artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 13:07:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature/added canGetCustomView permission

Browse Source
This commit is contained in:
Hongwei 2024-07-02 14:13:27 +02:00
parent 4a42ed71b8
commit aa64b7cca7
6 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala
View File

@ -2665,9 +2665,9 @@ trait APIMethods510 {
_ <- Helper.booleanToFuture(failMsg = InvalidCustomViewFormat + s"Current TARGET_VIEW_ID (${targetViewId.value})", cc = callContext) {
isValidCustomViewId(targetViewId.value)
}
failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(view.canSeeAvailableViewsForBankAccount))}`permission on any your views. Current VIEW_ID (${viewId.value})"
failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(view.canGetCustomView))}`permission on any your views. Current VIEW_ID (${viewId.value})"
_ <- Helper.booleanToFuture(failmsg, cc = callContext) {
view.canSeeAvailableViewsForBankAccount
view.canGetCustomView
}
targetView <- NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext)
} yield {

4
obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
View File

@ -454,6 +454,9 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
object canUpdateCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canGetCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canRevokeAccessToCustomViews_ extends MappedBoolean(this) {
override def defaultValue = false
}
@ -582,6 +585,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
def canCreateCustomView: Boolean = canCreateCustomView_.get
def canDeleteCustomView: Boolean = canDeleteCustomView_.get
def canUpdateCustomView: Boolean = canUpdateCustomView_.get
def canGetCustomView: Boolean = canGetCustomView_.get
override def canGrantAccessToCustomViews: Boolean = canGrantAccessToCustomViews_.get
override def canRevokeAccessToCustomViews: Boolean = canRevokeAccessToCustomViews_.get

12
obp-api/src/main/scala/code/views/MapperViews.scala
View File

@ -720,6 +720,7 @@ object MapperViews extends Views with MdcLoggable {
"canCreateCustomView",
"canDeleteCustomView",
"canUpdateCustomView",
"canGetCustomView",
"canSeeViewsWithPermissionsForAllUsers",
"canSeeViewsWithPermissionsForOneUser"
)
@ -912,9 +913,6 @@ object MapperViews extends Views with MdcLoggable {
.canSeeTransactionRequests_(false)
.canSeeTransactionRequestTypes_(false)
.canUpdateBankAccountLabel_(false)
.canCreateCustomView_(false)
.canDeleteCustomView_(false)
.canUpdateCustomView_(false)
.canSeeViewsWithPermissionsForOneUser_(false)
.canSeeViewsWithPermissionsForAllUsers_(false)
.canRevokeAccessToCustomViews_(false)
@ -922,6 +920,7 @@ object MapperViews extends Views with MdcLoggable {
.canCreateCustomView_(false)
.canDeleteCustomView_(false)
.canUpdateCustomView_(false)
.canGetCustomView_(false)
viewId match {
case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>
@ -945,6 +944,7 @@ object MapperViews extends Views with MdcLoggable {
.canCreateCustomView_(true)
.canDeleteCustomView_(true)
.canUpdateCustomView_(true)
.canGetCustomView_(true)
case SYSTEM_FIREHOSE_VIEW_ID =>
entity
.isFirehose_(true)
@ -1046,7 +1046,11 @@ object MapperViews extends Views with MdcLoggable {
canAddTransactionRequestToAnyAccount_(false).
canSeeTransactionRequests_(false).
canSeeTransactionRequestTypes_(false).
canUpdateBankAccountLabel_(false)
canUpdateBankAccountLabel_(false).
canCreateCustomView_(false).
canDeleteCustomView_(false).
canUpdateCustomView_(false).
canGetCustomView_(false)
}
def createAndSaveDefaultPublicCustomView(bankId : BankId, accountId: AccountId, description: String) : Box[View] = {

4
obp-api/src/main/scala/code/views/system/ViewDefinition.scala
View File

@ -325,6 +325,9 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
object canUpdateCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canGetCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeViewsWithPermissionsForAllUsers_ extends MappedBoolean(this){
override def defaultValue = false
}
@ -591,6 +594,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
def canCreateCustomView: Boolean = canCreateCustomView_.get
def canDeleteCustomView: Boolean = canDeleteCustomView_.get
def canUpdateCustomView: Boolean = canUpdateCustomView_.get
def canGetCustomView: Boolean = canGetCustomView_.get
//TODO: if you add new permissions here, remember to set them wherever views are created
// (e.g. BankAccountCreationDispatcher)
}

10
obp-api/src/test/scala/code/api/v5_1_0/CustomViewTest.scala
View File

@ -134,12 +134,12 @@ class CustomViewTest extends V510ServerSetup {
}
{
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId /"views" / SYSTEM_AUDITOR_VIEW_ID /"target-views" / targetViewId ).GET <@ (user1)
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId /"views" / ownerView /"target-views" / targetViewId ).GET <@ (user1)
val response510 = makeGetRequest(request510)
Then("We should get a 400")
response510.code should equal(400)
response510.body.extract[ErrorMessage].message contains (ViewDoesNotPermitAccess) shouldBe (true)
response510.body.extract[ErrorMessage].message contains ("can_see_available_views_for_bank_account") shouldBe (true)
response510.body.extract[ErrorMessage].message contains ("can_get_custom_view") shouldBe (true)
}
{
@ -169,7 +169,7 @@ class CustomViewTest extends V510ServerSetup {
response510.body.extract[CustomViewJsonV510].allowed_permissions.sorted should equal(postCustomViewJson.allowed_permissions.sorted)
{
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId / "views" / ownerView / "target-views" / targetViewId).GET <@ (user1)
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId / "views" / manageCustomView / "target-views" / targetViewId).GET <@ (user1)
val response510 = makeGetRequest(request510)
Then("We should get a 200")
response510.code should equal(200)
@ -198,7 +198,7 @@ class CustomViewTest extends V510ServerSetup {
}
{
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId /"views" / ownerView /"target-views" / targetViewId ).GET <@ (user1)
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId /"views" / manageCustomView /"target-views" / targetViewId ).GET <@ (user1)
val response510 = makeGetRequest(request510)
Then("We should get a 200")
response510.code should equal(200)
@ -217,7 +217,7 @@ class CustomViewTest extends V510ServerSetup {
response510.code should equal(204)
}
{
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId / "views" / ownerView / "target-views" / targetViewId).GET <@ (user1)
val request510 = (v5_1_0_Request / "banks" / bankId / "accounts" / accountId / "views" / manageCustomView / "target-views" / targetViewId).GET <@ (user1)
val response510 = makeGetRequest(request510)
Then("We should get a 400")
response510.code should equal(400)

1
obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
View File

@ -432,4 +432,5 @@ trait View {
def canCreateCustomView: Boolean
def canDeleteCustomView: Boolean
def canUpdateCustomView: Boolean
def canGetCustomView: Boolean
}