diff --git a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala index 610747fc5..f980fbfea 100644 --- a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala +++ b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala @@ -467,6 +467,7 @@ object ErrorMessages { val DeleteCounterpartyError = "OBP-30317: Could not delete the Counterparty." val DeleteCounterpartyMetadataError = "OBP-30318: Could not delete CounterpartyMetadata" + val UpdateBankAccountLabelError = "OBP-30319: Could not update Bank Account Label." // Branch related messages val BranchesNotFoundLicense = "OBP-32001: No branches available. License may not be set." diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala index 75271380f..abecac516 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala @@ -23,6 +23,7 @@ object MigrationOfViewDefinitionPermissions { .canSeeTransactionRequestTypes_(true) .canSeeTransactionRequests_(true) .canSeeAvailableViewsForBankAccount_(true) + .canUpdateBankAccountLabel_(true) .save ).head @@ -35,6 +36,7 @@ object MigrationOfViewDefinitionPermissions { |${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName} |${ViewDefinition.canSeeTransactionRequests_.dbColumnName} |${ViewDefinition.canSeeAvailableViewsForBankAccount_.dbColumnName} + |${ViewDefinition.canUpdateBankAccountLabel_.dbColumnName} |Duration: ${endDate - startDate} ms; """.stripMargin saveLog(name, commitId, isSuccessful, startDate, endDate, comment) diff --git a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala index 263880bae..02da45806 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala @@ -494,8 +494,21 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) json <- NewStyle.function.tryons(InvalidJsonFormat, 400, callContext) { json.extract[UpdateAccountJSON] } (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) + anyViewContainsCanUpdateBankAccountLabelPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) + .map(_.views.map(_.canUpdateBankAccountLabel).find(_.==(true)).getOrElse(false)).getOrElse(false) + _ <- Helper.booleanToFuture( + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canUpdateBankAccountLabel_.dbColumnName}` permission on any your views", + cc = callContext + ) { + anyViewContainsCanUpdateBankAccountLabelPermission + } + (success, callContext) <- Future{ + Connector.connector.vend.updateAccountLabel(bankId, accountId, json.label) + } map { i => + (unboxFullOrFail(i, callContext, + s"$UpdateBankAccountLabelError Current BankId is $bankId and Current AccountId is $accountId", 404), callContext) + } } yield { - account.updateLabel(u, json.label,callContext) (successMessage, HttpCode.`200`(callContext)) } } diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index 76220504e..0d158d618 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -2779,8 +2779,20 @@ trait APIMethods400 { json <- NewStyle.function.tryons(failMsg, 400, callContext) { json.extract[UpdateAccountJsonV400] } + anyViewContainsCanUpdateBankAccountLabelPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) + .map(_.views.map(_.canUpdateBankAccountLabel).find(_.==(true)).getOrElse(false)).getOrElse(false) + _ <- Helper.booleanToFuture( + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canUpdateBankAccountLabel_.dbColumnName}` permission on any your views", + cc = callContext + ) { + anyViewContainsCanUpdateBankAccountLabelPermission + } + (success, callContext) <- Future { + Connector.connector.vend.updateAccountLabel(bankId, accountId, json.label) + } map { i => + (unboxFullOrFail(i, callContext, s"$UpdateBankAccountLabelError Current BankId is $bankId and Current AccountId is $accountId", 404), callContext) + } } yield { - account.updateLabel(u, json.label, callContext) (Extraction.decompose(successMessage), HttpCode.`200`(callContext)) } } diff --git a/obp-api/src/main/scala/code/model/BankingData.scala b/obp-api/src/main/scala/code/model/BankingData.scala index 0dbef2ff3..80d45118f 100644 --- a/obp-api/src/main/scala/code/model/BankingData.scala +++ b/obp-api/src/main/scala/code/model/BankingData.scala @@ -162,15 +162,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable Failure(UserNoOwnerView+"user's email : " + user.emailAddress + ". account : " + accountId, Empty, Empty) } } - - final def updateLabel(user : User, label : String, callContext: Option[CallContext]): Box[Boolean] = { - if(user.