refactor/remove hasOwnerViewAccess replace with specific view permissions- tweaked the logics

2026-02-06 18:46:46 +00:00 · 2023-06-14 21:14:14 +08:00 · 2023-06-14 21:14:14 +08:00 · 838cf25a2e
commit 838cf25a2e
parent 6e24d3ceb0
16 changed files with 139 additions and 47 deletions
--- a/obp-api/src/main/scala/code/api/util/NewStyle.scala
+++ b/obp-api/src/main/scala/code/api/util/NewStyle.scala
@ -524,6 +524,11 @@ object NewStyle extends MdcLoggable{
    } map { fullBoxOrException(_)
    } map { unboxFull(_) } 
    
+    def permission(bankId: BankId,accountId: AccountId, user: User, callContext: Option[CallContext]) = Future {
+      Views.views.vend.permission(BankIdAccountId(bankId, accountId), user)
+    } map { fullBoxOrException(_)
+    } map { unboxFull(_) } 
+    
    def removeView(account: BankAccount, user: User, viewId: ViewId, callContext: Option[CallContext]) = Future {
      account.removeView(user, viewId, callContext)
    } map { fullBoxOrException(_)
--- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala
+++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala
@ -63,6 +63,7 @@ object Migration extends MdcLoggable {
      dummyScript()
      addAccountAccessConsumerId()
      populateTableViewDefinition()
+      populateMigrationOfViewDefinitionPermissions()
      populateTableAccountAccess()
      generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier)
      generateAndPopulateMissingConsumersUUIDs(startedBeforeSchemifier)
@ -127,6 +128,14 @@ object Migration extends MdcLoggable {
      }
    }  
    
+
+    private def populateMigrationOfViewDefinitionPermissions(): Boolean = {
+      val name = nameOf(populateMigrationOfViewDefinitionPermissions)
+      runOnce(name) {
+        MigrationOfViewDefinitionPermissions.populate(name)
+      }
+    }  
+    
    private def generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier: Boolean): Boolean = {
      if(startedBeforeSchemifier == true) {
        logger.warn(s"Migration.database.generateAndPopulateMissingCustomerUUIDs(true) cannot be run before Schemifier.")
--- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
+++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
@ -0,0 +1,50 @@
+package code.api.util.migration
+
+import code.api.Constant.SYSTEM_OWNER_VIEW_ID
+import code.api.util.APIUtil
+import code.api.util.migration.Migration.{DbFunction, saveLog}
+import code.views.system.ViewDefinition
+import net.liftweb.mapper.{By, DB, NullRef}
+import net.liftweb.util.DefaultConnectionIdentifier
+
+object MigrationOfViewDefinitionPermissions {
+  def populate(name: String): Boolean = {
+    DbFunction.tableExists(ViewDefinition, (DB.use(DefaultConnectionIdentifier){ conn => conn})) match {
+      case true =>
+        val startDate = System.currentTimeMillis()
+        val commitId: String = APIUtil.gitCommit
+        val ownerView = ViewDefinition.find(
+          NullRef(ViewDefinition.bank_id),
+          NullRef(ViewDefinition.account_id),
+          By(ViewDefinition.view_id, SYSTEM_OWNER_VIEW_ID),
+          By(ViewDefinition.isSystem_,true)
+        ).map(view => 
+          view
+//            .canSeeTransactionRequests_(true)
+//            .canSeeAvailableViewsForBankAccount_(true)
+            .save
+        ).head
+
+      
+        val isSuccessful = ownerView
+        val endDate = System.currentTimeMillis()
+
+        val comment: String =
+          s"""ViewDefinition system owner view, update the following rows to true:
+             |canSeeTransactionRequests_
+             |Duration: ${endDate - startDate} ms;
+             """.stripMargin
+        saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
+        isSuccessful
+      case false =>
+        val startDate = System.currentTimeMillis()
+        val commitId: String = APIUtil.gitCommit
+        val isSuccessful = false
+        val endDate = System.currentTimeMillis()
+        val comment: String =
+          s"""ViewDefinition does not exist!""".stripMargin
+        saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
+        isSuccessful
+    }
+  }
+}
--- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala
+++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala
@ -4,7 +4,6 @@ import java.net.URL
 import java.util.Random
 import java.security.SecureRandom
 import java.util.UUID.randomUUID
-
 import com.tesobe.CacheKeyFromArguments
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
 import code.api.cache.Caching
@ -20,6 +19,7 @@ import code.model.{BankAccountX, BankX, ModeratedTransactionMetadata, toBankAcco
 import code.util.Helper
 import code.util.Helper.booleanToBox
 import code.views.Views
+import code.views.system.ViewDefinition
 import com.google.common.cache.CacheBuilder
 import com.openbankproject.commons.model.{Bank, UpdateViewJSON, _}
 import com.openbankproject.commons.util.ApiVersion
@ -544,8 +544,12 @@ trait APIMethods121 {
          for {
            u <- cc.user ?~  UserNotLoggedIn
            bankAccount <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
-            ownerView <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId, bankAccount.accountId), None)
-            _ <- Helper.booleanToBox(ownerView.canSeeBankAccountAllViews, s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View")
+            permission <- Views.views.vend.permission(BankIdAccountId(bankAccount.bankId, bankAccount.accountId), u)
+            anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false)
+            _ <- Helper.booleanToBox(
+              anyViewContainsCanSeeAvailableViewsForBankAccountPermission, 
+              s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeAvailableViewsForBankAccount.toString}` permission on any your views"
+            )
            views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId)))
          } yield {
            val viewsJSON = JSONFactory.createViewsJSON(views)
--- a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
+++ b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
@ -1,5 +1,6 @@
 package code.api.v1_4_0

