From 682155549926c9e37c603e7ad77450198327d4a6 Mon Sep 17 00:00:00 2001 From: hongwei Date: Fri, 4 Jul 2025 11:48:50 +0200 Subject: [PATCH 01/26] refactor/remove ViewImpl references and update related view definitions --- .../code/actorsystem/ObpActorConfig.scala | 1 - .../code/api/util/migration/Migration.scala | 16 - .../migration/MigrationOfAccountAccess.scala | 77 --- .../migration/MigrationOfViewDefinition.scala | 148 ----- .../akka/actor/AkkaConnectorActorConfig.scala | 1 - .../code/model/dataAccess/MappedView.scala | 604 ------------------ .../main/scala/code/views/MapperViews.scala | 4 +- obp-api/src/main/scala/code/views/Views.scala | 17 +- .../main/scripts/migrate/migrate_00000011.sql | 2 +- obp-api/src/main/scripts/sql/cre_views.sql | 4 - ...onnectorSetupWithStandardPermissions.scala | 5 +- .../scala/code/util/MappedClassNameTest.scala | 6 +- 12 files changed, 11 insertions(+), 874 deletions(-) delete mode 100644 obp-api/src/main/scala/code/api/util/migration/MigrationOfAccountAccess.scala delete mode 100644 obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinition.scala delete mode 100644 obp-api/src/main/scala/code/model/dataAccess/MappedView.scala diff --git a/obp-api/src/main/scala/code/actorsystem/ObpActorConfig.scala b/obp-api/src/main/scala/code/actorsystem/ObpActorConfig.scala index ff9f80281..23bdeee85 100644 --- a/obp-api/src/main/scala/code/actorsystem/ObpActorConfig.scala +++ b/obp-api/src/main/scala/code/actorsystem/ObpActorConfig.scala @@ -50,7 +50,6 @@ object ObpActorConfig { "code.api.APIFailure" = kryo, "com.openbankproject.commons.model.BankAccount" = kryo, "com.openbankproject.commons.model.View" = kryo, - "code.model.dataAccess.ViewImpl" = kryo, "com.openbankproject.commons.model.User" = kryo, "com.openbankproject.commons.model.ViewId" = kryo, "com.openbankproject.commons.model.BankIdAccountIdViewId" = kryo, diff --git a/obp-api/src/main/scala/code/api/util/migration/Migration.scala b/obp-api/src/main/scala/code/api/util/migration/Migration.scala index 69e09fa5d..5b3d70cc4 100644 --- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala +++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala @@ -60,9 +60,7 @@ object Migration extends MdcLoggable { def executeScripts(startedBeforeSchemifier: Boolean): Boolean = executeScript { dummyScript() addAccountAccessConsumerId() - populateTableViewDefinition() populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier) - populateTableAccountAccess() generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier) generateAndPopulateMissingConsumersUUIDs(startedBeforeSchemifier) populateTableRateLimiting() @@ -116,20 +114,6 @@ object Migration extends MdcLoggable { } } - private def populateTableAccountAccess(): Boolean = { - val name = nameOf(populateTableAccountAccess) - runOnce(name) { - TableAccountAccess.populate(name) - } - } - - private def populateTableViewDefinition(): Boolean = { - val name = nameOf(populateTableViewDefinition) - runOnce(name) { - TableViewDefinition.populate(name) - } - } - private def populateViewDefinitionCanAddTransactionRequestToBeneficiary(): Boolean = { val name = nameOf(populateViewDefinitionCanAddTransactionRequestToBeneficiary) runOnce(name) { diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfAccountAccess.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfAccountAccess.scala deleted file mode 100644 index 34ebe8c32..000000000 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfAccountAccess.scala +++ /dev/null @@ -1,77 +0,0 @@ -package code.api.util.migration - -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.model.dataAccess.{ViewImpl, ViewPrivileges} -import code.views.system.{AccountAccess, ViewDefinition} -import net.liftweb.mapper.{By, ByList, DB} -import net.liftweb.util.DefaultConnectionIdentifier - -object TableAccountAccess { - def populate(name: String): Boolean = { - DbFunction.tableExists(ViewPrivileges) match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val views = ViewImpl.findAll() - - // Make back up - DbFunction.makeBackUpOfTable(AccountAccess) - // Delete all rows at the table - AccountAccess.bulkDelete_!!() - - // Insert rows into table "accountaccess" based on data in the tables viewimpl and viewprivileges - val insertedRows: List[Boolean] = - for { - view <- views - permission <- ViewPrivileges.findAll(By(ViewPrivileges.view, view.id)) - } yield { - val viewId = ViewImpl.find(By(ViewImpl.id_, permission.view.get)).map(_.permalink_.get).getOrElse("") - val viewFk: Long = ViewDefinition.findByUniqueKey(view.bankId.value, view.accountId.value, view.viewId.value).map(_.id_.get).getOrElse(0) - AccountAccess - .create - .bank_id(view.bankPermalink.get) - .account_id(view.accountPermalink.get) - .user_fk(permission.user.get) - .view_id(viewId) - .view_fk(viewFk) - .save - } - val isSuccessful = insertedRows.forall(_ == true) - val accountAccess = AccountAccess.findAll() - val accountAccessSize = accountAccess.size - val viewPrivileges = ViewPrivileges.findAll() - val viewPrivilegesSize = viewPrivileges.size - - // We want to find foreign keys "viewprivileges.view_c" which cannot be mapped to "viewimpl.id_" - val x1 = ViewPrivileges.findAll(ByList(ViewPrivileges.view, views.map(_.id))).map(_.view.get).distinct.sortWith(_>_) - val x2 = viewPrivileges.map(_.view.get).distinct.sortWith(_>_) - val deadForeignKeys = x2.diff(x1) - - val endDate = System.currentTimeMillis() - - //// (${accountAccess.map(_.id).mkString(",")}); - - - val comment: String = - s"""Account access size: $accountAccessSize; - |View privileges size: $viewPrivilegesSize; - |List of dead foreign keys at the field ViewPrivileges.view_c: ${deadForeignKeys.mkString(",")}; - |Duration: ${endDate - startDate} ms; - |Primary keys of the inserted rows: NOPE too risky - """.stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""View privileges does not exist; - """.stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinition.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinition.scala deleted file mode 100644 index a91c6d997..000000000 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinition.scala +++ /dev/null @@ -1,148 +0,0 @@ -package code.api.util.migration - -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.model.dataAccess.ViewImpl -import code.views.system.ViewDefinition -import net.liftweb.mapper.DB -import net.liftweb.util.DefaultConnectionIdentifier - -object TableViewDefinition { - def populate(name: String): Boolean = { - DbFunction.tableExists(ViewImpl) match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val views = ViewImpl.findAll() - - // Make back up - DbFunction.makeBackUpOfTable(ViewDefinition) - // Delete all rows at the table - ViewDefinition.bulkDelete_!!() - - // Insert rows into table "viewdefinition" based on data in the table viewimpl - val insertedRows = - for { - view: ViewImpl <- views - } yield { - val viewDefinition = ViewDefinition - .create - .isSystem_(view.isSystem) - .isFirehose_(view.isFirehose) - .name_(view.name) - .bank_id(view.bankId.value) - .account_id(view.accountId.value) - .view_id(view.viewId.value) - .description_(view.description) - .isPublic_(view.isPublic) - .usePrivateAliasIfOneExists_(view.usePrivateAliasIfOneExists) - .usePublicAliasIfOneExists_(view.usePublicAliasIfOneExists) - .hideOtherAccountMetadataIfAlias_(view.hideOtherAccountMetadataIfAlias) - .canSeeTransactionThisBankAccount_(view.canSeeTransactionThisBankAccount) - .canSeeTransactionOtherBankAccount_(view.canSeeTransactionOtherBankAccount) - .canSeeTransactionMetadata_(view.canSeeTransactionMetadata) - .canSeeTransactionDescription_(view.canSeeTransactionDescription) - .canSeeTransactionAmount_(view.canSeeTransactionAmount) - .canSeeTransactionType_(view.canSeeTransactionType) - .canSeeTransactionCurrency_(view.canSeeTransactionCurrency) - .canSeeTransactionStartDate_(view.canSeeTransactionStartDate) - .canSeeTransactionFinishDate_(view.canSeeTransactionFinishDate) - .canSeeTransactionBalance_(view.canSeeTransactionBalance) - .canSeeComments_(view.canSeeComments) - .canSeeOwnerComment_(view.canSeeOwnerComment) - .canSeeTags_(view.canSeeTags) - .canSeeImages_(view.canSeeImages) - .canSeeBankAccountOwners_(view.canSeeBankAccountOwners) - .canSeeBankAccountType_(view.canSeeBankAccountType) - .canSeeBankAccountBalance_(view.canSeeBankAccountBalance) - .canSeeBankAccountCurrency_(view.canSeeBankAccountCurrency) - - viewDefinition - .canSeeBankAccountLabel_(view.canSeeBankAccountLabel) - .canSeeBankAccountNationalIdentifier_(view.canSeeBankAccountNationalIdentifier) - .canSeeBankAccountSwift_bic_(view.canSeeBankAccountSwift_bic) - .canSeeBankAccountIban_(view.canSeeBankAccountIban) - .canSeeBankAccountNumber_(view.canSeeBankAccountNumber) - .canSeeBankAccountBankName_(view.canSeeBankAccountBankName) - .canSeeBankAccountBankPermalink_(view.canSeeBankAccountBankPermalink) - .canSeeOtherAccountNationalIdentifier_(view.canSeeOtherAccountNationalIdentifier) - .canSeeOtherAccountSWIFT_BIC_(view.canSeeOtherAccountSWIFT_BIC) - .canSeeOtherAccountIBAN_(view.canSeeOtherAccountIBAN) - .canSeeOtherAccountBankName_(view.canSeeOtherAccountBankName) - .canSeeOtherAccountNumber_(view.canSeeOtherAccountNumber) - .canSeeOtherAccountMetadata_(view.canSeeOtherAccountMetadata) - .canSeeOtherAccountKind_(view.canSeeOtherAccountKind) - .canSeeMoreInfo_(view.canSeeMoreInfo) - .canSeeUrl_(view.canSeeUrl) - .canSeeImageUrl_(view.canSeeImageUrl) - .canSeeOpenCorporatesUrl_(view.canSeeOpenCorporatesUrl) - .canSeeCorporateLocation_(view.canSeeCorporateLocation) - .canSeePhysicalLocation_(view.canSeePhysicalLocation) - .canSeePublicAlias_(view.canSeePublicAlias) - .canSeePrivateAlias_(view.canSeePrivateAlias) - .canAddMoreInfo_(view.canAddMoreInfo) - .canAddURL_(view.canAddURL) - .canAddImageURL_(view.canAddImageURL) - .canAddOpenCorporatesUrl_(view.canAddOpenCorporatesUrl) - .canAddCorporateLocation_(view.canAddCorporateLocation) - .canAddPhysicalLocation_(view.canAddPhysicalLocation) - .canAddPublicAlias_(view.canAddPublicAlias) - .canAddPrivateAlias_(view.canAddPrivateAlias) - - viewDefinition - .canAddCounterparty_(view.canAddCounterparty) - .canGetCounterparty_(view.canGetCounterparty) - .canDeleteCounterparty_(view.canDeleteCounterparty) - .canDeleteCorporateLocation_(view.canDeleteCorporateLocation) - .canDeletePhysicalLocation_(view.canDeletePhysicalLocation) - .canEditOwnerComment_(view.canEditOwnerComment) - .canAddComment_(view.canAddComment) - .canDeleteComment_(view.canDeleteComment) - .canAddTag_(view.canAddTag) - .canDeleteTag_(view.canDeleteTag) - .canAddImage_(view.canAddImage) - .canDeleteImage_(view.canDeleteImage) - .canAddWhereTag_(view.canAddWhereTag) - .canSeeWhereTag_(view.canSeeWhereTag) - .canDeleteWhereTag_(view.canDeleteWhereTag) - .canSeeBankRoutingScheme_(view.canSeeBankRoutingScheme) - .canSeeBankRoutingAddress_(view.canSeeBankRoutingAddress) - .canSeeBankAccountRoutingScheme_(view.canSeeBankAccountRoutingScheme) - .canSeeBankAccountRoutingAddress_(view.canSeeBankAccountRoutingAddress) - .canSeeOtherBankRoutingScheme_(view.canSeeOtherBankRoutingScheme) - .canSeeOtherBankRoutingAddress_(view.canSeeOtherBankRoutingAddress) - .canSeeOtherAccountRoutingScheme_(view.canSeeOtherAccountRoutingScheme) - .canSeeOtherAccountRoutingAddress_(view.canSeeOtherAccountRoutingAddress) - .canAddTransactionRequestToOwnAccount_(view.canAddTransactionRequestToOwnAccount) - .canAddTransactionRequestToAnyAccount_(view.canAddTransactionRequestToAnyAccount) - .canAddTransactionRequestToBeneficiary_(view.canAddTransactionRequestToBeneficiary) - .save - } - val isSuccessful = insertedRows.forall(_ == true) - val viewDefinition = ViewDefinition.findAll() - val viewDefinitionSize = viewDefinition.size - val endDate = System.currentTimeMillis() - - // (${viewDefinition.map(_.id).mkString(",")}); - - val comment: String = - s"""View implementation size: ${views.size}; - |View definition size: $viewDefinitionSize; - |Duration: ${endDate - startDate} ms; - |Primary keys of the inserted rows: NOPE too risky. - """.stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""View implementation does not exist!; - """.stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} diff --git a/obp-api/src/main/scala/code/bankconnectors/akka/actor/AkkaConnectorActorConfig.scala b/obp-api/src/main/scala/code/bankconnectors/akka/actor/AkkaConnectorActorConfig.scala index 2b2d3b276..9edda3e85 100644 --- a/obp-api/src/main/scala/code/bankconnectors/akka/actor/AkkaConnectorActorConfig.scala +++ b/obp-api/src/main/scala/code/bankconnectors/akka/actor/AkkaConnectorActorConfig.scala @@ -53,7 +53,6 @@ object AkkaConnectorActorConfig { "code.api.APIFailure" = kryo, "com.openbankproject.commons.model.BankAccount" = kryo, "com.openbankproject.commons.model.View" = kryo, - "code.model.dataAccess.ViewImpl" = kryo, "com.openbankproject.commons.model.User" = kryo, "com.openbankproject.commons.model.ViewId" = kryo, "com.openbankproject.commons.model.BankIdAccountIdViewId" = kryo, diff --git a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala deleted file mode 100644 index a120ad300..000000000 --- a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala +++ /dev/null @@ -1,604 +0,0 @@ -/** -Open Bank Project - API -Copyright (C) 2011-2019, TESOBE GmbH. - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU Affero General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU Affero General Public License for more details. - -You should have received a copy of the GNU Affero General Public License -along with this program. If not, see . - -Email: contact@tesobe.com -TESOBE GmbH. -Osloer Strasse 16/17 -Berlin 13359, Germany - -This product includes software developed at -TESOBE (http://www.tesobe.com/) - - */ - -package code.model.dataAccess - -import code.util.