Merge remote-tracking branch 'Hongwei/HEAD' into develop

2026-02-06 17:17:09 +00:00 · 2019-10-04 19:05:30 +02:00 · 2019-10-04 19:05:30 +02:00 · 71d47ff23c
commit 71d47ff23c
parent 04361d37e0 a59d3dfb6e
3 changed files with 119 additions and 2 deletions
--- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala
+++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala
@ -9,10 +9,12 @@ import code.api.util.ExampleValue.{dynamicEntityRequestBodyExample, dynamicEntit
 import code.api.util.NewStyle.HttpCode
 import code.api.util._
 import code.api.v1_4_0.JSONFactory1_4_0.{ChallengeAnswerJSON, TransactionRequestAccountJsonV140}
+import code.api.v2_0_0.{EntitlementJSON, EntitlementJSONs, JSONFactory200}
 import code.api.v2_1_0._
 import code.api.v3_1_0.ListResult
 import code.api.{APIFailureNewStyle, ChargePolicy}
 import code.dynamicEntity.DynamicEntityCommons
+import code.entitlement.Entitlement
 import code.model.dataAccess.AuthUser
 import code.model.toUserExtended
 import code.transactionrequests.TransactionRequests.TransactionChallengeTypes._
@ -990,7 +992,7 @@ trait APIMethods400 {
      apiInfoJson400,
      List(UnknownError, "no connector set"),
      Catalogs(Core, notPSD2, OBWG),
-      apiTagApi :: Nil)
+      apiTagApi :: apiTagNewStyle :: Nil)

    lazy val root : OBPEndpoint = {
      case "root" :: Nil JsonGet _ => {
@ -1010,6 +1012,52 @@ trait APIMethods400 {
          }
      }
    }
+
+
+
+    resourceDocs += ResourceDoc(
+      getEntitlements,
+      implementedInApiVersion,
+      "getEntitlements",
+      "GET",
+      "/users/USER_ID/entitlements",
+      "Get Entitlements for User",
+      s"""
+         |
+         |${authenticationRequiredMessage(true)}
+         |
+         |
+      """.stripMargin,
+      emptyObjectJson,
+      entitlementJSONs,
+      List(UserNotLoggedIn, UserHasMissingRoles, UnknownError),
+      Catalogs(notCore, notPSD2, notOBWG),
+      List(apiTagRole, apiTagEntitlement, apiTagUser, apiTagNewStyle),
+      Some(List(canGetEntitlementsForAnyUserAtAnyBank)))
+
+
+    lazy val getEntitlements: OBPEndpoint = {
+      case "users" :: userId :: "entitlements" :: Nil JsonGet _ => {
+        cc =>
+          for {
+            (Full(u), callContext) <- authorizedAccess(cc)
+            _ <- NewStyle.function.hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank, callContext)
+            entitlements <- NewStyle.function.getEntitlementsByUserId(userId, callContext)
+          } yield {
+            var json = EntitlementJSONs(Nil)
+            // Format the data as V2.0.0 json
+            if (isSuperAdmin(userId)) {
+              // If the user is SuperAdmin add it to the list
+              json = EntitlementJSONs(JSONFactory200.createEntitlementJSONs(entitlements).list:::List(EntitlementJSON("", "SuperAdmin", "")))
+            } else {
+              json = JSONFactory200.createEntitlementJSONs(entitlements)
+            }
+            (json, HttpCode.`200`(callContext))
+          }
+      }
+    }
+    
+    
    