+import code.api.Constant.SYSTEM_OWNER_VIEW_ID
 import code.api.util.ApiRole._
 import code.api.util.ApiTag._
 import code.api.util.NewStyle.HttpCode
@ -13,6 +14,7 @@ import code.customer.CustomerX
 import code.usercustomerlinks.UserCustomerLink
 import code.util.Helper
 import code.views.Views
+import code.views.system.ViewDefinition
 import com.github.dwickern.macros.NameOf.nameOf
 import com.openbankproject.commons.model._
 import com.openbankproject.commons.util.ApiVersion
@ -463,8 +465,11 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
              u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
              (bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {ErrorMessages.BankNotFound}
              fromAccount <- BankAccountX(bankId, accountId) ?~! {ErrorMessages.AccountNotFound}
-              ownerView <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), None)
-              _ <- Helper.booleanToBox(ownerView.canSeeTransactionRequestThisBankAccount, s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionRequestThisBankAccount` access for the Owner View")
+              view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext)
+              _ <- Helper.booleanToBox(
+                view.canSeeTransactionRequests, 
+                s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeTransactionRequests.toString}` permission on the View(${viewId.value})"
+              )
              transactionRequests <- Connector.connector.vend.getTransactionRequests(u, fromAccount, callContext)
            }
            yield {
--- a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala
+++ b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala
@ -27,6 +27,7 @@ import code.usercustomerlinks.UserCustomerLink
 import code.users.Users
 import code.util.Helper.booleanToBox
 import code.views.Views
+import code.views.system.ViewDefinition
 import com.openbankproject.commons.model._
 import com.openbankproject.commons.model.enums.ChallengeType
 import com.openbankproject.commons.util.ApiVersion
@ -713,8 +714,8 @@ trait APIMethods210 {
              u <- cc.user ?~ UserNotLoggedIn
              (bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {BankNotFound}
              (fromAccount, callContext) <- BankAccountX(bankId, accountId, Some(cc)) ?~! {AccountNotFound}
-              ownerView <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
-              _ <- Helper.booleanToBox(ownerView.canSeeTransactionRequestThisBankAccount, s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionRequestThisBankAccount` access for the Owner View")
+              view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext)
+              _ <- Helper.booleanToBox(view.canSeeTransactionRequests, s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeTransactionRequests.toString}` permission on the View(${viewId.value} )")
              (transactionRequests,callContext) <- Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext)
            }
              yield {
--- a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala
+++ b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala
@ -1,6 +1,7 @@
 package code.api.v2_2_0