{AccountIdString, UUIDString} -import com.openbankproject.commons.model._ -import net.liftweb.mapper._ - -/** - * This code is deprecated via a migration process. - * Please take a look at TableViewDefinition.populate for more details. - */ -@deprecated("Migrated to the table AccountAccess","10-05-2019") -class ViewPrivileges extends LongKeyedMapper[ViewPrivileges] with IdPK with CreatedUpdated { - def getSingleton = ViewPrivileges - object user extends MappedLongForeignKey(this, ResourceUser) - object view extends MappedLongForeignKey(this, ViewImpl) -} -object ViewPrivileges extends ViewPrivileges with LongKeyedMetaMapper[ViewPrivileges] - -/** - * This code is deprecated via a migration process. - * Please take a look at TableAccountAccess.populate for more details. - */ -@deprecated("Migrated to the table ViewDefinition","10-05-2019") -class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with CreatedUpdated{ - def getSingleton = ViewImpl - - def primaryKeyField = id_ - - //This field used ManyToMany - object users_ extends MappedManyToMany(ViewPrivileges, ViewPrivileges.view, ViewPrivileges.user, ResourceUser) - - object bankPermalink extends UUIDString(this) { - override def defaultValue: Null = null - } - object accountPermalink extends AccountIdString(this) { - override def defaultValue: Null = null - } - - object id_ extends MappedLongIndex(this) - object name_ extends MappedString(this, 125) - object description_ extends MappedString(this, 255) - //view.permalink (UUID) is view.name without spaces. (view.name = my life) <---> (view-permalink = mylife) - //we only constraint it when we create it : code.views.MapperViews.createView - object permalink_ extends UUIDString(this) - object metadataView_ extends UUIDString(this) - - //if metadataView_ = null or empty, we need use the current view's viewId. - def metadataView = if (metadataView_.get ==null || metadataView_.get == "") permalink_.get else metadataView_.get - def users : List[User] = users_.toList - - //Important! If you add a field, be sure to handle it here in this function - def setFromViewData(viewData : ViewSpecification) = { - - if(viewData.which_alias_to_use == "public"){ - usePublicAliasIfOneExists_(true) - usePrivateAliasIfOneExists_(false) - } else if(viewData.which_alias_to_use == "private"){ - usePublicAliasIfOneExists_(false) - usePrivateAliasIfOneExists_(true) - } else { - usePublicAliasIfOneExists_(false) - usePrivateAliasIfOneExists_(false) - } - - hideOtherAccountMetadataIfAlias_(viewData.hide_metadata_if_alias_used) - description_(viewData.description) - isPublic_(viewData.is_public) - metadataView_(viewData.metadata_view) - - val actions = viewData.allowed_actions - - canSeeTransactionThisBankAccount_(actions.exists(_ =="can_see_transaction_this_bank_account")) - canSeeTransactionOtherBankAccount_(actions.exists(_ =="can_see_transaction_other_bank_account")) - canSeeTransactionMetadata_(actions.exists(_ == "can_see_transaction_metadata")) - canSeeTransactionDescription_(actions.exists(a => a == "can_see_transaction_label" || a == "can_see_transaction_description")) - canSeeTransactionAmount_(actions.exists(_ == "can_see_transaction_amount")) - canSeeTransactionType_(actions.exists(_ == "can_see_transaction_type")) - canSeeTransactionCurrency_(actions.exists(_ == "can_see_transaction_currency")) - canSeeTransactionStartDate_(actions.exists(_ == "can_see_transaction_start_date")) - canSeeTransactionFinishDate_(actions.exists(_ == "can_see_transaction_finish_date")) - canSeeTransactionBalance_(actions.exists(_ == "can_see_transaction_balance")) - canSeeComments_(actions.exists(_ == "can_see_comments")) - canSeeOwnerComment_(actions.exists(_ == "can_see_narrative")) - canSeeTags_(actions.exists(_ == "can_see_tags")) - canSeeImages_(actions.exists(_ == "can_see_images")) - canSeeBankAccountOwners_(actions.exists(_ == "can_see_bank_account_owners")) - canSeeBankAccountType_(actions.exists(_ == "can_see_bank_account_type")) - canSeeBankAccountBalance_(actions.exists(_ == "can_see_bank_account_balance")) - canQueryAvailableFunds_(actions.exists(_ == "can_query_available_funds")) - canSeeBankAccountCurrency_(actions.exists(_ == "can_see_bank_account_currency")) - canSeeBankAccountLabel_(actions.exists(_ == "can_see_bank_account_label")) - canSeeBankAccountNationalIdentifier_(actions.exists(_ == "can_see_bank_account_national_identifier")) - canSeeBankAccountSwift_bic_(actions.exists(_ == "can_see_bank_account_swift_bic")) - canSeeBankAccountIban_(actions.exists(_ == "can_see_bank_account_iban")) - canSeeBankAccountNumber_(actions.exists(_ == "can_see_bank_account_number")) - canSeeBankAccountBankName_(actions.exists(_ == "can_see_bank_account_bank_name")) - canSeeBankAccountBankPermalink_(actions.exists(_ == "can_see_bank_account_bank_permalink")) - canSeeBankRoutingScheme_(actions.exists(_ == "can_see_bank_routing_scheme")) - canSeeBankRoutingAddress_(actions.exists(_ == "can_see_bank_routing_address")) - canSeeBankAccountRoutingScheme_(actions.exists(_ == "can_see_bank_account_routing_scheme")) - canSeeBankAccountRoutingAddress_(actions.exists(_ == "can_see_bank_account_routing_address")) - canSeeOtherAccountNationalIdentifier_(actions.exists(_ == "can_see_other_account_national_identifier")) - canSeeOtherAccountSWIFT_BIC_(actions.exists(_ == "can_see_other_account_swift_bic")) - canSeeOtherAccountIBAN_(actions.exists(_ == "can_see_other_account_iban")) - canSeeOtherAccountBankName_(actions.exists(_ == "can_see_other_account_bank_name")) - canSeeOtherAccountNumber_(actions.exists(_ == "can_see_other_account_number")) - canSeeOtherAccountMetadata_(actions.exists(_ == "can_see_other_account_metadata")) - canSeeOtherAccountKind_(actions.exists(_ == "can_see_other_account_kind")) - canSeeOtherBankRoutingScheme_(actions.exists(_ == "can_see_other_bank_routing_scheme")) - canSeeOtherBankRoutingAddress_(actions.exists(_ == "can_see_other_bank_routing_address")) - canSeeOtherAccountRoutingScheme_(actions.exists(_ == "can_see_other_account_routing_scheme")) - canSeeOtherAccountRoutingAddress_(actions.exists(_ == "can_see_other_account_routing_address")) - canSeeMoreInfo_(actions.exists(_ == "can_see_more_info")) - canSeeUrl_(actions.exists(_ == "can_see_url")) - canSeeImageUrl_(actions.exists(_ == "can_see_image_url")) - canSeeOpenCorporatesUrl_(actions.exists(_ == "can_see_open_corporates_url")) - canSeeCorporateLocation_(actions.exists(_ == "can_see_corporate_location")) - canSeePhysicalLocation_(actions.exists(_ == "can_see_physical_location")) - canSeePublicAlias_(actions.exists(_ == "can_see_public_alias")) - canSeePrivateAlias_(actions.exists(_ == "can_see_private_alias")) - canAddMoreInfo_(actions.exists(_ == "can_add_more_info")) - canAddURL_(actions.exists(_ == "can_add_url")) - canAddImageURL_(actions.exists(_ == "can_add_image_url")) - canAddOpenCorporatesUrl_(actions.exists(_ == "can_add_open_corporates_url")) - canAddCorporateLocation_(actions.exists(_ == "can_add_corporate_location")) - canAddPhysicalLocation_(actions.exists(_ == "can_add_physical_location")) - canAddPublicAlias_(actions.exists(_ == "can_add_public_alias")) - canAddPrivateAlias_(actions.exists(_ == "can_add_private_alias")) - canAddCounterparty_(actions.exists(_ == "can_add_counterparty")) - canGetCounterparty_(actions.exists(_ == "can_get_counterparty")) - canDeleteCounterparty_(actions.exists(_ == "can_delete_counterparty")) - canDeleteCorporateLocation_(actions.exists(_ == "can_delete_corporate_location")) - canDeletePhysicalLocation_(actions.exists(_ == "can_delete_physical_location")) - canEditOwnerComment_(actions.exists(_ == "can_edit_narrative")) - canAddComment_(actions.exists(_ == "can_add_comment")) - canDeleteComment_(actions.exists(_ == "can_delete_comment")) - canAddTag_(actions.exists(_ == "can_add_tag")) - canDeleteTag_(actions.exists(_ == "can_delete_tag")) - canAddImage_(actions.exists(_ == "can_add_image")) - canDeleteImage_(actions.exists(_ == "can_delete_image")) - canAddWhereTag_(actions.exists(_ == "can_add_where_tag")) - canSeeWhereTag_(actions.exists(_ == "can_see_where_tag")) - canDeleteWhereTag_(actions.exists(_ == "can_delete_where_tag")) - canAddTransactionRequestToOwnAccount_(actions.exists(_ == "can_add_transaction_request_to_own_account")) //added following two for payments - canAddTransactionRequestToAnyAccount_(actions.exists(_ == "can_add_transaction_request_to_any_account")) - canSeeBankAccountCreditLimit_(actions.exists(_ == "can_see_bank_account_credit_limit")) - } - - object isSystem_ extends MappedBoolean(this){ - override def defaultValue = false - override def dbIndexed_? = true - } - - object isPublic_ extends MappedBoolean(this){ - override def defaultValue = false - override def dbIndexed_? = true - } - - object isFirehose_ extends MappedBoolean(this){ - override def defaultValue = true - override def dbIndexed_? = true - } - - object usePrivateAliasIfOneExists_ extends MappedBoolean(this){ - override def defaultValue = false - } - object usePublicAliasIfOneExists_ extends MappedBoolean(this){ - override def defaultValue = false - } - object hideOtherAccountMetadataIfAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canSeeTransactionRequests_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canSeeTransactionRequestTypes_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionMetadata_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionDescription_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionAmount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionType_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionCurrency_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionStartDate_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionFinishDate_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionBalance_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeComments_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOwnerComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTags_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeImages_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountOwners_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){ - override def defaultValue = true - } - object canSeeBankAccountType_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBalance_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canQueryAvailableFunds_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountCurrency_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountLabel_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canUpdateBankAccountLabel_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountSwift_bic_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountIban_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountNumber_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBankName_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBankPermalink_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeViewsWithPermissionsForOneUser_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeViewsWithPermissionsForAllUsers_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountNationalIdentifier_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountSWIFT_BIC_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountIBAN_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountBankName_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountNumber_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountMetadata_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountKind_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherBankRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherBankRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeMoreInfo_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeImageUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOpenCorporatesUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePublicAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePrivateAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddMoreInfo_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddURL_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddImageURL_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddOpenCorporatesUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPublicAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPrivateAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGetCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeletePhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canEditOwnerComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddImage_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteImage_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddTransactionRequestToOwnAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddTransactionRequestToAnyAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddTransactionRequestToBeneficiary_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionStatus_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountCreditLimit_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canCreateCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canUpdateCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGetCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canRevokeAccessToCustomViews_ extends MappedBoolean(this) { - override def defaultValue = false - } - object canGrantAccessToCustomViews_ extends MappedBoolean(this) { - override def defaultValue = false - } - - def id: Long = id_.get - def isSystem: Boolean = isSystem_.get - - def viewId : ViewId = ViewId(permalink_.get) - def accountId : AccountId = AccountId(accountPermalink.get) - def bankId : BankId = BankId(bankPermalink.get) - - def name: String = name_.get - def description : String = description_.get - def isPublic : Boolean = isPublic_.get - def isPrivate : Boolean = !isPublic_.get - def isFirehose : Boolean = isFirehose_.get - - //the view settings - def usePrivateAliasIfOneExists: Boolean = usePrivateAliasIfOneExists_.get - def usePublicAliasIfOneExists: Boolean = usePublicAliasIfOneExists_.get - def hideOtherAccountMetadataIfAlias: Boolean = hideOtherAccountMetadataIfAlias_.get - - //reading access - - //transaction fields - def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get - def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get - def canSeeTransactionRequestTypes : Boolean = canSeeTransactionRequestTypes_.get - def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get - def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get - def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get - def canSeeTransactionAmount: Boolean = canSeeTransactionAmount_.get - def canSeeTransactionType: Boolean = canSeeTransactionType_.get - def canSeeTransactionCurrency: Boolean = canSeeTransactionCurrency_.get - def canSeeTransactionStartDate: Boolean = canSeeTransactionStartDate_.get - def canSeeTransactionFinishDate: Boolean = canSeeTransactionFinishDate_.get - def canSeeTransactionBalance: Boolean = canSeeTransactionBalance_.get - - //transaction metadata - def canSeeComments: Boolean = canSeeComments_.get - def canSeeOwnerComment: Boolean = canSeeOwnerComment_.get - def canSeeTags : Boolean = canSeeTags_.get - def canSeeImages : Boolean = canSeeImages_.get - - //Bank account fields - def canSeeAvailableViewsForBankAccount : Boolean = canSeeAvailableViewsForBankAccount_.get - def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get - def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get - def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get - def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get - def canQueryAvailableFunds : Boolean = canQueryAvailableFunds_.get - def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get - def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get - def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get - def canSeeBankAccountSwift_bic : Boolean = canSeeBankAccountSwift_bic_.get - def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get - def canSeeBankAccountNumber : Boolean = canSeeBankAccountNumber_.get - def canSeeBankAccountBankName : Boolean = canSeeBankAccountBankName_.get - def canSeeBankAccountBankPermalink : Boolean = canSeeBankAccountBankPermalink_.get - def canSeeBankRoutingScheme : Boolean = canSeeBankRoutingScheme_.get - def canSeeBankRoutingAddress : Boolean = canSeeBankRoutingAddress_.get - def canSeeBankAccountRoutingScheme : Boolean = canSeeBankAccountRoutingScheme_.get - def canSeeBankAccountRoutingAddress : Boolean = canSeeBankAccountRoutingAddress_.get - def canSeeViewsWithPermissionsForOneUser: Boolean = canSeeViewsWithPermissionsForOneUser_.get - def canSeeViewsWithPermissionsForAllUsers: Boolean = canSeeViewsWithPermissionsForAllUsers_.get - - //other bank account fields - def canSeeOtherAccountNationalIdentifier : Boolean = canSeeOtherAccountNationalIdentifier_.get - def canSeeOtherAccountSWIFT_BIC : Boolean = canSeeOtherAccountSWIFT_BIC_.get - def canSeeOtherAccountIBAN : Boolean = canSeeOtherAccountIBAN_.get - def canSeeOtherAccountBankName : Boolean = canSeeOtherAccountBankName_.get - def canSeeOtherAccountNumber : Boolean = canSeeOtherAccountNumber_.get - def canSeeOtherAccountMetadata : Boolean = canSeeOtherAccountMetadata_.get - def canSeeOtherAccountKind : Boolean = canSeeOtherAccountKind_.get - def canSeeOtherBankRoutingScheme : Boolean = canSeeOtherBankRoutingScheme_.get - def canSeeOtherBankRoutingAddress : Boolean = canSeeOtherBankRoutingAddress_.get - def canSeeOtherAccountRoutingScheme : Boolean = canSeeOtherAccountRoutingScheme_.get - def canSeeOtherAccountRoutingAddress : Boolean = canSeeOtherAccountRoutingAddress_.get - - //other bank account meta data - def canSeeMoreInfo: Boolean = canSeeMoreInfo_.get - def canSeeUrl: Boolean = canSeeUrl_.get - def canSeeImageUrl: Boolean = canSeeImageUrl_.get - def canSeeOpenCorporatesUrl: Boolean = canSeeOpenCorporatesUrl_.get - def canSeeCorporateLocation : Boolean = canSeeCorporateLocation_.get - def canSeePhysicalLocation : Boolean = canSeePhysicalLocation_.get - def canSeePublicAlias : Boolean = canSeePublicAlias_.get - def canSeePrivateAlias : Boolean = canSeePrivateAlias_.get - def canAddMoreInfo : Boolean = canAddMoreInfo_.get - def canAddURL : Boolean = canAddURL_.get - def canAddImageURL : Boolean = canAddImageURL_.get - def canAddOpenCorporatesUrl : Boolean = canAddOpenCorporatesUrl_.get - def canAddCorporateLocation : Boolean = canAddCorporateLocation_.get - def canAddPhysicalLocation : Boolean = canAddPhysicalLocation_.get - def canAddPublicAlias : Boolean = canAddPublicAlias_.get - def canAddPrivateAlias : Boolean = canAddPrivateAlias_.get - def canAddCounterparty : Boolean = canAddCounterparty_.get - def canGetCounterparty : Boolean = canGetCounterparty_.get - def canDeleteCounterparty : Boolean = canDeleteCounterparty_.get - def canDeleteCorporateLocation : Boolean = canDeleteCorporateLocation_.get - def canDeletePhysicalLocation : Boolean = canDeletePhysicalLocation_.get - - //writing access - def canEditOwnerComment: Boolean = canEditOwnerComment_.get - def canAddComment : Boolean = canAddComment_.get - def canDeleteComment: Boolean = canDeleteComment_.get - def canAddTag : Boolean = canAddTag_.get - def canDeleteTag : Boolean = canDeleteTag_.get - def canAddImage : Boolean = canAddImage_.get - def canDeleteImage : Boolean = canDeleteImage_.get - def canAddWhereTag : Boolean = canAddWhereTag_.get - def canSeeWhereTag : Boolean = canSeeWhereTag_.get - def canDeleteWhereTag : Boolean = canDeleteWhereTag_.get - - def canAddTransactionRequestToOwnAccount: Boolean = canAddTransactionRequestToOwnAccount_.get //added following two for payments - def canAddTransactionRequestToAnyAccount: Boolean = canAddTransactionRequestToAnyAccount_.get - def canSeeBankAccountCreditLimit: Boolean = canSeeBankAccountCreditLimit_.get - def canCreateDirectDebit: Boolean = false - def canCreateStandingOrder: Boolean = false - //TODO: if you add new permissions here, remember to set them wherever views are created - // (e.g. BankAccountCreationDispatcher) - - def canCreateCustomView: Boolean = canCreateCustomView_.get - def canDeleteCustomView: Boolean = canDeleteCustomView_.get - def canUpdateCustomView: Boolean = canUpdateCustomView_.get - def canGetCustomView: Boolean = canGetCustomView_.get - - override def canGrantAccessToCustomViews: Boolean = canGrantAccessToCustomViews_.get - override def canRevokeAccessToCustomViews: Boolean = canRevokeAccessToCustomViews_.get - - override def canAddTransactionRequestToBeneficiary: Boolean = canAddTransactionRequestToBeneficiary_.get - - override def canSeeTransactionStatus: Boolean = canSeeTransactionStatus_.get -} - -object ViewImpl extends ViewImpl with LongKeyedMetaMapper[ViewImpl]{ - override def dbIndexes = UniqueIndex(bankPermalink, accountPermalink, permalink_) :: super.dbIndexes -} \ No newline at end of file diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index a71c5e1c6..c5f5bd5e5 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -278,8 +278,8 @@ object MapperViews extends Views with MdcLoggable { } //returns Full if deletable, Failure if not - def canRevokeOwnerAccessAsBox(bankId: BankId, accountId: AccountId, viewImpl : ViewDefinition, user : User) : Box[Unit] = { - if(canRevokeOwnerAccess(bankId: BankId, accountId: AccountId, viewImpl, user)) Full(Unit) + def canRevokeOwnerAccessAsBox(bankId: BankId, accountId: AccountId, viewDefinition : ViewDefinition, user : User) : Box[Unit] = { + if(canRevokeOwnerAccess(bankId: BankId, accountId: AccountId, viewDefinition, user)) Full(Unit) else Failure("access cannot be revoked") } diff --git a/obp-api/src/main/scala/code/views/Views.scala b/obp-api/src/main/scala/code/views/Views.scala index f2dc93ec4..1dbeb893a 100644 --- a/obp-api/src/main/scala/code/views/Views.scala +++ b/obp-api/src/main/scala/code/views/Views.scala @@ -1,15 +1,13 @@ package code.views -import code.api.util.{APIUtil, CallContext} -import code.model.dataAccess.{MappedBankAccount} +import code.api.util.CallContext +import code.model.dataAccess.MappedBankAccount import code.views.system.AccountAccess -import com.openbankproject.commons.model.{CreateViewJson, _} +import com.openbankproject.commons.ExecutionContext.Implicits.global +import com.openbankproject.commons.model._ import net.liftweb.common.Box import net.liftweb.mapper.By -import net.liftweb.util.{SimpleInjector} - -import scala.concurrent.Future -import com.openbankproject.commons.ExecutionContext.Implicits.global +import net.liftweb.util.SimpleInjector import scala.concurrent.Future @@ -26,11 +24,6 @@ trait Views { def permissions(account : BankIdAccountId) : List[Permission] def permission(account : BankIdAccountId, user: User) : Box[Permission] def getPermissionForUser(user: User) : Box[Permission] - /** - * This is for @ViewPrivileges. - * It will first find the view object by `bankIdAccountIdViewId` - * And then, call @getOrCreateViewPrivilege(view: View, user: User) for the view and user. - */ def grantAccessToCustomView(bankIdAccountIdViewId : BankIdAccountIdViewId, user : User) : Box[View] def grantAccessToSystemView(bankId: BankId, accountId: AccountId, view : View, user : User) : Box[View] def grantAccessToMultipleViews(views : List[BankIdAccountIdViewId], user : User, callContext: Option[CallContext]) : Box[List[View]] diff --git a/obp-api/src/main/scripts/migrate/migrate_00000011.sql b/obp-api/src/main/scripts/migrate/migrate_00000011.sql index acb2bfcbc..9424cbf21 100644 --- a/obp-api/src/main/scripts/migrate/migrate_00000011.sql +++ b/obp-api/src/main/scripts/migrate/migrate_00000011.sql @@ -1,5 +1,5 @@ update - viewimpl + viewdefinition set isFirehose_ = TRUE where diff --git a/obp-api/src/main/scripts/sql/cre_views.sql b/obp-api/src/main/scripts/sql/cre_views.sql index 16cdd14ef..43f833f44 100644 --- a/obp-api/src/main/scripts/sql/cre_views.sql +++ b/obp-api/src/main/scripts/sql/cre_views.sql @@ -41,8 +41,6 @@ where drop view v_auth_user_resource_user cascade; create or replace view v_auth_user_resource_user as select au.username from v_auth_user au, v_resource_user ru where au.numeric_auth_user_id = ru.numeric_resource_user_id; -create or replace view v_view as select bankpermalink bank_id, accountpermalink account_id, permalink_ view_id, description_ description from viewimpl; - create or replace view v_entitlement as select mentitlementid entitlement_id, muserid resource_user_id, mbankid bank_id, mrolename role_name, id numeric_entitlement_id, createdat created_at, updatedat updated_id from mappedentitlement; create or replace view v_account_holder as select accountbankpermalink bank_id, accountpermalink account_id, user_c resource_user_id, id internal_id from mappedaccountholder; @@ -58,8 +56,6 @@ create or replace view v_transaction_narrative as select id numeric_transaciton_ create or replace view v_transaction_comment as select id numeric_transaciton_comment_id, bank bank_id, account account_id, transaction_c transaction_id, text_ comment_text, createdat created_at, apiid resource_user_id from mappedcomment; -create or replace view v_view_privilege as select id numeric_view_privilege_id, user_c numeric_resource_user_id, view_c numeric_view_id from viewprivileges; - create or replace view v_transaction_request_type_charge as select id, mbankid bank_id, mtransactionrequesttypeid transaction_request_type_id, mchargecurrency currency , mchargeamount amount, mchargesummary summary from mappedtransactionrequesttypecharge; -- In case when we can create a customer at OBP-API side but we get it from CBS(core banking system) diff --git a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala index ec9a31c59..c5c4e3fff 100644 --- a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala +++ b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala @@ -15,10 +15,7 @@ import net.liftweb.common.