use canDeleteEntitlementAtAnyBank and canGetEntitlementsForAnyUserAtAnyBank role

instead of isSuperAdmin for getAllEntitlements and deleteEntitlement endpoints
2026-02-06 17:17:09 +00:00 · 2020-04-01 08:58:24 +02:00 · 2020-04-01 08:58:24 +02:00 · a25d1217a9
commit a25d1217a9
parent d63bb6ac32
2 changed files with 7 additions and 7 deletions
--- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
+++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
@ -2070,7 +2070,7 @@ trait APIMethods200 {
      """.stripMargin,
      emptyObjectJson,
      emptyObjectJson,
-      List(UserNotLoggedIn, UserNotSuperAdmin, EntitlementNotFound, UnknownError),
+      List(UserNotLoggedIn, UserHasMissingRoles, EntitlementNotFound, UnknownError),
      Catalogs(notCore, notPSD2, notOBWG),
      List(apiTagRole, apiTagUser, apiTagEntitlement))

@ -2080,7 +2080,7 @@ trait APIMethods200 {
        cc =>
            for {
              u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
-              _ <- booleanToBox(isSuperAdmin(u.userId)) ?~ UserNotSuperAdmin
+              _ <- booleanToBox(hasEntitlement("", u.userId, canDeleteEntitlementAtAnyBank), UserHasMissingRoles + CanDeleteEntitlementAtAnyBank)
              entitlement <- tryo{Entitlement.entitlement.vend.getEntitlementById(entitlementId)} ?~ EntitlementNotFound
              _ <- entitlement.filter(_.userId == userId) ?~ UserDoesNotHaveEntitlement
              _ <- Entitlement.entitlement.vend.deleteEntitlement(entitlement)
@ -2115,8 +2115,8 @@ trait APIMethods200 {
        cc =>
          for {
            (Full(u), callContext) <- authenticatedAccess(cc)
-            _ <- Helper.booleanToFuture(failMsg = UserNotSuperAdmin) {
-              isSuperAdmin(u.userId)
+            _ <- Helper.booleanToFuture(failMsg =  UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank) {
+              hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank)
            }
            entitlements <- Entitlement.entitlement.vend.getEntitlementsFuture() map {
              connectorEmptyResponse(_, callContext)
--- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
+++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
@ -1718,7 +1718,7 @@ trait APIMethods310 {
      """.stripMargin,
      emptyObjectJson,
      entitlementJSONs,
-      List(UserNotLoggedIn, UserNotSuperAdmin, UnknownError),
+      List(UserNotLoggedIn, UserHasMissingRoles, UnknownError),
      Catalogs(notCore, notPSD2, notOBWG),
      List(apiTagRole, apiTagEntitlement, apiTagNewStyle))

@ -1728,8 +1728,8 @@ trait APIMethods310 {
        cc =>
          for {
            (Full(u), callContext) <- authenticatedAccess(cc)
-            _ <- Helper.booleanToFuture(failMsg = UserNotSuperAdmin) {
-              isSuperAdmin(u.userId)
+            _ <- Helper.booleanToFuture(failMsg =  UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank) {
+              hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank)
            }
            roleName = APIUtil.getHttpRequestUrlParam(cc.url, "role")
            entitlements <- Entitlement.entitlement.vend.getEntitlementsByRoleFuture(roleName) map {