 import code.api.Constant.SYSTEM_OWNER_VIEW_ID
+
 import java.util.Date
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
 import code.api.util.APIUtil._
@ -23,6 +24,7 @@ import code.model.dataAccess.BankAccountCreation
 import code.util.Helper
 import code.util.Helper._
 import code.views.Views
+import code.views.system.ViewDefinition
 import com.openbankproject.commons.model._
 import net.liftweb.common.{Empty, Full}
 import net.liftweb.http.rest.RestHelper
@ -100,9 +102,13 @@ trait APIMethods220 {
          for {
            (Full(u), callContext) <- authenticatedAccess(cc)
            (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
-            ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(u), cc.callContext)
-            _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc = cc.callContext) {
-              ownerView.canSeeBankAccountAllViews
+            permission <- NewStyle.function.permission(bankId, accountId, u, callContext)
+            anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false)
+            _ <- Helper.booleanToFuture(
+              s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeAvailableViewsForBankAccount.toString}` permission on any your views",
+              cc= callContext
+            ){
+              anyViewContainsCanSeeAvailableViewsForBankAccountPermission
            }
            views <- Future(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId)))
          } yield {
--- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala
+++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala
@ -110,9 +110,13 @@ trait APIMethods300 {
            for {
              (Full(u), callContext) <-  authenticatedAccess(cc)
              (bankAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
-              ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(code.api.Constant.SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(u), cc.callContext)
-              _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc = cc.callContext) {
-                ownerView.canSeeBankAccountAllViews
+              permission <- NewStyle.function.permission(bankId, accountId, u, callContext)
+              anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false)
+              _ <- Helper.booleanToFuture(
+                s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${code.views.system.ViewDefinition.canSeeAvailableViewsForBankAccount.toString}` permission on any your views",
+                cc = callContext
+              ) {
+                anyViewContainsCanSeeAvailableViewsForBankAccountPermission
              }
            } yield {
              for {
--- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
+++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
@ -6,7 +6,6 @@ import code.api.Constant.{SYSTEM_OWNER_VIEW_ID, localIdentityProvider}
 import java.text.SimpleDateFormat
 import java.util.UUID
 import java.util.regex.Pattern
-
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
 import code.api.ResourceDocs1_4_0.{MessageDocsSwaggerDefinitions, ResourceDocsAPIMethodsUtil, SwaggerDefinitionsJSON, SwaggerJSONFactory}
 import code.api.util.APIUtil.{getWebUIPropsPairs, _}
@ -40,6 +39,7 @@ import code.userlocks.{UserLocks, UserLocksProvider}
 import code.users.Users
 import code.util.Helper
 import code.views.Views
+import code.views.system.ViewDefinition
 import code.webhook.AccountWebhook
 import code.webuiprops.{MappedWebUiPropsProvider, WebUiPropsCommons}
 import com.github.dwickern.macros.NameOf.nameOf
@ -1086,9 +1086,11 @@ trait APIMethods310 {
            _ <- NewStyle.function.isEnabledTransactionRequests(callContext)
            (_, callContext) <- NewStyle.function.getBank(bankId, callContext)
            (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
-            ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(u), cc.callContext)
-            _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionRequestThisBankAccount` access for the Owner View", cc = cc.callContext) {
-              ownerView.canSeeTransactionRequestThisBankAccount
+            view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext)
+            _ <- Helper.booleanToFuture(
+              s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeTransactionRequests.toString}` permission on the View(${viewId.value})",
+              cc=callContext){
+              view.canSeeTransactionRequests
            }
            (transactionRequests, callContext) <- Future(Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext)) map {
              unboxFullOrFail(_, callContext, GetTransactionRequestsException)
--- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala
+++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala
@ -75,6 +75,7 @@ import code.util.Helper.booleanToFuture
 import code.util.{Helper, JsonSchemaUtil}
 import code.validation.JsonValidation
 import code.views.Views
+import code.views.system.ViewDefinition
 import code.webhook.{AccountWebhook, BankAccountNotificationWebhookTrait, SystemAccountNotificationWebhookTrait}
 import code.webuiprops.MappedWebUiPropsProvider.getWebUiPropsValue
 import com.github.dwickern.macros.NameOf.nameOf
@ -5150,9 +5151,11 @@ trait APIMethods400 {
          for {
            (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView
            _ <- NewStyle.function.isEnabledTransactionRequests(callContext)
-            ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(u), cc.callContext)
-            _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionRequestThisBankAccount` access for the Owner View", cc = cc.callContext) {
-              ownerView.canSeeTransactionRequestThisBankAccount
+            view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext)
+            _ <- Helper.booleanToFuture(
+              s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeTransactionRequests.toString}` permission on the View(${viewId.value})",
+              cc = callContext) {
+              view.canSeeTransactionRequests
            }
            (transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(requestId, callContext)
          } yield {
--- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
+++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
@ -1,7 +1,6 @@
 package code.api.v5_0_0