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), callContext)){ - Connector.connector.vend.updateAccountLabel(bankId, accountId, label) - } else { - Failure(UserNoOwnerView+"user's email : " + user.emailAddress + ". account : " + accountId, Empty, Empty) - } - } - + /** * Note: There are two types of account-owners in OBP: the OBP users and the customers(in a real bank, these should from Main Frame) * diff --git a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala index b043ff974..0108fd6a1 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala @@ -271,6 +271,9 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with object canSeeBankAccountLabel_ extends MappedBoolean(this){ override def defaultValue = false } + object canUpdateBankAccountLabel_ extends MappedBoolean(this){ + override def defaultValue = false + } object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){ override def defaultValue = false } @@ -485,6 +488,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get def canQueryAvailableFunds : Boolean = canQueryAvailableFunds_.get def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get + def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get def canSeeBankAccountSwift_bic : Boolean = canSeeBankAccountSwift_bic_.get def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index e0b94a62a..e29229f65 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -793,6 +793,7 @@ object MapperViews extends Views with MdcLoggable { .canSeeAvailableViewsForBankAccount_(false) .canSeeTransactionRequests_(true) .canSeeTransactionRequestTypes_(true) + .canUpdateBankAccountLabel_(true) viewId match { case SYSTEM_OWNER_VIEW_ID => @@ -879,16 +880,16 @@ object MapperViews extends Views with MdcLoggable { canAddPrivateAlias_(true). canAddCounterparty_(true). canGetCounterparty_(true). - canDeleteCounterparty_(true). - canDeleteCorporateLocation_(true). - canDeletePhysicalLocation_(true). + canDeleteCounterparty_(false). + canDeleteCorporateLocation_(false). + canDeletePhysicalLocation_(false). canEditOwnerComment_(true). canAddComment_(true). - canDeleteComment_(true). + canDeleteComment_(false). canAddTag_(true). - canDeleteTag_(true). + canDeleteTag_(false). canAddImage_(true). - canDeleteImage_(true). + canDeleteImage_(false). canAddWhereTag_(true). canSeeWhereTag_(true). canSeeBankRoutingScheme_(true). //added following in V300 @@ -900,7 +901,10 @@ object MapperViews extends Views with MdcLoggable { canSeeOtherAccountRoutingScheme_(true). canSeeOtherAccountRoutingAddress_(true). canAddTransactionRequestToOwnAccount_(false). //added following two for payments - canAddTransactionRequestToAnyAccount_(false) + canAddTransactionRequestToAnyAccount_(false). + canSeeTransactionRequests_(false). + canSeeTransactionRequestTypes_(false). + canUpdateBankAccountLabel_(false) } def createAndSaveDefaultPublicCustomView(bankId : BankId, accountId: AccountId, description: String) : Box[View] = { diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index 83ad820e7..773902977 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -126,6 +126,9 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many object canSeeBankAccountLabel_ extends MappedBoolean(this){ override def defaultValue = false } + object canUpdateBankAccountLabel_ extends MappedBoolean(this){ + override def defaultValue = false + } object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){ override def defaultValue = false } @@ -403,6 +406,10 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many canSeeBankAccountCreditLimit_(actions.exists(_ == "can_see_bank_account_credit_limit")) canCreateDirectDebit_(actions.exists(_ == "can_create_direct_debit")) canCreateStandingOrder_(actions.exists(_ == "can_create_standing_order")) + canSeeTransactionRequests_(actions.exists(_ == "can_see_transaction_requests")) + canSeeTransactionRequestTypes_(actions.exists(_ == "can_see_transaction_request_types")) + canUpdateBankAccountLabel_(actions.exists(_ == "can_update_bank_account_label")) + canSeeAvailableViewsForBankAccount_(actions.exists(_ == "can_see_available_views_for_bank_account")) } @@ -471,6 +478,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get def canQueryAvailableFunds : Boolean = canQueryAvailableFunds_.get def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get + def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get def canSeeBankAccountSwift_bic : Boolean = canSeeBankAccountSwift_bic_.get def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get diff --git a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala index 03f96341a..a25c145db 100644 --- a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala +++ b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala @@ -131,6 +131,10 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { canAddTransactionRequestToOwnAccount_(false). //added following two for payments canAddTransactionRequestToAnyAccount_(false). canSeeBankAccountCreditLimit_(true). + canSeeTransactionRequests_(false). + canSeeTransactionRequestTypes_(false). + canUpdateBankAccountLabel_(false). + canSeeAvailableViewsForBankAccount_(false). saveMe } } diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index 0ee0f5a32..998ca7789 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -297,6 +297,7 @@ trait View { def canSeeBankAccountOwners: Boolean def canSeeBankAccountType: Boolean + def canUpdateBankAccountLabel: Boolean def canSeeBankAccountBalance: Boolean