test/Delete cascade transaction, account and product - WIP

2026-02-06 19:16:53 +00:00 · 2020-06-01 14:00:52 +02:00 · 2020-06-01 14:00:52 +02:00 · 571f9eefc1
commit 571f9eefc1
parent 4dc3bb59bb
6 changed files with 242 additions and 14 deletions
--- a/obp-api/src/test/scala/code/api/v4_0_0/CustomerAttributesTest.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/CustomerAttributesTest.scala
@ -187,7 +187,7 @@ class CustomerAttributesTest extends V400ServerSetup {
      Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canUpdateCustomerAttributeAtOneBank.toString)

      Then("we create the Customer Attribute ")
-      val customerAttributeId = createAndGetCustomerAtrributeId(bankId:String, customerId:String, user1)
+      val customerAttributeId = createAndGetCustomerAttributeId(bankId:String, customerId:String, user1)

      val requestWithId = (v4_0_0_Request / "banks" / bankId / "customers" / customerId / "attributes" / customerAttributeId).PUT <@ (user1)
      val responseWithId = makePutRequest(requestWithId, write(putCustomerAttributeJsonV400))
@ -207,7 +207,7 @@ class CustomerAttributesTest extends V400ServerSetup {

        When("We make a request v4.0.0")
        Then("we create the Customer Attribute ")
-        val customerAttributeId = createAndGetCustomerAtrributeId(bankId:String, customerId:String, user1)
+        val customerAttributeId = createAndGetCustomerAttributeId(bankId:String, customerId:String, user1)


        val request400 = (v4_0_0_Request / "banks" / bankId / "customers" / customerId / "attributes" ).GET <@ (user1)
@ -234,7 +234,7 @@ class CustomerAttributesTest extends V400ServerSetup {
        val customerId = createAndGetCustomerId(bankId, user1)

        Then("we create the Customer Attribute ")
-        val customerAttributeId = createAndGetCustomerAtrributeId(bankId:String, customerId:String, user1)
+        val customerAttributeId = createAndGetCustomerAttributeId(bankId:String, customerId:String, user1)

        Then("We grant the role to the user1")
        Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canGetCustomerAttributeAtOneBank.toString)
@ -255,7 +255,7 @@ class CustomerAttributesTest extends V400ServerSetup {
      val customerId = createAndGetCustomerId(bankId, user1)

      Then("we create the Customer Attribute ")
-      createAndGetCustomerAtrributeId(bankId:String, customerId:String, user1)
+      createAndGetCustomerAttributeId(bankId:String, customerId:String, user1)

      Then("We grant the role to the user1")
      Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canGetCustomer.toString)
@ -279,7 +279,7 @@ class CustomerAttributesTest extends V400ServerSetup {
      val customerId = createAndGetCustomerId(bankId, user1)

      Then("we create the Customer Attribute ")
-      createAndGetCustomerAtrributeId(bankId: String, customerId: String, user1)
+      createAndGetCustomerAttributeId(bankId: String, customerId: String, user1)

      Then("We grant the role to the user1")
      Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canGetCustomer.toString)
@ -312,8 +312,8 @@ class CustomerAttributesTest extends V400ServerSetup {
      Then("we create more Customer Attribute ")
      val postCustomerAttributeJsonV4001 = SwaggerDefinitionsJSON.customerAttributeJsonV400.copy(name = "Tax", value = "tax123")
      val postCustomerAttributeJsonV4002 = SwaggerDefinitionsJSON.customerAttributeJsonV400.copy(name = "Hause", value = "1230")
-      createAndGetCustomerAtrributeId(bankId: String, customerId: String, user1, Some(postCustomerAttributeJsonV4001))
-      createAndGetCustomerAtrributeId(bankId: String, customerId: String, user1, Some(postCustomerAttributeJsonV4002))
+      createAndGetCustomerAttributeId(bankId: String, customerId: String, user1, Some(postCustomerAttributeJsonV4001))
+      createAndGetCustomerAttributeId(bankId: String, customerId: String, user1, Some(postCustomerAttributeJsonV4002))