{Failure, Full, ParamFailure} import net.liftweb.mapper.MetaMapper import net.liftweb.util.Helpers._ -/** - * Handles setting up views and permissions and account holders using ViewImpls, ViewPrivileges, - * and MappedAccountHolder - */ + trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { override protected def setAccountHolder(user: User, bankId : BankId, accountId : AccountId) = { diff --git a/obp-api/src/test/scala/code/util/MappedClassNameTest.scala b/obp-api/src/test/scala/code/util/MappedClassNameTest.scala index 347bc6ec0..5acda5a5e 100644 --- a/obp-api/src/test/scala/code/util/MappedClassNameTest.scala +++ b/obp-api/src/test/scala/code/util/MappedClassNameTest.scala @@ -1,12 +1,12 @@ package code.util -import java.util.regex.Pattern - import net.liftweb.mapper.Mapper import org.apache.commons.lang3.StringUtils import org.scalatest.Matchers._ import org.scalatest.{FeatureSpec, Tag} +import java.util.regex.Pattern + /** * Avoid new DB entity type name start with Mapped, and field name start with m. */ @@ -88,11 +88,9 @@ class MappedClassNameTest extends FeatureSpec { "code.scope.MappedUserScope", "code.context.MappedUserAuthContext", "code.context.MappedConsentAuthContext", - "code.model.dataAccess.ViewImpl", "code.metadata.counterparties.MappedCounterpartyMetadata", "code.transaction_types.MappedTransactionType", "code.examplething.MappedThing", - "code.model.dataAccess.ViewPrivileges", "code.scope.MappedScope", "code.ratelimiting.RateLimiting", "code.api.attributedefinition.AttributeDefinition", From efd4d2ade23eb3bf3d62ce23d890b6290603935d Mon Sep 17 00:00:00 2001 From: hongwei Date: Fri, 4 Jul 2025 12:55:48 +0200 Subject: [PATCH 02/26] refactor/update view permission checks to use centralized permission list --- .../scala/code/api/constant/constant.scala | 98 ++++++- obp-api/src/main/scala/code/model/View.scala | 255 ++++++++++-------- .../main/scala/code/views/MapperViews.scala | 91 +------ 3 files changed, 238 insertions(+), 206 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 806cd316b..5b6c11fd9 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -127,7 +127,103 @@ object Constant extends MdcLoggable { final val GET_DYNAMIC_RESOURCE_DOCS_TTL: Int = APIUtil.getPropsValue(s"dynamicResourceDocsObp.cache.ttl.seconds", "3600").toInt final val GET_STATIC_RESOURCE_DOCS_TTL: Int = APIUtil.getPropsValue(s"staticResourceDocsObp.cache.ttl.seconds", "3600").toInt final val SHOW_USED_CONNECTOR_METHODS: Boolean = APIUtil.getPropsAsBoolValue(s"show_used_connector_methods", false) - + + + final val VIEW_PERMISSION_NAMES = List( + "canSeeTransactionOtherBankAccount", + "canSeeTransactionMetadata", + "canSeeTransactionDescription", + "canSeeTransactionAmount", + "canSeeTransactionType", + "canSeeTransactionCurrency", + "canSeeTransactionStartDate", + "canSeeTransactionFinishDate", + "canSeeTransactionBalance", + "canSeeComments", + "canSeeOwnerComment", + "canSeeTags", + "canSeeImages", + "canSeeBankAccountOwners", + "canSeeBankAccountType", + "canSeeBankAccountBalance", + "canQueryAvailableFunds", + "canSeeBankAccountLabel", + "canSeeBankAccountNationalIdentifier", + "canSeeBankAccountSwift_bic", + "canSeeBankAccountIban", + "canSeeBankAccountNumber", + "canSeeBankAccountBankName", + "canSeeBankAccountBankPermalink", + "canSeeBankRoutingScheme", + "canSeeBankRoutingAddress", + "canSeeBankAccountRoutingScheme", + "canSeeBankAccountRoutingAddress", + "canSeeOtherAccountNationalIdentifier", + "canSeeOtherAccountSWIFT_BIC", + "canSeeOtherAccountIBAN", + "canSeeOtherAccountBankName", + "canSeeOtherAccountNumber", + "canSeeOtherAccountMetadata", + "canSeeOtherAccountKind", + "canSeeOtherBankRoutingScheme", + "canSeeOtherBankRoutingAddress", + "canSeeOtherAccountRoutingScheme", + "canSeeOtherAccountRoutingAddress", + "canSeeMoreInfo", + "canSeeUrl", + "canSeeImageUrl", + "canSeeOpenCorporatesUrl", + "canSeeCorporateLocation", + "canSeePhysicalLocation", + "canSeePublicAlias", + "canSeePrivateAlias", + "canAddMoreInfo", + "canAddURL", + "canAddImageURL", + "canAddOpenCorporatesUrl", + "canAddCorporateLocation", + "canAddPhysicalLocation", + "canAddPublicAlias", + "canAddPrivateAlias", + "canAddCounterparty", + "canGetCounterparty", + "canDeleteCounterparty", + "canDeleteCorporateLocation", + "canDeletePhysicalLocation", + "canEditOwnerComment", + "canAddComment", + "canDeleteComment", + "canAddTag", + "canDeleteTag", + "canAddImage", + "canDeleteImage", + "canAddWhereTag", + "canSeeWhereTag", + "canDeleteWhereTag", + "canAddTransactionRequestToOwnAccount", + "canAddTransactionRequestToAnyAccount", + "canSeeBankAccountCreditLimit", + "canCreateDirectDebit", + "canCreateStandingOrder", + "canRevokeAccessToCustomViews", + "canGrantAccessToCustomViews", + "canSeeTransactionRequests", + "canSeeTransactionRequestTypes", + "canSeeAvailableViewsForBankAccount", + "canUpdateBankAccountLabel", + "canCreateCustomView", + "canDeleteCustomView", + "canUpdateCustomView", + "canGetCustomView", + "canSeeViewsWithPermissionsForAllUsers", + "canSeeViewsWithPermissionsForOneUser", +// "canGrantAccessToViews", +// "canRevokeAccessToViews", + "canSeeTransactionThisBankAccount", + "canSeeTransactionStatus", + "canSeeBankAccountCurrency", + "canAddTransactionRequestToBeneficiary" + ) } diff --git a/obp-api/src/main/scala/code/model/View.scala b/obp-api/src/main/scala/code/model/View.scala index dfc822818..4d599023a 100644 --- a/obp-api/src/main/scala/code/model/View.scala +++ b/obp-api/src/main/scala/code/model/View.scala @@ -30,7 +30,7 @@ package code.model import code.api.util.ErrorMessages import code.metadata.counterparties.Counterparties -import code.views.system.ViewDefinition +import code.views.system.{ViewDefinition, ViewPermission} import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.model._ import com.openbankproject.commons.model.enums.AccountRoutingScheme @@ -43,6 +43,13 @@ case class ViewExtended(val view: View) { val viewLogger = Logger(classOf[ViewExtended]) + def getViewPermissions: List[String] = + if (view.isSystem) { + ViewPermission.findSystemViewPermissions(view.viewId).map(_.permission.get) + } else { + ViewPermission.findCustomViewPermissions(view.bankId, view.accountId, view.viewId).map(_.permission.get) + } + def moderateTransaction(transaction : Transaction): Box[ModeratedTransaction] = { moderateTransactionUsingModeratedAccount(transaction, moderateAccountLegacy(transaction.thisAccount)) } @@ -50,6 +57,8 @@ case class ViewExtended(val view: View) { // In the future we can add a method here to allow someone to show only transactions over a certain limit private def moderateTransactionUsingModeratedAccount(transaction: Transaction, moderatedAccount : Option[ModeratedBankAccount]): Box[ModeratedTransaction] = { + val viewPermissions = getViewPermissions + lazy val moderatedTransaction = { //transaction data val transactionId = transaction.id @@ -58,60 +67,60 @@ case class ViewExtended(val view: View) { //transaction metadata val transactionMetadata = - if(view.canSeeTransactionMetadata) + if(viewPermissions.exists(_ == "canSeeTransactionMetadata")) { - val ownerComment = if (view.canSeeOwnerComment) Some(transaction.metadata.ownerComment()) else None + val ownerComment = if (viewPermissions.exists(_ == "canSeeOwnerComment")) Some(transaction.metadata.ownerComment()) else None val comments = - if (view.canSeeComments) + if (viewPermissions.exists(_ == "canSeeComments")) Some(transaction.metadata.comments(view.viewId)) else None - val addCommentFunc= if(view.canAddComment) Some(transaction.metadata.addComment) else None + val addCommentFunc= if(viewPermissions.exists(_ == "canAddComment")) Some(transaction.metadata.addComment) else None val deleteCommentFunc = - if(view.canDeleteComment) + if(viewPermissions.exists(_ == "canDeleteComment")) Some(transaction.metadata.deleteComment) else None - val addOwnerCommentFunc:Option[String=> Boolean] = if (view.canEditOwnerComment) Some(transaction.metadata.addOwnerComment) else None + val addOwnerCommentFunc:Option[String=> Boolean] = if (viewPermissions.exists(_ == "canEditOwnerComment")) Some(transaction.metadata.addOwnerComment) else None val tags = - if(view.canSeeTags) + if(viewPermissions.exists(_ == "canSeeTags")) Some(transaction.metadata.tags(view.viewId)) else None val addTagFunc = - if(view.canAddTag) + if(viewPermissions.exists(_ == "canAddTag")) Some(transaction.metadata.addTag) else None val deleteTagFunc = - if(view.canDeleteTag) + if(viewPermissions.exists(_ == "canDeleteTag")) Some(transaction.metadata.deleteTag) else None val images = - if(view.canSeeImages) Some(transaction.metadata.images(view.viewId)) + if(viewPermissions.exists(_ == "canSeeImages")) Some(transaction.metadata.images(view.viewId)) else None val addImageFunc = - if(view.canAddImage) Some(transaction.metadata.addImage) + if(viewPermissions.exists(_ == "canAddImage")) Some(transaction.metadata.addImage) else None val deleteImageFunc = - if(view.canDeleteImage) Some(transaction.metadata.deleteImage) + if(viewPermissions.exists(_ == "canDeleteImage")) Some(transaction.metadata.deleteImage) else None val whereTag = - if(view.canSeeWhereTag) + if(viewPermissions.exists(_ == "canSeeWhereTag")) Some(transaction.metadata.whereTags(view.viewId)) else None val addWhereTagFunc : Option[(UserPrimaryKey, ViewId, Date, Double, Double) => Boolean] = - if(view.canAddWhereTag) + if(viewPermissions.exists(_ == "canAddWhereTag")) Some(transaction.metadata.addWhereTag) else Empty val deleteWhereTagFunc : Option[(ViewId) => Boolean] = - if (view.canDeleteWhereTag) + if (viewPermissions.exists(_ == "canDeleteWhereTag")) Some(transaction.metadata.deleteWhereTag) else Empty @@ -140,35 +149,35 @@ case class ViewExtended(val view: View) { None val transactionType = - if (view.canSeeTransactionType) Some(transaction.transactionType) + if (viewPermissions.exists(_ == "canSeeTransactionType")) Some(transaction.transactionType) else None val transactionAmount = - if (view.canSeeTransactionAmount) Some(transaction.amount) + if (viewPermissions.exists(_ == "canSeeTransactionAmount")) Some(transaction.amount) else None val transactionCurrency = - if (view.canSeeTransactionCurrency) Some(transaction.currency) + if (viewPermissions.exists(_ == "canSeeTransactionCurrency")) Some(transaction.currency) else None val transactionDescription = - if (view.canSeeTransactionDescription) transaction.description + if (viewPermissions.exists(_ == "canSeeTransactionDescription")) transaction.description else None val transactionStartDate = - if (view.canSeeTransactionStartDate) Some(transaction.startDate) + if (viewPermissions.exists(_ == "canSeeTransactionStartDate")) Some(transaction.startDate) else None val transactionFinishDate = - if (view.canSeeTransactionFinishDate) Some(transaction.finishDate) + if (viewPermissions.exists(_ == "canSeeTransactionFinishDate")) Some(transaction.finishDate) else None val transactionBalance = - if (view.canSeeTransactionBalance && transaction.balance != null) transaction.balance.toString() + if (viewPermissions.exists(_ == "canSeeTransactionBalance") && transaction.balance != null) transaction.balance.toString() else "" val transactionStatus = - if (view.canSeeTransactionStatus) transaction.status + if (viewPermissions.exists(_ == "canSeeTransactionStatus")) transaction.status else "" new ModeratedTransaction( @@ -206,37 +215,39 @@ case class ViewExtended(val view: View) { private def moderateCore(transactionCore: TransactionCore, moderatedAccount : Option[ModeratedBankAccount]): Box[ModeratedTransactionCore] = { + val viewPermissions = getViewPermissions + lazy val moderatedTransaction = { //transaction data val transactionId = transactionCore.id val otherBankAccount = moderateCore(transactionCore.otherAccount) val transactionType = - if (view.canSeeTransactionType) Some(transactionCore.transactionType) + if (viewPermissions.exists(_ == "canSeeTransactionType")) Some(transactionCore.transactionType) else None val transactionAmount = - if (view.canSeeTransactionAmount) Some(transactionCore.amount) + if (viewPermissions.exists(_ == "canSeeTransactionAmount")) Some(transactionCore.amount) else None val transactionCurrency = - if (view.canSeeTransactionCurrency) Some(transactionCore.currency) + if (viewPermissions.exists(_ == "canSeeTransactionCurrency")) Some(transactionCore.currency) else None val transactionDescription = - if (view.canSeeTransactionDescription) transactionCore.description + if (viewPermissions.exists(_ == "canSeeTransactionDescription")) transactionCore.description else None val transactionStartDate = - if (view.canSeeTransactionStartDate) Some(transactionCore.startDate) + if (viewPermissions.exists(_ == "canSeeTransactionStartDate")) Some(transactionCore.startDate) else None val transactionFinishDate = - if (view.canSeeTransactionFinishDate) Some(transactionCore.finishDate) + if (viewPermissions.exists(_ == "canSeeTransactionFinishDate")) Some(transactionCore.finishDate) else None val transactionBalance = - if (view.canSeeTransactionBalance && transactionCore.balance != null) transactionCore.balance.toString() + if (viewPermissions.exists(_ == "canSeeTransactionBalance") && transactionCore.balance != null) transactionCore.balance.toString() else "" new ModeratedTransactionCore( @@ -314,27 +325,29 @@ case class ViewExtended(val view: View) { * no need to call the Connector.connector.vend.getBankLegacy several times. */ def moderateAccount(bank: Bank, bankAccount: BankAccount) : Box[ModeratedBankAccount] = { - if(view.canSeeTransactionThisBankAccount) + val viewPermissions = getViewPermissions + + if(viewPermissions.exists(_ == "canSeeTransactionThisBankAccount")) { - val owners : Set[User] = if(view.canSeeBankAccountOwners) bankAccount.userOwners else Set() - val balance = if(view.canSeeBankAccountBalance && bankAccount.balance != null) bankAccount.balance.toString else "" - val accountType = if(view.canSeeBankAccountType) Some(bankAccount.accountType) else None - val currency = if(view.canSeeBankAccountCurrency) Some(bankAccount.currency) else None - val label = if(view.canSeeBankAccountLabel) Some(bankAccount.label) else None - val iban = if(view.canSeeBankAccountIban) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None - val number = if(view.canSeeBankAccountNumber) Some(bankAccount.number) else None + val owners : Set[User] = if(viewPermissions.exists(_ == "canSeeBankAccountOwners")) bankAccount.userOwners else Set() + val balance = if(viewPermissions.exists(_ == "canSeeBankAccountBalance") && bankAccount.balance != null) bankAccount.balance.toString else "" + val accountType = if(viewPermissions.exists(_ == "canSeeBankAccountType")) Some(bankAccount.accountType) else None + val currency = if(viewPermissions.exists(_ == "canSeeBankAccountCurrency")) Some(bankAccount.currency) else None + val label = if (viewPermissions.exists(_ == "canSeeBankAccountLabel")) Some(bankAccount.label) else None + val iban = if (viewPermissions.exists(_ == "canSeeBankAccountIban")) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None + val number = if (viewPermissions.exists(_ == "canSeeBankAccountNumber")) Some(bankAccount.number) else None //From V300, use scheme and address stuff... - val accountRoutingScheme = if(view.canSeeBankAccountRoutingScheme) bankAccount.accountRoutings.headOption.map(_.scheme) else None - val accountRoutingAddress = if(view.canSeeBankAccountRoutingAddress) bankAccount.accountRoutings.headOption.map(_.address) else None - val accountRoutings = if(view.canSeeBankAccountRoutingScheme && view.canSeeBankAccountRoutingAddress) bankAccount.accountRoutings else Nil - val accountRules = if(view.canSeeBankAccountCreditLimit) bankAccount.accountRules else Nil + val accountRoutingScheme = if (viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme")) bankAccount.accountRoutings.headOption.map(_.scheme) else None + val accountRoutingAddress = if (viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings.headOption.map(_.address) else None + val accountRoutings = if (viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme") && viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings else Nil + val accountRules = if (viewPermissions.exists(_ == "canSeeBankAccountCreditLimit")) bankAccount.accountRules else Nil //followings are from the bank object. val bankId = bank.bankId - val bankName = if(view.canSeeBankAccountBankName) Some(bank.fullName) else None - val nationalIdentifier = if(view.canSeeBankAccountNationalIdentifier) Some(bank.nationalIdentifier) else None - val bankRoutingScheme = if(view.canSeeBankRoutingScheme) Some(bank.bankRoutingScheme) else None - val bankRoutingAddress = if(view.canSeeBankRoutingAddress) Some(bank.bankRoutingAddress) else None + val bankName = if (viewPermissions.exists(_ == "canSeeBankAccountBankName")) Some(bank.fullName) else None + val nationalIdentifier = if (viewPermissions.exists(_ == "canSeeBankAccountNationalIdentifier")) Some(bank.nationalIdentifier) else None + val bankRoutingScheme = if (viewPermissions.exists(_ == "canSeeBankRoutingScheme")) Some(bank.bankRoutingScheme) else None + val bankRoutingAddress = if (viewPermissions.exists(_ == "canSeeBankRoutingAddress")) Some(bank.bankRoutingAddress) else None Some( new ModeratedBankAccount( @@ -362,27 +375,31 @@ case class ViewExtended(val view: View) { Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionThisBankAccount_)).dropRight(1)}` permission on the view(${view.viewId.value})") } + + @deprecated("This have the performance issue, call `Connector.connector.vend.getBankLegacy` four times in the backend. use @moderateAccount instead ","08-01-2020") def moderateAccountLegacy(bankAccount: BankAccount) : Box[ModeratedBankAccount] = { - if(view.canSeeTransactionThisBankAccount) + val viewPermissions = getViewPermissions + + if(viewPermissions.exists(_ == "canSeeTransactionThisBankAccount")) { - val owners : Set[User] = if(view.canSeeBankAccountOwners) bankAccount.userOwners else Set() - val balance = if(view.canSeeBankAccountBalance && bankAccount.balance !=null) bankAccount.balance.toString else "" - val accountType = if(view.canSeeBankAccountType) Some(bankAccount.accountType) else None - val currency = if(view.canSeeBankAccountCurrency) Some(bankAccount.currency) else None - val label = if(view.canSeeBankAccountLabel) Some(bankAccount.label) else None - val nationalIdentifier = if(view.canSeeBankAccountNationalIdentifier) Some(bankAccount.nationalIdentifier) else None - val iban = if(view.canSeeBankAccountIban) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None - val number = if(view.canSeeBankAccountNumber) Some(bankAccount.number) else None - val bankName = if(view.canSeeBankAccountBankName) Some(bankAccount.bankName) else None + val owners : Set[User] = if(viewPermissions.exists(_ == "canSeeBankAccountOwners")) bankAccount.userOwners else Set() + val balance = if(viewPermissions.exists(_ == "canSeeBankAccountBalance") && bankAccount.balance !=null) bankAccount.balance.toString else "" + val accountType = if(viewPermissions.exists(_ == "canSeeBankAccountType")) Some(bankAccount.accountType) else None + val currency = if(viewPermissions.exists(_ == "canSeeBankAccountCurrency")) Some(bankAccount.currency) else None + val label = if(viewPermissions.exists(_ == "canSeeBankAccountLabel")) Some(bankAccount.label) else None + val nationalIdentifier = if(viewPermissions.exists(_ == "canSeeBankAccountNationalIdentifier")) Some(bankAccount.nationalIdentifier) else None + val iban = if(viewPermissions.exists(_ == "canSeeBankAccountIban")) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None + val number = if(viewPermissions.exists(_ == "canSeeBankAccountNumber")) Some(bankAccount.number) else None + val bankName = if(viewPermissions.exists(_ == "canSeeBankAccountBankName")) Some(bankAccount.bankName) else None val bankId = bankAccount.bankId //From V300, use scheme and address stuff... - val bankRoutingScheme = if(view.canSeeBankRoutingScheme) Some(bankAccount.bankRoutingScheme) else None - val bankRoutingAddress = if(view.canSeeBankRoutingAddress) Some(bankAccount.bankRoutingAddress) else None - val accountRoutingScheme = if(view.canSeeBankAccountRoutingScheme) bankAccount.accountRoutings.headOption.map(_.scheme) else None - val accountRoutingAddress = if(view.canSeeBankAccountRoutingAddress) bankAccount.accountRoutings.headOption.map(_.address) else None - val accountRoutings = if(view.canSeeBankAccountRoutingScheme && view.canSeeBankAccountRoutingAddress) bankAccount.accountRoutings else Nil - val accountRules = if(view.canSeeBankAccountCreditLimit) bankAccount.accountRules else Nil + val bankRoutingScheme = if(viewPermissions.exists(_ == "canSeeBankRoutingScheme")) Some(bankAccount.bankRoutingScheme) else None + val bankRoutingAddress = if(viewPermissions.exists(_ == "canSeeBankRoutingAddress")) Some(bankAccount.bankRoutingAddress) else None + val accountRoutingScheme = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme")) bankAccount.accountRoutings.headOption.map(_.scheme) else None + val accountRoutingAddress = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings.headOption.map(_.address) else None + val accountRoutings = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme") && viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings else Nil + val accountRules = if(viewPermissions.exists(_ == "canSeeBankAccountCreditLimit")) bankAccount.accountRules else Nil Some( new ModeratedBankAccount( @@ -411,18 +428,20 @@ case class ViewExtended(val view: View) { } def moderateAccountCore(bankAccount: BankAccount) : Box[ModeratedBankAccountCore] = { - if(view.canSeeTransactionThisBankAccount) + val viewPermissions = getViewPermissions + + if(viewPermissions.exists(_ == "canSeeTransactionThisBankAccount")) { - val owners : Set[User] = if(view.canSeeBankAccountOwners) bankAccount.userOwners else Set() - val balance = if(view.canSeeBankAccountBalance && bankAccount.balance != null) Some(bankAccount.balance.toString) else None - val accountType = if(view.canSeeBankAccountType) Some(bankAccount.accountType) else None - val currency = if(view.canSeeBankAccountCurrency) Some(bankAccount.currency) else None - val label = if(view.canSeeBankAccountLabel) Some(bankAccount.label) else None - val number = if(view.canSeeBankAccountNumber) Some(bankAccount.number) else None + val owners : Set[User] = if(viewPermissions.exists(_ == "canSeeBankAccountOwners")) bankAccount.userOwners else Set() + val balance = if(viewPermissions.exists(_ == "canSeeBankAccountBalance") && bankAccount.balance != null) Some(bankAccount.balance.toString) else None + val accountType = if(viewPermissions.exists(_ == "canSeeBankAccountType")) Some(bankAccount.accountType) else None + val currency = if(viewPermissions.exists(_ == "canSeeBankAccountCurrency")) Some(bankAccount.currency) else None + val label = if(viewPermissions.exists(_ == "canSeeBankAccountLabel")) Some(bankAccount.label) else None + val number = if(viewPermissions.exists(_ == "canSeeBankAccountNumber")) Some(bankAccount.number) else None val bankId = bankAccount.bankId //From V300, use scheme and address stuff... - val accountRoutings = if(view.canSeeBankAccountRoutingScheme && view.canSeeBankAccountRoutingAddress) bankAccount.accountRoutings else Nil - val accountRules = if(view.canSeeBankAccountCreditLimit) bankAccount.accountRules else Nil + val accountRoutings = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme") && viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings else Nil + val accountRules = if(viewPermissions.exists(_ == "canSeeBankAccountCreditLimit")) bankAccount.accountRules else Nil Some( ModeratedBankAccountCore( @@ -445,7 +464,9 @@ case class ViewExtended(val view: View) { // Moderate the Counterparty side of the Transaction (i.e. the Other Account involved in the transaction) def moderateOtherAccount(otherBankAccount : Counterparty) : Box[ModeratedOtherBankAccount] = { - if (view.canSeeTransactionOtherBankAccount) + val viewPermissions = getViewPermissions + + if (viewPermissions.exists(_ == "canSeeTransactionOtherBankAccount")) { //other account data val otherAccountId = otherBankAccount.counterpartyId @@ -479,44 +500,44 @@ case class ViewExtended(val view: View) { if(isAlias & view.hideOtherAccountMetadataIfAlias) None else - if(canSeeField) - Some(field) - else - None + if(canSeeField) + Some(field) + else + None } implicit def optionStringToString(x : Option[String]) : String = x.getOrElse("") - val otherAccountNationalIdentifier = if(view.canSeeOtherAccountNationalIdentifier) Some(otherBankAccount.nationalIdentifier) else None - val otherAccountSWIFT_BIC = if(view.canSeeOtherAccountSWIFT_BIC) otherBankAccount.otherBankRoutingAddress else None - val otherAccountIBAN = if(view.canSeeOtherAccountIBAN) otherBankAccount.otherAccountRoutingAddress else None - val otherAccountBankName = if(view.canSeeOtherAccountBankName) Some(otherBankAccount.thisBankId.value) else None - val otherAccountNumber = if(view.canSeeOtherAccountNumber) Some(otherBankAccount.thisAccountId.value) else