artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 17:37:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into develop

Browse Source
This commit is contained in:
Marko Milić 2023-05-18 09:04:46 +02:00
commit 1a0ea99d2b
30 changed files with 245 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
obp-api/src/main/scala/code/api/GatewayLogin.scala
View File

@ -272,7 +272,7 @@ object GatewayLogin extends RestHelper with MdcLoggable {
val isFirst = getFieldFromPayloadJson(jwtPayload, "is_first")
// Update user account views, only when is_first == true in the GatewayLogin token's payload .
if(APIUtil.isFirst(isFirst)) {
AuthUser.refreshViewsAccountAccessAndHolders(u, accounts)
AuthUser.refreshViewsAccountAccessAndHolders(u, accounts, callContext)
}
Full((u, Some(getCbsTokens(s).head),callContext)) // Return user
case Empty =>
@ -326,7 +326,7 @@ object GatewayLogin extends RestHelper with MdcLoggable {
val isFirst = getFieldFromPayloadJson(jwtPayload, "is_first")
// Update user account views, only when is_first == true in the GatewayLogin token's payload .
if(APIUtil.isFirst(isFirst)) {
AuthUser.refreshViewsAccountAccessAndHolders(u, accounts)
AuthUser.refreshViewsAccountAccessAndHolders(u, accounts, callContext)
}
Full(u, Some(getCbsTokens(s).head), callContext) // Return user
case (Empty, _) =>

8
obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/AccountsApi.scala
View File

@ -120,8 +120,8 @@ object APIMethods_AccountsApi extends RestHelper {
callContext: Option[CallContext])
} yield {
val allAccounts: List[Box[(BankAccount, View)]] = for (account: BankAccount <- accounts) yield {
APIUtil.checkViewAccessAndReturnView(detailViewId, BankIdAccountId(account.bankId, account.accountId), Full(u)).or(
APIUtil.checkViewAccessAndReturnView(basicViewId, BankIdAccountId(account.bankId, account.accountId), Full(u))
APIUtil.checkViewAccessAndReturnView(detailViewId, BankIdAccountId(account.bankId, account.accountId), Full(u), callContext).or(
APIUtil.checkViewAccessAndReturnView(basicViewId, BankIdAccountId(account.bankId, account.accountId), Full(u), callContext)
) match {
case Full(view) =>
Full(account, view)
@ -229,8 +229,8 @@ object APIMethods_AccountsApi extends RestHelper {
callContext: Option[CallContext])
} yield {
val allAccounts: List[Box[(BankAccount, View)]] = for (account: BankAccount <- accounts) yield {
APIUtil.checkViewAccessAndReturnView(detailViewId, BankIdAccountId(account.bankId, account.accountId), Full(u)).or(
APIUtil.checkViewAccessAndReturnView(basicViewId, BankIdAccountId(account.bankId, account.accountId), Full(u))
APIUtil.checkViewAccessAndReturnView(detailViewId, BankIdAccountId(account.bankId, account.accountId), Full(u), callContext).or(
APIUtil.checkViewAccessAndReturnView(basicViewId, BankIdAccountId(account.bankId, account.accountId), Full(u), callContext)
) match {
case Full(view) =>
Full(account, view)

2
obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/TransactionsApi.scala
View File

@ -1030,7 +1030,7 @@ object APIMethods_TransactionsApi extends RestHelper {
bankAccount <- accounts
} yield{
for{
view <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId, bankAccount.accountId))
view <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext)
params <- createQueriesByHttpParams(callContext.get.requestHeaders)
(transactionRequests, callContext) <- Connector.connector.vend.getTransactionRequests210(u, bankAccount, callContext)
(transactions, callContext) <- bankAccount.getModeratedTransactions(bank, Full(u), view, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext, params)

9
obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/UtilForUKV310.scala
View File

@ -1,6 +1,7 @@
package code.api.UKOpenBanking.v3_1_0
import code.api.util.APIUtil.{canGrantAccessToViewCommon, canRevokeAccessToViewCommon}
import code.api.util.CallContext
import code.api.util.ErrorMessages.UserNoOwnerView
import code.views.Views
import com.openbankproject.commons.model.{User, ViewIdBankIdAccountId}
@ -9,12 +10,12 @@ import net.liftweb.common.{Empty, Failure, Full}
import scala.collection.immutable.List
object UtilForUKV310 {
def grantAccessToViews(user: User, views: List[ViewIdBankIdAccountId]): Full[Boolean] = {
def grantAccessToViews(user: User, views: List[ViewIdBankIdAccountId], callContext: Option[CallContext]): Full[Boolean] = {
val result =
for {
view <- views
} yield {
if (canGrantAccessToViewCommon(view.bankId, view.accountId, user)) {
if (canGrantAccessToViewCommon(view.bankId, view.accountId, user, callContext)) {
val viewIdBankIdAccountId = ViewIdBankIdAccountId(view.viewId, view.bankId, view.accountId)
Views.views.vend.systemView(view.viewId) match {
case Full(systemView) =>
@ -34,12 +35,12 @@ object UtilForUKV310 {
}
}
def revokeAccessToViews(user: User, views: List[ViewIdBankIdAccountId]): Full[Boolean] = {
def revokeAccessToViews(user: User, views: List[ViewIdBankIdAccountId], callContext: Option[CallContext]): Full[Boolean] = {
val result =
for {
view <- views
} yield {
if (canRevokeAccessToViewCommon(view.bankId, view.accountId, user)) {
if (canRevokeAccessToViewCommon(view.bankId, view.accountId, user, callContext)) {
val viewIdBankIdAccountId = ViewIdBankIdAccountId(view.viewId, view.bankId, view.accountId)
Views.views.vend.systemView(view.viewId) match {
case Full(systemView) =>

2
obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala
View File

@ -65,7 +65,7 @@ object APIMethods_AccountInformationServiceAISApi extends RestHelper {
private def checkAccountAccess(viewId: ViewId, u: User, account: BankAccount, callContext: Option[CallContext]) = {
Future {
Helper.booleanToBox(u.hasViewAccess(BankIdAccountId(account.bankId, account.accountId), viewId))
Helper.booleanToBox(u.hasViewAccess(BankIdAccountId(account.bankId, account.accountId), viewId, callContext))
} map {
unboxFullOrFail(_, callContext, NoViewReadAccountsBerlinGroup + " userId : " + u.userId + ". account : " + account.accountId, 403)
}

2
obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala
View File

@ -565,7 +565,7 @@ $additionalInstructions
_ <- Helper.booleanToFuture(invalidIban, cc=callContext) { ibanChecker.isValid == true }
(toAccount, callContext) <- NewStyle.function.getToBankAccountByIban(toAccountIban, callContext)
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId))) Future.successful(Full(Unit))
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext)) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)
// Prevent default value for transaction request type (at least).

19
obp-api/src/main/scala/code/api/util/APIUtil.scala
View File

@ -3567,14 +3567,14 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
* @param user Option User, can be Empty(No Authentication), or Login user.
*
*/
def hasAccountAccess(view: View, bankIdAccountId: BankIdAccountId, user: Option[User]) : Boolean = {
def hasAccountAccess(view: View, bankIdAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Boolean = {
if(isPublicView(view: View))// No need for the Login user and public access
true
else
user match {
case Some(u) if hasAccountFirehoseAccessAtBank(view,u, bankIdAccountId.bankId) => true //Login User and Firehose access
case Some(u) if hasAccountFirehoseAccess(view,u) => true//Login User and Firehose access
case Some(u) if u.hasAccountAccess(view, bankIdAccountId)=> true // Login User and check view access
case Some(u) if u.hasAccountAccess(view, bankIdAccountId, callContext)=> true // Login User and check view access
case _ =>
false
}
@ -3584,7 +3584,8 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
* to the account specified by parameter bankIdAccountId over the view specified by parameter viewId
* Note: The public views means you can use anonymous access which implies that the user is an optional value
*/
final def checkViewAccessAndReturnView(viewId : ViewId, bankIdAccountId: BankIdAccountId, user: Option[User], consumerId: Option[String] = None): Box[View] = {
final def checkViewAccessAndReturnView(viewId : ViewId, bankIdAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]): Box[View] = {
val customView = MapperViews.customView(viewId, bankIdAccountId)
customView match { // CHECK CUSTOM VIEWS
// 1st: View is Pubic and Public views are NOT allowed on this instance.
@ -3592,7 +3593,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
// 2nd: View is Pubic and Public views are allowed on this instance.
case Full(v) if(isPublicView(v)) => customView
// 3rd: The user has account access to this custom view
case Full(v) if(user.isDefined && user.get.hasAccountAccess(v, bankIdAccountId, consumerId)) => customView
case Full(v) if(user.isDefined && user.get.hasAccountAccess(v, bankIdAccountId, callContext: Option[CallContext])) => customView
// The user has NO account access via custom view
case _ =>
val systemView = MapperViews.systemView(viewId)
@ -3602,7 +3603,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
// 2nd: View is Pubic and Public views are allowed on this instance.
case Full(v) if(isPublicView(v)) => systemView
// 3rd: The user has account access to this system view
case Full(v) if (user.isDefined && user.get.hasAccountAccess(v, bankIdAccountId, consumerId)) => systemView
case Full(v) if (user.isDefined && user.get.hasAccountAccess(v, bankIdAccountId, callContext: Option[CallContext])) => systemView
// 4th: The user has firehose access to this system view
case Full(v) if (user.isDefined && hasAccountFirehoseAccess(v, user.get)) => systemView
// 5th: The user has firehose access at a bank to this system view
@ -4045,12 +4046,12 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
case _ => false
}
def canGrantAccessToViewCommon(bankId: BankId, accountId: AccountId, user: User): Boolean = {
user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId)) || // TODO Use an action instead of the owner view
def canGrantAccessToViewCommon(bankId: BankId, accountId: AccountId, user: User, callContext: Option[CallContext]): Boolean = {
user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext) || // TODO Use an action instead of the owner view
AccountHolders.accountHolders.vend.getAccountHolders(bankId, accountId).exists(_.userId == user.userId)
}
def canRevokeAccessToViewCommon(bankId: BankId, accountId: AccountId, user: User): Boolean = {
user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId)) || // TODO Use an action instead of the owner view
def canRevokeAccessToViewCommon(bankId: BankId, accountId: AccountId, user: User, callContext: Option[CallContext]): Boolean = {
user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext) || // TODO Use an action instead of the owner view
AccountHolders.accountHolders.vend.getAccountHolders(bankId, accountId).exists(_.userId == user.userId)
}