  }
--- a/obp-api/src/main/scala/code/api/v4_0_0/OBPAPI4_0_0.scala
+++ b/obp-api/src/main/scala/code/api/v4_0_0/OBPAPI4_0_0.scala
@ -161,7 +161,7 @@ object OBPAPI4_0_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
                          //now in V300 Implementations2_0_0.getCoreAccountById ::
                          //now in V300 Implementations2_0_0.getCoreTransactionsForBankAccount ::
                          // Implementations2_0_0.getCurrentUser ::
-                          Implementations2_0_0.getEntitlements ::
+                          // Implementations2_0_0.getEntitlements ::
                          Implementations2_0_0.getKycChecks ::
                          Implementations2_0_0.getKycDocuments ::
                          Implementations2_0_0.getKycMedia ::
@ -393,6 +393,7 @@ object OBPAPI4_0_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
    Implementations4_0_0.genericEndpoint ::
    Implementations4_0_0.resetPasswordUrl ::
    Implementations4_0_0.root ::
+    Implementations4_0_0.getEntitlements ::
    Nil
  
  def allResourceDocs = MockerConnector.doc ++
--- a/obp-api/src/test/scala/code/api/v4_0_0/EntitlementTests.scala
+++ b/obp-api/src/test/scala/code/api/v4_0_0/EntitlementTests.scala
@ -0,0 +1,68 @@
+package code.api.v4_0_0
+
+import code.api.ErrorMessage
+import code.api.util.ApiRole.CanGetEntitlementsForAnyUserAtAnyBank
+import code.api.util.ErrorMessages.{UserHasMissingRoles, _}
+import code.api.util.{ApiRole, ApiVersion, ErrorMessages}
+import code.entitlement.Entitlement
+import code.setup.DefaultUsers
+import code.api.util.APIUtil.OAuth._
+import code.api.v4_0_0.APIMethods400.Implementations4_0_0
+import com.github.dwickern.macros.NameOf.nameOf
+import org.scalatest.Tag
+
+class EntitlementTests extends V400ServerSetup with DefaultUsers {
+
+   override def beforeAll() {
+     super.beforeAll()
+   }
+
+   override def afterAll() {
+     super.afterAll()
+   }
+
+  /**
+    * Test tags
+    * Example: To run tests with tag "getPermissions":
+    * 	mvn test -D tagsToInclude
+    *
+    *  This is made possible by the scalatest maven plugin
+    */
+  object VersionOfApi extends Tag(ApiVersion.v4_0_0.toString)
+  object ApiEndpoint1 extends Tag(nameOf(Implementations4_0_0.getEntitlements))
+
+  feature("Assuring that endpoint getEntitlements works as expected - v4.0.0") {
+
+    scenario("We try to get entitlements without login - getEntitlements", ApiEndpoint1, VersionOfApi) {
+      When("We make the request")
+      val requestGet = (v4_0_0_Request / "users" / resourceUser1.userId / "entitlements").GET
+      val responseGet = makeGetRequest(requestGet)
+      Then("We should get a 400")
+      responseGet.code should equal(400)
+      And("We should get a message: " + ErrorMessages.UserNotLoggedIn)
+      responseGet.body.extract[ErrorMessage].message should equal (ErrorMessages.UserNotLoggedIn)
+    }
+
+    scenario("We try to get entitlements without credentials - getEntitlements", ApiEndpoint1, VersionOfApi) {
+      When("We make the request")
+      val requestGet = (v4_0_0_Request / "users" / resourceUser1.userId / "entitlements").GET <@ (user1)
+      val responseGet = makeGetRequest(requestGet)
+      Then("We should get a 40")
+      responseGet.code should equal(403)
+      And("We should get a message: " + s"$CanGetEntitlementsForAnyUserAtAnyBank entitlement required")
+      responseGet.body.extract[ErrorMessage].message should equal (UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank)
+    }
+
+    scenario("We try to get entitlements with credentials - getEntitlements", ApiEndpoint1, VersionOfApi) {
+      When("We add required entitlement")
+      Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, ApiRole.CanGetEntitlementsForAnyUserAtAnyBank.toString)
+      And("We make the request")
+      val requestGet = (v4_0_0_Request / "users" / resourceUser1.userId / "entitlements").GET <@ (user1)
+      val responseGet = makeGetRequest(requestGet)
+      Then("We should get a 200")
+      responseGet.code should equal(200)
+    }
+  }
+
+
+ }