None - val otherAccountKind = if(view.canSeeOtherAccountKind) Some(otherBankAccount.kind) else None - val otherBankRoutingScheme = if(view.canSeeOtherBankRoutingScheme) Some(otherBankAccount.otherBankRoutingScheme) else None - val otherBankRoutingAddress = if(view.canSeeOtherBankRoutingAddress) otherBankAccount.otherBankRoutingAddress else None - val otherAccountRoutingScheme = if(view.canSeeOtherAccountRoutingScheme) Some(otherBankAccount.otherAccountRoutingScheme) else None - val otherAccountRoutingAddress = if(view.canSeeOtherAccountRoutingAddress) otherBankAccount.otherAccountRoutingAddress else None + val otherAccountNationalIdentifier = if(viewPermissions.exists(_ == "canSeeOtherAccountNationalIdentifier")) Some(otherBankAccount.nationalIdentifier) else None + val otherAccountSWIFT_BIC = if(viewPermissions.exists(_ == "canSeeOtherAccountSWIFT_BIC")) otherBankAccount.otherBankRoutingAddress else None + val otherAccountIBAN = if(viewPermissions.exists(_ == "canSeeOtherAccountIBAN")) otherBankAccount.otherAccountRoutingAddress else None + val otherAccountBankName = if(viewPermissions.exists(_ == "canSeeOtherAccountBankName")) Some(otherBankAccount.thisBankId.value) else None + val otherAccountNumber = if(viewPermissions.exists(_ == "canSeeOtherAccountNumber")) Some(otherBankAccount.thisAccountId.value) else None + val otherAccountKind = if(viewPermissions.exists(_ == "canSeeOtherAccountKind")) Some(otherBankAccount.kind) else None + val otherBankRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingScheme")) Some(otherBankAccount.otherBankRoutingScheme) else None + val otherBankRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingAddress")) otherBankAccount.otherBankRoutingAddress else None + val otherAccountRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingScheme")) Some(otherBankAccount.otherAccountRoutingScheme) else None + val otherAccountRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingAddress")) otherBankAccount.otherAccountRoutingAddress else None val otherAccountMetadata = - if(view.canSeeOtherAccountMetadata){ + if(viewPermissions.exists(_ == "canSeeOtherAccountMetadata")){ //other bank account metadata - val moreInfo = moderateField(view.canSeeMoreInfo, Counterparties.counterparties.vend.getMoreInfo(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val url = moderateField(view.canSeeUrl, Counterparties.counterparties.vend.getUrl(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val imageUrl = moderateField(view.canSeeImageUrl, Counterparties.counterparties.vend.getImageURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val openCorporatesUrl = moderateField (view.canSeeOpenCorporatesUrl, Counterparties.counterparties.vend.getOpenCorporatesURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val corporateLocation : Option[Option[GeoTag]] = moderateField(view.canSeeCorporateLocation, Counterparties.counterparties.vend.getCorporateLocation(otherBankAccount.counterpartyId).toOption) - val physicalLocation : Option[Option[GeoTag]] = moderateField(view.canSeePhysicalLocation, Counterparties.counterparties.vend.getPhysicalLocation(otherBankAccount.counterpartyId).toOption) - val addMoreInfo = moderateField(view.canAddMoreInfo, otherBankAccount.metadata.addMoreInfo) - val addURL = moderateField(view.canAddURL, otherBankAccount.metadata.addURL) - val addImageURL = moderateField(view.canAddImageURL, otherBankAccount.metadata.addImageURL) - val addOpenCorporatesUrl = moderateField(view.canAddOpenCorporatesUrl, otherBankAccount.metadata.addOpenCorporatesURL) - val addCorporateLocation = moderateField(view.canAddCorporateLocation, otherBankAccount.metadata.addCorporateLocation) - val addPhysicalLocation = moderateField(view.canAddPhysicalLocation, otherBankAccount.metadata.addPhysicalLocation) - val publicAlias = moderateField(view.canSeePublicAlias, Counterparties.counterparties.vend.getPublicAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val privateAlias = moderateField(view.canSeePrivateAlias, Counterparties.counterparties.vend.getPrivateAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val addPublicAlias = moderateField(view.canAddPublicAlias, otherBankAccount.metadata.addPublicAlias) - val addPrivateAlias = moderateField(view.canAddPrivateAlias, otherBankAccount.metadata.addPrivateAlias) - val deleteCorporateLocation = moderateField(view.canDeleteCorporateLocation, otherBankAccount.metadata.deleteCorporateLocation) - val deletePhysicalLocation= moderateField(view.canDeletePhysicalLocation, otherBankAccount.metadata.deletePhysicalLocation) + val moreInfo = moderateField(viewPermissions.exists(_ == "canSeeMoreInfo"), Counterparties.counterparties.vend.getMoreInfo(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val url = moderateField(viewPermissions.exists(_ == "canSeeUrl"), Counterparties.counterparties.vend.getUrl(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val imageUrl = moderateField(viewPermissions.exists(_ == "canSeeImageUrl"), Counterparties.counterparties.vend.getImageURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val openCorporatesUrl = moderateField (viewPermissions.exists(_ == "canSeeOpenCorporatesUrl"), Counterparties.counterparties.vend.getOpenCorporatesURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val corporateLocation : Option[Option[GeoTag]] = moderateField(viewPermissions.exists(_ == "canSeeCorporateLocation"), Counterparties.counterparties.vend.getCorporateLocation(otherBankAccount.counterpartyId).toOption) + val physicalLocation : Option[Option[GeoTag]] = moderateField(viewPermissions.exists(_ == "canSeePhysicalLocation"), Counterparties.counterparties.vend.getPhysicalLocation(otherBankAccount.counterpartyId).toOption) + val addMoreInfo = moderateField(viewPermissions.exists(_ == "canAddMoreInfo"), otherBankAccount.metadata.addMoreInfo) + val addURL = moderateField(viewPermissions.exists(_ == "canAddURL"), otherBankAccount.metadata.addURL) + val addImageURL = moderateField(viewPermissions.exists(_ == "canAddImageURL"), otherBankAccount.metadata.addImageURL) + val addOpenCorporatesUrl = moderateField(viewPermissions.exists(_ == "canAddOpenCorporatesUrl"), otherBankAccount.metadata.addOpenCorporatesURL) + val addCorporateLocation = moderateField(viewPermissions.exists(_ == "canAddCorporateLocation"), otherBankAccount.metadata.addCorporateLocation) + val addPhysicalLocation = moderateField(viewPermissions.exists(_ == "canAddPhysicalLocation"), otherBankAccount.metadata.addPhysicalLocation) + val publicAlias = moderateField(viewPermissions.exists(_ == "canSeePublicAlias"), Counterparties.counterparties.vend.getPublicAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val privateAlias = moderateField(viewPermissions.exists(_ == "canSeePrivateAlias"), Counterparties.counterparties.vend.getPrivateAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val addPublicAlias = moderateField(viewPermissions.exists(_ == "canAddPublicAlias"), otherBankAccount.metadata.addPublicAlias) + val addPrivateAlias = moderateField(viewPermissions.exists(_ == "canAddPrivateAlias"), otherBankAccount.metadata.addPrivateAlias) + val deleteCorporateLocation = moderateField(viewPermissions.exists(_ == "canDeleteCorporateLocation"), otherBankAccount.metadata.deleteCorporateLocation) + val deletePhysicalLocation= moderateField(viewPermissions.exists(_ == "canDeletePhysicalLocation"), otherBankAccount.metadata.deletePhysicalLocation) Some( new ModeratedOtherBankAccountMetadata( @@ -567,7 +588,9 @@ case class ViewExtended(val view: View) { } def moderateCore(counterpartyCore : CounterpartyCore) : Box[ModeratedOtherBankAccountCore] = { - if (view.canSeeTransactionOtherBankAccount) + val viewPermissions = getViewPermissions + + if (viewPermissions.exists(_ == "canSeeTransactionOtherBankAccount")) { //other account data val otherAccountId = counterpartyCore.counterpartyId @@ -586,15 +609,15 @@ case class ViewExtended(val view: View) { } implicit def optionStringToString(x : Option[String]) : String = x.getOrElse("") - val otherAccountSWIFT_BIC = if(view.canSeeOtherAccountSWIFT_BIC) counterpartyCore.otherBankRoutingAddress else None - val otherAccountIBAN = if(view.canSeeOtherAccountIBAN) counterpartyCore.otherAccountRoutingAddress else None - val otherAccountBankName = if(view.canSeeOtherAccountBankName) Some(counterpartyCore.thisBankId.value) else None - val otherAccountNumber = if(view.canSeeOtherAccountNumber) Some(counterpartyCore.thisAccountId.value) else None - val otherAccountKind = if(view.canSeeOtherAccountKind) Some(counterpartyCore.kind) else None - val otherBankRoutingScheme = if(view.canSeeOtherBankRoutingScheme) Some(counterpartyCore.otherBankRoutingScheme) else None - val otherBankRoutingAddress = if(view.canSeeOtherBankRoutingAddress) counterpartyCore.otherBankRoutingAddress else None - val otherAccountRoutingScheme = if(view.canSeeOtherAccountRoutingScheme) Some(counterpartyCore.otherAccountRoutingScheme) else None - val otherAccountRoutingAddress = if(view.canSeeOtherAccountRoutingAddress) counterpartyCore.otherAccountRoutingAddress else None + val otherAccountSWIFT_BIC = if(viewPermissions.exists(_ == "canSeeOtherAccountSWIFT_BIC")) counterpartyCore.otherBankRoutingAddress else None + val otherAccountIBAN = if(viewPermissions.exists(_ == "canSeeOtherAccountIBAN")) counterpartyCore.otherAccountRoutingAddress else None + val otherAccountBankName = if(viewPermissions.exists(_ == "canSeeOtherAccountBankName")) Some(counterpartyCore.thisBankId.value) else None + val otherAccountNumber = if(viewPermissions.exists(_ == "canSeeOtherAccountNumber")) Some(counterpartyCore.thisAccountId.value) else None + val otherAccountKind = if(viewPermissions.exists(_ == "canSeeOtherAccountKind")) Some(counterpartyCore.kind) else None + val otherBankRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingScheme")) Some(counterpartyCore.otherBankRoutingScheme) else None + val otherBankRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingAddress")) counterpartyCore.otherBankRoutingAddress else None + val otherAccountRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingScheme")) Some(counterpartyCore.otherAccountRoutingScheme) else None + val otherAccountRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingAddress")) counterpartyCore.otherAccountRoutingAddress else None Some( new ModeratedOtherBankAccountCore( id = counterpartyCore.counterpartyId, diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index c5f5bd5e5..6c6e5643b 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -621,96 +621,9 @@ object MapperViews extends Views with MdcLoggable { } private def migrateViewPermissions(view: View): Unit = { - val permissionNames = List( - "canSeeTransactionOtherBankAccount", - "canSeeTransactionMetadata", - "canSeeTransactionDescription", - "canSeeTransactionAmount", - "canSeeTransactionType", - "canSeeTransactionCurrency", - "canSeeTransactionStartDate", - "canSeeTransactionFinishDate", - "canSeeTransactionBalance", - "canSeeComments", - "canSeeOwnerComment", - "canSeeTags", - "canSeeImages", - "canSeeBankAccountOwners", - "canSeeBankAccountType", - "canSeeBankAccountBalance", - "canQueryAvailableFunds", - "canSeeBankAccountLabel", - "canSeeBankAccountNationalIdentifier", - "canSeeBankAccountSwift_bic", - "canSeeBankAccountIban", - "canSeeBankAccountNumber", - "canSeeBankAccountBankName", - "canSeeBankAccountBankPermalink", - "canSeeBankRoutingScheme", - "canSeeBankRoutingAddress", - "canSeeBankAccountRoutingScheme", - "canSeeBankAccountRoutingAddress", - "canSeeOtherAccountNationalIdentifier", - "canSeeOtherAccountSWIFT_BIC", - "canSeeOtherAccountIBAN", - "canSeeOtherAccountBankName", - "canSeeOtherAccountNumber", - "canSeeOtherAccountMetadata", - "canSeeOtherAccountKind", - "canSeeOtherBankRoutingScheme", - "canSeeOtherBankRoutingAddress", - "canSeeOtherAccountRoutingScheme", - "canSeeOtherAccountRoutingAddress", - "canSeeMoreInfo", - "canSeeUrl", - "canSeeImageUrl", - "canSeeOpenCorporatesUrl", - "canSeeCorporateLocation", - "canSeePhysicalLocation", - "canSeePublicAlias", - "canSeePrivateAlias", - "canAddMoreInfo", - "canAddURL", - "canAddImageURL", - "canAddOpenCorporatesUrl", - "canAddCorporateLocation", - "canAddPhysicalLocation", - "canAddPublicAlias", - "canAddPrivateAlias", - "canAddCounterparty", - "canGetCounterparty", - "canDeleteCounterparty", - "canDeleteCorporateLocation", - "canDeletePhysicalLocation", - "canEditOwnerComment", - "canAddComment", - "canDeleteComment", - "canAddTag", - "canDeleteTag", - "canAddImage", - "canDeleteImage", - "canAddWhereTag", - "canSeeWhereTag", - "canDeleteWhereTag", - "canAddTransactionRequestToOwnAccount", - "canAddTransactionRequestToAnyAccount", - "canSeeBankAccountCreditLimit", - "canCreateDirectDebit", - "canCreateStandingOrder", - "canRevokeAccessToCustomViews", - "canGrantAccessToCustomViews", - "canSeeTransactionRequests", - "canSeeTransactionRequestTypes", - "canSeeAvailableViewsForBankAccount", - "canUpdateBankAccountLabel", - "canCreateCustomView", - "canDeleteCustomView", - "canUpdateCustomView", - "canGetCustomView", - "canSeeViewsWithPermissionsForAllUsers", - "canSeeViewsWithPermissionsForOneUser" - ) + val