added the tests for addEntitlement endpoints and tweaked the error message

2026-02-06 17:17:09 +00:00 · 2020-04-01 13:26:58 +02:00 · 2020-04-01 13:26:58 +02:00 · 2f4346501e
commit 2f4346501e
parent 07a6051af3
3 changed files with 62 additions and 4 deletions
--- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala
+++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala
@ -1648,7 +1648,7 @@ object SwaggerDefinitionsJSON {

  val createEntitlementJSON = CreateEntitlementJSON(
    bank_id = bankIdExample.value,
-    role_name = "String"
+    role_name = CanCreateBranch.toString()
  )

  val coreCounterpartyJSON = CoreCounterpartyJSON(
--- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
+++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
@ -1998,7 +1998,9 @@ trait APIMethods200 {
            allowedEntitlements = canCreateEntitlementAtOneBank ::
                                  canCreateEntitlementAtAnyBank ::
                                  Nil
-            _ <- booleanToBox(isSuperAdmin(u.userId) || hasAtLeastOneEntitlement(postedData.bank_id, u.userId, allowedEntitlements) == true) ?~! { UserNotSuperAdminOrMissRole + allowedEntitlements.mkString(", ") + "!" }
+            _ <- booleanToBox(isSuperAdmin(u.userId) || hasAtLeastOneEntitlement(postedData.bank_id, u.userId, allowedEntitlements) == true) ?~! {
+              UserNotSuperAdmin +" or" + UserHasMissingRoles + canCreateEntitlementAtOneBank + s" BankId(${postedData.bank_id})." + " or" + UserHasMissingRoles + canCreateEntitlementAtAnyBank
+            }
            _ <- booleanToBox(postedData.bank_id.nonEmpty == false || BankX(BankId(postedData.bank_id), Some(cc)).map(_._1).isEmpty == false) ?~! BankNotFound
            _ <- booleanToBox(hasEntitlement(postedData.bank_id, userId, role) == false, EntitlementAlreadyExists )
            addedEntitlement <- Entitlement.entitlement.vend.addEntitlement(postedData.bank_id, userId, postedData.role_name)
--- a/obp-api/src/test/scala/code/api/v2_0_0/EntitlementTests.scala
+++ b/obp-api/src/test/scala/code/api/v2_0_0/EntitlementTests.scala
@ -1,5 +1,6 @@
 package code.api.v2_0_0

+import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
 import com.openbankproject.commons.model.ErrorMessage
 import code.api.util.APIUtil.OAuth._
 import code.api.util.ApiRole.CanGetEntitlementsForAnyUserAtAnyBank
@ -7,6 +8,7 @@ import code.api.util.ErrorMessages.{UserHasMissingRoles, _}
 import code.api.util.{ApiRole, ErrorMessages}
 import code.entitlement.Entitlement
 import code.setup.DefaultUsers
+import net.liftweb.json.Serialization.write

 class EntitlementTests extends V200ServerSetup with DefaultUsers {

@ -31,7 +33,7 @@ class EntitlementTests extends V200ServerSetup with DefaultUsers {

    }

-    scenario("We try to get entitlements without credentials - getEntitlements") {
+    scenario("We try to get entitlements without roles - getEntitlements") {
      When("We make the request")
      val requestGet = (v2_0Request / "users" / resourceUser1.userId / "entitlements").GET <@ (user1)
      val responseGet = makeGetRequest(requestGet)
@ -41,7 +43,7 @@ class EntitlementTests extends V200ServerSetup with DefaultUsers {
      responseGet.body.extract[ErrorMessage].message should equal (UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank)
    }

-    scenario("We try to get entitlements with credentials - getEntitlements") {
+    scenario("We try to get entitlements with roles - getEntitlements") {
      When("We add required entitlement")
      Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, ApiRole.CanGetEntitlementsForAnyUserAtAnyBank.toString)
      And("We make the request")
@ -62,6 +64,60 @@ class EntitlementTests extends V200ServerSetup with DefaultUsers {
      Then("We should get a 204")
      responseDelete.code should equal(204)
    }
+
+    scenario("We try to create entitlement - addEntitlement-canCreateEntitlementAtOneBank") {
+      val requestBody = SwaggerDefinitionsJSON.createEntitlementJSON
+      And("We make the request")
+      val requestPost = (v2_0Request / "users" / resourceUser1.userId / "entitlements").POST <@ (user1)
+      And("We grant the role to the user")
+      val responsePost = makePostRequest(requestPost , write(requestBody))
+
+      Then("We should get a 403")
+      responsePost.code should equal(403)
+      responsePost.body.toString contains (UserHasMissingRoles) should be (true)
+
+      Then("We grant the canCreateEntitlementAtOneBank role")
+      Entitlement.entitlement.vend.addEntitlement(testBankId1.value, resourceUser1.userId, ApiRole.canCreateEntitlementAtOneBank.toString)
+      
+      Then("We call addEntitlement with canCreateEntitlementAtOneBank, but wrong bankId .")
+      val responsePost2 = makePostRequest(requestPost , write(requestBody))
+      responsePost2.code should equal(403)
+
+      Then("We call addEntitlement with canCreateEntitlementAtOneBank.")
+      val requestBody2 = SwaggerDefinitionsJSON.createEntitlementJSON.copy(bank_id = testBankId1.value)
+      val responsePost3 = makePostRequest(requestPost , write(requestBody2))
+      
+      Then("We should get a 201")
+      responsePost3.code should equal(201)
+      responsePost3.body.extract[EntitlementJSON].bank_id should equal(testBankId1.value) 
+    }
+
+    scenario("We try to create entitlement - addEntitlement-canCreateEntitlementAtAnyBank") {
+      val requestBody = SwaggerDefinitionsJSON.createEntitlementJSON.copy(bank_id = testBankId1.value)
+      And("We make the request")
+      val requestPost = (v2_0Request / "users" / resourceUser1.userId / "entitlements").POST <@ (user1)
+      And("We grant the role to the user")
+      val responsePost = makePostRequest(requestPost , write(requestBody))
+
+      Then("We should get a 403")
+      responsePost.code should equal(403)
+      responsePost.body.toString contains (UserHasMissingRoles) should be (true)
+
+      Then("We grant the canCreateEntitlementAtOneBank role")
+      Entitlement.entitlement.vend.addEntitlement("wrongbankId", resourceUser1.userId, ApiRole.canCreateEntitlementAtOneBank.toString)
+
+      Then("We call addEntitlement with canCreateEntitlementAtOneBank, but wrong bankId .")
+      val responsePost2 = makePostRequest(requestPost , write(requestBody))
+      responsePost2.code should equal(403)
+
+      Then("We call addEntitlement with canCreateEntitlementAtOneBank, but correct bankId .")
+      Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, ApiRole.canCreateEntitlementAtAnyBank.toString)
+      val responsePost3 = makePostRequest(requestPost , write(requestBody))
+
+      Then("We should get a 201")
+      responsePost3.code should equal(201)
+      responsePost3.body.extract[EntitlementJSON].bank_id should equal(testBankId1.value)
+    }
  }