 import java.util.concurrent.ThreadLocalRandom
-
 import code.accountattribute.AccountAttributeX
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
 import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
@ -40,12 +39,12 @@ import net.liftweb.json
 import net.liftweb.json.{Extraction, compactRender, prettyRender}
 import net.liftweb.util.Helpers.tryo
 import net.liftweb.util.{Helpers, Props}
-import java.util.concurrent.ThreadLocalRandom

+import java.util.concurrent.ThreadLocalRandom
 import code.accountattribute.AccountAttributeX
 import code.api.Constant.SYSTEM_OWNER_VIEW_ID
 import code.util.Helper.booleanToFuture
-import code.views.system.AccountAccess
+import code.views.system.{AccountAccess, ViewDefinition}

 import scala.collection.immutable.{List, Nil}
 import scala.collection.mutable.ArrayBuffer
@ -1592,9 +1591,13 @@ trait APIMethods500 {
          val res =
            for {
              (Full(u), callContext) <- SS.user
-              ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(u), cc.callContext)
-              _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc=cc.callContext){
-                ownerView.canSeeBankAccountAllViews
+              permission <- NewStyle.function.permission(bankId, accountId, u, callContext)
+              anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false)
+              _ <- Helper.booleanToFuture(
+                s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeAvailableViewsForBankAccount.toString}` permission on any your views",
+                cc = callContext
+              ) {
+                anyViewContainsCanSeeAvailableViewsForBankAccountPermission
              }
            } yield {
              for {
--- a/obp-api/src/main/scala/code/model/View.scala
+++ b/obp-api/src/main/scala/code/model/View.scala
@ -354,7 +354,7 @@ case class ViewExtended(val view: View) {
      )
    }
    else
-      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionThisBankAccount` access for the view(${view.viewId.value})")
+      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionThisBankAccount` permission on the view(${view.viewId.value})")
  }

  @deprecated("This have the performance issue, call `Connector.connector.vend.getBankLegacy` four times in the backend. use @moderateAccount instead ","08-01-2020")
@ -402,7 +402,7 @@ case class ViewExtended(val view: View) {
      )
    }
    else
-      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionThisBankAccount` access for the view(${view.viewId.value})")
+      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionThisBankAccount` permission on the view(${view.viewId.value})")
  }

  def moderateAccountCore(bankAccount: BankAccount) : Box[ModeratedBankAccountCore] = {
@ -435,7 +435,7 @@ case class ViewExtended(val view: View) {
      )
    }
    else
-      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionThisBankAccount` access for the view(${view.viewId.value})")
+      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionThisBankAccount` permission on the view(${view.viewId.value})")
  }

  // Moderate the Counterparty side of the Transaction (i.e. the Other Account involved in the transaction)
@ -558,7 +558,7 @@ case class ViewExtended(val view: View) {
      )
    }
    else
-      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionOtherBankAccount` access for the view(${view.viewId.value})")
+      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionOtherBankAccount` permission on the view(${view.viewId.value})")
  }

  def moderateCore(counterpartyCore : CounterpartyCore) : Box[ModeratedOtherBankAccountCore] = {
@ -607,6 +607,6 @@ case class ViewExtended(val view: View) {
      )
    }
    else
-      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionOtherBankAccount` access for the view(${view.viewId.value})")
+      Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeTransactionOtherBankAccount` permission on the view(${view.viewId.value})")
  }
 }
--- a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
@ -204,7 +204,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
    override def defaultValue = false
  }

