From 609d4e772cdfc4f8e5ca8e58d635d5d4b5662160 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Fri, 25 Sep 2020 15:48:51 +0200
Subject: [PATCH] feature/Add Props for default entitlements given to new
 users.

---
 .../resources/props/sample.props.template     |  9 ++++-
 .../main/scala/code/api/util/APIUtil.scala    | 21 ++++++++++++
 .../code/model/dataAccess/AuthUser.scala      | 34 +++++++++++++++++++
 3 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template
index 0529e157d..5357da1c2 100644
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@@ -869,4 +869,11 @@ outboundAdapterCallContext.generalContext
 #hydra_admin_url=http://127.0.0.1:4445
 #hydra_client_id=auth-code-client
 #hydra_client_scope=openid,offline
-# ------------------------------ Hydra oauth2 props end ------------------------------
\ No newline at end of file
+# ------------------------------ Hydra oauth2 props end ------------------------------
+
+# ------------------------------ default entitlements ------------------------------
+## the default entitlements list, you can added the roles here.
+#entitlement_list_1=[] 
+# when new User is validated, grant the following role list to that user.
+#new_user_entitlement_list=entitlement_list_1
+# ------------------------------ default entitlements end ------------------------------
\ No newline at end of file
diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala
index c48c1a5f6..9f92c3c1c 100644
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@@ -41,6 +41,7 @@ import code.api.builder.OBP_APIBuilder
 import code.api.oauth1a.Arithmetics
 import code.api.oauth1a.OauthParams._
 import code.api.sandbox.SandboxApiCalls
+import code.api.util.ApiRole.valueOf
 import code.api.util.ApiTag.{ResourceDocTag, apiTagBank, apiTagNewStyle}
 import code.api.util.Glossary.GlossaryItem
 import code.api.util.RateLimitingJson.CallLimit
@@ -54,6 +55,7 @@ import code.methodrouting.MethodRoutingProvider
 import code.metrics._
 import code.model._
 import code.model.dataAccess.AuthUser
+import code.model.dataAccess.AuthUser.{getResourceUserByUsername, logger}
 import code.ratelimiting.{RateLimiting, RateLimitingDI}
 import code.sanitycheck.SanityCheck
 import code.scope.Scope
@@ -3427,4 +3429,23 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
   }
 
   val glossaryDocsRequireRole = APIUtil.getPropsAsBoolValue("glossary_requires_role", false)
+  
+  def grantDefaultEntitlementsToNewUser(userId: String) ={
+    /**
+     * 
+     * The props are following:
+     * entitlement_list_1=[CanGetConfig, CanCreateAccount]
+     * new_user_entitlement_list=entitlement_list_1
+     * 
+     * defaultEntitlements will get the role from new_user_entitlement_list--> entitlement_list_1--> [CanGetConfig, CanCreateAccount]
+     */
+    val defaultEntitlements = APIUtil.getPropsValue(APIUtil.getPropsValue("new_user_entitlement_list","")).getOrElse("").replace("[", "").replace("]", "").split(",").toList.filter(_.nonEmpty)
+
+   try{
+      defaultEntitlements.map(ApiRole.valueOf(_).toString()).map(Entitlement.entitlement.vend.addEntitlement("", userId, _))
+    } catch {
+      case e: Throwable => logger.error(s"Please check props `new_user_entitlement_list`, ${e.getMessage}. your props value is ($defaultEntitlements)") 
+    }
+
+  }
 }
diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
index 80f00d85a..d8091bd1f 100644
--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@@ -539,7 +539,41 @@ import net.liftweb.util.Helpers._
         generateValidationEmailBodies(user, resetLink) :::
         (bccEmail.toList.map(BCC(_))) :_* )
   }
+  
+   private def grantDefaultEntitlementsToAuthUser(user: TheUserType) = {
+     tryo{getResourceUserByUsername(user.username.get).head.userId} match {
+       case Full(userId)=>APIUtil.grantDefaultEntitlementsToNewUser(userId)
+       case _ => logger.error("Can not getResourceUserByUsername here, so it breaks the grantDefaultEntitlementsToNewUser process.")
+     }
+   }
+  
+  override def validateUser(id: String): NodeSeq = findUserByUniqueId(id) match {
+    case Full(user) if !user.validated_? =>
+      user.setValidated(true).resetUniqueId().save
+      grantDefaultEntitlementsToAuthUser(user)
+      logUserIn(user, () => {
+        S.notice(S.?("account.validated"))
+        S.redirectTo(homePage)
+      })
 
+    case _ => S.error(S.?("invalid.validation.link")); S.redirectTo(homePage)
+  }
+  
+  override def actionsAfterSignup(theUser: TheUserType, func: () => Nothing): Nothing = {
+    theUser.setValidated(skipEmailValidation).resetUniqueId()
+    theUser.save
+    if (!skipEmailValidation) {
+      sendValidationEmail(theUser)
+      S.notice(S.?("sign.up.message"))
+      func()
+    } else {
+      grantDefaultEntitlementsToAuthUser(theUser)
+      logUserIn(theUser, () => {
+        S.notice(S.?("welcome"))
+        func()
+      })
+    }
+  }
   /**
    * Set this to redirect to a certain page after a failed login
    */