      Then(s"We can the $ApiEndpoint5 with proper parameters")
      val requestGetCustomersByAttributesWithParameter4 = (v4_0_0_Request / "banks" / bankId / "customers").GET <@ (user1) <<? (List(("Tax", "tax123"), ("Hause", "1230")))
--- a/obp-api/src/test/scala/code/api/v4_0_0/DeleteAccountCascadeTest.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/DeleteAccountCascadeTest.scala
@ -0,0 +1,109 @@
+package code.api.v4_0_0
+
+import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
+import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.createViewJson
+import code.api.util.APIUtil.OAuth._
+import code.api.util.ApiRole
+import code.api.util.ApiRole.CanDeleteAccountCascade
+import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNotLoggedIn}
+import code.api.v3_1_0.CreateAccountResponseJsonV310
+import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0
+import code.entitlement.Entitlement
+import com.github.dwickern.macros.NameOf.nameOf
+import com.openbankproject.commons.model.{AmountOfMoneyJsonV121, ErrorMessage}
+import com.openbankproject.commons.util.ApiVersion
+import net.liftweb.json.Serialization.write
+import org.scalatest.Tag
+
+class DeleteAccountCascadeTest extends V400ServerSetup {
+
+  /**
+    * Test tags
+    * Example: To run tests with tag "getPermissions":
+    * mvn test -D tagsToInclude
+    *
+    * This is made possible by the scalatest maven plugin
+    */
+  object VersionOfApi extends Tag(ApiVersion.v4_0_0.toString)
+  object ApiEndpoint1 extends Tag(nameOf(Implementations4_0_0.deleteAccountCascade))
+
+  lazy val bankId = randomBankId
+  lazy val bankAccount = randomPrivateAccount(bankId)
+  lazy val addAccountJson = SwaggerDefinitionsJSON.createAccountRequestJsonV310.copy(user_id = resourceUser1.userId, balance = AmountOfMoneyJsonV121("EUR","0"))
+
+
+  feature(s"test $ApiEndpoint1 version $VersionOfApi - Unauthorized access") {
+    scenario("We will call the endpoint without user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId / 
+        "accounts" / bankAccount.id).DELETE
+      val response400 = makeDeleteRequest(request400)
+      Then("We should get a 401")
+      response400.code should equal(401)
+      response400.body.extract[ErrorMessage].message should equal(UserNotLoggedIn)
+    }
+  }
+  feature(s"test $ApiEndpoint1 version $VersionOfApi - Authorized access") {
+    scenario("We will call the endpoint without user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId /
+        "accounts" / bankAccount.id).DELETE <@(user1)
+      val response400 = makeDeleteRequest(request400)
+      Then("We should get a 403")
+      response400.code should equal(403)
+      response400.body.extract[ErrorMessage].message should equal(UserHasMissingRoles + CanDeleteAccountCascade)
+    }
+  }
+  feature(s"test $ApiEndpoint1 - Authorized access") {
+    scenario("We will call the endpoint with user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We grant the role")
+      Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, ApiRole.canCreateAccount.toString)
+      And("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "banks" / bankId / "accounts" ).POST <@(user1)
+      val response400 = makePostRequest(request400, write(addAccountJson))
+      Then("We should get a 201")
+      response400.code should equal(201)
+      val account = response400.body.extract[CreateAccountResponseJsonV310]
+      account.account_id should not be empty
+
+      val postBodyView = createViewJson.copy(name = "_cascade_delete", metadata_view = "_cascade_delete", is_public = false)
+      createView(bankId, account.account_id, postBodyView, user1)
+      
+      createAccountAttribute(
+        bankId,
+        account.account_id,
+        "REQUIRED_CHALLENGE_ANSWERS",
+        "2",
+        "INTEGER"
+      )
+
+      grantUserAccessToViewV400(
+        bankId,
+        account.account_id,
+        resourceUser2.userId,
+        user1
+      )
+
+      createWebhookV400(
+        bankId,
+        account.account_id,
+        resourceUser1.userId,
+        user1
+      )
+
+      When("We grant the role")
+      Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, ApiRole.canDeleteAccountCascade.toString)
+      And("We make a delete cascade request v4.0.0")
+      val deleteRequest400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId /
+        "accounts" / account.account_id).DELETE <@(user1)
+      val deleteResponse400 = makeDeleteRequest(deleteRequest400)
+      Then("We should get a 200")
+      deleteResponse400.code should equal(200)
+
+      When("We try to delete one more time")
+      makeDeleteRequest(request400).code should equal(404)
+    }
+  }
