is contained in:
Ayoub BENALI 2013-07-18 14:55:10 +02:00
commit 039bb90d62
16 changed files with 1508 additions and 1270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/main/scala/bootstrap/liftweb/Boot.scala
View File

@ -186,6 +186,8 @@ class Boot extends Loggable{
Schemifier.schemify(true, Schemifier.infoF _, Token)
Schemifier.schemify(true, Schemifier.infoF _, Consumer)
Schemifier.schemify(true, Schemifier.infoF _, HostedAccount)
Schemifier.schemify(true, Schemifier.infoF _, ViewPrivileges)
Schemifier.schemify(true, Schemifier.infoF _, ViewImpl)
//launch the scheduler to clean the database from the expired tokens and nonces
Schedule.schedule(()=> OAuthAuthorisation.dataBaseCleaner, 2 minutes)
@ -239,44 +241,5 @@ class Boot extends Loggable{
// Make a transaction span the whole HTTP request
S.addAround(DB.buildLoanWrapper)
/**
* A temporary measure to make sure there is an owner for the account, so that someone can set permissions
*/
Account.find("holder", "MUSIC PICTURES LIMITED") match{
case Full(a) =>
HostedAccount.find(By(HostedAccount.accountID,a.id.toString)) match {
case Empty => {
val hostedAccount = HostedAccount.create.accountID(a.id.toString).saveMe
logger.debug("Creating tesobe account user and granting it owner permissions")
//create one
// val randomPassword = StringHelpers.randomString(12)
// println ("The admin password is :"+randomPassword )
val userEmail = "tesobe@tesobe.com"
val firstName = "tesobe first name"
val lastName = "tesobe last name"
val theUserOwner = OBPUser.find(By(OBPUser.email, userEmail)).getOrElse(OBPUser.create.email(userEmail).password("123tesobe456").validated(true).firstName(firstName).lastName(lastName).saveMe)
Privilege.create.account(hostedAccount).ownerPermission(true).user(theUserOwner).saveMe
}
case Full(hostedAccount) =>
Privilege.find(By(Privilege.account,hostedAccount), By(Privilege.ownerPermission, true)) match{
case Empty => {
//create one
// val randomPassword = StringHelpers.randomString(12)
// println ("The admin password is :"+randomPassword )
val userEmail = "tesobe@tesobe.com"
val firstName = "tesobe first name"
val lastName = "tesobe last name"
val theUserOwner = OBPUser.find(By(OBPUser.email, userEmail)).getOrElse(OBPUser.create.email(userEmail).password("123tesobe456").validated(true).firstName(firstName).lastName(lastName).saveMe)
Privilege.create.account(hostedAccount).ownerPermission(true)
.mangementPermission(true).authoritiesPermission(true).boardPermission(true)
.teamPermission(true).ourNetworkPermission(true).user(theUserOwner).saveMe
}
case _ => logger.debug("Owner privilege already exists")
}
case _ => None
}
case _ => logger.debug("No account found")
}
}
}

32
src/main/scala/code/api/OBPAPI1.0.scala
View File

@ -64,7 +64,7 @@ import _root_.net.liftweb.http.S._
import _root_.net.liftweb.mapper.view._
import com.mongodb._
import code.model.dataAccess.{ Account, OBPEnvelope, OBPUser,APIMetric, HostedAccount, LocalStorage}
import code.model.{ModeratedTransaction, ModeratedBankAccount, View, BankAccount, Public, Bank, User}
import code.model.{ModeratedTransaction, ModeratedBankAccount, View, BankAccount, Bank, User}
import code.model.dataAccess.OBPEnvelope._
import java.util.Date
import code.api.OAuthHandshake._
@ -72,6 +72,7 @@ import net.liftweb.util.Helpers.now
import net.liftweb.json.Extraction
import _root_.net.liftweb.json.Serialization
import net.liftweb.json.NoTypeHints
import code.api.OAuthHandshake.getUser
case class APICallAmount(
url: String,
@ -96,23 +97,6 @@ object OBPAPI1_0 extends RestHelper with Loggable {
val dateFormat = ModeratedTransaction.dateFormat
private def getOBPUser(httpCode : Int, tokenID : Box[String]) : Box[OBPUser] =
if(httpCode==200)
{
import code.model.Token
Token.find(By(Token.key, tokenID.get)) match {
case Full(token) => tryo{
token.userId.get.toLong
} match {
case Full(id) => OBPUser.find(By(OBPUser.id, id))
case _ => Empty
}
case _ => Empty
}
}
else
Empty
private def logAPICall =
APIMetric.createRecord.
url(S.uriAndQueryString.getOrElse("")).
@ -193,7 +177,7 @@ object OBPAPI1_0 extends RestHelper with Loggable {
val response = for {
bankAccount <- BankAccount(bankAlias, accountAlias)
view <- View.fromUrl(viewName)
transactions <- bankAccount.getModeratedTransactions(getOBPUser(httpCode,oAuthParameters.get("oauth_token")), view, params : _*)
transactions <- bankAccount.getModeratedTransactions(getUser(httpCode,oAuthParameters.get("oauth_token")), view, params : _*)
} yield {
JsonResponse("transactions" -> transactions.map(t => t.toJson(view)))
}
@ -212,7 +196,7 @@ object OBPAPI1_0 extends RestHelper with Loggable {
logAPICall
val (httpCode, data, oAuthParameters) = validator("protectedResource", "GET")
val user = getOBPUser(httpCode,oAuthParameters.get("oauth_token"))
val user = getUser(httpCode,oAuthParameters.get("oauth_token"))
val moderatedTransactionAndView = for {
bank <- Bank(bankAlias) ?~ { "bank " + bankAlias + " not found"} ~> 404
@ -236,7 +220,7 @@ object OBPAPI1_0 extends RestHelper with Loggable {
logAPICall
val (httpCode, data, oAuthParameters) = validator("protectedResource", "GET")
val user = getOBPUser(httpCode,oAuthParameters.get("oauth_token"))
val user = getUser(httpCode,oAuthParameters.get("oauth_token"))
val comments = for {
bank <- Bank(bankAlias) ?~ { "bank " + bankAlias + " not found"} ~> 404
@ -259,7 +243,7 @@ object OBPAPI1_0 extends RestHelper with Loggable {
val (httpCode, data, oAuthParameters) = validator("protectedResource", "GET")
val headers = ("Content-type" -> "application/x-www-form-urlencoded") :: Nil
val user = getOBPUser(httpCode,oAuthParameters.get("oauth_token"))
val user = getUser(httpCode,oAuthParameters.get("oauth_token"))
def bankAccountSet2JsonResponse(bankAccounts: Set[BankAccount]): LiftResponse = {
val accJson = bankAccounts.map(bAcc => bAcc.overviewJson(user))
@ -293,9 +277,9 @@ object OBPAPI1_0 extends RestHelper with Loggable {
val (httpCode, data, oAuthParameters) = validator("protectedResource", "GET")
val headers = ("Content-type" -> "application/x-www-form-urlencoded") :: Nil
val user = getOBPUser(httpCode,oAuthParameters.get("oauth_token"))
val user = getUser(httpCode,oAuthParameters.get("oauth_token"))
case class ModeratedAccountAndViews(account: ModeratedBankAccount, views: Set[View])
case class ModeratedAccountAndViews(account: ModeratedBankAccount, views: List[View])
val moderatedAccountAndViews = for {
bank <- Bank(bankAlias) ?~ { "bank " + bankAlias + " not found"} ~> 404

12
src/main/scala/code/api/OBPAPI1.1.scala
View File

@ -430,7 +430,7 @@ object OBPAPI1_1 extends RestHelper with Loggable {
val headers = ("Content-type" -> "application/x-www-form-urlencoded") :: Nil
val user = getUser(httpCode, oAuthParameters.get("oauth_token"))
case class ModeratedAccountAndViews(account: ModeratedBankAccount, views: Set[View])
case class ModeratedAccountAndViews(account: ModeratedBankAccount, views: List[View])
val moderatedAccountAndViews = for {
bank <- Bank(bankId) ?~ { "bank " + bankId + " not found" } ~> 404
@ -444,16 +444,10 @@ object OBPAPI1_1 extends RestHelper with Loggable {
def viewJson(view: View): JObject = {
val isPublic: Boolean =
view match {
case Public => true
case _ => false
}
("id" -> view.id) ~
("short_name" -> view.name) ~
("description" -> view.description) ~
("is_public" -> isPublic)
("is_public" -> view.isPublic)
}
def ownerJson(accountOwner: AccountOwner): JObject = {
@ -467,7 +461,7 @@ object OBPAPI1_1 extends RestHelper with Loggable {
("amount" -> account.balance)
}
def json(account: ModeratedBankAccount, views: Set[View]): JObject = {
def json(account: ModeratedBankAccount, views: List[View]): JObject = {
("account" ->
("number" -> account.number.getOrElse("")) ~
("owners" -> account.owners.getOrElse(Set()).map(ownerJson)) ~

17
src/main/scala/code/api/v1_2/JSONFactory.scala
View File

@ -80,7 +80,7 @@ case class AccountsJSON(
case class AccountJSON(
id : String,
label : String,
views_available : Set[ViewJSON],
views_available : List[ViewJSON],
bank_id : String
)
case class ModeratedAccountJSON(
@ -91,7 +91,7 @@ case class ModeratedAccountJSON(
`type` : String,
balance : AmountOfMoneyJSON,
IBAN : String,
views_available : Set[ViewJSON],
views_available : List[ViewJSON],
bank_id : String
)
case class UserJSON(
@ -252,6 +252,15 @@ case class ViewIdsJson(
views : List[String]
)
case class ViewCreationJSON(
name: String,
description: String,
isPublic: Boolean,
alias: String,
hideMetadataIfAlias: Boolean,
allowedFields : List[String]
)
object JSONFactory{
def stringOrNull(text : String) =
if(text.isEmpty)
@ -289,7 +298,7 @@ object JSONFactory{
)
}
def createAccountJSON(account : BankAccount, viewsAvailable : Set[ViewJSON] ) : AccountJSON = {
def createAccountJSON(account : BankAccount, viewsAvailable : List[ViewJSON] ) : AccountJSON = {
new AccountJSON(
account.permalink,
stringOrNull(account.label),
@ -298,7 +307,7 @@ object JSONFactory{
)
}
def createBankAccountJSON(account : ModeratedBankAccount, viewsAvailable : Set[ViewJSON]) : ModeratedAccountJSON = {
def createBankAccountJSON(account : ModeratedBankAccount, viewsAvailable : List[ViewJSON]) : ModeratedAccountJSON = {
val bankName = account.bankName.getOrElse("")
new ModeratedAccountJSON(
account.id,

41
src/main/scala/code/api/v1_2/OBPAPI1.2.scala
View File

@ -70,7 +70,7 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable {
private def bankAccountsListToJson(bankAccounts: List[BankAccount], user : Box[User]): JValue = {
val accJson : List[AccountJSON] = bankAccounts.map( account => {
val views = account permittedViews user
val viewsAvailable : Set[ViewJSON] =
val viewsAvailable : List[ViewJSON] =
views.map( v => {
JSONFactory.createViewJSON(v)
})
@ -81,6 +81,14 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable {
Extraction.decompose(accounts)
}
private def booleanToBox(statement: Boolean, msg: String): Box[Unit] = {
if(statement)
Full()
else
Failure(msg)
}
private def moderatedTransactionMetadata(bankId : String, accountId : String, viewId : String, transactionID : String, user : Box[User]) : Box[ModeratedTransactionMetadata] =
for {
account <- BankAccount(bankId, accountId)
@ -200,6 +208,36 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable {
}
})
oauthServe(apiPrefix {
//creates a view on an bank account
case "banks" :: bankId :: "accounts" :: accountId :: "views" :: Nil JsonPost json -> _ => {
user =>
for {
json <- tryo{json.extract[ViewCreationJSON]} ?~ "wrong JSON format"
u <- user ?~ "user not found"
account <- BankAccount(bankId, accountId)
canAddViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.id_ + " does not have owner access"})
view <- account createView json
} yield {
val viewJSON = JSONFactory.createViewJSON(view)
successJsonResponse(Extraction.decompose(viewJSON), 201)
}
}
})
oauthServe(apiPrefix {
//deletes a view on an bank account
case "banks" :: bankId :: "accounts" :: accountId :: "views" :: viewId :: Nil JsonDelete json => {
user =>
for {
u <- user ?~ "user not found"
account <- BankAccount(bankId, accountId)
canRemoveViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.id_ + " does not have owner access"})
view <- account removeView viewId
} yield noContentJsonResponse
}
})
oauthServe(apiPrefix {
//get access
case "banks" :: bankId :: "accounts" :: accountId :: "permissions" :: Nil JsonGet json => {
@ -222,6 +260,7 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable {
for {
account <- BankAccount(bankId, accountId)
u <- user ?~ "user not found"
//TODO: re-implement this, it load to much data
permissions <- account permissions u
userPermission <- Box(permissions.find(p => { p.user.id_ == userId})) ?~ {"None permission found for user "+userId}
} yield {

