From 4c8b0b2f4696c8c4b9df696f068f4d23b55fcf0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Tue, 18 Oct 2022 17:05:31 +0200
Subject: [PATCH] feature/Add endpoint createSystemView v5.0.0

---
 .../SwaggerDefinitionsJSON.scala              |  5 ++
 .../scala/code/api/v5_0_0/APIMethods500.scala | 57 ++++++++++++++++++-
 .../code/api/v5_0_0/SystemViewsTests.scala    | 13 ++++-
 .../commons/model/ViewModel.scala             |  4 +-
 4 files changed, 75 insertions(+), 4 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala
index 8a11054f1..7fd832d7a 100644
--- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala
+++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala
@@ -188,6 +188,11 @@ object SwaggerDefinitionsJSON {
 
   val createSystemViewJson = createViewJson.copy(name = "test", metadata_view = "test", is_public = false)
 
+  val createSystemViewJsonV500 = createSystemViewJson.copy(
+    can_grant_access_to_views = Some(List("owner")),
+    can_revoke_access_to_views = Some(List("owner"))
+  )
+
   val updateViewJSON = UpdateViewJSON(
     description = "this is for family",
     is_public = true,
diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
index 6f6f04507..bda2f37d7 100644
--- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
+++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
@@ -3,6 +3,7 @@ package code.api.v5_0_0
 import java.util.concurrent.ThreadLocalRandom
 
 import code.accountattribute.AccountAttributeX
+import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
 import code.api.util.APIUtil._
 import code.api.util.ApiRole._
@@ -16,7 +17,7 @@ import code.api.v3_0_0.JSONFactory300
 import code.api.v3_1_0._
 import code.api.v4_0_0.JSONFactory400.createCustomersMinimalJson
 import code.api.v4_0_0.{JSONFactory400, PutProductJsonV400}
-import code.api.v5_0_0.JSONFactory500.{createPhysicalCardJson, createViewsJsonV500, createViewJsonV500}
+import code.api.v5_0_0.JSONFactory500.{createPhysicalCardJson, createViewJsonV500, createViewsJsonV500}
 import code.bankconnectors.Connector
 import code.consent.{ConsentRequests, Consents}
 import code.entitlement.Entitlement
@@ -1538,6 +1539,60 @@ trait APIMethods500 {
       }
     }
 
+
+    staticResourceDocs += ResourceDoc(
+      createSystemView,
+      implementedInApiVersion,
+      nameOf(createSystemView),
+      "POST",
+      "/system-views",
+      "Create System View",
+      s"""Create a system view
+         |
+         | ${authenticationRequiredMessage(true)} and the user needs to have access to the $canCreateSystemView entitlement.
+         | The 'alias' field in the JSON can take one of two values:
+         |
+         | * _public_: to use the public alias if there is one specified for the other account.
+         | * _private_: to use the public alias if there is one specified for the other account.
+         |
+         | * _''(empty string)_: to use no alias; the view shows the real name of the other account.
+         |
+         | The 'hide_metadata_if_alias_used' field in the JSON can take boolean values. If it is set to `true` and there is an alias on the other account then the other accounts' metadata (like more_info, url, image_url, open_corporates_url, etc.) will be hidden. Otherwise the metadata will be shown.
+         |
+         | The 'allowed_actions' field is a list containing the name of the actions allowed on this view, all the actions contained will be set to `true` on the view creation, the rest will be set to `false`.
+         | 
+         | Please note that system views cannot be public. In case you try to set it you will get the error $SystemViewCannotBePublicError
+         | """,
+      createSystemViewJsonV500,
+      viewJsonV500,
+      List(
+        $UserNotLoggedIn,
+        InvalidJsonFormat,
+        UnknownError
+      ),
+      List(apiTagSystemView, apiTagNewStyle),
+      Some(List(canCreateSystemView))
+    )
+
+    lazy val createSystemView : OBPEndpoint = {
+      //creates a system view
+      case "system-views" :: Nil JsonPost json -> _ => {
+        cc =>
+          for {
+            createViewJson <- NewStyle.function.tryons(failMsg = s"$InvalidJsonFormat The Json body should be the $CreateViewJson ", 400, cc.callContext) {
+              json.extract[CreateViewJson]
+            }
+            _ <- Helper.booleanToFuture(SystemViewCannotBePublicError, failCode=400, cc=cc.callContext) {
+              createViewJson.is_public == false
+            }
+            view <- NewStyle.function.createSystemView(createViewJson, cc.callContext)
+          } yield {
+            (createViewJsonV500(view),  HttpCode.`201`(cc.callContext))
+          }
+      }
+    }
+    
+
     staticResourceDocs += ResourceDoc(
       createCustomerAccountLink,
       implementedInApiVersion,
diff --git a/obp-api/src/test/scala/code/api/v5_0_0/SystemViewsTests.scala b/obp-api/src/test/scala/code/api/v5_0_0/SystemViewsTests.scala
index b85ca2f45..8191835cd 100644
--- a/obp-api/src/test/scala/code/api/v5_0_0/SystemViewsTests.scala
+++ b/obp-api/src/test/scala/code/api/v5_0_0/SystemViewsTests.scala
@@ -46,6 +46,8 @@ import com.openbankproject.commons.util.ApiVersion
 import net.liftweb.mapper.By
 import org.scalatest.Tag
 
+import scala.collection.immutable.List
+
 class SystemViewsTests extends V500ServerSetup {
   override def beforeAll(): Unit = {
     super.beforeAll()
@@ -64,14 +66,21 @@ class SystemViewsTests extends V500ServerSetup {
     */
   object VersionOfApi extends Tag(ApiVersion.v5_0_0.toString)
   object ApiEndpoint1 extends Tag(nameOf(Implementations5_0_0.getSystemView))
-  object ApiEndpoint2 extends Tag(nameOf(Implementations3_1_0.createSystemView))
+  object ApiEndpoint2 extends Tag(nameOf(Implementations5_0_0.createSystemView))
   object ApiEndpoint3 extends Tag(nameOf(Implementations3_1_0.updateSystemView))
   object ApiEndpoint4 extends Tag(nameOf(Implementations3_1_0.deleteSystemView))
   
   // Custom view, name starts from `_`
   // System view, owner
   val randomSystemViewId = APIUtil.generateUUID()
-  val postBodySystemViewJson = createSystemViewJson.copy(name=randomSystemViewId).copy(metadata_view = randomSystemViewId)
+  val postBodySystemViewJson = createSystemViewJson
+    .copy(name=randomSystemViewId)
+    .copy(metadata_view = randomSystemViewId)
+    // Implemented in version 5.0.0
+    .copy(
+      can_grant_access_to_views = Some(List("owner")),
+      can_revoke_access_to_views = Some(List("owner"))
+    )
   val systemViewId = MapperViews.getNewViewPermalink(postBodySystemViewJson.name)
   
   def getSystemView(viewId : String, consumerAndToken: Option[(Consumer, Token)]): APIResponse = {
diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
index 9246238e6..8bb090e4d 100644
--- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
+++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
@@ -66,7 +66,9 @@ case class CreateViewJson(
                            is_public: Boolean,
                            which_alias_to_use: String,
                            hide_metadata_if_alias_used: Boolean,
-                           allowed_actions : List[String]
+                           allowed_actions : List[String],
+                           override val can_grant_access_to_views : Option[List[String]] = None,
+                           override val can_revoke_access_to_views : Option[List[String]] = None
                          ) extends ViewSpecification