+  
+
+}
--- a/obp-api/src/test/scala/code/api/v4_0_0/DeleteProductCascadeTest.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/DeleteProductCascadeTest.scala
@ -0,0 +1,51 @@
+package code.api.v4_0_0
+
+import code.api.util.APIUtil.OAuth._
+import code.api.util.ApiRole.CanDeleteProductCascade
+import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNotLoggedIn}
+import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0
+import com.github.dwickern.macros.NameOf.nameOf
+import com.openbankproject.commons.model.ErrorMessage
+import com.openbankproject.commons.util.ApiVersion
+import org.scalatest.Tag
+
+class DeleteProductCascadeTest extends V400ServerSetup {
+
+  /**
+    * Test tags
+    * Example: To run tests with tag "getPermissions":
+    * mvn test -D tagsToInclude
+    *
+    * This is made possible by the scalatest maven plugin
+    */
+  object VersionOfApi extends Tag(ApiVersion.v4_0_0.toString)
+  object ApiEndpoint1 extends Tag(nameOf(Implementations4_0_0.deleteProductCascade))
+
+  lazy val bankId = randomBankId
+  lazy val bankAccount = randomPrivateAccount(bankId)
+  
+  
+  feature(s"test $ApiEndpoint1 version $VersionOfApi - Unauthorized access") {
+    scenario("We will call the endpoint without user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId / 
+        "products" / "product_code").DELETE
+      val response400 = makeDeleteRequest(request400)
+      Then("We should get a 401")
+      response400.code should equal(401)
+      response400.body.extract[ErrorMessage].message should equal(UserNotLoggedIn)
+    }
+  }
+  feature(s"test $ApiEndpoint1 version $VersionOfApi - Authorized access") {
+    scenario("We will call the endpoint without user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId /
+        "products" / "product_code").DELETE <@(user1)
+      val response400 = makeDeleteRequest(request400)
+      Then("We should get a 403")
+      response400.code should equal(403)
+      response400.body.extract[ErrorMessage].message should equal(UserHasMissingRoles + CanDeleteProductCascade)
+    }
+  }
+
+}
--- a/obp-api/src/test/scala/code/api/v4_0_0/DeleteTransactionCascadeTest.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/DeleteTransactionCascadeTest.scala
@ -0,0 +1,51 @@
+package code.api.v4_0_0
+
+import code.api.util.APIUtil.OAuth._
+import code.api.util.ApiRole.CanDeleteTransactionCascade
+import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNotLoggedIn}
+import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0
+import com.github.dwickern.macros.NameOf.nameOf
+import com.openbankproject.commons.model.ErrorMessage
+import com.openbankproject.commons.util.ApiVersion
+import org.scalatest.Tag
+
+class DeleteTransactionCascadeTest extends V400ServerSetup {
+
+  /**
+    * Test tags
+    * Example: To run tests with tag "getPermissions":
+    * mvn test -D tagsToInclude
+    *
+    * This is made possible by the scalatest maven plugin
+    */
+  object VersionOfApi extends Tag(ApiVersion.v4_0_0.toString)
+
+  object ApiEndpoint1 extends Tag(nameOf(Implementations4_0_0.deleteTransactionCascade))
+
+  lazy val bankId = randomBankId
+  lazy val bankAccount = randomPrivateAccount(bankId)
+
+  feature(s"test $ApiEndpoint1 version $VersionOfApi - Unauthorized access") {
+    scenario("We will call the endpoint without user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId / 
+        "accounts" / bankAccount.id / "transactions" / "id").DELETE
+      val response400 = makeDeleteRequest(request400)
+      Then("We should get a 401")
+      response400.code should equal(401)
+      response400.body.extract[ErrorMessage].message should equal(UserNotLoggedIn)
+    }
+  }
+  feature(s"test $ApiEndpoint1 version $VersionOfApi - Authorized access") {
+    scenario("We will call the endpoint without user credentials", ApiEndpoint1, VersionOfApi) {
+      When("We make a request v4.0.0")
+      val request400 = (v4_0_0_Request / "management" / "cascading" / "banks" / bankId /
+        "accounts" / bankAccount.id / "transactions" / "id").DELETE <@(user1)
+      val response400 = makeDeleteRequest(request400)
+      Then("We should get a 403")
+      response400.code should equal(403)
+      response400.body.extract[ErrorMessage].message should equal(UserHasMissingRoles + CanDeleteTransactionCascade)
+    }
+  }
+
+}
--- a/obp-api/src/test/scala/code/api/v4_0_0/TransactionAttributesTest.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/TransactionAttributesTest.scala
@ -178,7 +178,7 @@ class TransactionAttributesTest extends V400ServerSetup {
      Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canUpdateTransactionAttributeAtOneBank.toString)