43
src/main/scala/code/model/BankingData.scala
View File

@ -41,6 +41,7 @@ import net.liftweb.json.JsonAST.JArray
import net.liftweb.common._
import code.model.dataAccess.{LocalStorage, Account, HostedBank}
import code.model.dataAccess.OBPEnvelope.OBPQueryParam
import code.api.v1_2.ViewCreationJSON
class Bank(
@ -120,12 +121,12 @@ class BankAccount(
private def viewNotAllowed(view : View ) = Failure("user does not have access to the " + view.name + " view")
def permittedViews(user: Box[User]) : Set[View] = {
def permittedViews(user: Box[User]) : List[View] = {
user match {
case Full(u) => u.permittedViews(this)
case _ =>{
logger.info("no user was found in the permittedViews")
if(this.allowPublicAccess) Set(Public) else Set()
publicViews
}
}
}
@ -138,15 +139,13 @@ class BankAccount(
* @return true if the user is allowed to access this view, false otherwise
*/
def authorizedAccess(view: View, user: Option[User]) : Boolean = {
view match {
case Public => allowPublicAccess
case _ => user match {
case Some(u) => {
u.permittedViews(this).contains(view)
}
case None => false
if(view.isPublic)
true
else
user match {
case Some(u) => u.permittedView(view, this)
case _ => false
}
}
}
/**
@ -155,7 +154,7 @@ class BankAccount(
*/
def permissions(user : User) : Box[List[Permission]] = {
//check if the user have access to the owner view in this the account
if(authorizedAccess(Owner,Full(user)))
if(user.ownerAccess(this))
LocalStorage.permissions(this)
else
Failure("user : " + user.emailAddress + "don't have access to owner view on account " + id, Empty, Empty)
@ -169,7 +168,7 @@ class BankAccount(
*/
def addPermission(user : User, viewId : String, otherUserId : String) : Box[Boolean] = {
//check if the user have access to the owner view in this the account
if(authorizedAccess(Owner,Full(user)))
if(user.ownerAccess(this))
for{
view <- View.fromUrl(viewId) //check if the viewId corresponds to a view
otherUser <- User.findById(otherUserId) //check if the userId corresponds to a user
@ -191,6 +190,7 @@ class BankAccount(
//we see if the the is Failures
lazy val failureList = viewBoxes.collect(v => {
v match {
case Empty => Empty
case x : Failure => x
}
})
@ -204,7 +204,7 @@ class BankAccount(
failureList.head
//check if the user have access to the owner view in this the account
if(authorizedAccess(Owner,Full(user)))
if(user.ownerAccess(this))
for{
otherUser <- User.findById(otherUserId) //check if the userId corresponds to a user
views <- viewsFormIds
@ -222,7 +222,7 @@ class BankAccount(
*/
def revokePermission(user : User, viewId : String, otherUserId : String) : Box[Boolean] = {
//check if the user have access to the owner view in this the account
if(authorizedAccess(Owner,Full(user)))
if(user.ownerAccess(this))
for{
view <- View.fromUrl(viewId) //check if the viewId corresponds to a view
otherUser <- User.findById(otherUserId) //check if the userId corresponds to a user
@ -241,10 +241,10 @@ class BankAccount(
def revokeAllPermission(user : User, otherUserId : String) : Box[Boolean] = {
//check if the user have access to the owner view in this the account
if(authorizedAccess(Owner,Full(user)))
if(user.ownerAccess(this))
for{
otherUser <- User.findById(otherUserId) //check if the userId corresponds to a user
isRevoked <- LocalStorage.revokeAllPermission(id, otherUser) ?~ "could not revoke the privileges"
isRevoked <- LocalStorage.revokeAllPermission(id, otherUser)
} yield isRevoked
else
Failure("user : " + user.emailAddress + " don't have access to owner view on account " + id, Empty, Empty)
@ -252,7 +252,7 @@ class BankAccount(
def views(user : User) : Box[List[View]] = {
//check if the user have access to the owner view in this the account
if(authorizedAccess(Owner,Full(user)))
if(user.ownerAccess(this))
for{
isRevoked <- LocalStorage.views(id) ?~ "could not get the views"
} yield isRevoked
@ -260,6 +260,15 @@ class BankAccount(
Failure("user : " + user.emailAddress + " don't have access to owner view on account " + id, Empty, Empty)
}
def createView(v: ViewCreationJSON): Box[View] =
LocalStorage.createView(this, v)
def removeView(viewId: String) : Box[Unit] =
LocalStorage.removeView(viewId, this)
def publicViews : List[View] =
LocalStorage.publicViews(id).getOrElse(Nil)
def moderatedTransaction(id: String, view: View, user: Box[User]) : Box[ModeratedTransaction] = {
if(authorizedAccess(view, user))
LocalStorage.getModeratedTransaction(id, bankPermalink, permalink)(view.moderate)

30
src/main/scala/code/model/ModeratedBankingData.scala
View File

@ -98,27 +98,25 @@ class ModeratedTransactionMetadata(
private val deleteComment: Option[(String) => Box[Unit]],
val tags : Option[List[Tag]],
val addTag : Option[(String, Long, String, Date) => Tag],
private val deleteTagFunc : Option[(String) => Box[Unit]],
private val deleteTag : Option[(String) => Box[Unit]],
val images : Option[List[TransactionImage]],
val addImage : Option[(String, Long, String, Date, URL) => TransactionImage],
private val deleteImageFunc : Option[String => Unit],
private val deleteImage : Option[String => Unit],
val whereTag : Option[GeoTag],
val addWhereTag : Option[(String, Long, Date, Double, Double) => Boolean],
private val deleteWhereTag : Option[(Long) => Boolean]
){
@deprecated //TODO:This should be removed once SoFi is split from the API
def deleteTag = deleteTagFunc
/**
* @return Full if deleting the tag worked, or a failure message if it didn't
*/
def deleteTag(tagId : String, user: Option[User], bankAccount : BankAccount) : Box[Unit] = {
for {
u <- Box(user) ?~ { "User must be logged in"}
tagList <- Box(tags) ?~ { "You must be able to see tags in order to delete them"}
tag <- Box(tagList.find(tag => tag.id_ == tagId)) ?~ {"Tag with id " + tagId + "not found for this transaction"}
deleteFunc <- if(tag.postedBy == user || bankAccount.authorizedAccess(Owner, user))
Box(deleteTagFunc) ?~ "Deleting tags not permitted for this view"
deleteFunc <- if(tag.postedBy == user || u.ownerAccess(bankAccount))
Box(deleteTag) ?~ "Deleting tags not permitted for this view"
else
Failure("deleting tags not permitted for the current user")
tagIsDeleted <- deleteFunc(tagId)
@ -126,19 +124,16 @@ class ModeratedTransactionMetadata(
}
}
@deprecated //This should be removed once SoFi is split from the API
def deleteImage = deleteImageFunc
/**
* @return Full if deleting the image worked, or a failure message if it didn't
*/
def deleteImage(imageId : String, user: Option[User], bankAccount : BankAccount) : Box[Unit] = {
for {
u <- Box(user) ?~ { "User must be logged in"}
imageList <- Box(images) ?~ { "You must be able to see images in order to delete them"}
image <- Box(imageList.find(image => image.id_ == imageId)) ?~ {"Image with id " + imageId + "not found for this transaction"}
deleteFunc <- if(image.postedBy == user || bankAccount.authorizedAccess(Owner, user))
Box(deleteImageFunc) ?~ "Deleting images not permitted for this view"
deleteFunc <- if(image.postedBy == user || u.ownerAccess(bankAccount))
Box(deleteImage) ?~ "Deleting images not permitted for this view"
else
Failure("Deleting images not permitted for the current user")
} yield {
@ -148,9 +143,10 @@ class ModeratedTransactionMetadata(
def deleteComment(commentId: String, user: Option[User],bankAccount: BankAccount) : Box[Unit] = {
for {
u <- Box(user) ?~ { "User must be logged in"}
commentList <- Box(comments) ?~ {"You must be able to see comments in order to delete them"}
comment <- Box(commentList.find(comment => comment.id_ == commentId)) ?~ {"Comment with id "+commentId+" not found for this transaction"}
deleteFunc <- if(comment.postedBy == user || bankAccount.authorizedAccess(Owner, user))
deleteFunc <- if(comment.postedBy == user || u.ownerAccess(bankAccount))
Box(deleteComment) ?~ "Deleting comments not permitted for this view"
else
Failure("Deleting comments not permitted for the current user")
@ -161,8 +157,9 @@ class ModeratedTransactionMetadata(
def deleteWhereTag(viewId: Long, user: Option[User],bankAccount: BankAccount) : Box[Boolean] = {
for {
u <- Box(user) ?~ { "User must be logged in"}
whereTag <- Box(whereTag) ?~ {"You must be able to see the where tag in order to delete it"}
deleteFunc <- if(whereTag.postedBy == user || bankAccount.authorizedAccess(Owner, user))
deleteFunc <- if(whereTag.postedBy == user || u.ownerAccess(bankAccount))
Box(deleteWhereTag) ?~ "Deleting tag is not permitted for this view"
else
Failure("Deleting tags not permitted for the current user")
@ -200,9 +197,6 @@ class ModeratedBankAccount(
("id" ->owner.id) ~
("name" -> owner.name))
//TODO: Decide if unauthorized info (I guess that is represented by a 'none' option'? I can't really remember)
// should just disappear from the json or if an empty string should be used.
//I think we decided to use empty strings. What was the point of all the options again?
("number" -> number.getOrElse("")) ~
("owners" -> ownersJson(owners.getOrElse(Set()))) ~
("type" -> accountType.getOrElse("")) ~

13
src/main/scala/code/model/OAuth.scala
View File

@ -41,14 +41,12 @@ import code.model.dataAccess.Admin
import net.liftweb.util.Helpers
import Helpers.now
object AppType extends Enumeration("web", "mobile")
{
object AppType extends Enumeration("web", "mobile"){
type AppType = Value
val Web, Mobile = Value
}
object TokenType extends Enumeration("request", "access")
{
object TokenType extends Enumeration("request", "access"){
type TokenType=Value
val Request, Access = Value
}
@ -59,13 +57,14 @@ class Consumer extends LongKeyedMapper[Consumer] with CreatedUpdated{
object id extends MappedLongIndex(this)
def minLength3(field: MappedString[Consumer])( s : String) = {
if(s.length() < 3) List(FieldError(field, {field.displayName + " must be at least 3 characters"}))
else Nil
if(s.length() < 3) List(FieldError(field, {field.displayName + " must be at least 3 characters"}))
else Nil
}
object key extends MappedString(this, 250){
override def dbIndexed_? = true
override def dbIndexed_? = true
}
object secret extends MappedString(this, 250)
object isActive extends MappedBoolean(this)
object name extends MappedString(this, 100){

11
src/main/scala/code/model/User.scala
View File

@ -43,9 +43,14 @@ trait User {
def emailAddress : String
def theFirstName : String
def theLastName : String
def permittedViews(bankAccount: BankAccount) : Set[View]
def hasMangementAccess(bankAccount: BankAccount) : Boolean
override def toString = emailAddress
def permittedViews(bankAccount: BankAccount) : List[View] =
LocalStorage.permittedViews(this, bankAccount)
def permittedView(v: View, b: BankAccount): Boolean =
LocalStorage.permittedView(this, v, b)
def ownerAccess(bankAccount: BankAccount) : Boolean =
LocalStorage.ownerAccess(this, bankAccount)
/**
* @return the bank accounts where the user has at least access to a non public view (is_public==false)

