artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 16:36:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Renamed authorizeEndpoint => authorizedAccess at docs

Browse Source
This commit is contained in:
Marko Milić 2019-02-15 12:38:33 +01:00
parent 128db6000f
commit 663d385eea
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CONTRIBUTING.md
View File

@ -57,7 +57,7 @@ When naming variables use strict camel case e.g. use myUrl not myURL. This is so
cc => {
for {
// Extract the user from the headers and get an updated callContext
(Full(u), callContext) <- authorizeEndpoint(UserNotLoggedIn, cc)
(Full(u), callContext) <- authorizedAccess(UserNotLoggedIn, cc)
// Now here is the business logic.
// Get The customers related to a user. Process the resonse which might be an Exception
(customers,callContext) <- Connector.connector.vend.getCustomersByUserIdFuture(u.userId, callContext) map {
@ -79,7 +79,7 @@ When naming variables use strict camel case e.g. use myUrl not myURL. This is so
cc =>
for {
// 1. makes sure the user which attempts to use the endpoint is authorized
(Full(u), callContext) <- authorizeEndpoint(UserNotLoggedIn, cc)
(Full(u), callContext) <- authorizedAccess(UserNotLoggedIn, cc)
// 2. makes sure the user which attempts to use the endpoint is allowed to consume it
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements)
// 3. checks the endpoint constraints
@ -90,11 +90,11 @@ When naming variables use strict camel case e.g. use myUrl not myURL. This is so
Please note that that checks at an endpoint should be applied only in case an user is authorized and has privilege to consume the endpoint. Otherwise we can reveal sensitive data to the user. For instace if we reorder the checks in next way:
```scala
// 1. makes sure the user which attempts to use the endpoint is authorized
(Full(u), callContext) <- authorizeEndpoint(UserNotLoggedIn, cc)
(Full(u), callContext) <- authorizedAccess(UserNotLoggedIn, cc)
// 3. checks the endpoint constraints
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
failMsg = s"$InvalidJsonFormat The Json body should be the $PostPutProductJsonV310 "
(Full(u), callContext) <- authorizeEndpoint(UserNotLoggedIn, cc)
(Full(u), callContext) <- authorizedAccess(UserNotLoggedIn, cc)
// 2. makes sure the user which attempts to use the endpoint is allowed to consume it
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements)
```