permissionNames: List[String] = code.api.Constant.VIEW_PERMISSION_NAMES + permissionNames.foreach { permissionName => // Get permission value val permissionValue = view.getClass.getMethod(permissionName).invoke(view).asInstanceOf[Boolean] From 41176ed64c10e95ef316b4bb529fce788a4c8c87 Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 10:38:22 +0200 Subject: [PATCH 03/26] refactor/add metaData field to ViewPermission for special permissions --- obp-api/src/main/scala/code/views/system/ViewPermission.scala | 1 + 1 file changed, 1 insertion(+) diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index fc3b3995c..9159a6b76 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -9,6 +9,7 @@ class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with Crea object account_id extends MappedString(this, 255) object view_id extends UUIDString(this) object permission extends MappedString(this, 255) + object metaData extends MappedString(this, 1024) //this is for special permissions like "canRevokeAccessToViews" and "canGrantAccessToViews", it need to support list of views. } object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermission] { override def dbIndexes: List[BaseIndex[ViewPermission]] = UniqueIndex(bank_id, account_id, view_id, permission) :: super.dbIndexes From 867a070f413fdbd3cf46dba482079c5a63db2e06 Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 10:46:43 +0200 Subject: [PATCH 04/26] refactor/use constants values for all view permissions --- .../scala/code/api/constant/constant.scala | 281 ++++++++++++------ 1 file changed, 187 insertions(+), 94 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 5b6c11fd9..778d328ec 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -127,102 +127,195 @@ object Constant extends MdcLoggable { final val GET_DYNAMIC_RESOURCE_DOCS_TTL: Int = APIUtil.getPropsValue(s"dynamicResourceDocsObp.cache.ttl.seconds", "3600").toInt final val GET_STATIC_RESOURCE_DOCS_TTL: Int = APIUtil.getPropsValue(s"staticResourceDocsObp.cache.ttl.seconds", "3600").toInt final val SHOW_USED_CONNECTOR_METHODS: Boolean = APIUtil.getPropsAsBoolValue(s"show_used_connector_methods", false) - + + final val CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT = "canSeeTransactionOtherBankAccount" + final val CAN_SEE_TRANSACTION_METADATA = "canSeeTransactionMetadata" + final val CAN_SEE_TRANSACTION_DESCRIPTION = "canSeeTransactionDescription" + final val CAN_SEE_TRANSACTION_AMOUNT = "canSeeTransactionAmount" + final val CAN_SEE_TRANSACTION_TYPE = "canSeeTransactionType" + final val CAN_SEE_TRANSACTION_CURRENCY = "canSeeTransactionCurrency" + final val CAN_SEE_TRANSACTION_START_DATE = "canSeeTransactionStartDate" + final val CAN_SEE_TRANSACTION_FINISH_DATE = "canSeeTransactionFinishDate" + final val CAN_SEE_TRANSACTION_BALANCE = "canSeeTransactionBalance" + final val CAN_SEE_COMMENTS = "canSeeComments" + final val CAN_SEE_OWNER_COMMENT = "canSeeOwnerComment" + final val CAN_SEE_TAGS = "canSeeTags" + final val CAN_SEE_IMAGES = "canSeeImages" + final val CAN_SEE_BANK_ACCOUNT_OWNERS = "canSeeBankAccountOwners" + final val CAN_SEE_BANK_ACCOUNT_TYPE = "canSeeBankAccountType" + final val CAN_SEE_BANK_ACCOUNT_BALANCE = "canSeeBankAccountBalance" + final val CAN_QUERY_AVAILABLE_FUNDS = "canQueryAvailableFunds" + final val CAN_SEE_BANK_ACCOUNT_LABEL = "canSeeBankAccountLabel" + final val CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER = "canSeeBankAccountNationalIdentifier" + final val CAN_SEE_BANK_ACCOUNT_SWIFT_BIC = "canSeeBankAccountSwift_bic" + final val CAN_SEE_BANK_ACCOUNT_IBAN = "canSeeBankAccountIban" + final val CAN_SEE_BANK_ACCOUNT_NUMBER = "canSeeBankAccountNumber" + final val CAN_SEE_BANK_ACCOUNT_BANK_NAME = "canSeeBankAccountBankName" + final val CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK = "canSeeBankAccountBankPermalink" + final val CAN_SEE_BANK_ROUTING_SCHEME = "canSeeBankRoutingScheme" + final val CAN_SEE_BANK_ROUTING_ADDRESS = "canSeeBankRoutingAddress" + final val CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME = "canSeeBankAccountRoutingScheme" + final val CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS = "canSeeBankAccountRoutingAddress" + final val CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER = "canSeeOtherAccountNationalIdentifier" + final val CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC = "canSeeOtherAccountSWIFT_BIC" + final val CAN_SEE_OTHER_ACCOUNT_IBAN = "canSeeOtherAccountIBAN" + final val CAN_SEE_OTHER_ACCOUNT_BANK_NAME = "canSeeOtherAccountBankName" + final val CAN_SEE_OTHER_ACCOUNT_NUMBER = "canSeeOtherAccountNumber" + final val CAN_SEE_OTHER_ACCOUNT_METADATA = "canSeeOtherAccountMetadata" + final val CAN_SEE_OTHER_ACCOUNT_KIND = "canSeeOtherAccountKind" + final val CAN_SEE_OTHER_BANK_ROUTING_SCHEME = "canSeeOtherBankRoutingScheme" + final val CAN_SEE_OTHER_BANK_ROUTING_ADDRESS = "canSeeOtherBankRoutingAddress" + final val CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME = "canSeeOtherAccountRoutingScheme" + final val CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS = "canSeeOtherAccountRoutingAddress" + final val CAN_SEE_MORE_INFO = "canSeeMoreInfo" + final val CAN_SEE_URL = "canSeeUrl" + final val CAN_SEE_IMAGE_URL = "canSeeImageUrl" + final val CAN_SEE_OPEN_CORPORATES_URL = "canSeeOpenCorporatesUrl" + final val CAN_SEE_CORPORATE_LOCATION = "canSeeCorporateLocation" + final val CAN_SEE_PHYSICAL_LOCATION = "canSeePhysicalLocation" + final val CAN_SEE_PUBLIC_ALIAS = "canSeePublicAlias" + final val CAN_SEE_PRIVATE_ALIAS = "canSeePrivateAlias" + final val CAN_ADD_MORE_INFO = "canAddMoreInfo" + final val CAN_ADD_URL = "canAddURL" + final val CAN_ADD_IMAGE_URL = "canAddImageURL" + final val CAN_ADD_OPEN_CORPORATES_URL = "canAddOpenCorporatesUrl" + final val CAN_ADD_CORPORATE_LOCATION = "canAddCorporateLocation" + final val CAN_ADD_PHYSICAL_LOCATION = "canAddPhysicalLocation" + final val CAN_ADD_PUBLIC_ALIAS = "canAddPublicAlias" + final val CAN_ADD_PRIVATE_ALIAS = "canAddPrivateAlias" + final val CAN_ADD_COUNTERPARTY = "canAddCounterparty" + final val CAN_GET_COUNTERPARTY = "canGetCounterparty" + final val CAN_DELETE_COUNTERPARTY = "canDeleteCounterparty" + final val CAN_DELETE_CORPORATE_LOCATION = "canDeleteCorporateLocation" + final val CAN_DELETE_PHYSICAL_LOCATION = "canDeletePhysicalLocation" + final val CAN_EDIT_OWNER_COMMENT = "canEditOwnerComment" + final val CAN_ADD_COMMENT = "canAddComment" + final val CAN_DELETE_COMMENT = "canDeleteComment" + final val CAN_ADD_TAG = "canAddTag" + final val CAN_DELETE_TAG = "canDeleteTag" + final val CAN_ADD_IMAGE = "canAddImage" + final val CAN_DELETE_IMAGE = "canDeleteImage" + final val CAN_ADD_WHERE_TAG = "canAddWhereTag" + final val CAN_SEE_WHERE_TAG = "canSeeWhereTag" + final val CAN_DELETE_WHERE_TAG = "canDeleteWhereTag" + final val CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT = "canAddTransactionRequestToOwnAccount" + final val CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT = "canAddTransactionRequestToAnyAccount" + final val CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT = "canSeeBankAccountCreditLimit" + final val CAN_CREATE_DIRECT_DEBIT = "canCreateDirectDebit" + final val CAN_CREATE_STANDING_ORDER = "canCreateStandingOrder" + final val CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS = "canRevokeAccessToCustomViews" + final val CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS = "canGrantAccessToCustomViews" + final val CAN_SEE_TRANSACTION_REQUESTS = "canSeeTransactionRequests" + final val CAN_SEE_TRANSACTION_REQUEST_TYPES = "canSeeTransactionRequestTypes" + final val CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT = "canSeeAvailableViewsForBankAccount" + final val CAN_UPDATE_BANK_ACCOUNT_LABEL = "canUpdateBankAccountLabel" + final val CAN_CREATE_CUSTOM_VIEW = "canCreateCustomView" + final val CAN_DELETE_CUSTOM_VIEW = "canDeleteCustomView" + final val CAN_UPDATE_CUSTOM_VIEW = "canUpdateCustomView" + final val CAN_GET_CUSTOM_VIEW = "canGetCustomView" + final val CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS = "canSeeViewsWithPermissionsForAllUsers" + final val CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER = "canSeeViewsWithPermissionsForOneUser" + final val CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT = "canSeeTransactionThisBankAccount" + final val CAN_SEE_TRANSACTION_STATUS = "canSeeTransactionStatus" + final val CAN_SEE_BANK_ACCOUNT_CURRENCY = "canSeeBankAccountCurrency" + final val CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY = "canAddTransactionRequestToBeneficiary" + final val CAN_GRANT_ACCESS_TO_VIEWS = "canGrantAccessToViews" + final val CAN_REVOKE_ACCESS_TO_VIEWS = "canRevokeAccessToViews" final val VIEW_PERMISSION_NAMES = List( - "canSeeTransactionOtherBankAccount", - "canSeeTransactionMetadata", - "canSeeTransactionDescription", - "canSeeTransactionAmount", - "canSeeTransactionType", - "canSeeTransactionCurrency", - "canSeeTransactionStartDate", - "canSeeTransactionFinishDate", - "canSeeTransactionBalance", - "canSeeComments", - "canSeeOwnerComment", - "canSeeTags", - "canSeeImages", - "canSeeBankAccountOwners", - "canSeeBankAccountType", - "canSeeBankAccountBalance", - "canQueryAvailableFunds", - "canSeeBankAccountLabel", - "canSeeBankAccountNationalIdentifier", - "canSeeBankAccountSwift_bic", - "canSeeBankAccountIban", - "canSeeBankAccountNumber", - "canSeeBankAccountBankName", - "canSeeBankAccountBankPermalink", - "canSeeBankRoutingScheme", - "canSeeBankRoutingAddress", - "canSeeBankAccountRoutingScheme", - "canSeeBankAccountRoutingAddress", - "canSeeOtherAccountNationalIdentifier", - "canSeeOtherAccountSWIFT_BIC", - "canSeeOtherAccountIBAN", - "canSeeOtherAccountBankName", - "canSeeOtherAccountNumber", - "canSeeOtherAccountMetadata", - "canSeeOtherAccountKind", - "canSeeOtherBankRoutingScheme", - "canSeeOtherBankRoutingAddress", - "canSeeOtherAccountRoutingScheme", - "canSeeOtherAccountRoutingAddress", - "canSeeMoreInfo", - "canSeeUrl", - "canSeeImageUrl", - "canSeeOpenCorporatesUrl", - "canSeeCorporateLocation", - "canSeePhysicalLocation", - "canSeePublicAlias", - "canSeePrivateAlias", - "canAddMoreInfo", - "canAddURL", - "canAddImageURL", - "canAddOpenCorporatesUrl", - "canAddCorporateLocation", - "canAddPhysicalLocation", - "canAddPublicAlias", - "canAddPrivateAlias", - "canAddCounterparty", - "canGetCounterparty", - "canDeleteCounterparty", - "canDeleteCorporateLocation", - "canDeletePhysicalLocation", - "canEditOwnerComment", - "canAddComment", - "canDeleteComment", - "canAddTag", - "canDeleteTag", - "canAddImage", - "canDeleteImage", - "canAddWhereTag", - "canSeeWhereTag", - "canDeleteWhereTag", - "canAddTransactionRequestToOwnAccount", - "canAddTransactionRequestToAnyAccount", - "canSeeBankAccountCreditLimit", - "canCreateDirectDebit", - "canCreateStandingOrder", - "canRevokeAccessToCustomViews", - "canGrantAccessToCustomViews", - "canSeeTransactionRequests", - "canSeeTransactionRequestTypes", - "canSeeAvailableViewsForBankAccount", - "canUpdateBankAccountLabel", - "canCreateCustomView", - "canDeleteCustomView", - "canUpdateCustomView", - "canGetCustomView", - "canSeeViewsWithPermissionsForAllUsers", - "canSeeViewsWithPermissionsForOneUser", -// "canGrantAccessToViews", -// "canRevokeAccessToViews", - "canSeeTransactionThisBankAccount", - "canSeeTransactionStatus", - "canSeeBankAccountCurrency", - "canAddTransactionRequestToBeneficiary" + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_QUERY_AVAILABLE_FUNDS, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_ADD_COUNTERPARTY, + CAN_GET_COUNTERPARTY, + CAN_DELETE_COUNTERPARTY, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT, + CAN_CREATE_DIRECT_DEBIT, + CAN_CREATE_STANDING_ORDER, + CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS, + CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS, + CAN_SEE_TRANSACTION_REQUESTS, + CAN_SEE_TRANSACTION_REQUEST_TYPES, + CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT, + CAN_UPDATE_BANK_ACCOUNT_LABEL, + CAN_CREATE_CUSTOM_VIEW, + CAN_DELETE_CUSTOM_VIEW, + CAN_UPDATE_CUSTOM_VIEW, + CAN_GET_CUSTOM_VIEW, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER, + CAN_GRANT_ACCESS_TO_VIEWS, + CAN_REVOKE_ACCESS_TO_VIEWS, + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_STATUS, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY ) } From 55838208aca66b1eeb6f0bf05d70a2ac2963ebb2 Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 11:45:48 +0200 Subject: [PATCH 05/26] refactor/enhance view permission migration logic and improve view permission retrieval --- .../scala/code/api/constant/constant.scala | 5 +++-- .../main/scala/code/views/MapperViews.scala | 22 ++++++++++++++----- .../code/views/system/ViewPermission.scala | 13 +++++++++++ ...onnectorSetupWithStandardPermissions.scala | 4 +++- 4 files changed, 36 insertions(+), 8 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 778d328ec..887ef8411 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -310,12 +310,13 @@ object Constant extends MdcLoggable { CAN_GET_CUSTOM_VIEW, CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS, CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER, - CAN_GRANT_ACCESS_TO_VIEWS, - CAN_REVOKE_ACCESS_TO_VIEWS, CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, CAN_SEE_TRANSACTION_STATUS, CAN_SEE_BANK_ACCOUNT_CURRENCY, CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY + //TODO These two are speicial permissions, they need metaData for the view list, will fix it later +// CAN_GRANT_ACCESS_TO_VIEWS, +// CAN_REVOKE_ACCESS_TO_VIEWS, ) } diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 6c6e5643b..04521e3e2 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -620,7 +620,7 @@ object MapperViews extends Views with MdcLoggable { theView } - private def migrateViewPermissions(view: View): Unit = { + def migrateViewPermissions(view: View): Unit = { val permissionNames: List[String] = code.api.Constant.VIEW_PERMISSION_NAMES @@ -628,18 +628,25 @@ object MapperViews extends Views with MdcLoggable { // Get permission value val permissionValue = view.getClass.getMethod(permissionName).invoke(view).asInstanceOf[Boolean] - ViewPermission.findSystemViewPermissions(view.viewId).find(_.permission.get == permissionName) match { + ViewPermission.findViewPermissions(view).find(_.permission.get == permissionName) match { case Some(permission) if !permissionValue => ViewPermission.delete_!