635
src/main/scala/code/model/View.scala
View File

@ -33,11 +33,12 @@ Berlin 13359, Germany
package code.model
import code.model.dataAccess.LocalStorage
import java.util.Date
import net.liftweb.common.{Box, Empty, Full, Failure}
import net.liftweb.http.SHtml
import net.liftweb.json.JsonDSL._
import net.liftweb.json.JsonAST.JObject
import net.liftweb.common.{Box, Empty, Full, Failure}
import java.util.Date
class AliasType
@ -63,6 +64,7 @@ trait View {
//the view settings
def usePrivateAliasIfOneExists: Boolean
def usePublicAliasIfOneExists: Boolean
def hideOtherAccountMetadataIfAlias: Boolean
//reading access
@ -88,7 +90,6 @@ trait View {
def canSeeBankAccountOwners : Boolean
def canSeeBankAccountType : Boolean
def canSeeBankAccountBalance : Boolean
def canSeeBankAccountBalancePositiveOrNegative : Boolean
def canSeeBankAccountCurrency : Boolean
def canSeeBankAccountLabel : Boolean
def canSeeBankAccountNationalIdentifier : Boolean
@ -211,21 +212,22 @@ trait View {
new Some(
new ModeratedTransactionMetadata(
ownerComment,
addOwnerCommentFunc,
comments,
addCommentFunc,
deleteCommentFunc,
tags,
addTagFunc,
deleteTagFunc,
images,
addImageFunc,
deleteImageFunc,
whereTag,
addWhereTagFunc,
deleteWhereTagFunc
))
ownerComment = ownerComment,
addOwnerComment = addOwnerCommentFunc,
comments = comments,
addComment = addCommentFunc,
deleteComment = deleteCommentFunc,
tags = tags,
addTag = addTagFunc,
deleteTag = deleteTagFunc,
images = images,
addImage = addImageFunc,
deleteImage = deleteImageFunc,
whereTag = whereTag,
addWhereTag = addWhereTagFunc,
deleteWhereTag = deleteWhereTagFunc
)
)
}
else
None
@ -258,21 +260,27 @@ trait View {
if (canSeeTransactionBalance) transaction.balance.toString()
else ""
new ModeratedTransaction(transactionUUID, transactionId, thisBankAccount, otherBankAccount, transactionMetadata,
transactionType, transactionAmount, transactionCurrency, transactionLabel, transactionStartDate,
transactionFinishDate, transactionBalance)
new ModeratedTransaction(
UUID = transactionUUID,
id = transactionId,
bankAccount = thisBankAccount,
otherBankAccount = otherBankAccount,
metadata = transactionMetadata,
transactionType = transactionType,
amount = transactionAmount,
currency = transactionCurrency,
label = transactionLabel,
startDate = transactionStartDate,
finishDate = transactionFinishDate,
balance = transactionBalance
)
}
def moderate(bankAccount: BankAccount) : Option[ModeratedBankAccount] = {
if(canSeeTransactionThisBankAccount)
{
val owners : Set[AccountOwner] = if(canSeeBankAccountOwners) bankAccount.owners else Set()
val balance =
if(canSeeBankAccountBalance){
bankAccount.balance.toString
} else if(canSeeBankAccountBalancePositiveOrNegative) {
if(bankAccount.balance.toString.startsWith("-")) "-" else "+"
} else ""
val balance = if(canSeeBankAccountBalance) bankAccount.balance.toString else ""
val accountType = if(canSeeBankAccountType) Some(bankAccount.accountType) else None
val currency = if(canSeeBankAccountCurrency) Some(bankAccount.currency) else None
val label = if(canSeeBankAccountLabel) Some(bankAccount.label) else None
@ -326,12 +334,29 @@ trait View {
} else
AccountName(realName, NoAlias)
}
val otherAccountNationalIdentifier = if (canSeeOtherAccountNationalIdentifier) Some(otherBankAccount.nationalIdentifier) else None
val otherAccountSWIFT_BIC = if (canSeeSWIFT_BIC) otherBankAccount.swift_bic else None
val otherAccountIBAN = if(canSeeOtherAccountIBAN) otherBankAccount.iban else None
val otherAccountBankName = if(canSeeOtherAccountBankName) Some(otherBankAccount.bankName) else None
val otherAccountNumber = if(canSeeOtherAccountNumber) Some(otherBankAccount.number) else None
val otherAccountKind = if(canSeeOtherAccountKind) Some(otherBankAccount.kind) else None
def isAlias = otherAccountLabel.aliasType match {
case NoAlias => false
case _ => true
}
def moderateField(canSeeField: Boolean, field: String) : Option[String] = {
if(isAlias & hideOtherAccountMetadataIfAlias)
None
else
if(canSeeField)
Some(field)
else
None
}
implicit def optionStringToString(x : Option[String]) : String = x.getOrElse("")
val otherAccountNationalIdentifier = moderateField(canSeeOtherAccountNationalIdentifier, otherBankAccount.nationalIdentifier)
val otherAccountSWIFT_BIC = moderateField(canSeeSWIFT_BIC, otherBankAccount.swift_bic)
val otherAccountIBAN = moderateField(canSeeOtherAccountIBAN, otherBankAccount.iban)
val otherAccountBankName = moderateField(canSeeOtherAccountBankName, otherBankAccount.bankName)
val otherAccountNumber = moderateField(canSeeOtherAccountNumber, otherBankAccount.number)
val otherAccountKind = moderateField(canSeeOtherAccountKind, otherBankAccount.kind)
val otherAccountMetadata =
if(canSeeOtherAccountMetadata)
{
@ -422,40 +447,43 @@ trait View {
Some(
new ModeratedOtherBankAccountMetadata(
moreInfo,
url,
imageUrl,
openCorporatesUrl,
corporateLocation,
physicalLocation,
publicAlias,
privateAlias,
addMoreInfo,
addURL,
addImageURL,
addOpenCorporatesUrl,
addCorporateLocation,
addPhysicalLocation,
addPublicAlias,
addPrivateAlias,
deleteCorporateLocation,
deletePhysicalLocation
))
moreInfo = moreInfo,
url = url,
imageURL = imageUrl,
openCorporatesURL = openCorporatesUrl,
corporateLocation = corporateLocation,
physicalLocation = physicalLocation,
publicAlias = publicAlias,
privateAlias = privateAlias,
addMoreInfo = addMoreInfo,
addURL = addURL,
addImageURL = addImageURL,
addOpenCorporatesURL = addOpenCorporatesUrl,
addCorporateLocation = addCorporateLocation,
addPhysicalLocation = addPhysicalLocation,
addPublicAlias = addPublicAlias,
addPrivateAlias = addPrivateAlias,
deleteCorporateLocation = deleteCorporateLocation,
deletePhysicalLocation = deletePhysicalLocation
)
)
}
else
None
Some(
new ModeratedOtherBankAccount(
otherAccountId,
otherAccountLabel,
otherAccountNationalIdentifier,
otherAccountSWIFT_BIC,
otherAccountIBAN,
otherAccountBankName,
otherAccountNumber,
otherAccountMetadata,
otherAccountKind))
id = otherAccountId,
label = otherAccountLabel,
nationalIdentifier = otherAccountNationalIdentifier,
swift_bic = otherAccountSWIFT_BIC,
iban = otherAccountIBAN,
bankName = otherAccountBankName,
number = otherAccountNumber,
metadata = otherAccountMetadata,
kind = otherAccountKind
)
)
}
else
None
@ -468,200 +496,11 @@ trait View {
}
//An implementation that has the least amount of permissions possible
class BaseView extends View {
def id = 1
def name = "Restricted"
def permalink = "restricted"
def description = ""
def isPublic = false
//the view settings
def usePrivateAliasIfOneExists = true
def usePublicAliasIfOneExists = true
//reading access
//transaction fields
def canSeeTransactionThisBankAccount = false
def canSeeTransactionOtherBankAccount = false
def canSeeTransactionMetadata = false
def canSeeTransactionLabel = false
def canSeeTransactionAmount = false
def canSeeTransactionType = false
def canSeeTransactionCurrency = false
def canSeeTransactionStartDate = false
def canSeeTransactionFinishDate = false
def canSeeTransactionBalance = false
//transaction metadata
def canSeeComments = false
def canSeeOwnerComment = false
def canSeeTags = false
def canSeeImages = false
//Bank account fields
def canSeeBankAccountOwners = false
def canSeeBankAccountType = false
def canSeeBankAccountBalance = false
def canSeeBankAccountBalancePositiveOrNegative = false
def canSeeBankAccountCurrency = false
def canSeeBankAccountLabel = false
def canSeeBankAccountNationalIdentifier = false
def canSeeBankAccountSwift_bic = false
def canSeeBankAccountIban = false
def canSeeBankAccountNumber = false
def canSeeBankAccountBankName = false
def canSeeBankAccountBankPermalink = false
//other bank account fields
def canSeeOtherAccountNationalIdentifier = false
def canSeeSWIFT_BIC = false
def canSeeOtherAccountIBAN = false
def canSeeOtherAccountBankName = false
def canSeeOtherAccountNumber = false
def canSeeOtherAccountMetadata = false
def canSeeOtherAccountKind = false
//other bank account meta data
def canSeeMoreInfo = false
def canSeeUrl = false
def canSeeImageUrl = false
def canSeeOpenCorporatesUrl = false
def canSeeCorporateLocation = false
def canSeePhysicalLocation = false
def canSeePublicAlias = false
def canSeePrivateAlias = false
def canAddMoreInfo = false
def canAddURL = false
def canAddImageURL = false
def canAddOpenCorporatesUrl = false
def canAddCorporateLocation = false
def canAddPhysicalLocation = false
def canAddPublicAlias = false
def canAddPrivateAlias = false
def canDeleteCorporateLocation = false
def canDeletePhysicalLocation = false
//writing access
def canEditOwnerComment = false
def canAddComment = false
def canDeleteComment = false
def canAddTag = false
def canDeleteTag = false
def canAddImage = false
def canDeleteImage = false
def canSeeWhereTag = false
def canAddWhereTag = false
def canDeleteWhereTag = false
}
class FullView extends View {
def id = 2
def name = "Full"
def permalink ="full"
def description = ""
def isPublic = false
//the view settings
def usePrivateAliasIfOneExists = false
def usePublicAliasIfOneExists = false
//reading access
//transaction fields
def canSeeTransactionThisBankAccount = true
def canSeeTransactionOtherBankAccount = true
def canSeeTransactionMetadata = true
def canSeeTransactionLabel = true
def canSeeTransactionAmount = true
def canSeeTransactionType = true
def canSeeTransactionCurrency = true
def canSeeTransactionStartDate = true
def canSeeTransactionFinishDate = true
def canSeeTransactionBalance = true
//transaction metadata
def canSeeComments = true
def canSeeOwnerComment = true
def canSeeTags = true
def canSeeImages = true
//Bank account fields
def canSeeBankAccountOwners = true
def canSeeBankAccountType = true
def canSeeBankAccountBalance = true
def canSeeBankAccountBalancePositiveOrNegative = true
def canSeeBankAccountCurrency = true
def canSeeBankAccountLabel = true
def canSeeBankAccountNationalIdentifier = true
def canSeeBankAccountSwift_bic = true
def canSeeBankAccountIban = true
def canSeeBankAccountNumber = true
def canSeeBankAccountBankName = true
def canSeeBankAccountBankPermalink = true
//other bank account fields
def canSeeOtherAccountNationalIdentifier = true
def canSeeSWIFT_BIC = true
def canSeeOtherAccountIBAN = true
def canSeeOtherAccountMetadata = true
def canSeeOtherAccountBankName = true
def canSeeOtherAccountNumber = true
def canSeeOtherAccountKind = true
//other bank account meta data
def canSeeMoreInfo = true
def canSeeUrl = true
def canSeeImageUrl = true
def canSeeOpenCorporatesUrl = true
def canSeeCorporateLocation = true
def canSeePhysicalLocation = true
def canSeePublicAlias = true
def canSeePrivateAlias = true
def canAddMoreInfo = true
def canAddURL = true
def canAddImageURL = true
def canAddOpenCorporatesUrl = true
def canAddCorporateLocation = true
def canAddPhysicalLocation = true
def canAddPublicAlias = true
def canAddPrivateAlias = true
def canDeleteCorporateLocation = true
def canDeletePhysicalLocation = true
//writing access
def canEditOwnerComment = true
def canAddComment = true
def canDeleteComment = true
def canAddTag = true
def canDeleteTag = true
def canAddImage = true
def canDeleteImage = true