48
obp-api/src/main/scala/code/api/util/NewStyle.scala
View File

@ -519,33 +519,33 @@ object NewStyle extends MdcLoggable{
}
}
def permissions(account: BankAccount, user: User) = Future {
account.permissions(user)
def permissions(account: BankAccount, user: User, callContext: Option[CallContext]) = Future {
account.permissions(user, callContext)
} map { fullBoxOrException(_)
} map { unboxFull(_) }
def removeView(account: BankAccount, user: User, viewId: ViewId) = Future {
account.removeView(user, viewId)
def removeView(account: BankAccount, user: User, viewId: ViewId, callContext: Option[CallContext]) = Future {
account.removeView(user, viewId, callContext)
} map { fullBoxOrException(_)
} map { unboxFull(_) }
def grantAccessToView(account: BankAccount, u: User, viewIdBankIdAccountId : ViewIdBankIdAccountId, provider : String, providerId: String) = Future {
account.grantAccessToView(u, viewIdBankIdAccountId, provider, providerId)
def grantAccessToView(account: BankAccount, u: User, viewIdBankIdAccountId : ViewIdBankIdAccountId, provider : String, providerId: String, callContext: Option[CallContext]) = Future {
account.grantAccessToView(u, viewIdBankIdAccountId, provider, providerId, callContext: Option[CallContext])
} map { fullBoxOrException(_)
} map { unboxFull(_) }
def grantAccessToMultipleViews(account: BankAccount, u: User, viewIdBankIdAccountIds : List[ViewIdBankIdAccountId], provider : String, providerId: String) = Future {
account.grantAccessToMultipleViews(u, viewIdBankIdAccountIds, provider, providerId)
def grantAccessToMultipleViews(account: BankAccount, u: User, viewIdBankIdAccountIds : List[ViewIdBankIdAccountId], provider : String, providerId: String, callContext: Option[CallContext]) = Future {
account.grantAccessToMultipleViews(u, viewIdBankIdAccountIds, provider, providerId, callContext: Option[CallContext])
} map { fullBoxOrException(_)
} map { unboxFull(_) }
def revokeAccessToView(account: BankAccount, u: User, viewIdBankIdAccountId : ViewIdBankIdAccountId, provider : String, providerId: String) = Future {
account.revokeAccessToView(u, viewIdBankIdAccountId, provider, providerId)
def revokeAccessToView(account: BankAccount, u: User, viewIdBankIdAccountId : ViewIdBankIdAccountId, provider : String, providerId: String, callContext: Option[CallContext]) = Future {
account.revokeAccessToView(u, viewIdBankIdAccountId, provider, providerId, callContext: Option[CallContext])
} map { fullBoxOrException(_)
} map { unboxFull(_) }
def revokeAllAccountAccess(account: BankAccount, u: User, provider : String, providerId: String) = Future {
account.revokeAllAccountAccess(u, provider, providerId)
def revokeAllAccountAccess(account: BankAccount, u: User, provider : String, providerId: String, callContext: Option[CallContext]) = Future {
account.revokeAllAccountAccess(u, provider, providerId, callContext)
} map { fullBoxOrException(_)
} map { unboxFull(_) }
@ -558,7 +558,7 @@ object NewStyle extends MdcLoggable{
view: View,
user: Box[User],
callContext: Option[CallContext]): Future[List[ModeratedOtherBankAccount]] =
Future(account.moderatedOtherBankAccounts(view, BankIdAccountId(account.bankId, account.accountId), user)) map { connectorEmptyResponse(_, callContext) }
Future(account.moderatedOtherBankAccounts(view, BankIdAccountId(account.bankId, account.accountId), user, callContext)) map { connectorEmptyResponse(_, callContext) }
def moderatedOtherBankAccount(account: BankAccount,
counterpartyId: String,
view: View,
@ -571,29 +571,29 @@ object NewStyle extends MdcLoggable{
(unboxFullOrFail(i._1, callContext,s"$InvalidConnectorResponseForGetTransactions", 400 ), i._2)
}
def checkOwnerViewAccessAndReturnOwnerView(user: User, bankAccountId: BankIdAccountId, callContext: Option[CallContext]) : Future[View] = {
Future {user.checkOwnerViewAccessAndReturnOwnerView(bankAccountId)} map {
Future {user.checkOwnerViewAccessAndReturnOwnerView(bankAccountId, callContext)} map {
unboxFullOrFail(_, callContext, s"$UserNoOwnerView" +"userId : " + user.userId + ". bankId : " + s"${bankAccountId.bankId}" + ". accountId : " + s"${bankAccountId.accountId}")
}
}
def checkViewAccessAndReturnView(viewId : ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Future[View] = {
Future{
APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user)
APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user, callContext)
} map {
unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView")
}
}
def checkAccountAccessAndGetView(viewId : ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Future[View] = {
Future{
APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user)
APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user, callContext)
} map {
unboxFullOrFail(_, callContext, s"$NoAccountAccessOnView ${viewId.value}", 403)
}
}
def checkViewsAccessAndReturnView(firstView : ViewId, secondView : ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Future[View] = {
Future{
APIUtil.checkViewAccessAndReturnView(firstView, bankAccountId, user).or(
APIUtil.checkViewAccessAndReturnView(secondView, bankAccountId, user)
APIUtil.checkViewAccessAndReturnView(firstView, bankAccountId, user, callContext).or(
APIUtil.checkViewAccessAndReturnView(secondView, bankAccountId, user, callContext)
)
} map {
unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView")
@ -610,8 +610,8 @@ object NewStyle extends MdcLoggable{
)
val ownerViewId = ViewId(Constant.SYSTEM_OWNER_VIEW_ID)
Future{
APIUtil.checkViewAccessAndReturnView(ownerViewId, debitBankAccountId, user).or(
APIUtil.checkViewAccessAndReturnView(ownerViewId, creditBankAccountId, user)
APIUtil.checkViewAccessAndReturnView(ownerViewId, debitBankAccountId, user, callContext).or(
APIUtil.checkViewAccessAndReturnView(ownerViewId, creditBankAccountId, user, callContext)
)
} map {
unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView")
@ -623,9 +623,7 @@ object NewStyle extends MdcLoggable{
lazy val hasCanCreateAnyTransactionRequestRole = APIUtil.hasEntitlement(bankAccountId.bankId.value, user.userId, canCreateAnyTransactionRequest)
lazy val consumerIdFromCallContext = callContext.map(_.consumer.map(_.consumerId.get).getOrElse(""))
lazy val view = APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, Some(user), consumerIdFromCallContext)
lazy val view = APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, Some(user), callContext)
lazy val canAddTransactionRequestToAnyAccount = view.map(_.canAddTransactionRequestToAnyAccount).getOrElse(false)
@ -712,13 +710,13 @@ object NewStyle extends MdcLoggable{
def canGrantAccessToView(bankId: BankId, accountId: AccountId, user: User, callContext: Option[CallContext]) : Future[Box[Boolean]] = {
Helper.wrapStatementToFuture(UserMissOwnerViewOrNotAccountHolder) {
canGrantAccessToViewCommon(bankId, accountId, user)
canGrantAccessToViewCommon(bankId, accountId, user, callContext)
}
}
def canRevokeAccessToView(bankId: BankId, accountId: AccountId, user: User, callContext: Option[CallContext]) : Future[Box[Boolean]] = {
Helper.wrapStatementToFuture(UserMissOwnerViewOrNotAccountHolder) {
canRevokeAccessToViewCommon(bankId, accountId, user)
canRevokeAccessToViewCommon(bankId, accountId, user, callContext)
}
}
def createSystemView(view: CreateViewJson, callContext: Option[CallContext]) : Future[View] = {

52
obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala
View File

@ -90,7 +90,7 @@ trait APIMethods121 {
private def moderatedTransactionMetadata(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionID : TransactionId, user : Box[User], callContext: Option[CallContext]) : Box[ModeratedTransactionMetadata] ={
for {
(account, callContext) <- BankAccountX(bankId, accountId, callContext) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), user, callContext)
(moderatedTransaction, callContext) <- account.moderatedTransaction(transactionID, view, BankIdAccountId(bankId,accountId), user, callContext)
metadata <- Box(moderatedTransaction.metadata) ?~ { s"$NoViewPermission can_see_transaction_metadata. Current ViewId($viewId)" }
} yield metadata
@ -456,7 +456,7 @@ trait APIMethods121 {
u <- cc.user ?~ UserNotLoggedIn
(account, callContext) <- BankAccountX(bankId, accountId, Some(cc)) ?~! BankAccountNotFound
availableviews <- Full(Views.views.vend.privateViewsUserCanAccessForAccount(u, BankIdAccountId(account.bankId, account.accountId)))
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u))
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext)
moderatedAccount <- account.moderatedBankAccount(view, BankIdAccountId(bankId, accountId), cc.user, callContext)
} yield {
val viewsAvailable = availableviews.map(JSONFactory.createViewJSON)
@ -495,7 +495,7 @@ trait APIMethods121 {
json <- NewStyle.function.tryons(InvalidJsonFormat, 400, callContext) { json.extract[UpdateAccountJSON] }
(account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
} yield {
account.updateLabel(u, json.label)
account.updateLabel(u, json.label,callContext)
(successMessage, HttpCode.`200`(callContext))
}
}
@ -544,7 +544,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
_ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId)), UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId)
_ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), Some(cc)), UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId)
views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId)))
} yield {
// TODO Include system views as well
@ -605,7 +605,7 @@ trait APIMethods121 {
createViewJsonV121.hide_metadata_if_alias_used,
createViewJsonV121.allowed_actions
)
view <- account createCustomView (u, createViewJson)
view <- account createCustomView (u, createViewJson, Some(cc))
} yield {
val viewJSON = JSONFactory.createViewJSON(view)
successJsonResponse(Extraction.decompose(viewJSON), 201)
@ -660,7 +660,7 @@ trait APIMethods121 {
hide_metadata_if_alias_used = updateJsonV121.hide_metadata_if_alias_used,
allowed_actions = updateJsonV121.allowed_actions
)
updatedView <- account.updateView(u, viewId, updateViewJson)
updatedView <- account.updateView(u, viewId, updateViewJson, Some(cc))
} yield {
val viewJSON = JSONFactory.createViewJSON(updatedView)
successJsonResponse(Extraction.decompose(viewJSON), 200)
@ -699,7 +699,7 @@ trait APIMethods121 {
// custom views start with `_` eg _play, _work, and System views start with a letter, eg: owner
_ <- Helper.booleanToFuture(InvalidCustomViewFormat+s"Current view_name (${viewId.value})", cc=callContext) { viewId.value.startsWith("_") }
_ <- NewStyle.function.customView(viewId, BankIdAccountId(bankId, accountId), callContext)
deleted <- NewStyle.function.removeView(account, u, viewId)
deleted <- NewStyle.function.removeView(account, u, viewId, callContext)
} yield {
(Full(deleted), HttpCode.`204`(callContext))
}
@ -729,7 +729,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
permissions <- account permissions u
permissions <- account.permissions(u, Some(cc))
} yield {
val permissionsJSON = JSONFactory.createPermissionsJSON(permissions)
successJsonResponse(Extraction.decompose(permissionsJSON))
@ -767,7 +767,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
permission <- account permission(u, providerId, userId)
permission <- account permission(u, providerId, userId, Some(cc))
} yield {
val views = JSONFactory.createViewsJSON(permission.views)
successJsonResponse(Extraction.decompose(views))
@ -811,7 +811,7 @@ trait APIMethods121 {
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
failMsg = "wrong format JSON"
viewIds <- NewStyle.function.tryons(failMsg, 400, callContext) { json.extract[ViewIdsJson] }
addedViews <- NewStyle.function.grantAccessToMultipleViews(account, u, viewIds.views.map(viewIdString => ViewIdBankIdAccountId(ViewId(viewIdString), bankId, accountId)), provider, providerId)
addedViews <- NewStyle.function.grantAccessToMultipleViews(account, u, viewIds.views.map(viewIdString => ViewIdBankIdAccountId(ViewId(viewIdString), bankId, accountId)), provider, providerId,callContext)
} yield {
(JSONFactory.createViewsJSON(addedViews), HttpCode.`201`(callContext))
}
@ -851,7 +851,7 @@ trait APIMethods121 {
(Full(u), callContext) <- authenticatedAccess(cc)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
addedView <- NewStyle.function.grantAccessToView(account, u, ViewIdBankIdAccountId(viewId, bankId, accountId), provider, providerId)
addedView <- NewStyle.function.grantAccessToView(account, u, ViewIdBankIdAccountId(viewId, bankId, accountId), provider, providerId, callContext)
} yield {
val viewJson = JSONFactory.createViewJSON(addedView)
(viewJson, HttpCode.`201`(callContext))
@ -911,7 +911,7 @@ trait APIMethods121 {
(Full(u), callContext) <- authenticatedAccess(cc)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
_ <- NewStyle.function.revokeAccessToView(account, u, ViewIdBankIdAccountId(viewId, bankId, accountId), provider, providerId)
_ <- NewStyle.function.revokeAccessToView(account, u, ViewIdBankIdAccountId(viewId, bankId, accountId), provider, providerId, callContext)
} yield {
(Full(""), HttpCode.`204`(callContext))
}
@ -948,7 +948,7 @@ trait APIMethods121 {
(Full(u), callContext) <- authenticatedAccess(cc)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
_ <- NewStyle.function.revokeAllAccountAccess(account, u, provider, providerId)
_ <- NewStyle.function.revokeAllAccountAccess(account, u, provider, providerId, callContext)
} yield {
(Full(""), HttpCode.`204`(callContext))
}
@ -979,8 +979,8 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), cc.user)
otherBankAccounts <- account.moderatedOtherBankAccounts(view, BankIdAccountId(bankId, accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), cc.user, None)
otherBankAccounts <- account.moderatedOtherBankAccounts(view, BankIdAccountId(bankId, accountId), cc.user, Some(cc))
} yield {
val otherBankAccountsJson = JSONFactory.createOtherBankAccountsJSON(otherBankAccounts)
successJsonResponse(Extraction.decompose(otherBankAccountsJson))
@ -1009,7 +1009,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccountX(bankId, accountId) ?~!BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, None)
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, BankIdAccountId(account.bankId, account.accountId), cc.user, Some(cc))
} yield {
val otherBankAccountJson = JSONFactory.createOtherBankAccount(otherBankAccount)
@ -2053,7 +2053,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, None)
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, BankIdAccountId(account.bankId, account.accountId), cc.user, Some(cc))
metadata <- Box(otherBankAccount.metadata) ?~ { s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)" }
addCorpLocation <- Box(metadata.addCorporateLocation) ?~ {"the view " + viewId + "does not allow adding a corporate location"}
@ -2096,7 +2096,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, None)
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, BankIdAccountId(account.bankId, account.accountId), cc.user, Some(cc))
metadata <- Box(otherBankAccount.metadata) ?~ { s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)" }
addCorpLocation <- Box(metadata.addCorporateLocation) ?~ {"the view " + viewId + "does not allow updating a corporate location"}
@ -2188,7 +2188,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, None)
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, BankIdAccountId(account.bankId, account.accountId), cc.user, Some(cc))
metadata <- Box(otherBankAccount.metadata) ?~ { s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)" }
addPhysicalLocation <- Box(metadata.addPhysicalLocation) ?~ {"the view " + viewId + "does not allow adding a physical location"}
@ -2232,7 +2232,7 @@ trait APIMethods121 {
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, None)
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, BankIdAccountId(account.bankId, account.accountId), cc.user, Some(cc))
metadata <- Box(otherBankAccount.metadata) ?~ { s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)" }
addPhysicalLocation <- Box(metadata.addPhysicalLocation) ?~ {"the view " + viewId + "does not allow updating a physical location"}
@ -2337,7 +2337,7 @@ trait APIMethods121 {
params <- paramsBox
bankAccount <- BankAccountX(bankId, accountId)
(bank, callContext) <- BankX(bankId, None) ?~! BankNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), user, None)
(transactions, callContext) <- bankAccount.getModeratedTransactions(bank, user, view, BankIdAccountId(bankId, accountId), None, params )
} yield {
val json = JSONFactory.createTransactionsJSON(transactions)
@ -2386,7 +2386,7 @@ trait APIMethods121 {
cc =>
for {
(account, callContext) <- BankAccountX(bankId, accountId, Some(cc)) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, None)
(moderatedTransaction, callContext) <- account.moderatedTransaction(transactionId, view, BankIdAccountId(bankId,accountId), cc.user, Some(cc))
} yield {
val json = JSONFactory.createTransactionJSON(moderatedTransaction)
@ -2661,7 +2661,7 @@ trait APIMethods121 {
(user, callContext) <- authenticatedAccess(cc)
(account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, user, callContext)
delete <- Future(metadata.deleteComment(commentId, user, account)) map {
delete <- Future(metadata.deleteComment(commentId, user, account, callContext)) map {
unboxFullOrFail(_, callContext, "")
}
} yield {
@ -2780,7 +2780,7 @@ trait APIMethods121 {
(user, callContext) <- authenticatedAccess(cc)
metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, user, callContext)
(bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
delete <- Future(metadata.deleteTag(tagId, user, bankAccount)) map {
delete <- Future(metadata.deleteTag(tagId, user, bankAccount, callContext)) map {
unboxFullOrFail(_, callContext, "")
}
} yield {
@ -2903,7 +2903,7 @@ trait APIMethods121 {
(user, callContext) <- authenticatedAccess(cc)
metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, user, callContext)
(account, _) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
delete <- Future(metadata.deleteImage(imageId, user, account)) map {
delete <- Future(metadata.deleteImage(imageId, user, account, callContext)) map {
unboxFullOrFail(_, callContext, "")
}
} yield {
@ -3076,7 +3076,7 @@ trait APIMethods121 {
(account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext)
metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, user, callContext)
delete <- Future(metadata.deleteWhereTag(viewId, user, account)) map {
delete <- Future(metadata.deleteWhereTag(viewId, user, account, callContext)) map {
unboxFullOrFail(_, callContext, "Delete not completed")
}
} yield {

