diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 744bed921..f5ee35af3 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -407,7 +407,7 @@ object Constant extends MdcLoggable { CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT ) - final val VIEW_PERMISSION_NAMES = List( + final val ALL_VIEW_PERMISSION_NAMES = List( CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, CAN_SEE_TRANSACTION_METADATA, CAN_SEE_TRANSACTION_DESCRIPTION, diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index a954dec53..771798c97 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -718,15 +718,17 @@ object MapperViews extends Views with MdcLoggable { case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>{ ViewPermission.createViewPermissions( entity, - SYSTEM_OWNER_VIEW_PERMISSION_ADMIN, + SYSTEM_OWNER_VIEW_PERMISSION_ADMIN ++SYSTEM_VIEW_PERMISSION_COMMON, DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS ) - ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) entity } case SYSTEM_STAGE_ONE_VIEW_ID =>{ - ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON) + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON + ) entity } case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>{ @@ -737,7 +739,10 @@ object MapperViews extends Views with MdcLoggable { entity } case SYSTEM_FIREHOSE_VIEW_ID =>{ - ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON + ) entity // Make additional setup to the existing view .isFirehose_(true) } @@ -758,6 +763,21 @@ object MapperViews extends Views with MdcLoggable { ) entity } + case SYSTEM_ACCOUNTANT_VIEW_ID | + SYSTEM_AUDITOR_VIEW_ID | + SYSTEM_READ_ACCOUNTS_BASIC_VIEW_ID | + SYSTEM_READ_ACCOUNTS_DETAIL_VIEW_ID | + SYSTEM_READ_BALANCES_VIEW_ID | + SYSTEM_READ_TRANSACTIONS_BASIC_VIEW_ID | + SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID | + SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID => { + + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON + ) + entity + } case _ => entity } diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index ef5b760f2..3295395ec 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -6,7 +6,6 @@ import com.openbankproject.commons.model._ import net.liftweb.common.Box import net.liftweb.mapper._ - class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with CreatedUpdated { def getSingleton = ViewPermission object bank_id extends MappedString(this, 255) @@ -72,30 +71,30 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis } /** - * This method will first remove all the current permissons. - * and will create new ones accouding to the parameters. - * - * This is the logic from ViewDefinition before. because we can only update all the permissions before, - * we may support only update one permissioin later. + * This method first removes all existing permissions for the given view, + * then creates new ones based on the provided parameters. + * + * This follows the original logic from ViewDefinition, where permission updates + * were only supported in bulk (all at once). In the future, we may extend this + * to support updating individual permissions selectively. */ def createViewPermissions( - viewDefinition: View, + view: View, permissionNames: List[String], canGrantAccessToViews: List[String] = Nil, canRevokeAccessToViews: List[String] = Nil ): Unit = { - // Delete all existing permissions for the view - viewDefinition.deleteViewPermissions + // Delete all existing permissions for this view + ViewPermission.findViewPermissions(view).foreach(_.delete_!) - // Determine bank_id and account_id for system or custom views val (bankId, accountId) = - if (viewDefinition.isSystem) + if (view.isSystem) (null, null) else - (viewDefinition.bankId.value, viewDefinition.accountId.value) + (view.bankId.value, view.accountId.value) - // Create fresh permission entries + // Insert each new permission permissionNames.foreach { permissionName => val extraData = permissionName match { case CAN_GRANT_ACCESS_TO_VIEWS => canGrantAccessToViews.mkString(",") @@ -103,10 +102,22 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis case _ => null } + // Dynamically build correct query conditions with NullRef if needed + val conditions: Seq[QueryParam[ViewPermission]] = Seq( + if (bankId == null) NullRef(ViewPermission.bank_id) else By(ViewPermission.bank_id, bankId), + if (accountId == null) NullRef(ViewPermission.account_id) else By(ViewPermission.account_id, accountId), + By(ViewPermission.view_id, view.viewId.value), + By(ViewPermission.permission, permissionName) + ) + + // Remove existing conflicting record if any + ViewPermission.find(conditions: _*).foreach(_.delete_!) + + // Insert new permission ViewPermission.create .bank_id(bankId) .account_id(accountId) - .view_id(viewDefinition.viewId.value) + .view_id(view.viewId.value) .permission(permissionName) .extraData(extraData) .save