def canSeeWhereTag = true
def canAddWhereTag = true
def canDeleteWhereTag = true
}
object View {
//transform the url into a view
//TODO : load the view from the Data base
def fromUrl(viewNameURL: String): Box[View] =
viewNameURL match {
case "authorities" => Full(Authorities)
case "board" => Full(Board)
case "our-network" => Full(OurNetwork)
case "team" => Full(Team)
case "owner" => Full(Owner)
case "public" | "anonymous" => Full(Public)
case "management" => Full(Management)
case _ => Failure("view " + viewNameURL + " not found", Empty, Empty)
}
def fromUrl(viewPermalink: String): Box[View] =
LocalStorage.view(viewPermalink)
def linksJson(views: Set[View], accountPermalink: String, bankPermalink: String): JObject = {
def linksJson(views: List[View], accountPermalink: String, bankPermalink: String): JObject = {
val viewsJson = views.map(view => {
("rel" -> "account") ~
("href" -> { "/" + bankPermalink + "/account/" + accountPermalink + "/" + view.permalink }) ~
@ -671,292 +510,4 @@ object View {
("links" -> viewsJson)
}
}
object Team extends FullView {
override def id = 3
override def name = "Team"
override def permalink = "team"
override def description = "A view for team members related to the account. E.g. for a company bank account -> employees/contractors"
override def canEditOwnerComment= false
}
object Board extends FullView {
override def id = 4
override def name = "Board"
override def permalink = "board"
override def description = "A view for board members of a company to view that company's account data."
override def canEditOwnerComment= false
}
object Authorities extends FullView {
override def id = 5
override def name = "Authorities"
override def permalink = "authorities"
override def description = "A view for authorities such as tax officials to view an account's data"
override def canEditOwnerComment= false
}
object Public extends BaseView {
//the actual class extends the BaseView but in fact it does not matters be cause we don't care about the values
//of the canSeeMoreInfo, canSeeUrl,etc attributes and we implement a specific moderate method
/**
* Current rules:
*
* If Public, and a public alias exists : Show the public alias
* If Public, and no public alias exists : Show the real account holder
* If our network, and a private alias exists : Show the private alias
* If our network, and no private alias exists : Show the real account holder
*/
override def id = 6
override def name = "Public"
override def permalink = "public"
override def description = "A view of the account accessible by anyone."
override def isPublic = true
//Bank account fields
override def canSeeBankAccountOwners = true
override def canSeeBankAccountType = true
override def canSeeBankAccountBalancePositiveOrNegative = true
override def canSeeBankAccountCurrency = true
override def canSeeBankAccountLabel = true
override def canSeeBankAccountNationalIdentifier = true
override def canSeeBankAccountSwift_bic = true
override def canSeeBankAccountIban = true
override def canSeeBankAccountNumber = true
override def canSeeBankAccountBankName = true
override def moderate(transaction: Transaction): ModeratedTransaction = {
val transactionId = transaction.id
val transactionUUID = transaction.uuid
val accountBalance = "" //not used when displaying transactions, but we might eventually need it. if so, we need a ref to
//the bank account so we could do something like if(canSeeBankAccountBalance) bankAccount.balance else if
// canSeeBankAccountBalancePositiveOrNegative {show + or -} else ""
val thisBankAccount = moderate(transaction.thisAccount)
val otherBankAccount = moderate(transaction.otherAccount)
val transactionMetadata =
Some(
new ModeratedTransactionMetadata(
Some(transaction.metadata.ownerComment),
None,
Some(transaction.metadata.comments.filter(comment => comment.viewId==id)),
Some(transaction.metadata.addComment),
Some(transaction.metadata.deleteComment),
Some(transaction.metadata.tags.filter(_.viewId==id)),
Some(transaction.metadata.addTag),
Some(transaction.metadata.deleteTag),
Some(transaction.metadata.images.filter(_.viewId==id)), //TODO: Better if image takes a view as a parameter?
Some(transaction.metadata.addImage),
Some(transaction.metadata.deleteImage),
transaction.metadata.whereTags.find(tag => tag.viewId == id),
Some(transaction.metadata.addWhereTag),
Some(transaction.metadata.deleteWhereTag)
))
val transactionType = Some(transaction.transactionType)
val transactionAmount = Some(transaction.amount)
val transactionCurrency = Some(transaction.currency)
val transactionLabel = None
val transactionStartDate = Some(transaction.startDate)
val transactionFinishDate = Some(transaction.finishDate)
val transactionBalance = if (transaction.balance.toString().startsWith("-")) "-" else "+"
new ModeratedTransaction(
transactionUUID,
transactionId,
thisBankAccount,
otherBankAccount,
transactionMetadata,
transactionType,
transactionAmount,
transactionCurrency,
transactionLabel,
transactionStartDate,
transactionFinishDate,
transactionBalance
)
}
override def moderate(bankAccount: BankAccount) : Option[ModeratedBankAccount] = {
Some(
new ModeratedBankAccount(
id = bankAccount.permalink,
owners = Some(bankAccount.owners),
accountType = Some(bankAccount.accountType),
currency = Some(bankAccount.currency),
label = Some(bankAccount.label),
nationalIdentifier = None,
swift_bic = None,
iban = None,
number = Some(bankAccount.number),
bankName = Some(bankAccount.bankName),
bankPermalink = Some(bankAccount.bankPermalink)
)
)
}
override def moderate(otherAccount : OtherBankAccount) : Option[ModeratedOtherBankAccount] = {
val otherAccountLabel = {
val publicAlias = otherAccount.metadata.publicAlias
if(publicAlias.isEmpty)
AccountName(otherAccount.label, NoAlias)
else
AccountName(publicAlias, PublicAlias)
}
val otherAccountMetadata = {
def isPublicAlias = otherAccountLabel.aliasType match {
case PublicAlias => true
case _ => false
}
val moreInfo = if (isPublicAlias) None else Some(otherAccount.metadata.moreInfo)
val url = if (isPublicAlias) None else Some(otherAccount.metadata.url)
val imageUrl = if (isPublicAlias) None else Some(otherAccount.metadata.imageURL)
val openCorporatesUrl = if (isPublicAlias) None else Some(otherAccount.metadata.openCorporatesURL)
val corporateLocation = if (isPublicAlias) None else Some(otherAccount.metadata.corporateLocation)
val physicalLocation = if (isPublicAlias) None else Some(otherAccount.metadata.physicalLocation)
Some(
new ModeratedOtherBankAccountMetadata(
moreInfo,
url,
imageUrl,
openCorporatesUrl,
corporateLocation,
physicalLocation,
Some(otherAccount.metadata.publicAlias),
None,
None,
None,
None,
None,
Some(otherAccount.metadata.addCorporateLocation),
Some(otherAccount.metadata.addPhysicalLocation),
None,
None,
Some(otherAccount.metadata.deleteCorporateLocation),
Some(otherAccount.metadata.deletePhysicalLocation)
))
}
Some(
new ModeratedOtherBankAccount(
otherAccount.id,
otherAccountLabel,
None,
None,
None,
None,
None,
otherAccountMetadata,
None))
}
}
object OurNetwork extends BaseView {
override def id = 7
override def name = "Our Network"
override def permalink ="our-network"
override def description = "A view for people related to the account in some way. E.g. for a company account this could include investors" +
" or current/potential clients"
override def moderate(transaction: Transaction): ModeratedTransaction = {
val transactionId = transaction.id
val transactionUUID = transaction.uuid
val accountBalance = "" //not used when displaying transactions, but we might eventually need it. if so, we need a ref to
//the bank account so we could do something like if(canSeeBankAccountBalance) bankAccount.balance else if
// canSeeBankAccountBalancePositiveOrNegative {show + or -} else ""
val thisBankAccount = moderate(transaction.thisAccount)
val otherBankAccount = moderate(transaction.otherAccount)
val transactionMetadata =
Some(
new ModeratedTransactionMetadata(
Some(transaction.metadata.ownerComment),
None,
Some(transaction.metadata.comments.filter(comment => comment.viewId==id)),
Some(transaction.metadata.addComment),
Some(transaction.metadata.deleteComment),
Some(transaction.metadata.tags.filter(_.viewId==id)),
Some(transaction.metadata.addTag),
Some(transaction.metadata.deleteTag),
Some(transaction.metadata.images.filter(_.viewId==id)), //TODO: Better if image takes a view as a parameter?
Some(transaction.metadata.addImage),
Some(transaction.metadata.deleteImage),
transaction.metadata.whereTags.find(tag => tag.viewId == id),
Some(transaction.metadata.addWhereTag),
Some(transaction.metadata.deleteWhereTag)
))
val transactionType = Some(transaction.transactionType)
val transactionAmount = Some(transaction.amount)
val transactionCurrency = Some(transaction.currency)
val transactionLabel = transaction.label
val transactionStartDate = Some(transaction.startDate)
val transactionFinishDate = Some(transaction.finishDate)
val transactionBalance = transaction.balance.toString()
new ModeratedTransaction(transactionUUID, transactionId, thisBankAccount, otherBankAccount, transactionMetadata,
transactionType, transactionAmount, transactionCurrency, transactionLabel, transactionStartDate,
transactionFinishDate, transactionBalance)
}
override def moderate(bankAccount: BankAccount) : Option[ModeratedBankAccount] = {
Some(
new ModeratedBankAccount(
id = bankAccount.permalink,
owners = Some(bankAccount.owners),
accountType = Some(bankAccount.accountType),
currency = Some(bankAccount.currency),
label = Some(bankAccount.label),
nationalIdentifier = None,
swift_bic = None,
iban = None,
number = Some(bankAccount.number),
bankName = Some(bankAccount.bankName),
bankPermalink = Some(bankAccount.bankPermalink)
)
)
}
override def moderate(otherAccount : OtherBankAccount) : Option[ModeratedOtherBankAccount] = {
val otherAccountLabel = {
val privateAlias = otherAccount.metadata.privateAlias
if(privateAlias.isEmpty)
AccountName(otherAccount.label, NoAlias)
else
AccountName(privateAlias, PrivateAlias)
}
val otherAccountMetadata =
Some(
new ModeratedOtherBankAccountMetadata(
Some(otherAccount.metadata.moreInfo),
Some(otherAccount.metadata.url),
Some(otherAccount.metadata.imageURL),
Some(otherAccount.metadata.openCorporatesURL),
Some(otherAccount.metadata.corporateLocation),
Some(otherAccount.metadata.physicalLocation),
Some(otherAccount.metadata.publicAlias),
Some(otherAccount.metadata.privateAlias),
None,
None,
None,
None,
Some(otherAccount.metadata.addCorporateLocation),
Some(otherAccount.metadata.addPhysicalLocation),
Some(otherAccount.metadata.addPublicAlias),
Some(otherAccount.metadata.addPrivateAlias),
Some(otherAccount.metadata.deleteCorporateLocation),
Some(otherAccount.metadata.deletePhysicalLocation)
))
Some(new ModeratedOtherBankAccount(otherAccount.id,otherAccountLabel,None,None,None,
None, None, otherAccountMetadata, None))
}
}
object Owner extends FullView {
override def id = 8
override def name="Owner"
override def permalink = "owner"
}
object Management extends FullView {
override def id = 9
override def name="Management"
override def permalink = "management"
}
}