12
obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
View File

@ -421,7 +421,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
failMsg = ErrorMessages.InvalidISOCurrencyCode.concat("Please specify a valid value for CURRENCY of your Bank Account. ")
_ <- NewStyle.function.isValidCurrencyISOCode(fromAccount.currency, failMsg, callContext)
view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
transactionRequestTypes <- Future(Connector.connector.vend.getTransactionRequestTypes(u, fromAccount)) map {
transactionRequestTypes <- Future(Connector.connector.vend.getTransactionRequestTypes(u, fromAccount, callContext)) map {
connectorEmptyResponse(_, callContext)
}
transactionRequestTypeCharges <- Future(Connector.connector.vend.getTransactionRequestTypeCharges(bankId, accountId, viewId, transactionRequestTypes)) map {
@ -462,8 +462,8 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {ErrorMessages.BankNotFound}
fromAccount <- BankAccountX(bankId, accountId) ?~! {ErrorMessages.AccountNotFound}
_ <- booleanToBox( u.hasOwnerViewAccess(BankIdAccountId(bankId, accountId)), UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId)
transactionRequests <- Connector.connector.vend.getTransactionRequests(u, fromAccount)
_ <- booleanToBox( u.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext), UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId)
transactionRequests <- Connector.connector.vend.getTransactionRequests(u, fromAccount, callContext)
}
yield {
// TODO return 1.4.0 version of Transaction Requests!
@ -539,7 +539,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
_ <- tryo(assert(fromAccount.currency == toAccount.currency)) ?~! {"Counterparty and holder accounts have differing currencies."}
_ <- tryo(assert(transBodyJson.value.currency == fromAccount.currency)) ?~! {"Request currency and holder account currency can't be different."}
_ <- tryo {BigDecimal(transBodyJson.value.amount)} ?~! s"Amount ${transBodyJson.value.amount} not convertible to number"
createdTransactionRequest <- Connector.connector.vend.createTransactionRequest(u, fromAccount, toAccount, transactionRequestType, transBody)
createdTransactionRequest <- Connector.connector.vend.createTransactionRequest(u, fromAccount, toAccount, transactionRequestType, transBody, callContext)
oldTransactionRequest <- transforOldTransactionRequest(createdTransactionRequest)
} yield {
val json = Extraction.decompose(oldTransactionRequest)
@ -594,12 +594,12 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {ErrorMessages.BankNotFound}
fromAccount <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u))
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), Some(cc))
answerJson <- tryo{json.extract[ChallengeAnswerJSON]} ?~ InvalidJsonFormat
//TODO check more things here
_ <- Connector.connector.vend.answerTransactionRequestChallenge(transReqId, answerJson.answer)
//create transaction and insert its id into the transaction request
transactionRequest <- Connector.connector.vend.createTransactionAfterChallenge(u, transReqId)
transactionRequest <- Connector.connector.vend.createTransactionAfterChallenge(u, transReqId, callContext)
oldTransactionRequest <- transforOldTransactionRequest(transactionRequest)
} yield {
val successJson = Extraction.decompose(oldTransactionRequest)

24
obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
View File

@ -882,7 +882,7 @@ trait APIMethods200 {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~ BankAccountNotFound
// Assume owner view was requested
view <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(account.bankId, account.accountId))
view <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(account.bankId, account.accountId), Some(cc))
moderatedAccount <- account.moderatedBankAccount(view, BankIdAccountId(bankId, accountId), cc.user, Some(cc))
} yield {
val moderatedAccountJson = JSONFactory200.createCoreBankAccountJSON(moderatedAccount)
@ -924,7 +924,7 @@ trait APIMethods200 {
params <- createQueriesByHttpParams(req.request.headers)
(bank, callContext) <- BankX(bankId, Some(cc)) ?~ BankNotFound
bankAccount <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
view <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId,bankAccount.accountId))
view <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId,bankAccount.accountId), Some(cc))
(transactions, callContext) <- bankAccount.getModeratedTransactions(bank, cc.user, view, BankIdAccountId(bankId, accountId), None, params)
} yield {
val json = JSONFactory200.createCoreTransactionsJSON(transactions)
@ -974,7 +974,7 @@ trait APIMethods200 {
(bank, callContext) <- BankX(bankId, Some(cc)) ?~ BankNotFound // Check bank exists.
account <- BankAccountX(bank.bankId, accountId) ?~ {ErrorMessages.AccountNotFound} // Check Account exists.
availableViews <- Full(Views.views.vend.privateViewsUserCanAccessForAccount(u, BankIdAccountId(account.bankId, account.accountId)))
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u))
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext)
moderatedAccount <- account.moderatedBankAccount(view, BankIdAccountId(bankId, accountId), cc.user, callContext)
} yield {
val viewsAvailable = availableViews.map(JSONFactory121.createViewJSON).sortBy(_.short_name)
@ -1010,7 +1010,7 @@ trait APIMethods200 {
(Full(u), callContext) <- authenticatedAccess(cc)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
permissions <- NewStyle.function.permissions(account, u)
permissions <- NewStyle.function.permissions(account, u, callContext)
} yield {
val permissionsJSON = JSONFactory121.createPermissionsJSON(permissions.sortBy(_.user.emailAddress))
(permissionsJSON, HttpCode.`200`(callContext))
@ -1044,7 +1044,7 @@ trait APIMethods200 {
u <- cc.user ?~! ErrorMessages.UserNotLoggedIn // Check we have a user (rather than error or empty)
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound // Check bank exists.
account <- BankAccountX(bank.bankId, accountId) ?~! {ErrorMessages.AccountNotFound} // Check Account exists.
permission <- account permission(u, provider, providerId)
permission <- account permission(u, provider, providerId, Some(cc))
} yield {
// TODO : Note this is using old createViewsJSON without can_add_counterparty etc.
val views = JSONFactory121.createViewsJSON(permission.views.sortBy(_.viewId.value))
@ -1281,9 +1281,9 @@ trait APIMethods200 {
_ <- tryo(assert(isValidID(accountId.value)))?~! InvalidAccountIdFormat
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! BankNotFound
fromAccount <- BankAccountX(bankId, accountId) ?~! AccountNotFound
_ <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u)) match {
_ <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext) match {
case Full(_) =>
booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) == true)
booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext) == true)
case _ =>
NewStyle.function.ownEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest, cc.callContext, InsufficientAuthorisationToCreateTransactionRequest)
}
@ -1297,7 +1297,7 @@ trait APIMethods200 {
validTransactionRequestTypesList <- tryo{validTransactionRequestTypes.split(",")}
_ <- tryo(assert(transactionRequestType.value != "TRANSACTION_REQUEST_TYPE" && validTransactionRequestTypesList.contains(transactionRequestType.value))) ?~! s"${InvalidTransactionRequestType} : Invalid value is: '${transactionRequestType.value}' Valid values are: ${validTransactionRequestTypes}"
_ <- tryo(assert(transBodyJson.value.currency == fromAccount.currency)) ?~! InvalidTransactionRequestCurrency
createdTransactionRequest <- Connector.connector.vend.createTransactionRequestv200(u, fromAccount, toAccount, transactionRequestType, transBody)
createdTransactionRequest <- Connector.connector.vend.createTransactionRequestv200(u, fromAccount, toAccount, transactionRequestType, transBody, callContext)
} yield {
// Explicitly format as v2.0.0 json
val json = JSONFactory200.createTransactionRequestWithChargeJSON(createdTransactionRequest)
@ -1349,8 +1349,8 @@ trait APIMethods200 {
_ <- tryo(assert(isValidID(bankId.value)))?~! ErrorMessages.InvalidBankIdFormat
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! BankNotFound
fromAccount <- BankAccountX(bankId, accountId) ?~! AccountNotFound
view <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u))
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId))) Full(Unit)
view <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext)) Full(Unit)
else NewStyle.function.ownEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest, cc.callContext, InsufficientAuthorisationToCreateTransactionRequest)
// Note: These checks are not in the ideal order. See version 2.1.0 which supercedes this
@ -1433,8 +1433,8 @@ trait APIMethods200 {
u <- cc.user ?~! UserNotLoggedIn
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! BankNotFound
fromAccount <- BankAccountX(bankId, accountId) ?~! AccountNotFound
view <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u))
transactionRequests <- Connector.connector.vend.getTransactionRequests(u, fromAccount)
view <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
transactionRequests <- Connector.connector.vend.getTransactionRequests(u, fromAccount, callContext)
}
yield {
// Format the data as V2.0.0 json

4
obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala
View File

@ -710,8 +710,8 @@ trait APIMethods210 {
u <- cc.user ?~ UserNotLoggedIn
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {BankNotFound}
(fromAccount, callContext) <- BankAccountX(bankId, accountId, Some(cc)) ?~! {AccountNotFound}
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u))
_ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)), UserNoOwnerView)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
_ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext), UserNoOwnerView)
(transactionRequests,callContext) <- Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext)
}
yield {