-  object canSeeTransactionRequestThisBankAccount_ extends MappedBoolean(this){
+  object canSeeTransactionRequests_ extends MappedBoolean(this){
    override def defaultValue = false
  }
  object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
@ -249,8 +249,8 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
  object canSeeBankAccountOwners_ extends MappedBoolean(this){
    override def defaultValue = false
  }
-  object canSeeBankAccountAllViews_ extends MappedBoolean(this){
-    override def defaultValue = false
+  object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){
+    override def defaultValue = true
  }
  object canSeeBankAccountType_ extends MappedBoolean(this){
    override def defaultValue = false
@ -455,7 +455,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with

  //transaction fields
  def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
-  def canSeeTransactionRequestThisBankAccount : Boolean = canSeeTransactionRequestThisBankAccount_.get
+  def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
  def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
  def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
  def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
@ -473,7 +473,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
  def canSeeImages : Boolean = canSeeImages_.get

  //Bank account fields
-  def canSeeBankAccountAllViews : Boolean = canSeeBankAccountAllViews_.get
+  def canSeeAvailableViewsForBankAccount : Boolean = canSeeAvailableViewsForBankAccount_.get
  def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get
  def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get
  def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get
--- a/obp-api/src/main/scala/code/views/MapperViews.scala
+++ b/obp-api/src/main/scala/code/views/MapperViews.scala
@ -790,14 +790,14 @@ object MapperViews extends Views with MdcLoggable {
      .canSeeOtherAccountRoutingAddress_(true)
      .canAddTransactionRequestToOwnAccount_(true) //added following two for payments
      .canAddTransactionRequestToAnyAccount_(true)
-      .canSeeBankAccountAllViews_(false)
-      .canSeeTransactionRequestThisBankAccount_(false)
+      .canSeeAvailableViewsForBankAccount_(false)
+      .canSeeTransactionRequests_(false)

    viewId match {
      case SYSTEM_OWNER_VIEW_ID =>
        entity
-          .canSeeBankAccountAllViews_(true)
-          .canSeeTransactionRequestThisBankAccount_(true)
+          .canSeeAvailableViewsForBankAccount_(true)
+          .canSeeTransactionRequests_(true)
      case SYSTEM_STAGE_ONE_VIEW_ID =>
        entity
          .canSeeTransactionDescription_(false)
--- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
+++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
@ -60,7 +60,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
  object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){
    override def defaultValue = false
  }
-  object canSeeTransactionRequestThisBankAccount_ extends MappedBoolean(this){
+  object canSeeTransactionRequests_ extends MappedBoolean(this){
    override def defaultValue = false
  }
  object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
@ -105,8 +105,8 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
  object canSeeBankAccountOwners_ extends MappedBoolean(this){
    override def defaultValue = false
  }
-  object canSeeBankAccountAllViews_ extends MappedBoolean(this){
-    override def defaultValue = false
+  object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){
+    override def defaultValue = true
  }
  object canSeeBankAccountType_ extends MappedBoolean(this){
    override def defaultValue = false
@ -442,7 +442,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many

  //transaction fields
  def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
-  def canSeeTransactionRequestThisBankAccount : Boolean = canSeeTransactionRequestThisBankAccount_.get
+  def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
  def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
  def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
  def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
@ -460,7 +460,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
  def canSeeImages : Boolean = canSeeImages_.get

  //Bank account fields
-  def canSeeBankAccountAllViews : Boolean = canSeeBankAccountAllViews_.get
+  def canSeeAvailableViewsForBankAccount : Boolean = canSeeAvailableViewsForBankAccount_.get
  def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get
  def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get
  def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get
--- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
+++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
@ -258,7 +258,7 @@ trait View {
  //reading access

  //transaction fields
-  def canSeeTransactionRequestThisBankAccount: Boolean
+  def canSeeTransactionRequests: Boolean
  
  def canSeeTransactionThisBankAccount: Boolean

@ -290,7 +290,7 @@ trait View {
  def canSeeImages: Boolean

  //Bank account fields
-  def canSeeBankAccountAllViews: Boolean
+  def canSeeAvailableViewsForBankAccount: Boolean
  
  def canSeeBankAccountOwners: Boolean