7
src/main/scala/code/model/dataAccess/Account.scala
View File

@ -53,13 +53,6 @@ import java.util.Date
import OBPEnvelope._
/**
* There should be only one of these for every real life "this" account. TODO: Enforce this
*
* As a result, this can provide a single point from which to retrieve the aliases associated with
* this account, rather than needing to duplicate the aliases into every single transaction.
*/
class Account extends MongoRecord[Account] with ObjectIdPk[Account] {
def meta = Account

453
src/main/scala/code/model/dataAccess/Connectors.scala
View File

@ -46,6 +46,7 @@ import net.liftweb.mapper.BySql
import net.liftweb.db.DB
import net.liftweb.mongodb.JsonObject
import com.mongodb.QueryBuilder
import code.api.v1_2.ViewCreationJSON
object LocalStorage extends MongoDBLocalStorage
@ -53,56 +54,42 @@ object LocalStorage extends MongoDBLocalStorage
trait LocalStorage extends Loggable {
def getBank(name: String): Box[Bank]
def allBanks : List[Bank]
//TODO: remove after the split because useless
def getAccount(bankpermalink: String, account: String): Box[Account]
def getBankAccount(bankId : String, bankAccountId : String) : Box[BankAccount]
def getAllPublicAccounts() : List[BankAccount]
def getPublicBankAccounts(bank : Bank) : Box[List[BankAccount]]
def getNonPublicBankAccounts(user : User) : Box[List[BankAccount]]
def getNonPublicBankAccounts(user : User, bankID : String) : Box[List[BankAccount]]
//TODO: remove after the split because useless
def correctBankAndAccount(bank: String, account: String): Boolean
def getModeratedOtherBankAccount(accountID : String, otherAccountID : String)
(moderate: OtherBankAccount => Option[ModeratedOtherBankAccount]) : Box[ModeratedOtherBankAccount]
def getModeratedOtherBankAccounts(accountID : String)
(moderate: OtherBankAccount => Option[ModeratedOtherBankAccount]): Box[List[ModeratedOtherBankAccount]]
def getModeratedTransactions(permalink: String, bankPermalink: String, queryParams: OBPQueryParam*)
(moderate: Transaction => ModeratedTransaction): Box[List[ModeratedTransaction]]
def getUser(id : String) : Box[User]
def getCurrentUser : Box[User]
def permissions(account : BankAccount) : Box[List[Permission]]
def addPermission(bankAccountId : String, view : View, user : User) : Box[Boolean]
def addPermissions(bankAccountId : String, views : List[View], user : User) : Box[Boolean]
def revokePermission(bankAccountId : String, view : View, user : User) : Box[Boolean]
def revokeAllPermission(bankAccountId : String, user : User) : Box[Boolean]
def view(viewPermalink : String) : Box[View]
def createView(bankAccount : BankAccount, view: ViewCreationJSON) : Box[View]
def removeView(viewId: String, bankAccount: BankAccount): Box[Unit]
def views(bankAccountID : String) : Box[List[View]]
def permittedViews(user: User, bankAccount: BankAccount): List[View]
def permittedView(user: User, v: View, bankAccount: BankAccount): Boolean
def publicViews(bankAccountID : String) : Box[List[View]]
def ownerAccess(user: User, bankAccount: BankAccount) : Boolean
}
class MongoDBLocalStorage extends LocalStorage {
private val availableViews = List(Team, Board, Authorities, Public, OurNetwork, Owner, Management)
private def createTransaction(env: OBPEnvelope, theAccount: Account): Transaction = {
import net.liftweb.json.JsonDSL._
val transaction: OBPTransaction = env.obp_transaction.get
@ -287,18 +274,6 @@ class MongoDBLocalStorage extends LocalStorage {
)
}
private def setPrivilegeFromView(privilege : Privilege, view : View, value : Boolean ) = {
view match {
case OurNetwork => privilege.ourNetworkPermission(value)
case Team => privilege.teamPermission(value)
case Board => privilege.boardPermission(value)
case Authorities => privilege.authoritiesPermission(value)
case Owner => privilege.ownerPermission(value)
case Management => privilege.mangementPermission(value)
case _ =>
}
}
private def createBank(bank : HostedBank) : Bank = {
new Bank(
bank.id.is.toString,
@ -342,13 +317,6 @@ class MongoDBLocalStorage extends LocalStorage {
def allBanks : List[Bank] =
HostedBank.findAll.map(createBank)
//TODO: remove after the split because useless
def getAccount(bankpermalink: String, account: String): Box[Account] =
for{
hostedBank <- getHostedBank(bankpermalink)
account <- hostedBank.getAccount(account)
} yield account
def getBankAccount(bankId : String, bankAccountId : String) : Box[BankAccount] = {
for{
bank <- getHostedBank(bankId)
@ -372,47 +340,14 @@ class MongoDBLocalStorage extends LocalStorage {
private def moreThanAnonHostedAccounts(user : User) : Box[List[HostedAccount]] = {
user match {
case u : OBPUser => {
val hostedAccountTable = HostedAccount._dbTableNameLC
val privilegeTable = Privilege._dbTableNameLC
val userTable = OBPUser._dbTableNameLC
val hostedId = hostedAccountTable + "." + HostedAccount.id.dbColumnName
val hostedAccId = hostedAccountTable + "." + HostedAccount.accountID.dbColumnName
val privilegeAccId = privilegeTable + "." + Privilege.account.dbColumnName
val privilegeUserId = privilegeTable + "." + Privilege.user.dbColumnName
val ourNetworkPrivilege = privilegeTable + "." + Privilege.ourNetworkPermission.dbColumnName
val teamPrivilege = privilegeTable + "." + Privilege.teamPermission.dbColumnName
val boardPrivilege = privilegeTable + "." + Privilege.boardPermission.dbColumnName
val authoritiesPrivilege = privilegeTable + "." + Privilege.authoritiesPermission.dbColumnName
val ownerPrivilege = privilegeTable + "." + Privilege.ownerPermission.dbColumnName
val managementPrivilege = privilegeTable + "." + Privilege.mangementPermission.dbColumnName
val query = "SELECT DISTINCT " + hostedId + ", " + hostedAccId +
" FROM " + hostedAccountTable + ", " + privilegeTable + ", " + userTable +
" WHERE " + "( " + hostedId + " = " + privilegeAccId + ")" +
" AND " + "( " + privilegeUserId + " = ? " + ")"+
" AND " + "( " + ourNetworkPrivilege + " = true" +
" OR " + teamPrivilege + " = true" +
" OR " + boardPrivilege + " = true" +
" OR " + authoritiesPrivilege + " = true" +
" OR " + managementPrivilege + " = true" +
" OR " + ownerPrivilege + " = true)"
Full(HostedAccount.findAllByPreparedStatement({
superconn => {
val statement = superconn.connection.prepareStatement(query)
statement.setLong(1, u.id.get)
statement
}
}))
Full(Privilege.findAll(By(Privilege.user, u.id)).
filter(_.views.exists(_.isPublic==false)).
map(_.account.obj.get))
}
case _ => {
logger.error("OBPUser instance not found, could not execute the SQL query ")
Failure("could not find non public bank accounts")
}
}
}
@ -445,19 +380,16 @@ class MongoDBLocalStorage extends LocalStorage {
def getNonPublicBankAccounts(user : User, bankID : String) : Box[List[BankAccount]] = {
user match {
case u : OBPUser => {
for {
moreThanAnon <- moreThanAnonHostedAccounts(u)
bankObjectId <- tryo{new ObjectId(bankID)}
} yield {
def sameBank(account : Account) : Boolean =
account.bankID.get == bankObjectId
val mongoIds = moreThanAnon.map(hAcc => new ObjectId(hAcc.accountID.get))
Account.findAll(mongoIds).filter(sameBank).map(Account.toBankAccount)
}
}
case u : User => {
logger.error("OBPUser instance not found, could not execute the SQL query ")
@ -466,31 +398,23 @@ class MongoDBLocalStorage extends LocalStorage {
}
}
//TODO: remove after the split because useless
def correctBankAndAccount(bank: String, account: String): Boolean =
getHostedBank(bank) match {
case Full(bank) => bank.isAccount(account)
case _ => false
}
def getModeratedOtherBankAccount(accountID : String, otherAccountID : String)
(moderate: OtherBankAccount => Option[ModeratedOtherBankAccount]): Box[ModeratedOtherBankAccount] = {
for{
id <- tryo{new ObjectId(accountID)} ?~ {"account " + accountID + " not found"}
account <- Account.find("_id",id)
otherAccount <- account.otherAccounts.objs.find(_.id.get.equals(otherAccountID))
} yield{
val otherAccountFromTransaction : OBPAccount = OBPEnvelope.find("obp_transaction.other_account.holder",otherAccount.holder.get) match {
case Full(envelope) =>
envelope.obp_transaction.get.other_account.get
case _ => OBPAccount.createRecord
(moderate: OtherBankAccount => Option[ModeratedOtherBankAccount]): Box[ModeratedOtherBankAccount] = {
for{
id <- tryo{new ObjectId(accountID)} ?~ {"account " + accountID + " not found"}
account <- Account.find("_id",id)
otherAccount <- account.otherAccounts.objs.find(_.id.get.equals(otherAccountID))
} yield{
val otherAccountFromTransaction : OBPAccount = OBPEnvelope.find("obp_transaction.other_account.holder",otherAccount.holder.get) match {
case Full(envelope) => envelope.obp_transaction.get.other_account.get
case _ => OBPAccount.createRecord
}
moderate(createOtherBankAccount(otherAccount, otherAccountFromTransaction)).get
}
moderate(createOtherBankAccount(otherAccount, otherAccountFromTransaction)).get
}
}
def getModeratedOtherBankAccounts(accountID : String)
(moderate: OtherBankAccount => Option[ModeratedOtherBankAccount]): Box[List[ModeratedOtherBankAccount]] = {
(moderate: OtherBankAccount => Option[ModeratedOtherBankAccount]): Box[List[ModeratedOtherBankAccount]] = {
for{
id <- tryo{new ObjectId(accountID)} ?~ {"account " + accountID + " not found"}
account <- Account.find("_id",id)
@ -511,7 +435,7 @@ class MongoDBLocalStorage extends LocalStorage {
}
def getModeratedTransactions(permalink: String, bankPermalink: String, queryParams: OBPQueryParam*)
(moderate: Transaction => ModeratedTransaction): Box[List[ModeratedTransaction]] = {
(moderate: Transaction => ModeratedTransaction): Box[List[ModeratedTransaction]] = {
for{
rawTransactions <- getTransactions(permalink, bankPermalink, queryParams: _*)
} yield rawTransactions.map(moderate)
@ -524,7 +448,7 @@ class MongoDBLocalStorage extends LocalStorage {
}
def getModeratedTransaction(id : String, bankPermalink : String, accountPermalink : String)
(moderate: Transaction => ModeratedTransaction) : Box[ModeratedTransaction] = {
(moderate: Transaction => ModeratedTransaction) : Box[ModeratedTransaction] = {
for{
transaction <- getTransaction(id,bankPermalink,accountPermalink)
} yield moderate(transaction)
@ -537,23 +461,14 @@ class MongoDBLocalStorage extends LocalStorage {
HostedAccount.find(By(HostedAccount.accountID,account.id)) match {
case Full(acc) => {
val privileges = Privilege.findAll(By(Privilege.account, acc.id.get)).sortWith((p1,p2) => p1.updatedAt.get after p2.updatedAt.get)
val permissions : List[Box[Permission]] = privileges.map( p => {
if(
p.ourNetworkPermission.get != false
| p.teamPermission.get != false
| p.boardPermission.get != false
| p.authoritiesPermission.get != false
| p.ownerPermission.get != false
| p.mangementPermission.get != false
)
p.user.obj.map(u => {
new Permission(
u,
u.permittedViews(account).toList
)
})
else
Empty
val permissions : List[Box[Permission]] =
privileges.map( p => {
p.user.obj.map(u => {
new Permission(
u,
p.views.toList
)
})
})
Full(permissions.flatten)
}
@ -561,7 +476,7 @@ class MongoDBLocalStorage extends LocalStorage {
}
}
def addPermission(bankAccountId : String, view : View, user : User) : Box[Boolean] = {
def addPermission(bankAccountId : String, view: View, user : User) : Box[Boolean] = {
user match {
case u: OBPUser =>
for{
@ -570,17 +485,22 @@ class MongoDBLocalStorage extends LocalStorage {
Privilege.find(By(Privilege.user, u.id), By(Privilege.account, bankAccount)) match {
//update the existing privilege
case Full(privilege) => {
setPrivilegeFromView(privilege, view, true)
privilege.save
ViewPrivileges.create.
privilege(privilege).
view(view.id).
save
}
//there is no privilege to this user, so we create one
case _ => {
val privilege =
Privilege.create.
user(u.id).
account(bankAccount)
setPrivilegeFromView(privilege, view, true)