8
obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala
View File

@ -100,7 +100,7 @@ trait APIMethods220 {
(Full(u), callContext) <- authenticatedAccess(cc)
(account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId, cc=callContext) {
u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId))
u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), callContext)
}
views <- Future(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId)))
} yield {
@ -163,7 +163,7 @@ trait APIMethods220 {
createViewJsonV121.hide_metadata_if_alias_used,
createViewJsonV121.allowed_actions
)
view <- account createCustomView (u, createViewJson)
view <- account.createCustomView(u, createViewJson, Some(cc))
} yield {
val viewJSON = JSONFactory220.createViewJSON(view)
successJsonResponse(Extraction.decompose(viewJSON), 201)
@ -204,7 +204,7 @@ trait APIMethods220 {
updateJsonV121 <- tryo{json.extract[UpdateViewJsonV121]} ?~!InvalidJsonFormat
//customer views are started ith `_`,eg _life, _work, and System views startWith letter, eg: owner
_ <- booleanToBox(viewId.value.startsWith("_"), InvalidCustomViewFormat+s"Current view_name (${viewId.value})")
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), cc.user)
view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), cc.user, Some(cc))
_ <- booleanToBox(!view.isSystem, SystemViewsCanNotBeModified)
u <- cc.user ?~!UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~!BankAccountNotFound
@ -216,7 +216,7 @@ trait APIMethods220 {
hide_metadata_if_alias_used = updateJsonV121.hide_metadata_if_alias_used,
allowed_actions = updateJsonV121.allowed_actions
)
updatedView <- account.updateView(u, viewId, updateViewJson)
updatedView <- account.updateView(u, viewId, updateViewJson, Some(cc))
} yield {
val viewJSON = JSONFactory220.createViewJSON(updatedView)
successJsonResponse(Extraction.decompose(viewJSON), 200)

8
obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala
View File

@ -111,7 +111,7 @@ trait APIMethods300 {
(Full(u), callContext) <- authenticatedAccess(cc)
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId, cc=callContext){
u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId))
u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), callContext)
}
} yield {
for {
@ -176,7 +176,7 @@ trait APIMethods300 {
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
} yield {
for {
view <- account createCustomView (u, createViewJson)
view <- account.createCustomView (u, createViewJson, callContext)
} yield {
(JSONFactory300.createViewJSON(view), callContext.map(_.copy(httpCode = Some(201))))
}
@ -211,7 +211,7 @@ trait APIMethods300 {
(Full(u), callContext) <- authenticatedAccess(cc)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
(account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
permission <- Future { account permission(u, provider, providerId) } map {
permission <- Future { account.permission(u, provider, providerId, callContext) } map {
x => fullBoxOrException(x ~> APIFailureNewStyle(UserNoOwnerView, 400, callContext.map(_.toLight)))
} map { unboxFull(_) }
} yield {
@ -270,7 +270,7 @@ trait APIMethods300 {
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
} yield {
for {
updatedView <- account.updateView(u, viewId, updateJson.toUpdateViewJson)
updatedView <- account.updateView(u, viewId, updateJson.toUpdateViewJson, callContext)
} yield {
(JSONFactory300.createViewJSON(updatedView), HttpCode.`200`(callContext))
}

2
obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
View File

@ -1088,7 +1088,7 @@ trait APIMethods310 {
(fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext)
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView, cc=callContext) {
u.hasOwnerViewAccess(BankIdAccountId(bankId,accountId))
u.hasOwnerViewAccess(BankIdAccountId(bankId,accountId), callContext)
}
(transactionRequests, callContext) <- Future(Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext)) map {
unboxFullOrFail(_, callContext, GetTransactionRequestsException)

8
obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala
View File

@ -2776,7 +2776,7 @@ trait APIMethods400 {
json.extract[UpdateAccountJsonV400]
}
} yield {
account.updateLabel(u, json.label)
account.updateLabel(u, json.label, callContext)
(Extraction.decompose(successMessage), HttpCode.`200`(callContext))
}
}
@ -4537,11 +4537,11 @@ trait APIMethods400 {
}
_ <- NewStyle.function.canRevokeAccessToView(bankId, accountId, cc.loggedInUser, cc.callContext)
(user, callContext) <- NewStyle.function.findByUserId(cc.loggedInUser.userId, cc.callContext)
_ <- Future(Views.views.vend.revokeAccountAccessByUser(bankId, accountId, user)) map {
_ <- Future(Views.views.vend.revokeAccountAccessByUser(bankId, accountId, user, callContext)) map {
unboxFullOrFail(_, callContext, s"Cannot revoke")
}
grantViews = for (viewId <- postJson.views) yield ViewIdBankIdAccountId(ViewId(viewId), bankId, accountId)
_ <- Future(Views.views.vend.grantAccessToMultipleViews(grantViews, user)) map {
_ <- Future(Views.views.vend.grantAccessToMultipleViews(grantViews, user, callContext)) map {
unboxFullOrFail(_, callContext, s"Cannot grant the views: ${postJson.views.mkString(",")}")
}
} yield {
@ -5148,7 +5148,7 @@ trait APIMethods400 {
(user @Full(u), _, account, view, callContext) <- SS.userBankAccountView
_ <- NewStyle.function.isEnabledTransactionRequests(callContext)
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView, cc=callContext) {
u.hasOwnerViewAccess(BankIdAccountId(bankId,accountId))
u.hasOwnerViewAccess(BankIdAccountId(bankId,accountId), callContext)
}
(transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(requestId, callContext)
} yield {

2
obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
View File

@ -1532,7 +1532,7 @@ trait APIMethods500 {
val res =
for {
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + cc.userId + ". account : " + accountId, cc=cc.callContext){
cc.loggedInUser.hasOwnerViewAccess(BankIdAccountId(bankId, accountId))
cc.loggedInUser.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), Some(cc))
}
} yield {
for {

29
obp-api/src/main/scala/code/bankconnectors/Connector.scala
View File

@ -749,11 +749,11 @@ trait Connector extends MdcLoggable {
* @return The id of the sender's new transaction,
*/
def makePayment(initiator : User, fromAccountUID : BankIdAccountId, toAccountUID : BankIdAccountId,
amt : BigDecimal, description : String, transactionRequestType: TransactionRequestType) : Box[TransactionId] = {
amt : BigDecimal, description : String, transactionRequestType: TransactionRequestType, callContext: Option[CallContext]) : Box[TransactionId] = {
for{
fromAccount <- getBankAccountOld(fromAccountUID.bankId, fromAccountUID.accountId) ?~
s"$BankAccountNotFound Account ${fromAccountUID.accountId} not found at bank ${fromAccountUID.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext), UserNoOwnerView)
toAccount <- getBankAccountOld(toAccountUID.bankId, toAccountUID.accountId) ?~
s"$BankAccountNotFound Account ${toAccountUID.accountId} not found at bank ${toAccountUID.bankId}"
sameCurrency <- booleanToBox(fromAccount.currency == toAccount.currency, {
@ -824,7 +824,7 @@ trait Connector extends MdcLoggable {
// This is used for 1.4.0 See createTransactionRequestv200 for 2.0.0
def createTransactionRequest(initiator : User, fromAccount : BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody) : Box[TransactionRequest] = {
def createTransactionRequest(initiator : User, fromAccount : BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody, callContext: Option[CallContext]) : Box[TransactionRequest] = {
//set initial status
//for sandbox / testing: depending on amount, we ask for challenge or not
val status =
@ -840,7 +840,7 @@ trait Connector extends MdcLoggable {
val request = for {
fromAccountType <- getBankAccountOld(fromAccount.bankId, fromAccount.accountId) ?~
s"account ${fromAccount.accountId} not found at bank ${fromAccount.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext), UserNoOwnerView)
toAccountType <- getBankAccountOld(toAccount.bankId, toAccount.accountId) ?~
s"account ${toAccount.accountId} not found at bank ${toAccount.bankId}"
rawAmt <- tryo { BigDecimal(body.value.amount) } ?~! s"amount ${body.value.amount} not convertible to number"
@ -859,7 +859,8 @@ trait Connector extends MdcLoggable {
//if no challenge necessary, create transaction immediately and put in data store and object to return
if (status == TransactionRequestStatus.COMPLETED) {
val createdTransactionId = Connector.connector.vend.makePayment(initiator, BankIdAccountId(fromAccount.bankId, fromAccount.accountId),
BankIdAccountId(toAccount.bankId, toAccount.accountId), BigDecimal(body.value.amount), body.description, transactionRequestType)
BankIdAccountId(toAccount.bankId, toAccount.accountId), BigDecimal(body.value.amount), body.description, transactionRequestType,
callContext: Option[CallContext])
//set challenge to null
result = result.copy(challenge = null)
@ -885,7 +886,8 @@ trait Connector extends MdcLoggable {
}
def createTransactionRequestv200(initiator : User, fromAccount : BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody) : Box[TransactionRequest] = {
def createTransactionRequestv200(initiator : User, fromAccount : BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody,
callContext: Option[CallContext]) : Box[TransactionRequest] = {
//set initial status
//for sandbox / testing: depending on amount, we ask for challenge or not
val status =
@ -899,7 +901,7 @@ trait Connector extends MdcLoggable {
// Always create a new Transaction Request
val request = for {
fromAccountType <- getBankAccountOld(fromAccount.bankId, fromAccount.accountId) ?~ s"account ${fromAccount.accountId} not found at bank ${fromAccount.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) == true || hasEntitlement(fromAccount.bankId.value, initiator.userId, canCreateAnyTransactionRequest) == true, ErrorMessages.InsufficientAuthorisationToCreateTransactionRequest)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId),callContext) == true || hasEntitlement(fromAccount.bankId.value, initiator.userId, canCreateAnyTransactionRequest) == true, ErrorMessages.InsufficientAuthorisationToCreateTransactionRequest)
toAccountType <- getBankAccountOld(toAccount.bankId, toAccount.accountId) ?~ s"account ${toAccount.accountId} not found at bank ${toAccount.bankId}"
rawAmt <- tryo { BigDecimal(body.value.amount) } ?~! s"amount ${body.value.amount} not convertible to number"
// isValidTransactionRequestType is checked at API layer. Maybe here too.
@ -1166,12 +1168,12 @@ trait Connector extends MdcLoggable {
def saveTransactionRequestDescriptionImpl(transactionRequestId: TransactionRequestId, description: String): Box[Boolean] = TransactionRequests.transactionRequestProvider.vend.saveTransactionRequestDescriptionImpl(transactionRequestId, description)
def getTransactionRequests(initiator : User, fromAccount : BankAccount) : Box[List[TransactionRequest]] = {
def getTransactionRequests(initiator : User, fromAccount : BankAccount, callContext: Option[CallContext]) : Box[List[TransactionRequest]] = {
val transactionRequests =
for {
fromAccount <- getBankAccountOld(fromAccount.bankId, fromAccount.accountId) ?~
s"account ${fromAccount.accountId} not found at bank ${fromAccount.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext), UserNoOwnerView)
transactionRequests <- getTransactionRequestsImpl(fromAccount)
} yield transactionRequests
@ -1230,9 +1232,9 @@ trait Connector extends MdcLoggable {
def getTransactionRequestImpl(transactionRequestId: TransactionRequestId, callContext: Option[CallContext]): Box[(TransactionRequest, Option[CallContext])] = TransactionRequests.transactionRequestProvider.vend.getTransactionRequest(transactionRequestId).map(transactionRequest =>(transactionRequest, callContext))
def getTransactionRequestTypes(initiator : User, fromAccount : BankAccount) : Box[List[TransactionRequestType]] = {
def getTransactionRequestTypes(initiator : User, fromAccount : BankAccount, callContext: Option[CallContext]) : Box[List[TransactionRequestType]] = {
for {
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext), UserNoOwnerView)
transactionRequestTypes <- getTransactionRequestTypesImpl(fromAccount)
} yield transactionRequestTypes
}
@ -1276,11 +1278,12 @@ trait Connector extends MdcLoggable {
}
}
def createTransactionAfterChallenge(initiator: User, transReqId: TransactionRequestId) : Box[TransactionRequest] = {
def createTransactionAfterChallenge(initiator: User, transReqId: TransactionRequestId, callContext: Option[CallContext]) : Box[TransactionRequest] = {
for {
(tr, callContext)<- getTransactionRequestImpl(transReqId, None) ?~! s"${ErrorMessages.InvalidTransactionRequestId} : $transReqId"
transId <- makePayment(initiator, BankIdAccountId(BankId(tr.from.bank_id), AccountId(tr.from.account_id)),
BankIdAccountId (BankId(tr.body.to_sandbox_tan.get.bank_id), AccountId(tr.body.to_sandbox_tan.get.account_id)), BigDecimal (tr.body.value.amount), tr.body.description, TransactionRequestType(tr.`type`)) ?~! InvalidConnectorResponseForMakePayment
BankIdAccountId (BankId(tr.body.to_sandbox_tan.get.bank_id), AccountId(tr.body.to_sandbox_tan.get.account_id)), BigDecimal (tr.body.value.amount), tr.body.description, TransactionRequestType(tr.`type`),
callContext) ?~! InvalidConnectorResponseForMakePayment
didSaveTransId <- saveTransactionRequestTransaction(transReqId, transId)
didSaveStatus <- saveTransactionRequestStatusImpl(transReqId, TransactionRequestStatus.COMPLETED.toString)
//get transaction request again now with updated values

