From 4fe67750298b708961fb7c1c8d0f333632fa5b02 Mon Sep 17 00:00:00 2001 From: simonredfern Date: Sun, 11 Jan 2026 23:00:00 +0100 Subject: [PATCH] CanGetMethodRoutingNames --- obp-api/src/main/scala/code/api/util/APIUtil.scala | 5 +++++ obp-api/src/main/scala/code/api/util/ApiRole.scala | 3 +++ obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala | 5 ++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index 381b0c283..11ee5094c 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -1635,6 +1635,11 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ var errorResponseBodies: List[String], // Possible error responses tags: List[ResourceDocTag], var roles: Option[List[ApiRole]] = None, + // IMPORTANT: Roles declared here are AUTOMATICALLY CHECKED at runtime! + // When roles specified, framework automatically: 1) Validates user authentication, + // 2) Checks user has at least one of specified roles, 3) Performs checks in wrappedWithAuthCheck() + // No manual hasEntitlement() call needed in endpoint body - handled automatically! + // To disable: call .disableAutoValidateRoles() on ResourceDoc isFeatured: Boolean = false, specialInstructions: Option[String] = None, var specifiedUrl: Option[String] = None, // A derived value: Contains the called version (added at run time). See the resource doc for resource doc! diff --git a/obp-api/src/main/scala/code/api/util/ApiRole.scala b/obp-api/src/main/scala/code/api/util/ApiRole.scala index 9c7a990be..abbe92613 100644 --- a/obp-api/src/main/scala/code/api/util/ApiRole.scala +++ b/obp-api/src/main/scala/code/api/util/ApiRole.scala @@ -1003,6 +1003,9 @@ object ApiRole extends MdcLoggable{ case class CanGetAllConnectorMethods(requiresBankId: Boolean = false) extends ApiRole lazy val canGetAllConnectorMethods = CanGetAllConnectorMethods() + case class CanGetConnectorMethodNames(requiresBankId: Boolean = false) extends ApiRole + lazy val canGetConnectorMethodNames = CanGetConnectorMethodNames() + case class CanCreateDynamicResourceDoc(requiresBankId: Boolean = false) extends ApiRole lazy val canCreateDynamicResourceDoc = CanCreateDynamicResourceDoc() diff --git a/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala b/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala index b5b2c15b3..14066eb81 100644 --- a/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala +++ b/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala @@ -1648,7 +1648,7 @@ trait APIMethods600 { | |${userAuthenticationMessage(true)} | - |CanGetMethodRoutings entitlement is required. + |CanGetConnectorMethodNames entitlement is required. | """.stripMargin, EmptyBody, @@ -1659,7 +1659,7 @@ trait APIMethods600 { UnknownError ), List(apiTagSystem, apiTagMethodRouting, apiTagApi), - Some(List(canGetMethodRoutings)) + Some(List(canGetConnectorMethodNames)) ) lazy val getConnectorMethodNames: OBPEndpoint = { @@ -1667,7 +1667,6 @@ trait APIMethods600 { cc => implicit val ec = EndpointContext(Some(cc)) for { (Full(u), callContext) <- authenticatedAccess(cc) - _ <- NewStyle.function.hasEntitlement("", u.userId, canGetMethodRoutings, callContext) // Fetch connector method names with caching methodNames <- Future { /**