privilege.save
Privilege.create.
user(u.id).
account(bankAccount).
saveMe
ViewPrivileges.create.
privilege(privilege).
view(view.id).
save
}
}
}
@ -601,18 +521,25 @@ class MongoDBLocalStorage extends LocalStorage {
//update the existing privilege
case Full(privilege) => {
views.map(v => {
setPrivilegeFromView(privilege, v, true)
ViewPrivileges.create.
privilege(privilege).
view(v.id).
save
})
privilege.save
}
//there is no privilege to this user, so we create one
case _ => {
val privilege =
Privilege.create.
user(u.id).
account(bankAccount)
Privilege.create.
user(u.id).
account(bankAccount).
saveMe
views.map(v => {
setPrivilegeFromView(privilege, v, true)
ViewPrivileges.create.
privilege(privilege).
view(v.id).
save
})
privilege.save
}
@ -628,18 +555,13 @@ class MongoDBLocalStorage extends LocalStorage {
}
def revokePermission(bankAccountId : String, view : View, user : User) : Box[Boolean] = {
user match {
case user:OBPUser =>
case u:OBPUser =>
for{
bankAccount <- HostedAccount.find(By(HostedAccount.accountID, bankAccountId))
p <- Privilege.find(By(Privilege.user, u), By(Privilege.account, bankAccount))
vp <- ViewPrivileges.find(By(ViewPrivileges.privilege, p), By(ViewPrivileges.view, view.id))
} yield {
Privilege.find(By(Privilege.user, user.id), By(Privilege.account, bankAccount)) match {
case Full(privilege) => {
setPrivilegeFromView(privilege, view, false)
privilege.save
}
//there is no privilege to this user, so there is nothing to revoke
case _ => true
}
vp.delete_!
}
case u: User => {
logger.error("OBPUser instance not found, could not revoke access ")
@ -650,21 +572,15 @@ class MongoDBLocalStorage extends LocalStorage {
def revokeAllPermission(bankAccountId : String, user : User) : Box[Boolean] = {
user match {
case user:OBPUser =>
case u:OBPUser =>{
for{
bankAccount <- HostedAccount.find(By(HostedAccount.accountID, bankAccountId))
p <- Privilege.find(By(Privilege.user, u), By(Privilege.account, bankAccount))
} yield {
Privilege.find(By(Privilege.user, user.id), By(Privilege.account, bankAccount)) match {
case Full(privilege) => {
availableViews.foreach({view =>
setPrivilegeFromView(privilege, view, false)
})
privilege.save
}
//there is no privilege to this user, so there is nothing to revoke
case _ => true
}
}
ViewPrivileges.findAll(By(ViewPrivileges.privilege, p)).map(_.delete_!)
true
}
}
case u: User => {
logger.error("OBPUser instance not found, could not revoke access ")
Empty
@ -672,7 +588,238 @@ class MongoDBLocalStorage extends LocalStorage {
}
}
def view(viewPermalink : String) : Box[View] = {
ViewImpl.find(By(ViewImpl.permalink_, viewPermalink))
}
def createView(bankAccount: BankAccount, view: ViewCreationJSON): Box[View] = {
def generatePermalink(name: String): String = {
name.replaceAllLiterally(" ","").toLowerCase
}
if(view.name=="Owner")
Failure("There is already an Owner view on this bank account")
else
for{
account <- HostedAccount.find(By(HostedAccount.accountID,bankAccount.id))
} yield{
val createdView = ViewImpl.create.
name_(view.name).
description_(view.description).
permalink_(generatePermalink(view.name)).
isPublic_(view.isPublic).
account(account)
if(view.alias == "public"){
createdView.usePrivateAliasIfOneExists_(true)
createdView.hideOtherAccountMetadataIfAlias_(view.hideMetadataIfAlias)
}
else if(view.alias == "private"){
createdView.usePublicAliasIfOneExists_(true)
createdView.hideOtherAccountMetadataIfAlias_(view.hideMetadataIfAlias)
}
if(view.allowedFields.exists(a => a=="canSeeTransactionThisBankAccount"))
createdView.canSeeTransactionThisBankAccount_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionOtherBankAccount"))
createdView.canSeeTransactionOtherBankAccount_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionMetadata"))
createdView.canSeeTransactionMetadata_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionLabel"))
createdView.canSeeTransactionLabel_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionAmount"))
createdView.canSeeTransactionAmount_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionType"))
createdView.canSeeTransactionType_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionCurrency"))
createdView.canSeeTransactionCurrency_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionStartDate"))
createdView.canSeeTransactionStartDate_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionFinishDate"))
createdView.canSeeTransactionFinishDate_(true)
if(view.allowedFields.exists(a => a=="canSeeTransactionBalance"))
createdView.canSeeTransactionBalance_(true)
if(view.allowedFields.exists(a => a=="canSeeComments"))
createdView.canSeeComments_(true)
if(view.allowedFields.exists(a => a=="canSeeOwnerComment"))
createdView.canSeeOwnerComment_(true)
if(view.allowedFields.exists(a => a=="canSeeTags"))
createdView.canSeeTags_(true)
if(view.allowedFields.exists(a => a=="canSeeImages"))
createdView.canSeeImages_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountOwners"))
createdView.canSeeBankAccountOwners_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountType"))
createdView.canSeeBankAccountType_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountBalance"))
createdView.canSeeBankAccountBalance_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountCurrency"))
createdView.canSeeBankAccountCurrency_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountLabel"))
createdView.canSeeBankAccountLabel_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountNationalIdentifier"))
createdView.canSeeBankAccountNationalIdentifier_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountSwift_bic"))
createdView.canSeeBankAccountSwift_bic_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountIban"))
createdView.canSeeBankAccountIban_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountNumber"))
createdView.canSeeBankAccountNumber_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountBankName"))
createdView.canSeeBankAccountBankName_(true)
if(view.allowedFields.exists(a => a=="canSeeBankAccountBankPermalink"))
createdView.canSeeBankAccountBankPermalink_(true)
if(view.allowedFields.exists(a => a=="canSeeOtherAccountNationalIdentifier"))
createdView.canSeeOtherAccountNationalIdentifier_(true)
if(view.allowedFields.exists(a => a=="canSeeSWIFT_BIC"))
createdView.canSeeSWIFT_BIC_(true)
if(view.allowedFields.exists(a => a=="canSeeOtherAccountIBAN"))
createdView.canSeeOtherAccountIBAN_(true)
if(view.allowedFields.exists(a => a=="canSeeOtherAccountBankName"))
createdView.canSeeOtherAccountBankName_(true)
if(view.allowedFields.exists(a => a=="canSeeOtherAccountNumber"))
createdView.canSeeOtherAccountNumber_(true)
if(view.allowedFields.exists(a => a=="canSeeOtherAccountMetadata"))
createdView.canSeeOtherAccountMetadata_(true)
if(view.allowedFields.exists(a => a=="canSeeOtherAccountKind"))
createdView.canSeeOtherAccountKind_(true)
if(view.allowedFields.exists(a => a=="canSeeMoreInfo"))
createdView.canSeeMoreInfo_(true)
if(view.allowedFields.exists(a => a=="canSeeUrl"))
createdView.canSeeUrl_(true)
if(view.allowedFields.exists(a => a=="canSeeImageUrl"))
createdView.canSeeImageUrl_(true)
if(view.allowedFields.exists(a => a=="canSeeOpenCorporatesUrl"))
createdView.canSeeOpenCorporatesUrl_(true)
if(view.allowedFields.exists(a => a=="canSeeCorporateLocation"))
createdView.canSeeCorporateLocation_(true)
if(view.allowedFields.exists(a => a=="canSeePhysicalLocation"))
createdView.canSeePhysicalLocation_(true)
if(view.allowedFields.exists(a => a=="canSeePublicAlias"))
createdView.canSeePublicAlias_(true)
if(view.allowedFields.exists(a => a=="canSeePrivateAlias"))
createdView.canSeePrivateAlias_(true)
if(view.allowedFields.exists(a => a=="canAddMoreInfo"))
createdView.canAddMoreInfo_(true)
if(view.allowedFields.exists(a => a=="canAddURL"))
createdView.canAddURL_(true)
if(view.allowedFields.exists(a => a=="canAddImageURL"))
createdView.canAddImageURL_(true)
if(view.allowedFields.exists(a => a=="canAddOpenCorporatesUrl"))
createdView.canAddOpenCorporatesUrl_(true)
if(view.allowedFields.exists(a => a=="canAddCorporateLocation"))
createdView.canAddCorporateLocation_(true)
if(view.allowedFields.exists(a => a=="canAddPhysicalLocation"))
createdView.canAddPhysicalLocation_(true)
if(view.allowedFields.exists(a => a=="canAddPublicAlias"))
createdView.canAddPublicAlias_(true)
if(view.allowedFields.exists(a => a=="canAddPrivateAlias"))
createdView.canAddPrivateAlias_(true)
if(view.allowedFields.exists(a => a=="canDeleteCorporateLocation"))
createdView.canDeleteCorporateLocation_(true)
if(view.allowedFields.exists(a => a=="canDeletePhysicalLocation"))
createdView.canDeletePhysicalLocation_(true)
if(view.allowedFields.exists(a => a=="canEditOwnerComment"))
createdView.canEditOwnerComment_(true)
if(view.allowedFields.exists(a => a=="canAddComment"))
createdView.canAddComment_(true)
if(view.allowedFields.exists(a => a=="canDeleteComment"))
createdView.canDeleteComment_(true)
if(view.allowedFields.exists(a => a=="canAddTag"))
createdView.canAddTag_(true)
if(view.allowedFields.exists(a => a=="canDeleteTag"))
createdView.canDeleteTag_(true)
if(view.allowedFields.exists(a => a=="canAddImage"))
createdView.canAddImage_(true)
if(view.allowedFields.exists(a => a=="canDeleteImage"))
createdView.canDeleteImage_(true)
if(view.allowedFields.exists(a => a=="canAddWhereTag"))
createdView.canAddWhereTag_(true)
if(view.allowedFields.exists(a => a=="canSeeWhereTag"))
createdView.canSeeWhereTag_(true)
if(view.allowedFields.exists(a => a=="canDeleteWhereTag"))
createdView.canDeleteWhereTag_(true)
createdView.saveMe
}
}
def removeView(viewId: String, bankAccount: BankAccount): Box[Unit] = {
if(viewId=="Owner")
Failure("you cannot delete the Owner view")
else
for{
v <- ViewImpl.find(By(ViewImpl.permalink_,viewId)) ?~ "view not found"
if(v.delete_!)
} yield {}
}
def views(bankAccountID : String) : Box[List[View]] = {
Full(availableViews)
for(account <- HostedAccount.find(By(HostedAccount.accountID,bankAccountID)))
yield account.views.toList
}
def permittedViews(user: User, bankAccount: BankAccount): List[View] = {
user match {
case u: OBPUser=> {
HostedAccount.find(By(HostedAccount.accountID, bankAccount.id)) match {
case Full(account) =>
Privilege.find(By(Privilege.user, u.id), By(Privilege.account,account)) match {
case Full(p) => p.views.toList
case _ => Nil
}
case _ => Nil
}
}
case _ => {
logger.error("OBPUser instance not found, could not get Permitted views")
List()
}
}
}
def permittedView(user: User, v: View, bankAccount: BankAccount): Boolean = {
user match {
case u: OBPUser=> {
HostedAccount.find(By(HostedAccount.accountID, bankAccount.id)) match {
case Full(account) =>
Privilege.find(By(Privilege.user, u.id), By(Privilege.account, account)) match {
case Full(p) => ViewPrivileges.count(By(ViewPrivileges.privilege, p), By(ViewPrivileges.view, v.id)) == 1
case _ => false
}
case _ => false
}
}
case _ => {
logger.error("OBPUser instance not found, could not get the privilege")
false
}
}
}
def publicViews(bankAccountID: String) : Box[List[View]] = {
for{account <- HostedAccount.find(By(HostedAccount.accountID,bankAccountID))}
yield{
account.views.toList.filter(v => v.isPublic==true)
}
}
def ownerAccess(user: User, bankAccount: BankAccount) : Boolean = {
user match {
case u: OBPUser=> {
val ownerView = for{
account <- HostedAccount.find(By(HostedAccount.accountID,bankAccount.id))
v <- ViewImpl.find(By(ViewImpl.account, account.id), By(ViewImpl.name_, "Owner"))
p <- Privilege.find(By(Privilege.user, u.id), By(Privilege.account, account))
} yield {
p.views.contains(v)
}
ownerView.getOrElse(false)
}
case _ => {
logger.error("OBPUser instance not found, could not get the privilege")
false
}
}
}
}