31
obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
View File

@ -4650,11 +4650,12 @@ object LocalMappedConnector extends Connector with MdcLoggable {
* @return The id of the sender's new transaction,
*/
override def makePayment(initiator: User, fromAccountUID: BankIdAccountId, toAccountUID: BankIdAccountId,
amt: BigDecimal, description: String, transactionRequestType: TransactionRequestType): Box[TransactionId] = {
amt: BigDecimal, description: String, transactionRequestType: TransactionRequestType,
callContext: Option[CallContext]): Box[TransactionId] = {
for {
fromAccount <- getBankAccountOld(fromAccountUID.bankId, fromAccountUID.accountId) ?~
s"$BankAccountNotFound Account ${fromAccountUID.accountId} not found at bank ${fromAccountUID.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext), UserNoOwnerView)
toAccount <- getBankAccountOld(toAccountUID.bankId, toAccountUID.accountId) ?~
s"$BankAccountNotFound Account ${toAccountUID.accountId} not found at bank ${toAccountUID.bankId}"
sameCurrency <- booleanToBox(fromAccount.currency == toAccount.currency, {
@ -4697,7 +4698,8 @@ object LocalMappedConnector extends Connector with MdcLoggable {
}
// This is used for 1.4.0 See createTransactionRequestv200 for 2.0.0
override def createTransactionRequest(initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody): Box[TransactionRequest] = {
override def createTransactionRequest(initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody,
callContext: Option[CallContext]): Box[TransactionRequest] = {
//set initial status
//for sandbox / testing: depending on amount, we ask for challenge or not
val status =
@ -4711,7 +4713,7 @@ object LocalMappedConnector extends Connector with MdcLoggable {
val request = for {
fromAccountType <- getBankAccountOld(fromAccount.bankId, fromAccount.accountId) ?~
s"account ${fromAccount.accountId} not found at bank ${fromAccount.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext), UserNoOwnerView)
toAccountType <- getBankAccountOld(toAccount.bankId, toAccount.accountId) ?~
s"account ${toAccount.accountId} not found at bank ${toAccount.bankId}"
rawAmt <- tryo {
@ -4732,7 +4734,8 @@ object LocalMappedConnector extends Connector with MdcLoggable {
//if no challenge necessary, create transaction immediately and put in data store and object to return
if (status == TransactionRequestStatus.COMPLETED) {
val createdTransactionId = Connector.connector.vend.makePayment(initiator, BankIdAccountId(fromAccount.bankId, fromAccount.accountId),
BankIdAccountId(toAccount.bankId, toAccount.accountId), BigDecimal(body.value.amount), body.description, transactionRequestType)
BankIdAccountId(toAccount.bankId, toAccount.accountId), BigDecimal(body.value.amount), body.description, transactionRequestType,
callContext)
//set challenge to null
result = result.copy(challenge = null)
@ -4757,7 +4760,8 @@ object LocalMappedConnector extends Connector with MdcLoggable {
Full(result)
}
override def createTransactionRequestv200(initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody): Box[TransactionRequest] = {
override def createTransactionRequestv200(initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody,
callContext: Option[CallContext]): Box[TransactionRequest] = {
//set initial status
//for sandbox / testing: depending on amount, we ask for challenge or not
val status =
@ -4771,7 +4775,7 @@ object LocalMappedConnector extends Connector with MdcLoggable {
// Always create a new Transaction Request
val request = for {
fromAccountType <- getBankAccountOld(fromAccount.bankId, fromAccount.accountId) ?~ s"account ${fromAccount.accountId} not found at bank ${fromAccount.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId)) == true || hasEntitlement(fromAccount.bankId.value, initiator.userId, canCreateAnyTransactionRequest) == true, ErrorMessages.InsufficientAuthorisationToCreateTransactionRequest)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext) == true || hasEntitlement(fromAccount.bankId.value, initiator.userId, canCreateAnyTransactionRequest) == true, ErrorMessages.InsufficientAuthorisationToCreateTransactionRequest)
toAccountType <- getBankAccountOld(toAccount.bankId, toAccount.accountId) ?~ s"account ${toAccount.accountId} not found at bank ${toAccount.bankId}"
rawAmt <- tryo {
BigDecimal(body.value.amount)
@ -5193,12 +5197,12 @@ object LocalMappedConnector extends Connector with MdcLoggable {
saveTransactionRequestTransactionImpl(transactionRequestId, transactionId)
}
override def getTransactionRequests(initiator: User, fromAccount: BankAccount): Box[List[TransactionRequest]] = {
override def getTransactionRequests(initiator: User, fromAccount: BankAccount, callContext: Option[CallContext]): Box[List[TransactionRequest]] = {
val transactionRequests =
for {
fromAccount <- getBankAccountOld(fromAccount.bankId, fromAccount.accountId) ?~
s"account ${fromAccount.accountId} not found at bank ${fromAccount.bankId}"
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext), UserNoOwnerView)
transactionRequests <- getTransactionRequestsImpl(fromAccount)
} yield transactionRequests
@ -5251,9 +5255,9 @@ object LocalMappedConnector extends Connector with MdcLoggable {
override def getTransactionRequestImpl(transactionRequestId: TransactionRequestId, callContext: Option[CallContext]): Box[(TransactionRequest, Option[CallContext])] =
TransactionRequests.transactionRequestProvider.vend.getTransactionRequest(transactionRequestId).map(transactionRequest => (transactionRequest, callContext))
override def getTransactionRequestTypes(initiator: User, fromAccount: BankAccount): Box[List[TransactionRequestType]] = {
override def getTransactionRequestTypes(initiator: User, fromAccount: BankAccount, callContext: Option[CallContext]): Box[List[TransactionRequestType]] = {
for {
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId)), UserNoOwnerView)
isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext), UserNoOwnerView)
transactionRequestTypes <- getTransactionRequestTypesImpl(fromAccount)
} yield transactionRequestTypes
}
@ -5296,11 +5300,12 @@ object LocalMappedConnector extends Connector with MdcLoggable {
}
}
override def createTransactionAfterChallenge(initiator: User, transReqId: TransactionRequestId): Box[TransactionRequest] = {
override def createTransactionAfterChallenge(initiator: User, transReqId: TransactionRequestId, callContext: Option[CallContext]): Box[TransactionRequest] = {
for {
(tr, callContext) <- getTransactionRequestImpl(transReqId, None) ?~! s"${ErrorMessages.InvalidTransactionRequestId} : $transReqId"
transId <- makePayment(initiator, BankIdAccountId(BankId(tr.from.bank_id), AccountId(tr.from.account_id)),
BankIdAccountId(BankId(tr.body.to_sandbox_tan.get.bank_id), AccountId(tr.body.to_sandbox_tan.get.account_id)), BigDecimal(tr.body.value.amount), tr.body.description, TransactionRequestType(tr.`type`)) ?~! InvalidConnectorResponseForMakePayment
BankIdAccountId(BankId(tr.body.to_sandbox_tan.get.bank_id), AccountId(tr.body.to_sandbox_tan.get.account_id)), BigDecimal(tr.body.value.amount), tr.body.description, TransactionRequestType(tr.`type`),
callContext) ?~! InvalidConnectorResponseForMakePayment
didSaveTransId <- saveTransactionRequestTransaction(transReqId, transId)
didSaveStatus <- saveTransactionRequestStatusImpl(transReqId, TransactionRequestStatus.COMPLETED.toString)
//get transaction request again now with updated values