      Then("we create the Transaction Attribute ")
-      val transactionAttributeId = createAndGetTransactionAtrributeId(bankId:String, accountId:String, transactionId:String,  user1)
+      val transactionAttributeId = createAndGetTransactionAttributeId(bankId:String, accountId:String, transactionId:String,  user1)
     

      val requestWithId = (v4_0_0_Request / "banks" / bankId / "accounts"/ accountId /"transactions" / transactionId / "attributes" / transactionAttributeId).PUT <@ (user1)
@ -198,7 +198,7 @@ class TransactionAttributesTest extends V400ServerSetup {
        
        When("We make a request v4.0.0")
        Then("we create the Transaction Attribute ")
-        val transactionAttributeId = createAndGetTransactionAtrributeId(bankId:String, accountId:String, transactionId:String,  user1)
+        val transactionAttributeId = createAndGetTransactionAttributeId(bankId:String, accountId:String, transactionId:String,  user1)


        val request400 = (v4_0_0_Request / "banks" / bankId / "accounts"/ accountId /"transactions" / transactionId / "attributes" ).GET <@ (user1)
@ -223,7 +223,7 @@ class TransactionAttributesTest extends V400ServerSetup {
        lazy val transactionId = transaction.id
        
        Then("we create the Transaction Attribute ")
-        val transactionAttributeId = createAndGetTransactionAtrributeId(bankId, accountId, transactionId, user1)
+        val transactionAttributeId = createAndGetTransactionAttributeId(bankId, accountId, transactionId, user1)

        Then("We grant the role to the user1")
        Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canGetTransactionAttributeAtOneBank.toString)
--- a/obp-api/src/test/scala/code/api/v4_0_0/V400ServerSetup.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/V400ServerSetup.scala
@ -2,9 +2,10 @@ package code.api.v4_0_0

