diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index f8606fa19..36c6c1e27 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -572,18 +572,21 @@ trait APIMethods300 { transactionsJsonV300, List(UserNotLoggedIn, AccountFirehoseNotAllowedOnThisInstance, UserHasMissingRoles, UnknownError), List(apiTagTransaction, apiTagAccountFirehose, apiTagTransactionFirehose, apiTagFirehoseData, apiTagNewStyle), - Some(List(canUseAccountFirehoseAtAnyBank))) + Some(List(canUseAccountFirehoseAtAnyBank, ApiRole.canUseAccountFirehose)) + ) lazy val getFirehoseTransactionsForBankAccount : OBPEndpoint = { //get private accounts for all banks case "banks" :: BankId(bankId):: "firehose" :: "accounts" :: AccountId(accountId) :: "views" :: ViewId(viewId) :: "transactions" :: Nil JsonGet req => { cc => + val allowedEntitlements = canUseAccountFirehoseAtAnyBank :: ApiRole.canUseAccountFirehose :: Nil + val allowedEntitlementsTxt = allowedEntitlements.mkString(" or ") for { (Full(u), callContext) <- authenticatedAccess(cc) _ <- Helper.booleanToFuture(failMsg = AccountFirehoseNotAllowedOnThisInstance , cc=callContext) { allowAccountFirehose } - _ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canUseAccountFirehoseAtAnyBank, callContext) + _ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)(bankId.value, u.userId, allowedEntitlements, callContext) (bank, callContext) <- NewStyle.function.getBank(bankId, callContext) (bankAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId),Some(u), callContext) diff --git a/obp-api/src/test/scala/code/api/v3_0_0/FirehoseTest.scala b/obp-api/src/test/scala/code/api/v3_0_0/FirehoseTest.scala index bfce847f4..870a6bc44 100644 --- a/obp-api/src/test/scala/code/api/v3_0_0/FirehoseTest.scala +++ b/obp-api/src/test/scala/code/api/v3_0_0/FirehoseTest.scala @@ -2,7 +2,7 @@ package code.api.v3_0_0 import code.api.util.APIUtil.OAuth._ import code.api.util.ApiRole -import code.api.util.ApiRole.CanUseAccountFirehoseAtAnyBank +import code.api.util.ApiRole.{CanUseAccountFirehose, CanUseAccountFirehoseAtAnyBank} import code.api.util.ErrorMessages.AccountFirehoseNotAllowedOnThisInstance import code.api.v3_0_0.OBPAPI3_0_0.Implementations3_0_0 import code.entitlement.Entitlement @@ -83,6 +83,18 @@ class FirehoseTest extends V300ServerSetup with PropsReset{ response.code should equal(200) response.body.extract[ModeratedCoreAccountsJsonV300] } + + scenario("We will call the endpoint with user credentials - bank level role", VersionOfApi, ApiEndpoint4) { + setPropsValues("allow_account_firehose" -> "true") + setPropsValues("enable.force_error" -> "true") + Entitlement.entitlement.vend.addEntitlement(testBankId1.value, resourceUser1.userId, ApiRole.CanUseAccountFirehose.toString) + When("We send the request") + val request = (v3_0Request / "banks" / testBankId1.value / "firehose" / "accounts" / testAccountId1.value / "views" / "owner" / "transactions").GET <@ (user1) + val response = makeGetRequest(request) + Then("We should get a 200 and check the response body") + response.code should equal(200) + response.body.extract[ModeratedCoreAccountsJsonV300] + } scenario("We will call the endpoint with user credentials, props alias", VersionOfApi, ApiEndpoint4) { setPropsValues("allow_firehose_views" -> "true") @@ -104,6 +116,7 @@ class FirehoseTest extends V300ServerSetup with PropsReset{ Then("We should get a 403 and check the response body") response.code should equal(403) response.body.toString contains (CanUseAccountFirehoseAtAnyBank.toString()) should be(true) + response.body.toString contains (CanUseAccountFirehose.toString()) should be(true) } scenario("We will call the endpoint missing props ", VersionOfApi, ApiEndpoint4) {