67
obp-api/src/main/scala/code/model/BankingData.scala
View File

@ -155,16 +155,16 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
/*
* Delete this account (if connector allows it, e.g. local mirror of account data)
* */
final def remove(user : User): Box[Boolean] = {
if(user.hasOwnerViewAccess(BankIdAccountId(bankId,accountId))){
final def remove(user : User, callContext: Option[CallContext]): Box[Boolean] = {
if(user.hasOwnerViewAccess(BankIdAccountId(bankId,accountId), callContext)){
Full(Connector.connector.vend.removeAccount(bankId, accountId).openOrThrowException(attemptedToOpenAnEmptyBox))
} else {
Failure(UserNoOwnerView+"user's email : " + user.emailAddress + ". account : " + accountId, Empty, Empty)
}
}
final def updateLabel(user : User, label : String): Box[Boolean] = {
if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId))){
final def updateLabel(user : User, label : String, callContext: Option[CallContext]): Box[Boolean] = {
if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext)){
Connector.connector.vend.updateAccountLabel(bankId, accountId, label)
} else {
Failure(UserNoOwnerView+"user's email : " + user.emailAddress + ". account : " + accountId, Empty, Empty)
@ -236,9 +236,9 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @param user a user requesting to see the other users' permissions
* @return a Box of all the users' permissions of this bank account if the user passed as a parameter has access to the owner view (allowed to see this kind of data)
*/
final def permissions(user : User) : Box[List[Permission]] = {
final def permissions(user : User, callContext: Option[CallContext]) : Box[List[Permission]] = {
//check if the user have access to the owner view in this the account
if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId)))
if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext))
Full(Views.views.vend.permissions(BankIdAccountId(bankId, accountId)))
else
Failure("user " + user.emailAddress + " does not have access to owner view on account " + accountId, Empty, Empty)
@ -250,9 +250,9 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @param otherUserIdGivenByProvider the id of the user (the one given by their auth provider) whose permissions will be retrieved
* @return a Box of the user permissions of this bank account if the user passed as a parameter has access to the owner view (allowed to see this kind of data)
*/
final def permission(user : User, otherUserProvider : String, otherUserIdGivenByProvider: String) : Box[Permission] = {
final def permission(user : User, otherUserProvider : String, otherUserIdGivenByProvider: String, callContext: Option[CallContext]) : Box[Permission] = {
//check if the user have access to the owner view in this the account
if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId)))
if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext))
for{
u <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider)
p <- Views.views.vend.permission(BankIdAccountId(bankId, accountId), u)
@ -268,7 +268,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @param otherUserIdGivenByProvider the id of the user (the one given by their auth provider) to whom access to the view will be granted
* @return a Full(true) if everything is okay, a Failure otherwise
*/
final def grantAccessToView(user : User, viewUID : ViewIdBankIdAccountId, otherUserProvider : String, otherUserIdGivenByProvider: String) : Box[View] = {
final def grantAccessToView(user : User, viewUID : ViewIdBankIdAccountId, otherUserProvider : String, otherUserIdGivenByProvider: String, callContext: Option[CallContext]) : Box[View] = {
def grantAccessToCustomOrSystemView(user: User): Box[View] = {
val ViewIdBankIdAccountId(viewId, bankId, accountId) = viewUID
Views.views.vend.systemView(viewId) match {
@ -276,7 +276,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
case _ => Views.views.vend.grantAccessToCustomView(viewUID, user)
}
}
if(canGrantAccessToViewCommon(bankId, accountId, user))
if(canGrantAccessToViewCommon(bankId, accountId, user, callContext))
for{
otherUser <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider) //check if the userId corresponds to a user
savedView <- grantAccessToCustomOrSystemView(otherUser) ?~ "could not save the privilege"
@ -292,11 +292,12 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @param otherUserIdGivenByProvider the id of the user (the one given by their auth provider) to whom access to the views will be granted
* @return a the list of the granted views if everything is okay, a Failure otherwise
*/
final def grantAccessToMultipleViews(user : User, viewUIDs : List[ViewIdBankIdAccountId], otherUserProvider : String, otherUserIdGivenByProvider: String) : Box[List[View]] = {
if(canGrantAccessToViewCommon(bankId, accountId, user))
final def grantAccessToMultipleViews(user : User, viewUIDs : List[ViewIdBankIdAccountId], otherUserProvider : String, otherUserIdGivenByProvider: String,
callContext: Option[CallContext]) : Box[List[View]] = {
if(canGrantAccessToViewCommon(bankId, accountId, user, callContext))
for{
otherUser <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider) //check if the userId corresponds to a user
grantedViews <- Views.views.vend.grantAccessToMultipleViews(viewUIDs, otherUser) ?~ "could not save the privilege"
grantedViews <- Views.views.vend.grantAccessToMultipleViews(viewUIDs, otherUser, callContext) ?~ "could not save the privilege"
} yield grantedViews
else
Failure(UserNoOwnerView+"user's email : " + user.emailAddress + ". account : " + accountId, Empty, Empty)
@ -309,7 +310,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @param otherUserIdGivenByProvider the id of the user (the one given by their auth provider) to whom access to the view will be revoked
* @return a Full(true) if everything is okay, a Failure otherwise
*/
final def revokeAccessToView(user : User, viewUID : ViewIdBankIdAccountId, otherUserProvider : String, otherUserIdGivenByProvider: String) : Box[Boolean] = {
final def revokeAccessToView(user : User, viewUID : ViewIdBankIdAccountId, otherUserProvider : String, otherUserIdGivenByProvider: String, callContext: Option[CallContext]) : Box[Boolean] = {
def revokeAccessToCustomOrSystemView(user: User): Box[Boolean] = {
val ViewIdBankIdAccountId(viewId, bankId, accountId) = viewUID
Views.views.vend.systemView(viewId) match {
@ -318,7 +319,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
}
//check if the user have access to the owner view in this the account
if(canRevokeAccessToViewCommon(bankId, accountId, user))
if(canRevokeAccessToViewCommon(bankId, accountId, user, callContext: Option[CallContext]))
for{
otherUser <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider) //check if the userId corresponds to a user
isRevoked <- revokeAccessToCustomOrSystemView(otherUser: User) ?~ "could not revoke the privilege"
@ -335,8 +336,8 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @return a Full(true) if everything is okay, a Failure otherwise
*/
final def revokeAllAccountAccess(user : User, otherUserProvider : String, otherUserIdGivenByProvider: String) : Box[Boolean] = {
if(canRevokeAccessToViewCommon(bankId, accountId, user))
final def revokeAllAccountAccess(user : User, otherUserProvider : String, otherUserIdGivenByProvider: String, callContext: Option[CallContext]) : Box[Boolean] = {
if(canRevokeAccessToViewCommon(bankId, accountId, user, callContext))
for{
otherUser <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider) ?~ UserNotFoundByProviderAndUsername
isRevoked <- Views.views.vend.revokeAllAccountAccess(bankId, accountId, otherUser)
@ -346,8 +347,8 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
final def createCustomView(userDoingTheCreate : User,v: CreateViewJson): Box[View] = {
if(!userDoingTheCreate.hasOwnerViewAccess(BankIdAccountId(bankId,accountId))) {
final def createCustomView(userDoingTheCreate : User,v: CreateViewJson, callContext: Option[CallContext]): Box[View] = {
if(!userDoingTheCreate.hasOwnerViewAccess(BankIdAccountId(bankId,accountId), callContext)) {
Failure({"user: " + userDoingTheCreate.idGivenByProvider + " at provider " + userDoingTheCreate.provider + " does not have owner access"})
} else {
val view = Views.views.vend.createCustomView(BankIdAccountId(bankId,accountId), v)
@ -361,8 +362,8 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
}
final def updateView(userDoingTheUpdate : User, viewId : ViewId, v: UpdateViewJSON) : Box[View] = {
if(!userDoingTheUpdate.hasOwnerViewAccess(BankIdAccountId(bankId,accountId))) {
final def updateView(userDoingTheUpdate : User, viewId : ViewId, v: UpdateViewJSON, callContext: Option[CallContext]) : Box[View] = {
if(!userDoingTheUpdate.hasOwnerViewAccess(BankIdAccountId(bankId,accountId), callContext)) {
Failure({"user: " + userDoingTheUpdate.idGivenByProvider + " at provider " + userDoingTheUpdate.provider + " does not have owner access"})
} else {
val view = Views.views.vend.updateCustomView(BankIdAccountId(bankId,accountId), viewId, v)
@ -375,8 +376,8 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
}
final def removeView(userDoingTheRemove : User, viewId: ViewId) : Box[Boolean] = {
if(!userDoingTheRemove.hasOwnerViewAccess(BankIdAccountId(bankId,accountId))) {
final def removeView(userDoingTheRemove : User, viewId: ViewId, callContext: Option[CallContext]) : Box[Boolean] = {
if(!userDoingTheRemove.hasOwnerViewAccess(BankIdAccountId(bankId,accountId), callContext)) {
return Failure({"user: " + userDoingTheRemove.idGivenByProvider + " at provider " + userDoingTheRemove.provider + " does not have owner access"})
} else {
val deleted = Views.views.vend.removeCustomView(viewId, BankIdAccountId(bankId,accountId))
@ -391,7 +392,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
final def moderatedTransaction(transactionId: TransactionId, view: View, bankIdAccountId: BankIdAccountId, user: Box[User], callContext: Option[CallContext] = None) : Box[(ModeratedTransaction, Option[CallContext])] = {
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user))
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user, callContext))
for{
(transaction, callContext)<-Connector.connector.vend.getTransactionLegacy(bankId, accountId, transactionId, callContext)
moderatedTransaction<- view.moderateTransaction(transaction)
@ -400,7 +401,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
viewNotAllowed(view)
}
final def moderatedTransactionFuture(transactionId: TransactionId, view: View, user: Box[User], callContext: Option[CallContext] = None) : Future[Box[(ModeratedTransaction, Option[CallContext])]] = {
if(APIUtil.hasAccountAccess(view, BankIdAccountId(bankId, accountId), user))
if(APIUtil.hasAccountAccess(view, BankIdAccountId(bankId, accountId), user, callContext))
for{
(transaction, callContext)<-Connector.connector.vend.getTransaction(bankId, accountId, transactionId, callContext) map {
x => (unboxFullOrFail(x._1, callContext, TransactionNotFound, 400), x._2)
@ -421,7 +422,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
// TODO We should extract params (and their defaults) prior to this call, so this whole function can be cached.
final def getModeratedTransactions(bank: Bank, user : Box[User], view : View, bankIdAccountId: BankIdAccountId, callContext: Option[CallContext], queryParams: List[OBPQueryParam] = Nil): Box[(List[ModeratedTransaction],Option[CallContext])] = {
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user)) {
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user, callContext)) {
for {
(transactions, callContext) <- Connector.connector.vend.getTransactionsLegacy(bankId, accountId, callContext, queryParams)
moderated <- view.moderateTransactionsWithSameAccount(bank, transactions) ?~! "Server error"
@ -430,7 +431,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
else viewNotAllowed(view)
}
final def getModeratedTransactionsFuture(bank: Bank, user : Box[User], view : View, callContext: Option[CallContext], queryParams: List[OBPQueryParam] = Nil): Future[Box[(List[ModeratedTransaction],Option[CallContext])]] = {
if(APIUtil.hasAccountAccess(view, BankIdAccountId(bankId, accountId), user)) {
if(APIUtil.hasAccountAccess(view, BankIdAccountId(bankId, accountId), user, callContext)) {
for {
(transactions, callContext) <- Connector.connector.vend.getTransactions(bankId, accountId, callContext, queryParams) map {
x => (unboxFullOrFail(x._1, callContext, InvalidConnectorResponse, 400), x._2)
@ -447,7 +448,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
// TODO We should extract params (and their defaults) prior to this call, so this whole function can be cached.
final def getModeratedTransactionsCore(bank: Bank, user : Box[User], view : View, bankIdAccountId: BankIdAccountId, queryParams: List[OBPQueryParam], callContext: Option[CallContext] ): OBPReturnType[Box[List[ModeratedTransactionCore]]] = {
if(APIUtil.hasAccountAccess(view, bankIdAccountId,user)) {
if(APIUtil.hasAccountAccess(view, bankIdAccountId,user, callContext)) {
for {
(transactions, callContext) <- NewStyle.function.getTransactionsCore(bankId, accountId, queryParams, callContext)
moderated <- Future {view.moderateTransactionsWithSameAccountCore(bank, transactions)}
@ -457,7 +458,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
final def moderatedBankAccount(view: View, bankIdAccountId: BankIdAccountId, user: Box[User], callContext: Option[CallContext]) : Box[ModeratedBankAccount] = {
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user))
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user, callContext))
//implicit conversion from option to box
view.moderateAccountLegacy(bankAccount)
else
@ -465,7 +466,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
}
final def moderatedBankAccountCore(view: View, bankIdAccountId: BankIdAccountId, user: Box[User], callContext: Option[CallContext]) : Box[ModeratedBankAccountCore] = {
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user))
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user, callContext))
//implicit conversion from option to box
view.moderateAccountCore(bankAccount)
else
@ -479,8 +480,8 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* @return a Box of a list ModeratedOtherBankAccounts, it the bank
* accounts that have at least one transaction in common with this bank account
*/
final def moderatedOtherBankAccounts(view : View, bankIdAccountId: BankIdAccountId, user : Box[User]) : Box[List[ModeratedOtherBankAccount]] =
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user)){
final def moderatedOtherBankAccounts(view : View, bankIdAccountId: BankIdAccountId, user : Box[User], callContext: Option[CallContext]) : Box[List[ModeratedOtherBankAccount]] =
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user, callContext)){
val implicitModeratedOtherBankAccounts = Connector.connector.vend.getCounterpartiesFromTransaction(bankId, accountId).openOrThrowException(attemptedToOpenAnEmptyBox).map(oAcc => view.moderateOtherAccount(oAcc)).flatten
val explictCounterpartiesBox = Connector.connector.vend.getCounterpartiesLegacy(view.bankId, view.accountId, view.viewId)
explictCounterpartiesBox match {
@ -501,7 +502,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable
* account that have at least one transaction in common with this bank account
*/
final def moderatedOtherBankAccount(counterpartyID : String, view : View, bankIdAccountId: BankIdAccountId, user : Box[User], callContext: Option[CallContext]) : Box[ModeratedOtherBankAccount] =
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user))
if(APIUtil.hasAccountAccess(view, bankIdAccountId, user, callContext))
Connector.connector.vend.getCounterpartyByCounterpartyIdLegacy(CounterpartyId(counterpartyID), None).map(_._1).flatMap(BankAccountX.toInternalCounterparty).flatMap(view.moderateOtherAccount) match {
//First check the explict counterparty
case Full(moderatedOtherBankAccount) => Full(moderatedOtherBankAccount)

19
obp-api/src/main/scala/code/model/ModeratedBankingData.scala
View File

@ -27,8 +27,7 @@ TESOBE (http://www.tesobe.com/)
package code.model
import java.util.Date
import code.api.util.APIUtil
import code.api.util.{APIUtil, CallContext}
import code.api.util.ErrorMessages.NoViewPermission
import code.model.Moderation.Moderated
import code.util.Helper
@ -121,12 +120,12 @@ class ModeratedTransactionMetadata(
/**
* @return Full if deleting the tag worked, or a failure message if it didn't
*/
def deleteTag(tagId : String, user: Option[User], bankAccount : BankAccount) : Box[Unit] = {
def deleteTag(tagId : String, user: Option[User], bankAccount : BankAccount, callContext: Option[CallContext]) : Box[Unit] = {
for {
u <- Box(user) ?~ { UserNotLoggedIn}
tagList <- Box(tags) ?~ { s"$NoViewPermission can_delete_tag. " }
tag <- Box(tagList.find(tag => tag.id_ == tagId)) ?~ {"Tag with id " + tagId + "not found for this transaction"}
deleteFunc <- if(tag.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId)))
deleteFunc <- if(tag.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId), callContext))
Box(deleteTag) ?~ "Deleting tags not permitted for this view"
else
Failure("deleting tags not permitted for the current user")
@ -138,12 +137,12 @@ class ModeratedTransactionMetadata(
/**
* @return Full if deleting the image worked, or a failure message if it didn't
*/
def deleteImage(imageId : String, user: Option[User], bankAccount : BankAccount) : Box[Unit] = {
def deleteImage(imageId : String, user: Option[User], bankAccount : BankAccount, callContext: Option[CallContext]) : Box[Unit] = {
for {
u <- Box(user) ?~ { UserNotLoggedIn}
imageList <- Box(images) ?~ { s"$NoViewPermission can_delete_image." }
image <- Box(imageList.find(image => image.id_ == imageId)) ?~ {"Image with id " + imageId + "not found for this transaction"}
deleteFunc <- if(image.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId)))
deleteFunc <- if(image.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId), callContext))
Box(deleteImage) ?~ "Deleting images not permitted for this view"
else
Failure("Deleting images not permitted for the current user")
@ -152,12 +151,12 @@ class ModeratedTransactionMetadata(
}
}
def deleteComment(commentId: String, user: Option[User],bankAccount: BankAccount) : Box[Unit] = {
def deleteComment(commentId: String, user: Option[User],bankAccount: BankAccount, callContext: Option[CallContext]) : Box[Unit] = {
for {
u <- Box(user) ?~ { UserNotLoggedIn}
commentList <- Box(comments) ?~ { s"$NoViewPermission can_delete_comment." }
comment <- Box(commentList.find(comment => comment.id_ == commentId)) ?~ {"Comment with id "+commentId+" not found for this transaction"}
deleteFunc <- if(comment.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId)))
deleteFunc <- if(comment.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId), callContext))
Box(deleteComment) ?~ "Deleting comments not permitted for this view"
else
Failure("Deleting comments not permitted for the current user")
@ -166,12 +165,12 @@ class ModeratedTransactionMetadata(
}
}
def deleteWhereTag(viewId: ViewId, user: Option[User],bankAccount: BankAccount) : Box[Boolean] = {
def deleteWhereTag(viewId: ViewId, user: Option[User],bankAccount: BankAccount, callContext: Option[CallContext]) : Box[Boolean] = {
for {
u <- Box(user) ?~ { UserNotLoggedIn}
whereTagOption <- Box(whereTag) ?~ { s"$NoViewPermission can_delete_where_tag. Current ViewId($viewId)" }
whereTag <- Box(whereTagOption) ?~ {"there is no tag to delete"}
deleteFunc <- if(whereTag.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId)))
deleteFunc <- if(whereTag.postedBy == user || u.hasOwnerViewAccess(BankIdAccountId(bankAccount.bankId,bankAccount.accountId),callContext))
Box(deleteWhereTag) ?~ "Deleting tag is not permitted for this view"
else
Failure("Deleting tags not permitted for the current user")

