JKS endpoint tagged OAuth and OIDC 2 adding tags - and adding SuperAdmin Entitlement

2026-02-06 11:06:49 +00:00 · 2026-01-14 13:44:02 +01:00 · 2026-01-14 13:44:02 +01:00 · 423c0c17bd
commit 423c0c17bd
parent ae599cef45
2 changed files with 12 additions and 2 deletions
--- a/obp-api/src/main/scala/code/api/util/ApiTag.scala
+++ b/obp-api/src/main/scala/code/api/util/ApiTag.scala
@ -18,6 +18,8 @@ object ApiTag {
  val apiTagTransactionRequestAttribute = ResourceDocTag("Transaction-Request-Attribute")
  val apiTagVrp = ResourceDocTag("VRP")
  val apiTagApi = ResourceDocTag("API")
+  val apiTagOAuth = ResourceDocTag("OAuth")
+  val apiTagOIDC = ResourceDocTag("OIDC")
  val apiTagBank = ResourceDocTag("Bank")
  val apiTagBankAttribute = ResourceDocTag("Bank-Attribute")
  val apiTagAccount = ResourceDocTag("Account")
--- a/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala
+++ b/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala
@ -1074,7 +1074,15 @@ trait APIMethods600 {
            entitlements <- NewStyle.function.getEntitlementsByUserId(u.userId, callContext)
          } yield {
            val permissions: Option[Permission] = Views.views.vend.getPermissionForUser(u).toOption
-            val currentUser = UserV600(u, entitlements, permissions)
+            // Add SuperAdmin virtual entitlement if user is super admin
+            // NOTE: We ONLY use this Role in order to create CanCreateEntitlementAtAnyBank and also delete.
+            // Thus it is a boot straping Role. Useful to have in response so the API Manager shows Create Entitlement page to the User.
+            val finalEntitlements = if (APIUtil.isSuperAdmin(u.userId)) {
+              entitlements ::: List(Entitlement.entitlement.vend.addEntitlement("", u.userId, "SuperAdmin"))
+            } else {
+              entitlements
+            }
+            val currentUser = UserV600(u, finalEntitlements, permissions)
            val onBehalfOfUser = if(cc.onBehalfOfUser.isDefined) {
              val user = cc.onBehalfOfUser.toOption.get
              val entitlements = Entitlement.entitlement.vend.getEntitlementsByUserId(user.userId).headOption.toList.flatten
@ -5449,7 +5457,7 @@ trait APIMethods600 {
                description = Constant.ABAC_POLICY_DESCRIPTIONS.getOrElse(policy, "No description available")
              )
            }
-            
+
            (AbacPoliciesJsonV600(policies), HttpCode.`200`(callContext))
          }
      }