228
src/main/scala/code/model/dataAccess/OBPUser.scala
View File

@ -39,7 +39,7 @@ import scala.xml.NodeSeq
import net.liftweb.sitemap.Loc.LocGroup
import net.liftweb.http.{S,SessionVar,Templates}
import com.mongodb.QueryBuilder
import code.model.{View,User, BankAccount, OurNetwork, Management, Public, Team, Board, Authorities, Owner}
import code.model.{View,User, BankAccount}
import net.liftweb.json.JsonDSL._
import net.liftweb.http.SHtml
import net.liftweb.http.S
@ -53,72 +53,14 @@ import net.liftweb.http.js.JsCmds.FocusOnLoad
/**
* An O-R mapped "User" class that includes first name, last name, password
*/
class OBPUser extends MegaProtoUser[OBPUser] with User{
class OBPUser extends MegaProtoUser[OBPUser] with User with OneToMany[Long, OBPUser]{
def getSingleton = OBPUser // what's the "meta" server
def id_ = emailAddress
def emailAddress = email.get
def theFirstName : String = firstName.get
def theLastName : String = lastName.get
def provider = Props.get("hostname","")
def permittedViews(account: BankAccount): Set[View] = {
var views: Set[View] = Set()
if (hasOurNetworkPermission(account)) views = views + OurNetwork
if (hasTeamPermission(account)) views = views + Team
if (hasBoardPermission(account)) views = views + Board
if (hasAuthoritiesPermission(account)) views = views + Authorities
if (hasOwnerPermission(account)) views = views + Owner
if (account.allowPublicAccess) views = views + Public
views
}
def hasMangementAccess(bankAccount: BankAccount) = {
hasManagementPermission(bankAccount)
}
def hasOurNetworkPermission(account: BankAccount) : Boolean = {
hasPermission(account, (p: Privilege) => p.ourNetworkPermission.is)
}
def hasTeamPermission(account: BankAccount) : Boolean = {
hasPermission(account, (p: Privilege) => p.teamPermission.is)
}
def hasBoardPermission(account: BankAccount) : Boolean = {
hasPermission(account, (p: Privilege) => p.boardPermission.is)
}
def hasAuthoritiesPermission(account: BankAccount) : Boolean = {
hasPermission(account, (p: Privilege) => p.authoritiesPermission.is)
}
def hasOwnerPermission(account: BankAccount) : Boolean = {
hasPermission(account, (p: Privilege) => p.ownerPermission.is)
}
def hasManagementPermission(account: BankAccount) : Boolean = {
hasPermission(account, (p: Privilege) => p.mangementPermission.is)
}
def hasMoreThanAnonAccess(account: BankAccount) : Boolean = {
OBPUser.hasAuthoritiesPermission(account) ||
OBPUser.hasBoardPermission(account) ||
OBPUser.hasOurNetworkPermission(account) ||
OBPUser.hasOwnerPermission(account) ||
OBPUser.hasTeamPermission(account) ||
OBPUser.hasManagementPermission(account)
}
def hasPermission(bankAccount: BankAccount, permissionCheck: (Privilege) => Boolean): Boolean = {
HostedAccount.find(By(HostedAccount.accountID, bankAccount.id)) match {
case Full(hostedAccount) =>
Privilege.find(By(Privilege.account, hostedAccount), By(Privilege.user, this)) match {
case Full(p) => permissionCheck(p)
case _ => false
}
case _ => false
}
}
object privileges extends MappedOneToMany(Privilege, Privilege.user, OrderBy(Privilege.id, Ascending))
}
/**
@ -205,146 +147,40 @@ object OBPUser extends OBPUser with MetaMegaProtoUser[OBPUser]{
}
/**
* Yes, MappedBoolean has a default value of false, but in the very small chance
* that this changes, we won't break any authentication.
*/
class ourMappedBoolean[T<:Mapper[T]](fieldOwner: T) extends MappedBoolean[T](fieldOwner){
override def defaultValue = false
}
class Privilege extends LongKeyedMapper[Privilege] with CreatedUpdated{
class Privilege extends LongKeyedMapper[Privilege] with CreatedUpdated with ManyToMany{
def getSingleton = Privilege
def primaryKeyField = id
object id extends MappedLongIndex(this)
object user extends MappedLongForeignKey(this, OBPUser){
var userError = false
override def validSelectValues =
Full(OBPUser.findMap(OrderBy(OBPUser.email, Ascending)){
case u: User => Full(u.id.is -> u.email.is)
})
override def displayHtml = <span>User email</span>
override def asHtml = {
val email = (for {
u <- OBPUser.find(user.get)
} yield u.email.get).getOrElse("User email not found")
object user extends MappedLongForeignKey(this, OBPUser)
object account extends MappedLongForeignKey(this, HostedAccount)
object views extends MappedManyToMany(ViewPrivileges, ViewPrivileges.privilege, ViewPrivileges.view, ViewImpl)
<span>{email}</span>
}
def userEmailCheck(user : Long) : List[FieldError]=
if(userError) List(FieldError(this, "No user with this email"))
else Nil
override def validations = userEmailCheck _ :: super.validations
override def _toForm =
{
val initialValue = user.obj match {
case Full(theUser) => theUser.email.is
case _ => ""
}
def saveTheUser(email : String) =
OBPUser.find(By(OBPUser.email, email)) match {
case Full(theUser) => user(theUser)
case _ => userError=true
}
Full(SHtml.text(initialValue, saveTheUser(_)))
}
}
object account extends MappedLongForeignKey(this, HostedAccount){
override def displayHtml = <span>Account</span>
override def asHtml = {
<span>{
HostedAccount.find(account.get) match {
case Full(account) => account.bank + " - " + account.name
case _ => "account not found"
}
}</span>
}
override def validSelectValues =
Full(
OBPUser.currentUser match {
case Full(user) => Privilege.findMap(By(Privilege.user,user),
By(Privilege.ownerPermission,true),
OrderBy(Privilege.account, Ascending)){
case privilege: Privilege => HostedAccount.find(privilege.account.is) match {
case Full(hosted) => Full(hosted.id.is -> (hosted.bank + " - "+ hosted.name + " - " + hosted.number) )
case _ => Empty
}
}
case _ => List()
}
)
}
object ourNetworkPermission extends ourMappedBoolean(this){
override def displayName = "Our Network"
}
object teamPermission extends ourMappedBoolean(this) {
override def displayName= "Team"
}
object boardPermission extends ourMappedBoolean(this) {
override def displayName = "Board"
}
object authoritiesPermission extends ourMappedBoolean(this) {
override def displayName = "Authorities"
}
object ownerPermission extends ourMappedBoolean(this) {
override def displayName = "Owner"
}
object mangementPermission extends ourMappedBoolean(this) {
override def displayName = "Management"
}
}
object Privilege extends Privilege with LongKeyedMetaMapper[Privilege] with CRUDify[Long, Privilege]{
override def calcPrefix = List("admin",_dbTableNameLC)
override def fieldOrder = List(account, user,updatedAt, ownerPermission, mangementPermission,
ourNetworkPermission, teamPermission, boardPermission)
override def displayName = "Privilege"
override def showAllMenuLocParams = LocGroup("admin") :: Nil
override def createMenuLocParams = LocGroup("admin") :: Nil
override def fieldsForDisplay = super.fieldsForDisplay filterNot (List(createdAt) contains)
override def fieldsForEditing = super.fieldsForEditing filterNot (List(createdAt, updatedAt) contains)
def showAll = doCrudAll(_)
override def findForList(start : Long, count : Int)= {
OBPUser.currentUser match {
case Full(user) => {
def ownerPermissionTest(privilege : Privilege) : Boolean =
Privilege.find(By(Privilege.user, user), By(Privilege.account, privilege.account)) match {
case Full(currentUserPrivilege) => currentUserPrivilege.ownerPermission
case _ => false
}
//we show only the privileges that concernes accounts were the current user
//has owner permissions on
//TODO: This is inefficient (it loads all privileges)
Privilege.findAll(OrderBy(Privilege.account, Ascending)).filter(ownerPermissionTest _)
}
case _ => List()
}
object Privilege extends Privilege with LongKeyedMetaMapper[Privilege]
class HostedAccount extends LongKeyedMapper[HostedAccount] with OneToMany[Long, HostedAccount]{
def getSingleton = HostedAccount
def primaryKeyField = id
object id extends MappedLongIndex(this)
object views extends MappedOneToMany(ViewImpl, ViewImpl.account, OrderBy(ViewImpl.id_, Ascending))
//the object id of the mongoDB Account
object accountID extends MappedString(this, 255)
def theAccount = Account.find(("_id", accountID.toString))
def name : String= theAccount match {
case Full(account) => account.name.get.toString()
case _ => ""
}
def bank : String = theAccount match {
case Full(account) => account.bankName
case _ => ""
}
def number : String = theAccount match {
case Full(account) => account.number.get
case _ => ""
}
}
class HostedAccount extends LongKeyedMapper[HostedAccount] {
def getSingleton = HostedAccount
def primaryKeyField = id
object id extends MappedLongIndex(this)
object accountID extends MappedString(this, 255)
def theAccount = Account.find(("_id", accountID.toString))
def name : String= theAccount match {
case Full(account) => account.name.get.toString()
case _ => ""
}
def bank : String = theAccount match {
case Full(account) => account.bankName
case _ => ""
}
def number : String = theAccount match {
case Full(account) => account.number.get
case _ => ""
}
}
object HostedAccount extends HostedAccount with LongKeyedMetaMapper[HostedAccount]{}
object HostedAccount extends HostedAccount with LongKeyedMetaMapper[HostedAccount]{}

309
src/main/scala/code/model/dataAccess/view.scala Normal file
View File

@ -0,0 +1,309 @@
package code.model.dataAccess
import net.liftweb.mapper._
import code.model.{View, BankAccount}
class ViewPrivileges extends LongKeyedMapper[ViewPrivileges] with IdPK {
def getSingleton = ViewPrivileges
object privilege extends MappedLongForeignKey(this, Privilege)
object view extends MappedLongForeignKey(this, ViewImpl)
}
object ViewPrivileges extends ViewPrivileges with LongKeyedMetaMapper[ViewPrivileges]
class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with CreatedUpdated{
def getSingleton = ViewImpl
def primaryKeyField = id_
object privileges extends MappedManyToMany(ViewPrivileges, ViewPrivileges.view, ViewPrivileges.privilege, Privilege)
object account extends MappedLongForeignKey(this, HostedAccount)
object id_ extends MappedLongIndex(this)
object name_ extends MappedString(this, 255)
object description_ extends MappedString(this, 255)
object permalink_ extends MappedString(this, 255)
object isPublic_ extends MappedBoolean(this){
override def defaultValue = false
override def dbIndexed_? = true
}
object usePrivateAliasIfOneExists_ extends MappedBoolean(this){
override def defaultValue = false
}
object usePublicAliasIfOneExists_ extends MappedBoolean(this){
override def defaultValue = false
}
object hideOtherAccountMetadataIfAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionMetadata_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionLabel_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionAmount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionType_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionCurrency_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionStartDate_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionFinishDate_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionBalance_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeComments_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOwnerComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTags_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeImages_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountOwners_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountType_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountBalance_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountCurrency_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountLabel_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountSwift_bic_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountIban_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountNumber_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountBankName_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountBankPermalink_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountNationalIdentifier_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeSWIFT_BIC_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountIBAN_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountBankName_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountNumber_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountMetadata_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountKind_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeMoreInfo_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeImageUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOpenCorporatesUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeCorporateLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeePhysicalLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeePublicAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeePrivateAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddMoreInfo_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddURL_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddImageURL_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddOpenCorporatesUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddCorporateLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddPhysicalLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddPublicAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddPrivateAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteCorporateLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeletePhysicalLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canEditOwnerComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddImage_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteImage_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddWhereTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeWhereTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteWhereTag_ extends MappedBoolean(this){
override def defaultValue = false
}
//e.g. "Public", "Authorities", "Our Network", etc.
def id: Long = id_.get
def name: String = name_.get
def description : String = description_.get
def permalink : String = permalink_.get
def isPublic : Boolean = isPublic_.get
//the view settings
def usePrivateAliasIfOneExists: Boolean = usePrivateAliasIfOneExists_.get
def usePublicAliasIfOneExists: Boolean = usePublicAliasIfOneExists_.get
def hideOtherAccountMetadataIfAlias: Boolean = hideOtherAccountMetadataIfAlias_.get
//reading access
//transaction fields
def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
def canSeeTransactionLabel: Boolean = canSeeTransactionLabel_.get
def canSeeTransactionAmount: Boolean = canSeeTransactionAmount_.get
def canSeeTransactionType: Boolean = canSeeTransactionType_.get
def canSeeTransactionCurrency: Boolean = canSeeTransactionCurrency_.get
def canSeeTransactionStartDate: Boolean = canSeeTransactionStartDate_.get
def canSeeTransactionFinishDate: Boolean = canSeeTransactionFinishDate_.get
def canSeeTransactionBalance: Boolean = canSeeTransactionBalance_.get
//transaction metadata
def canSeeComments: Boolean = canSeeComments_.get
def canSeeOwnerComment: Boolean = canSeeOwnerComment_.get
def canSeeTags : Boolean = canSeeTags_.get
def canSeeImages : Boolean = canSeeImages_.get
//Bank account fields
def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get
def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get
def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get
def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get
def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get
def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get
def canSeeBankAccountSwift_bic : Boolean = canSeeBankAccountSwift_bic_.get
def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get
def canSeeBankAccountNumber : Boolean = canSeeBankAccountNumber_.get
def canSeeBankAccountBankName : Boolean = canSeeBankAccountBankName_.get
def canSeeBankAccountBankPermalink : Boolean = canSeeBankAccountBankPermalink_.get
//other bank account fields
def canSeeOtherAccountNationalIdentifier : Boolean = canSeeOtherAccountNationalIdentifier_.get
def canSeeSWIFT_BIC : Boolean = canSeeSWIFT_BIC_.get
def canSeeOtherAccountIBAN : Boolean = canSeeOtherAccountIBAN_.get
def canSeeOtherAccountBankName : Boolean = canSeeOtherAccountBankName_.get
def canSeeOtherAccountNumber : Boolean = canSeeOtherAccountNumber_.get
def canSeeOtherAccountMetadata : Boolean = canSeeOtherAccountMetadata_.get
def canSeeOtherAccountKind : Boolean = canSeeOtherAccountKind_.get
//other bank account meta data
def canSeeMoreInfo: Boolean = canSeeMoreInfo_.get
def canSeeUrl: Boolean = canSeeUrl_.get
def canSeeImageUrl: Boolean = canSeeImageUrl_.get
def canSeeOpenCorporatesUrl: Boolean = canSeeOpenCorporatesUrl_.get
def canSeeCorporateLocation : Boolean = canSeeCorporateLocation_.get
def canSeePhysicalLocation : Boolean = canSeePhysicalLocation_.get
def canSeePublicAlias : Boolean = canSeePublicAlias_.get
def canSeePrivateAlias : Boolean = canSeePrivateAlias_.get
def canAddMoreInfo : Boolean = canAddMoreInfo_.get
def canAddURL : Boolean = canAddURL_.get
def canAddImageURL : Boolean = canAddImageURL_.get
def canAddOpenCorporatesUrl : Boolean = canAddOpenCorporatesUrl_.get
def canAddCorporateLocation : Boolean = canAddCorporateLocation_.get
def canAddPhysicalLocation : Boolean = canAddPhysicalLocation_.get
def canAddPublicAlias : Boolean = canAddPublicAlias_.get
def canAddPrivateAlias : Boolean = canAddPrivateAlias_.get
def canDeleteCorporateLocation : Boolean = canDeleteCorporateLocation_.get
def canDeletePhysicalLocation : Boolean = canDeletePhysicalLocation_.get
//writing access
def canEditOwnerComment: Boolean = canEditOwnerComment_.get
def canAddComment : Boolean = canAddComment_.get
def canDeleteComment: Boolean = canDeleteComment_.get
def canAddTag : Boolean = canAddTag_.get
def canDeleteTag : Boolean = canDeleteTag_.get
def canAddImage : Boolean = canAddImage_.get
def canDeleteImage : Boolean = canDeleteImage_.get
def canAddWhereTag : Boolean = canAddWhereTag_.get
def canSeeWhereTag : Boolean = canSeeWhereTag_.get
def canDeleteWhereTag : Boolean = canDeleteWhereTag_.get
}
object ViewImpl extends ViewImpl with LongKeyedMetaMapper[ViewImpl]{
override def dbIndexes = Index(permalink_, account):: super.dbIndexes
}