19
obp-api/src/main/scala/code/model/User.scala
View File

@ -29,7 +29,7 @@ package code.model
import code.api.Constant._
import code.api.UserNotFound
import code.api.util.APIUtil
import code.api.util.{APIUtil, CallContext}
import code.entitlement.Entitlement
import code.model.dataAccess.ResourceUser
import code.users.Users
@ -60,8 +60,9 @@ case class UserExtended(val user: User) extends MdcLoggable {
* @param consumerId the consumerId, we will check if any accountAccess contains this consumerId or not.
* @return if has the input view access, return true, otherwise false.
*/
final def hasAccountAccess(view: View, bankIdAccountId: BankIdAccountId, consumerId:Option[String] = None): Boolean ={
final def hasAccountAccess(view: View, bankIdAccountId: BankIdAccountId, callContext: Option[CallContext]): Boolean ={
val viewDefinition = view.asInstanceOf[ViewDefinition]
val consumerId = callContext.map(_.consumer.map(_.consumerId.get).toOption).flatten
val consumerAccountAccess = {
//If we find the AccountAccess by consumerId, this mean the accountAccess already assigned to some consumers
@ -92,19 +93,21 @@ case class UserExtended(val user: User) extends MdcLoggable {
consumerAccountAccess
}
final def checkOwnerViewAccessAndReturnOwnerView(bankIdAccountId: BankIdAccountId) = {
final def checkOwnerViewAccessAndReturnOwnerView(bankIdAccountId: BankIdAccountId, callContext: Option[CallContext]) = {
//Note: now SYSTEM_OWNER_VIEW_ID == SYSTEM_OWNER_VIEW_ID is the same `owner` so we only use one here.
//And in side the checkViewAccessAndReturnView, it will first check the customer view and then will check system view.
APIUtil.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), bankIdAccountId, Some(this.user))
APIUtil.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), bankIdAccountId, Some(this.user), callContext)
}
final def hasOwnerViewAccess(bankIdAccountId: BankIdAccountId): Boolean = {
checkOwnerViewAccessAndReturnOwnerView(bankIdAccountId).isDefined
final def hasOwnerViewAccess(bankIdAccountId: BankIdAccountId, callContext: Option[CallContext]): Boolean = {
checkOwnerViewAccessAndReturnOwnerView(bankIdAccountId, callContext).isDefined
}
final def hasViewAccess(bankIdAccountId: BankIdAccountId, viewId: ViewId): Boolean = {
final def hasViewAccess(bankIdAccountId: BankIdAccountId, viewId: ViewId, callContext: Option[CallContext]): Boolean = {
APIUtil.checkViewAccessAndReturnView(
viewId,
bankIdAccountId, Some(this.user)
bankIdAccountId,
Some(this.user),
callContext
).isDefined
}

6
obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
View File

@ -1377,7 +1377,7 @@ def restoreSomeSessions(): Unit = {
}
_ = logger.debug(s"--> for user($user): AuthUser.refreshUserAccountAccess.accounts : ${accountsHeld}")
}yield {
refreshViewsAccountAccessAndHolders(user, accountsHeld)
refreshViewsAccountAccessAndHolders(user, accountsHeld, callContext)
}
}
@ -1387,7 +1387,7 @@ def restoreSomeSessions(): Unit = {
* This method can only be used by the original user(account holder).
* InboundAccount return many fields, but in this method, we only need bankId, accountId and viewId so far.
*/
def refreshViewsAccountAccessAndHolders(user: User, accountsHeld: List[InboundAccount]): Unit = {
def refreshViewsAccountAccessAndHolders(user: User, accountsHeld: List[InboundAccount], callContext: Option[CallContext]): Unit = {
if(user.isOriginalUser){
//first, we compare the accounts in obp and the accounts in cbs,
val (_, privateAccountAccess) = Views.views.vend.privateViewsUserCanAccess(user)
@ -1416,7 +1416,7 @@ def restoreSomeSessions(): Unit = {
cbsRemovedBankAccountId <- cbsRemovedBankAccountIds
bankId = cbsRemovedBankAccountId.bankId
accountId = cbsRemovedBankAccountId.accountId
_ = Views.views.vend.revokeAccountAccessByUser(bankId, accountId, user)
_ = Views.views.vend.revokeAccountAccessByUser(bankId, accountId, user, callContext)
_ = AccountHolders.accountHolders.vend.deleteAccountHolder(user,cbsRemovedBankAccountId)
cbsAccount = accountsHeld.find(cbsAccount =>cbsAccount.bankId == bankId.value && cbsAccount.accountId == accountId.value)
viewId <- cbsAccount.map(_.viewsToGenerate).getOrElse(List.empty[String])

14
obp-api/src/main/scala/code/remotedata/RemotedataViews.scala
View File

@ -2,10 +2,12 @@ package code.remotedata
import akka.pattern.ask
import code.actorsystem.ObpActorInit
import code.api.util.CallContext
import code.views.system.AccountAccess
import code.views.{RemotedataViewsCaseClasses, Views}
import com.openbankproject.commons.model.{UpdateViewJSON, _}
import net.liftweb.common.Box
import scala.concurrent.Future
@ -13,12 +15,12 @@ object RemotedataViews extends ObpActorInit with Views {
val cc = RemotedataViewsCaseClasses
def grantAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User): Box[List[View]] = getValueFromFuture(
(actor ? cc.addPermissions(views, user)).mapTo[Box[List[View]]]
def grantAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User, callContext: Option[CallContext]): Box[List[View]] = getValueFromFuture(
(actor ? cc.grantAccessToMultipleViews(views, user, callContext)).mapTo[Box[List[View]]]
)
def revokeAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User): Box[List[View]] = getValueFromFuture(
(actor ? cc.revokePermissions(views, user)).mapTo[Box[List[View]]]
(actor ? cc.revokeAccessToMultipleViews(views, user)).mapTo[Box[List[View]]]
)
def permission(account: BankIdAccountId, user: User): Box[Permission] = getValueFromFuture(
@ -38,7 +40,7 @@ object RemotedataViews extends ObpActorInit with Views {
)
def revokeAccess(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) : Box[Boolean] = getValueFromFuture(
(actor ? cc.revokePermission(viewIdBankIdAccountId, user)).mapTo[Box[Boolean]]
(actor ? cc.revokeAccess(viewIdBankIdAccountId, user)).mapTo[Box[Boolean]]
)
def revokeAccessToSystemView(bankId: BankId, accountId: AccountId, view : View, user : User) : Box[Boolean] = getValueFromFuture(
@ -49,8 +51,8 @@ object RemotedataViews extends ObpActorInit with Views {
(actor ? cc.revokeAllAccountAccess(bankId, accountId, user)).mapTo[Box[Boolean]]
)
def revokeAccountAccessByUser(bankId : BankId, accountId: AccountId, user : User) : Box[Boolean] = getValueFromFuture(
(actor ? cc.revokeAccountAccessByUser(bankId, accountId, user)).mapTo[Box[Boolean]]
def revokeAccountAccessByUser(bankId : BankId, accountId: AccountId, user : User, callContext: Option[CallContext]) : Box[Boolean] = getValueFromFuture(
(actor ? cc.revokeAccountAccessByUser(bankId, accountId, user, callContext)).mapTo[Box[Boolean]]
)
def customView(viewId : ViewId, account: BankIdAccountId) : Box[View] = getValueFromFuture(

19
obp-api/src/main/scala/code/remotedata/RemotedataViewsActor.scala
View File

@ -3,6 +3,7 @@ package code.remotedata
import akka.actor.Actor
import akka.pattern.pipe
import code.actorsystem.ObpActorHelper
import code.api.util.CallContext
import code.util.Helper.MdcLoggable
import code.views.{MapperViews, RemotedataViewsCaseClasses}
import com.openbankproject.commons.model._
@ -17,14 +18,6 @@ class RemotedataViewsActor extends Actor with ObpActorHelper with MdcLoggable {
def receive: PartialFunction[Any, Unit] = {
case cc.addPermissions(views : List[ViewIdBankIdAccountId], user : User) =>
logger.debug("addPermissions(" + views +"," + user +")")
sender ! (mapper.grantAccessToMultipleViews(views, user))
case cc.revokePermissions(views : List[ViewIdBankIdAccountId], user : User) =>
logger.debug("revokePermissions(" + views +"," + user +")")
sender ! (mapper.revokeAccessToMultipleViews(views, user))
case cc.addPermission(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) =>
logger.debug("addPermission(" + viewIdBankIdAccountId +"," + user +")")
sender ! (mapper.grantAccessToCustomView(viewIdBankIdAccountId, user))
@ -41,10 +34,6 @@ class RemotedataViewsActor extends Actor with ObpActorHelper with MdcLoggable {
logger.debug("permission(" +user +")")
sender ! (mapper.getPermissionForUser(user))
case cc.revokePermission(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) =>
logger.debug("revokePermission(" + viewIdBankIdAccountId +"," + user +")")
sender ! (mapper.revokeAccess(viewIdBankIdAccountId, user))
case cc.revokeSystemViewPermission(bankId: BankId, accountId: AccountId, view : View, user : User) =>
logger.debug("revokeSystemViewPermission(" + bankId +"," + accountId +"," + view +"," + user +")")
sender ! (mapper.revokeAccessToSystemView(bankId, accountId, view, user))
@ -53,9 +42,9 @@ class RemotedataViewsActor extends Actor with ObpActorHelper with MdcLoggable {
logger.debug("revokeAllAccountAccess(" + bankId +"," + accountId +","+ user +")")
sender ! (mapper.revokeAllAccountAccess(bankId, accountId, user))
case cc.revokeAccountAccessByUser(bankId : BankId, accountId : AccountId, user : User) =>
logger.debug("revokeAccountAccessByUser(" + bankId +"," + accountId +","+ user +")")
sender ! (mapper.revokeAccountAccessByUser(bankId, accountId, user))
case cc.revokeAccountAccessByUser(bankId : BankId, accountId : AccountId, user : User, callContext: Option[CallContext]) =>
logger.debug("revokeAccountAccessByUser(" + bankId +"," + accountId +","+ user +","+ callContext+")")
sender ! (mapper.revokeAccountAccessByUser(bankId, accountId, user, callContext))
case cc.customView(viewId: ViewId, bankAccountId: BankIdAccountId) =>
logger.debug("customView(" + viewId +", "+ bankAccountId + ")")

