feature/Add Props for default entitlements given to new users.

2026-02-06 15:27:01 +00:00 · 2020-09-25 15:48:51 +02:00 · 2020-09-25 15:48:51 +02:00 · 609d4e772c
commit 609d4e772c
parent ffe48fe437
3 changed files with 63 additions and 1 deletions
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@ -869,4 +869,11 @@ outboundAdapterCallContext.generalContext
 #hydra_admin_url=http://127.0.0.1:4445
 #hydra_client_id=auth-code-client
 #hydra_client_scope=openid,offline
-# ------------------------------ Hydra oauth2 props end ------------------------------
+# ------------------------------ Hydra oauth2 props end ------------------------------
+
+# ------------------------------ default entitlements ------------------------------
+## the default entitlements list, you can added the roles here.
+#entitlement_list_1=[] 
+# when new User is validated, grant the following role list to that user.
+#new_user_entitlement_list=entitlement_list_1
+# ------------------------------ default entitlements end ------------------------------
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@ -41,6 +41,7 @@ import code.api.builder.OBP_APIBuilder
 import code.api.oauth1a.Arithmetics
 import code.api.oauth1a.OauthParams._
 import code.api.sandbox.SandboxApiCalls
+import code.api.util.ApiRole.valueOf
 import code.api.util.ApiTag.{ResourceDocTag, apiTagBank, apiTagNewStyle}
 import code.api.util.Glossary.GlossaryItem
 import code.api.util.RateLimitingJson.CallLimit
@ -54,6 +55,7 @@ import code.methodrouting.MethodRoutingProvider
 import code.metrics._
 import code.model._
 import code.model.dataAccess.AuthUser
+import code.model.dataAccess.AuthUser.{getResourceUserByUsername, logger}
 import code.ratelimiting.{RateLimiting, RateLimitingDI}
 import code.sanitycheck.SanityCheck
 import code.scope.Scope
@ -3427,4 +3429,23 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
  }

  val glossaryDocsRequireRole = APIUtil.getPropsAsBoolValue("glossary_requires_role", false)
+  
+  def grantDefaultEntitlementsToNewUser(userId: String) ={
+    /**
+     * 
+     * The props are following:
+     * entitlement_list_1=[CanGetConfig, CanCreateAccount]
+     * new_user_entitlement_list=entitlement_list_1
+     * 
+     * defaultEntitlements will get the role from new_user_entitlement_list--> entitlement_list_1--> [CanGetConfig, CanCreateAccount]
+     */
+    val defaultEntitlements = APIUtil.getPropsValue(APIUtil.getPropsValue("new_user_entitlement_list","")).getOrElse("").replace("[", "").replace("]", "").split(",").toList.filter(_.nonEmpty)
+
+   try{
+      defaultEntitlements.map(ApiRole.valueOf(_).toString()).map(Entitlement.entitlement.vend.addEntitlement("", userId, _))
+    } catch {
+      case e: Throwable => logger.error(s"Please check props `new_user_entitlement_list`, ${e.getMessage}. your props value is ($defaultEntitlements)") 
+    }
+
+  }
 }
--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@ -539,7 +539,41 @@ import net.liftweb.util.Helpers._
        generateValidationEmailBodies(user, resetLink) :::
        (bccEmail.toList.map(BCC(_))) :_* )
  }
+  
+   private def grantDefaultEntitlementsToAuthUser(user: TheUserType) = {
+     tryo{getResourceUserByUsername(user.username.get).head.userId} match {
+       case Full(userId)=>APIUtil.grantDefaultEntitlementsToNewUser(userId)
+       case _ => logger.error("Can not getResourceUserByUsername here, so it breaks the grantDefaultEntitlementsToNewUser process.")
+     }
+   }
+  
+  override def validateUser(id: String): NodeSeq = findUserByUniqueId(id) match {
+    case Full(user) if !user.validated_? =>
+      user.setValidated(true).resetUniqueId().save
+      grantDefaultEntitlementsToAuthUser(user)
+      logUserIn(user, () => {
+        S.notice(S.?("account.validated"))
+        S.redirectTo(homePage)
+      })

+    case _ => S.error(S.?("invalid.validation.link")); S.redirectTo(homePage)
+  }
+  
+  override def actionsAfterSignup(theUser: TheUserType, func: () => Nothing): Nothing = {
+    theUser.setValidated(skipEmailValidation).resetUniqueId()
+    theUser.save
+    if (!skipEmailValidation) {
+      sendValidationEmail(theUser)
+      S.notice(S.?("sign.up.message"))
+      func()
+    } else {
+      grantDefaultEntitlementsToAuthUser(theUser)
+      logUserIn(theUser, () => {
+        S.notice(S.?("welcome"))
+        func()
+      })
+    }
+  }
  /**
   * Set this to redirect to a certain page after a failed login
   */