675
src/test/scala/code/api/API12Test.scala
View File

File diff suppressed because it is too large Load Diff

231
src/test/scala/code/api/ServerSetup.scala
View File

@ -100,8 +100,18 @@ trait ServerSetup extends FeatureSpec
}
})
val hostedAccounts = accounts.map(account => {
HostedAccount.create.accountID(account.id.get.toString).saveMe
val hostedaccount =
HostedAccount.
create.
accountID(account.id.get.toString).
saveMe
ownerView(hostedaccount)
publicView(hostedaccount)
randomView(hostedaccount)
hostedaccount
})
//fake transactions
@ -181,7 +191,7 @@ trait ServerSetup extends FeatureSpec
val body = if(response.getResponseBody().isEmpty) "{}" else response.getResponseBody()
APIResponse(response.getStatusCode, parse(body))
}
, Duration(1, SECONDS))
, Duration(5, SECONDS))
}
/**
@ -216,6 +226,223 @@ trait ServerSetup extends FeatureSpec
val jsonReq = req.DELETE
getAPIResponse(jsonReq)
}
def ownerView(account: HostedAccount) =
ViewImpl.create.
name_("Owner").
description_(randomString(3)).
permalink_("owner").
isPublic_(false).
account(account).
usePrivateAliasIfOneExists_(false).
usePublicAliasIfOneExists_(false).
hideOtherAccountMetadataIfAlias_(false).
canSeeTransactionThisBankAccount_(true).
canSeeTransactionOtherBankAccount_(true).
canSeeTransactionMetadata_(true).
canSeeTransactionLabel_(true).
canSeeTransactionAmount_(true).
canSeeTransactionType_(true).
canSeeTransactionCurrency_(true).
canSeeTransactionStartDate_(true).
canSeeTransactionFinishDate_(true).
canSeeTransactionBalance_(true).
canSeeComments_(true).
canSeeOwnerComment_(true).
canSeeTags_(true).
canSeeImages_(true).
canSeeBankAccountOwners_(true).
canSeeBankAccountType_(true).
canSeeBankAccountBalance_(true).
canSeeBankAccountCurrency_(true).
canSeeBankAccountLabel_(true).
canSeeBankAccountNationalIdentifier_(true).
canSeeBankAccountSwift_bic_(true).
canSeeBankAccountIban_(true).
canSeeBankAccountNumber_(true).
canSeeBankAccountBankName_(true).
canSeeBankAccountBankPermalink_(true).
canSeeOtherAccountNationalIdentifier_(true).
canSeeSWIFT_BIC_(true).
canSeeOtherAccountIBAN_ (true).
canSeeOtherAccountBankName_(true).
canSeeOtherAccountNumber_(true).
canSeeOtherAccountMetadata_(true).
canSeeOtherAccountKind_(true).
canSeeMoreInfo_(true).
canSeeUrl_(true).
canSeeImageUrl_(true).
canSeeOpenCorporatesUrl_(true).
canSeeCorporateLocation_(true).
canSeePhysicalLocation_(true).
canSeePublicAlias_(true).
canSeePrivateAlias_(true).
canAddMoreInfo_(true).
canAddURL_(true).
canAddImageURL_(true).
canAddOpenCorporatesUrl_(true).
canAddCorporateLocation_(true).
canAddPhysicalLocation_(true).
canAddPublicAlias_(true).
canAddPrivateAlias_(true).
canDeleteCorporateLocation_(true).
canDeletePhysicalLocation_(true).
canEditOwnerComment_(true).
canAddComment_(true).
canDeleteComment_(true).
canAddTag_(true).
canDeleteTag_(true).
canAddImage_(true).
canDeleteImage_(true).
canAddWhereTag_(true).
canSeeWhereTag_(true).
canDeleteWhereTag_(true).
save
def publicView(account: HostedAccount) =
ViewImpl.create.
name_("Public").
description_(randomString(3)).
permalink_("public").
isPublic_(true).
account(account).
usePrivateAliasIfOneExists_(false).
usePublicAliasIfOneExists_(true).
hideOtherAccountMetadataIfAlias_(true).
canSeeTransactionThisBankAccount_(true).
canSeeTransactionOtherBankAccount_(true).
canSeeTransactionMetadata_(true).
canSeeTransactionLabel_(true).
canSeeTransactionAmount_(true).
canSeeTransactionType_(true).
canSeeTransactionCurrency_(true).
canSeeTransactionStartDate_(true).
canSeeTransactionFinishDate_(true).
canSeeTransactionBalance_(true).
canSeeComments_(true).
canSeeOwnerComment_(true).
canSeeTags_(true).
canSeeImages_(true).
canSeeBankAccountOwners_(true).
canSeeBankAccountType_(true).
canSeeBankAccountBalance_(true).
canSeeBankAccountCurrency_(true).
canSeeBankAccountLabel_(true).
canSeeBankAccountNationalIdentifier_(true).
canSeeBankAccountSwift_bic_(true).
canSeeBankAccountIban_(true).
canSeeBankAccountNumber_(true).
canSeeBankAccountBankName_(true).
canSeeBankAccountBankPermalink_(true).
canSeeOtherAccountNationalIdentifier_(true).
canSeeSWIFT_BIC_(true).
canSeeOtherAccountIBAN_ (true).
canSeeOtherAccountBankName_(true).
canSeeOtherAccountNumber_(true).
canSeeOtherAccountMetadata_(true).
canSeeOtherAccountKind_(true).
canSeeMoreInfo_(true).
canSeeUrl_(true).
canSeeImageUrl_(true).
canSeeOpenCorporatesUrl_(true).
canSeeCorporateLocation_(true).
canSeePhysicalLocation_(true).
canSeePublicAlias_(true).
canSeePrivateAlias_(true).
canAddMoreInfo_(true).
canAddURL_(true).
canAddImageURL_(true).
canAddOpenCorporatesUrl_(true).
canAddCorporateLocation_(true).
canAddPhysicalLocation_(true).
canAddPublicAlias_(true).
canAddPrivateAlias_(true).
canDeleteCorporateLocation_(true).
canDeletePhysicalLocation_(true).
canEditOwnerComment_(true).
canAddComment_(true).
canDeleteComment_(true).
canAddTag_(true).
canDeleteTag_(true).
canAddImage_(true).
canDeleteImage_(true).
canAddWhereTag_(true).
canSeeWhereTag_(true).
canDeleteWhereTag_(true).
save
def randomView(account: HostedAccount) =
ViewImpl.create.
name_(randomString(5)).
description_(randomString(3)).
permalink_(randomString(3)).
isPublic_(false).
account(account).
usePrivateAliasIfOneExists_(false).
usePublicAliasIfOneExists_(false).
hideOtherAccountMetadataIfAlias_(false).
canSeeTransactionThisBankAccount_(true).
canSeeTransactionOtherBankAccount_(true).
canSeeTransactionMetadata_(true).
canSeeTransactionLabel_(true).
canSeeTransactionAmount_(true).
canSeeTransactionType_(true).
canSeeTransactionCurrency_(true).
canSeeTransactionStartDate_(true).
canSeeTransactionFinishDate_(true).
canSeeTransactionBalance_(true).
canSeeComments_(true).
canSeeOwnerComment_(true).
canSeeTags_(true).
canSeeImages_(true).
canSeeBankAccountOwners_(true).
canSeeBankAccountType_(true).
canSeeBankAccountBalance_(true).
canSeeBankAccountCurrency_(true).
canSeeBankAccountLabel_(true).
canSeeBankAccountNationalIdentifier_(true).
canSeeBankAccountSwift_bic_(true).
canSeeBankAccountIban_(true).
canSeeBankAccountNumber_(true).
canSeeBankAccountBankName_(true).
canSeeBankAccountBankPermalink_(true).
canSeeOtherAccountNationalIdentifier_(true).
canSeeSWIFT_BIC_(true).
canSeeOtherAccountIBAN_ (true).
canSeeOtherAccountBankName_(true).
canSeeOtherAccountNumber_(true).
canSeeOtherAccountMetadata_(true).
canSeeOtherAccountKind_(true).
canSeeMoreInfo_(true).
canSeeUrl_(true).
canSeeImageUrl_(true).
canSeeOpenCorporatesUrl_(true).
canSeeCorporateLocation_(true).
canSeePhysicalLocation_(true).
canSeePublicAlias_(true).
canSeePrivateAlias_(true).
canAddMoreInfo_(true).
canAddURL_(true).
canAddImageURL_(true).
canAddOpenCorporatesUrl_(true).
canAddCorporateLocation_(true).
canAddPhysicalLocation_(true).
canAddPublicAlias_(true).
canAddPrivateAlias_(true).
canDeleteCorporateLocation_(true).
canDeletePhysicalLocation_(true).
canEditOwnerComment_(true).
canAddComment_(true).
canDeleteComment_(true).
canAddTag_(true).
canDeleteTag_(true).
canAddImage_(true).
canDeleteImage_(true).
canAddWhereTag_(true).
canSeeWhereTag_(true).
canDeleteWhereTag_(true).
save
}
object ServerSetup {