8
obp-api/src/main/scala/code/views/MapperViews.scala
View File

@ -4,7 +4,7 @@ import bootstrap.liftweb.ToSchemify
import code.accountholders.MapperAccountHolders
import code.api.APIFailure
import code.api.Constant._
import code.api.util.APIUtil
import code.api.util.{APIUtil, CallContext}
import code.api.util.APIUtil._
import code.api.util.ErrorMessages._
import code.util.Helper.MdcLoggable
@ -145,7 +145,7 @@ object MapperViews extends Views with MdcLoggable {
}
}
def grantAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User): Box[List[View]] = {
def grantAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User, callContext: Option[CallContext]): Box[List[View]] = {
val viewDefinitions: List[(ViewDefinition, ViewIdBankIdAccountId)] = views.map {
uid => ViewDefinition.findCustomView(uid.bankId.value,uid.accountId.value, uid.viewId.value).map((_, uid))
.or(ViewDefinition.findSystemView(uid.viewId.value).map((_, uid)))
@ -326,8 +326,8 @@ object MapperViews extends Views with MdcLoggable {
}
}
def revokeAccountAccessByUser(bankId : BankId, accountId: AccountId, user : User) : Box[Boolean] = {
canRevokeAccessToViewCommon(bankId, accountId, user) match {
def revokeAccountAccessByUser(bankId : BankId, accountId: AccountId, user : User, callContext: Option[CallContext]) : Box[Boolean] = {
canRevokeAccessToViewCommon(bankId, accountId, user, callContext) match {
case true =>
val permissions = AccountAccess.findAll(
By(AccountAccess.user_fk, user.userPrimaryKey.value),

14
obp-api/src/main/scala/code/views/Views.scala
View File

@ -1,6 +1,6 @@
package code.views
import code.api.util.APIUtil
import code.api.util.{APIUtil, CallContext}
import code.model.dataAccess.{MappedBankAccount, ViewImpl, ViewPrivileges}
import code.remotedata.RemotedataViews
import code.views.MapperViews.getPrivateBankAccounts
@ -41,12 +41,12 @@ trait Views {
*/
def grantAccessToCustomView(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) : Box[View]
def grantAccessToSystemView(bankId: BankId, accountId: AccountId, view : View, user : User) : Box[View]
def grantAccessToMultipleViews(views : List[ViewIdBankIdAccountId], user : User) : Box[List[View]]
def grantAccessToMultipleViews(views : List[ViewIdBankIdAccountId], user : User, callContext: Option[CallContext]) : Box[List[View]]
def revokeAccessToMultipleViews(views : List[ViewIdBankIdAccountId], user : User) : Box[List[View]]
def revokeAccess(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) : Box[Boolean]
def revokeAccessToSystemView(bankId: BankId, accountId: AccountId, view : View, user : User) : Box[Boolean]
def revokeAllAccountAccess(bankId : BankId, accountId : AccountId, user : User) : Box[Boolean]
def revokeAccountAccessByUser(bankId : BankId, accountId : AccountId, user : User) : Box[Boolean]
def revokeAccountAccessByUser(bankId : BankId, accountId : AccountId, user : User, callContext: Option[CallContext]) : Box[Boolean]
def revokeAccessToSystemViewForConsumer(bankId: BankId, accountId: AccountId, view : View, consumerId : String) : Box[Boolean]
def revokeAccessToCustomViewForConsumer(view : View, consumerId : String) : Box[Boolean]
@ -135,12 +135,12 @@ class RemotedataViewsCaseClasses {
case class permission(account: BankIdAccountId, user: User)
case class addPermission(viewUID: ViewIdBankIdAccountId, user: User)
case class addSystemViewPermission(bankId: BankId, accountId: AccountId, view : View, user : User)
case class addPermissions(views: List[ViewIdBankIdAccountId], user: User)
case class revokePermissions(views: List[ViewIdBankIdAccountId], user: User)
case class revokePermission(viewUID: ViewIdBankIdAccountId, user: User)
case class revokeAccess(viewIdBankIdAccountId: ViewIdBankIdAccountId, user : User)
case class grantAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User, callContext: Option[CallContext])
case class revokeAccessToMultipleViews(views: List[ViewIdBankIdAccountId], user: User)
case class revokeSystemViewPermission(bankId: BankId, accountId: AccountId, view : View, user : User)
case class revokeAllAccountAccess(bankId: BankId, accountId: AccountId, user: User)
case class revokeAccountAccessByUser(bankId: BankId, accountId: AccountId, user: User)
case class revokeAccountAccessByUser(bankId: BankId, accountId: AccountId, user: User, callContext: Option[CallContext])
case class createView(bankAccountId: BankIdAccountId, view: CreateViewJson)
case class createSystemView(view: CreateViewJson)
case class removeCustomView(viewId: ViewId, bankAccountId: BankIdAccountId)

2
obp-api/src/test/scala/code/api/v2_1_0/SandboxDataLoadingTest.scala
View File

@ -307,7 +307,7 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match
//Note: system views not bankId, accountId, so here, we need to get all the views
val (views,accountAccess) = Views.views.vend.privateViewsUserCanAccess(owner)
val ownerView = views.find(v => v.viewId.value == SYSTEM_OWNER_VIEW_ID)
owner.hasOwnerViewAccess(BankIdAccountId(foundAccount.bankId, foundAccount.accountId)) should equal(true)
owner.hasOwnerViewAccess(BankIdAccountId(foundAccount.bankId, foundAccount.accountId), None) should equal(true)
//and the owners should have access to it
//Now, the owner is the system view, so all the users/accounts should have the access to this view

34
obp-api/src/test/scala/code/model/AuthUserTest.scala
View File

@ -253,7 +253,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
scenario("Test one account views,account access and account holder") {
When("1st Step: no accounts in the List")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty, None)
Then("We check the accountHolders")
accountholder1.size should be(0)
@ -271,7 +271,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (0)
Then("2rd Step: there is 1st account in the List")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -290,7 +290,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
Then("3rd: we remove the accounts ")
val accountsHeld = List()
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeld)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeld, None)
Then("We check the accountHolders")
accountholder1.size should be(0)
@ -312,7 +312,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
scenario("Test two accounts views,account access and account holder") {
When("1rd Step: no accounts in the List")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty, None)
Then("We check the accountHolders")
accountholder1.size should be(0)
@ -330,7 +330,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (0)
When("2rd block, we prepare one account")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -348,7 +348,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (1)
Then("3rd: we have two accounts in the accountsHeld")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, twoAccountsHeld)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, twoAccountsHeld, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -367,7 +367,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
When("4th, we removed the 1rd account, only have 2rd account there.")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account2Held)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account2Held, None)
Then("We check the accountHolders")
accountholder1.size should be(0)
@ -385,7 +385,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (1)
When("5th, we do not have any accounts ")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty, None)
Then("We check the accountHolders")
accountholder1.size should be(0)
@ -407,7 +407,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
scenario("Test two users, account views,account access and account holder") {
When("1st Step: no accounts in the List")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty, None)
Then("We check the accountHolders")
accountholder1.size should be(0)
@ -425,7 +425,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (0)
Then("2rd Step: 1st user and 1st account in the List")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -446,7 +446,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
Then("3rd Step: 2rd user and 1st account in the List")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser2, account1Held)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser2, account1Held, None)
Then("We check the accountHolders")
accountholder1.size should be(2)
@ -466,7 +466,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (2)
When("4th, User1 we do not have any accounts ")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, accountsHeldEmpty, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -490,7 +490,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
scenario("Test one user, but change the `viewsToGenerate` from `StageOne` to `Owner`, and check all the view accesses. ") {
When("1st Step: we create the `StageOneView` ")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithStageOneView)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithStageOneView, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -506,7 +506,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (1)
Then("2rd Step: we create the `Owner` and remove the `StageOne` view")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1Held, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -524,7 +524,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (1)
Then("3rd Step: we removed the all the views ")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithEmptyView)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithEmptyView, None)
Then("We check the AccountAccess, we can only remove the StageOne access, not owner view, if use is the account holder, we can not revoke the access")
account1Access.length should equal(0)
@ -533,7 +533,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
MappedUserRefreshes.findAll().length should be (1)
Then("4th Step: we create both the views: owner and StageOne ")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithBothViews)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithBothViews, None)
Then("We check the accountHolders")
accountholder1.size should be(1)
@ -553,7 +553,7 @@ class AuthUserTest extends ServerSetup with DefaultUsers with PropsReset{
Then("5th Step: we removed all the views ")
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithEmptyView)
AuthUser.refreshViewsAccountAccessAndHolders(resourceUser1, account1HeldWithEmptyView, None)
Then("We check the accountHolders")
accountholder1.size should be(1)

13
obp-commons/src/main/scala/com/openbankproject/commons/dto/JsonsTransfer.scala
View File

@ -27,7 +27,6 @@ TESOBE (http://www.tesobe.com/)
package com.openbankproject.commons.dto
import java.util.Date
import com.openbankproject.commons.model.enums.{CardAttributeType, ChallengeType, CustomerAttributeType, DynamicEntityOperation, StrongCustomerAuthentication, TransactionAttributeType, TransactionRequestStatus}
import com.openbankproject.commons.model.enums.StrongCustomerAuthentication.SCA
import com.openbankproject.commons.model.enums.StrongCustomerAuthenticationStatus.SCAStatus
@ -1039,7 +1038,7 @@ case class InBoundGetPhysicalCardsForBankLegacy(status: Status, data: List[Physi
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
case class OutBoundMakePayment(initiator: User, fromAccountUID: BankIdAccountId, toAccountUID: BankIdAccountId, amt: BigDecimal, description: String, transactionRequestType: TransactionRequestType) extends TopicTrait
case class OutBoundMakePayment(outboundAdapterCallContext: OutboundAdapterCallContext,initiator: User, fromAccountUID: BankIdAccountId, toAccountUID: BankIdAccountId, amt: BigDecimal, description: String, transactionRequestType: TransactionRequestType) extends TopicTrait
case class InBoundMakePayment(status: Status, data: TransactionId) extends InBoundTrait[TransactionId] {
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
@ -1054,12 +1053,12 @@ case class InBoundMakePaymentImpl(status: Status, data: TransactionId) extends I
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
case class OutBoundCreateTransactionRequest(initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody) extends TopicTrait
case class OutBoundCreateTransactionRequest(outboundAdapterCallContext: OutboundAdapterCallContext,initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody) extends TopicTrait
case class InBoundCreateTransactionRequest(status: Status, data: TransactionRequest) extends InBoundTrait[TransactionRequest] {
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
case class OutBoundCreateTransactionRequestv200(initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody) extends TopicTrait
case class OutBoundCreateTransactionRequestv200(outboundAdapterCallContext: OutboundAdapterCallContext,initiator: User, fromAccount: BankAccount, toAccount: BankAccount, transactionRequestType: TransactionRequestType, body: TransactionRequestBody) extends TopicTrait
case class InBoundCreateTransactionRequestv200(status: Status, data: TransactionRequest) extends InBoundTrait[TransactionRequest] {
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
@ -1114,7 +1113,7 @@ case class InBoundSaveTransactionRequestStatusImpl(status: Status, data: Boolean
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
case class OutBoundGetTransactionRequests(initiator: User, fromAccount: BankAccount) extends TopicTrait
case class OutBoundGetTransactionRequests(outboundAdapterCallContext: OutboundAdapterCallContext,initiator: User, fromAccount: BankAccount) extends TopicTrait
case class InBoundGetTransactionRequests(status: Status, data: List[TransactionRequest]) extends InBoundTrait[List[TransactionRequest]] {
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
@ -1139,7 +1138,7 @@ case class InBoundGetTransactionRequestsImpl210(status: Status, data: List[Trans
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
case class OutBoundGetTransactionRequestTypes(initiator: User, fromAccount: BankAccount) extends TopicTrait
case class OutBoundGetTransactionRequestTypes(outboundAdapterCallContext: OutboundAdapterCallContext, initiator: User, fromAccount: BankAccount) extends TopicTrait
case class InBoundGetTransactionRequestTypes(status: Status, data: List[TransactionRequestType]) extends InBoundTrait[List[TransactionRequestType]] {
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
@ -1149,7 +1148,7 @@ case class InBoundGetTransactionRequestTypesImpl(status: Status, data: List[Tran
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}
case class OutBoundCreateTransactionAfterChallenge(initiator: User, transReqId: TransactionRequestId) extends TopicTrait
case class OutBoundCreateTransactionAfterChallenge(outboundAdapterCallContext: OutboundAdapterCallContext, initiator: User, transReqId: TransactionRequestId) extends TopicTrait
case class InBoundCreateTransactionAfterChallenge(status: Status, data: TransactionRequest) extends InBoundTrait[TransactionRequest] {
override val inboundAdapterCallContext: InboundAdapterCallContext = InboundAdapterCallContext()
}