 import code.api.Constant._
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
-import code.api.util.APIUtil
+import code.api.util.{APIUtil, ApiTrigger}
 import code.api.util.APIUtil.OAuth.{Consumer, Token, _}
 import code.api.util.ApiRole.{CanCreateAccountAttributeAtOneBank, CanCreateCustomer, CanCreateProduct, _}
+import code.api.util.ErrorMessages.IncorrectTriggerName
 import code.api.v1_2_1._
 import code.api.v2_0_0.BasicAccountsJSON
 import code.api.v2_1_0.{TransactionRequestWithChargeJSON210, TransactionRequestWithChargeJSONs210}
@ -12,7 +13,7 @@ import code.api.v3_0_0.{CustomerAttributeResponseJsonV300, TransactionJsonV300,
 import code.api.v3_1_0._
 import code.entitlement.Entitlement
 import code.setup.{APIResponse, DefaultUsers, ServerSetupWithTestData}
-import com.openbankproject.commons.model.{CreateViewJson, UpdateViewJSON}
+import com.openbankproject.commons.model.{CreateViewJson, ErrorMessage, UpdateViewJSON}
 import dispatch.Req
 import net.liftweb.json.Serialization.write

@ -163,7 +164,7 @@ trait V400ServerSetup extends ServerSetupWithTestData with DefaultUsers {
    createCustomer(consumerAndToken).customer_id
  }
  
-  def createAndGetCustomerAtrributeId (bankId:String, customerId:String, consumerAndToken: Option[(Consumer, Token)], postCustomerAttributeJson: Option[CustomerAttributeJsonV400] = None) = {
+  def createAndGetCustomerAttributeId(bankId:String, customerId:String, consumerAndToken: Option[(Consumer, Token)], postCustomerAttributeJson: Option[CustomerAttributeJsonV400] = None) = {
    lazy val postCustomerAttributeJsonV400 = postCustomerAttributeJson.getOrElse(SwaggerDefinitionsJSON.customerAttributeJsonV400)
    val request400 = (v4_0_0_Request / "banks" / bankId / "customers" / customerId / "attribute").POST <@ (user1)
    Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canCreateCustomerAttributeAtOneBank.toString)
@ -171,7 +172,7 @@ trait V400ServerSetup extends ServerSetupWithTestData with DefaultUsers {
    responseWithRole.body.extract[CustomerAttributeResponseJsonV300].customer_attribute_id
  }

-  def createAndGetTransactionAtrributeId (bankId:String, accountId:String, transactionId:String,  consumerAndToken: Option[(Consumer, Token)]) = {
+  def createAndGetTransactionAttributeId(bankId:String, accountId:String, transactionId:String, consumerAndToken: Option[(Consumer, Token)]) = {
    lazy val postTransactionAttributeJsonV400 = SwaggerDefinitionsJSON.transactionAttributeJsonV400
    val request400 = (v4_0_0_Request / "banks" / bankId / "accounts"/ accountId /"transactions" / transactionId / "attribute").POST <@ (user1)
    Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, canCreateTransactionAttributeAtOneBank.toString)
@ -189,4 +190,20 @@ trait V400ServerSetup extends ServerSetupWithTestData with DefaultUsers {
    response.body.extract[ViewJsonV300]
  }
  
+  def createWebhookV400(bankId: String, 
+                        accountId: String, 
+                        userId: String, 
+                        consumerAndToken: Option[(Consumer, Token)]): AccountWebhookJson = {
+    val postJson = SwaggerDefinitionsJSON.accountWebhookPostJson
+    val entitlement = Entitlement.entitlement.vend.addEntitlement(bankId, userId, CanCreateWebhook.toString)
+    When("We make a request v3.1.0 with a Role " + canCreateWebhook)
+    val request310 = (v4_0_0_Request / "banks" / bankId / "account-web-hooks").POST <@(consumerAndToken)
+    val response310 = makePostRequest(request310, write(postJson.copy(account_id = accountId)))
+    Then("We should get a 201")
+    response310.code should equal(201)
+    Entitlement.entitlement.vend.deleteEntitlement(entitlement)
+    response310.body.extract[AccountWebhookJson]
+  }
+  
+  
 }