(permission) case Some(permission) if permissionValue => // View definition is in accordance with View permission - case _ => + case _ if(view.isSystem) => ViewPermission.create .bank_id(null) .account_id(null) .view_id(view.viewId.value) .permission(permissionName) .save + case _ => + ViewPermission.create + .bank_id(view.bankId.value) + .account_id(view.accountId.value) + .view_id(view.viewId.value) + .permission(permissionName) + .save } } } @@ -672,8 +679,13 @@ object MapperViews extends Views with MdcLoggable { def getOrCreateCustomPublicView(bankId: BankId, accountId: AccountId, description: String = "Public View") : Box[View] = { getExistingCustomView(bankId, accountId, CUSTOM_PUBLIC_VIEW_ID) match { - case Empty=> createDefaultCustomPublicView(bankId, accountId, description) - case Full(v)=> Full(v) + case Empty=> + val view = createDefaultCustomPublicView(bankId, accountId, description) + view.map(v => migrateViewPermissions(v)) + view + case Full(v)=> + migrateViewPermissions(v) + Full(v) case Failure(msg, t, c) => Failure(msg, t, c) case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q) } diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 9159a6b76..d56b2feec 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -31,4 +31,17 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis NullRef(ViewPermission.account_id), By(ViewPermission.view_id, viewId.value) ) + + /** + * Finds the permissions for a given view, if it is sytem view, + * it will search in system view permission, otherwise it will search in custom view permissions. + * @param view + * @return + */ + def findViewPermissions(view: View): List[ViewPermission] = + if(view.isSystem) { + findSystemViewPermissions(view.viewId) + } else { + findCustomViewPermissions(view.bankId, view.accountId, view.viewId) + } } diff --git a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala index c5c4e3fff..b95122594 100644 --- a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala +++ b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala @@ -43,7 +43,7 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { getExistingCustomView(bankId, accountId, viewId) match { case net.liftweb.common.Empty => { - tryo { + val view = tryo { ViewDefinition.create. isSystem_(false). isFirehose_(false). @@ -132,6 +132,8 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { canSeeTransactionStatus_(true). saveMe } + view.map(v => MapperViews.migrateViewPermissions(v)) + view } case Full(v) => Full(v) case Failure(msg, t, c) => Failure(msg, t, c) From 4c7a745947281fcecabfef6ef047d19323c78128 Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 13:30:33 +0200 Subject: [PATCH 06/26] refactor/migrate view permissions after saving created view --- obp-api/src/main/scala/code/views/MapperViews.scala | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 04521e3e2..3d0ea40fc 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -435,7 +435,13 @@ object MapperViews extends Views with MdcLoggable { account_id(bankAccountId.accountId.value) createdView.setFromViewData(view) - Full(createdView.saveMe) + + val viewSaved = Full(createdView.saveMe) + + viewSaved.map(v => MapperViews.migrateViewPermissions(v)) + + viewSaved + } } From d64f355cc31050fa5f73b965642fe595fbdb2047 Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 13:54:29 +0200 Subject: [PATCH 07/26] refactor/migrate view permissions after saving updated views --- obp-api/src/main/scala/code/views/MapperViews.scala | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 3d0ea40fc..04ccc16fa 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -395,7 +395,9 @@ object MapperViews extends Views with MdcLoggable { createdView.setFromViewData(view) createdView.isSystem_(true) createdView.isPublic_(false) - Full(createdView.saveMe) + val viewSaved = Full(createdView.saveMe) + viewSaved.map(v => MapperViews.migrateViewPermissions(v)) + viewSaved } } } @@ -454,6 +456,8 @@ object MapperViews extends Views with MdcLoggable { } yield { view.setFromViewData(viewUpdateJson) view.saveMe + MapperViews.migrateViewPermissions(view) + view } } /* Update the specification of the system view (what data/actions are allowed) */ @@ -463,6 +467,8 @@ object MapperViews extends Views with MdcLoggable { } yield { view.setFromViewData(viewUpdateJson) view.saveMe + MapperViews.migrateViewPermissions(view) + view } } From 74776a8a2d4efe9021fe6f4fcdc9670da246b9fc Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 16:56:33 +0200 Subject: [PATCH 08/26] refactor/improve error messages for user creation process --- obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala index 9c3247e75..15dbbda2b 100644 --- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala +++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala @@ -1321,7 +1321,7 @@ trait APIMethods200 { _ <- Helper.booleanToFuture(ErrorMessages.InvalidStrongPasswordFormat, 400, cc.callContext) { fullPasswordValidation(postedData.password) } - _ <- Helper.booleanToFuture("User with the same username already exists.", 409, cc.callContext) { + _ <- Helper.booleanToFuture(s"$InvalidJsonFormat User with the same username already exists.", 409, cc.callContext) { AuthUser.find(By(AuthUser.username, postedData.username)).isEmpty } userCreated <- Future { @@ -1333,13 +1333,13 @@ trait APIMethods200 { .password(postedData.password) .validated(APIUtil.getPropsAsBoolValue("authUser.skipEmailValidation", defaultValue = false)) } - _ <- Helper.booleanToFuture(userCreated.validate.map(_.msg).mkString(";"), 400, cc.callContext) { + _ <- Helper.booleanToFuture(ErrorMessages.InvalidJsonFormat+userCreated.validate.map(_.msg).mkString(";"), 400, cc.callContext) { userCreated.validate.size == 0 } savedUser <- NewStyle.function.tryons(ErrorMessages.InvalidJsonFormat, 400, cc.callContext) { userCreated.saveMe() } - _ <- Helper.booleanToFuture("Error occurred during user creation.", 400, cc.callContext) { + _ <- Helper.booleanToFuture(s"$UnknownError Error occurred during user creation.", 400, cc.callContext) { userCreated.saved_? } } yield { From 5f93e7c5fd8aeb0d5719fe1e9d1010b6daf80c70 Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 17:26:43 +0200 Subject: [PATCH 09/26] refactor/add migration script for view permissions --- .../code/api/util/migration/Migration.scala | 13 +++++++ .../MigrationOfViewPermissions.scala | 36 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala diff --git a/obp-api/src/main/scala/code/api/util/migration/Migration.scala b/obp-api/src/main/scala/code/api/util/migration/Migration.scala index 5b3d70cc4..78c117351 100644 --- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala +++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala @@ -99,6 +99,7 @@ object Migration extends MdcLoggable { populateViewDefinitionCanAddTransactionRequestToBeneficiary() populateViewDefinitionCanSeeTransactionStatus() alterCounterpartyLimitFieldType() + populateMigrationOfViewPermissions(startedBeforeSchemifier) } private def dummyScript(): Boolean = { @@ -140,6 +141,18 @@ object Migration extends MdcLoggable { } } } + + private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { + if (startedBeforeSchemifier == true) { + logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") + true + } else { + val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) + runOnce(name) { + MigrationOfViewPermissions.populate(name) + } + } + } private def generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier: Boolean): Boolean = { if(startedBeforeSchemifier == true) { diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala new file mode 100644 index 000000000..f7d372ea9 --- /dev/null +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala @@ -0,0 +1,36 @@ +package code.api.util.migration + +import code.api.util.APIUtil +import code.api.util.migration.Migration.{DbFunction, saveLog} +import code.views.MapperViews +import code.views.system.{ViewDefinition, ViewPermission} + +object MigrationOfViewPermissions { + def populate(name: String): Boolean = { + DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { + case true => + val startDate = System.currentTimeMillis() + val commitId: String = APIUtil.gitCommit + + val allViewDefinitions = ViewDefinition.findAll() + allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) + + val isSuccessful = true + val endDate = System.currentTimeMillis() + + val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission .""".stripMargin + saveLog(name, commitId, isSuccessful, startDate, endDate, comment) + isSuccessful + + case false => + val startDate = System.currentTimeMillis() + val commitId: String = APIUtil.gitCommit + val isSuccessful = false + val endDate = System.currentTimeMillis() + val comment: String = + s"""ViewDefinition or ViewPermission does not exist!""".stripMargin + saveLog(name, commitId, isSuccessful, startDate, endDate, comment) + isSuccessful + } + } +} From 59d319cc768d7fd38005e36e0c34547a8448277d Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 7 Jul 2025 18:00:46 +0200 Subject: [PATCH 10/26] refactor/add migration script for view permissions --- obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala | 7 ++++--- obp-api/src/main/scala/code/views/MapperViews.scala | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala index 3955b276b..8fb9e4160 100644 --- a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala +++ b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala @@ -1,5 +1,6 @@ package code.api.v1_4_0 +import code.api.Constant._ import code.api.util.ApiRole._ import code.api.util.ApiTag._ import code.api.util.FutureUtil.EndpointContext @@ -14,7 +15,7 @@ import code.branches.Branches import code.customer.CustomerX import code.usercustomerlinks.UserCustomerLink import code.util.Helper -import code.views.system.ViewDefinition +import code.views.system.ViewPermission import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.model._ import com.openbankproject.commons.util.ApiVersion @@ -452,10 +453,10 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{ _ <- NewStyle.function.isValidCurrencyISOCode(fromAccount.currency, failMsg, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionRequestTypes_)).dropRight(1)}` permission on the View(${viewId.value} )", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUEST_TYPES)}` permission on the View(${viewId.value} )", cc = callContext ) { - view.canSeeTransactionRequestTypes + ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_SEE_TRANSACTION_REQUEST_TYPES) } // TODO: Consider storing allowed_transaction_request_types (List of String) in View Definition. // TODO: This would allow us to restrict transaction request types available to the User for an Account diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 04ccc16fa..8f27f5c65 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -650,7 +650,7 @@ object MapperViews extends Views with MdcLoggable { .bank_id(null) .account_id(null) .view_id(view.viewId.value) - .permission(permissionName) + .permission(permissionName) //TODO here ,we need to handle canRevokeAccessToViews and canGrantAccessToViews .save case _ => ViewPermission.create From 538371f8c9c128134c85ea74d74ab036d9540887 Mon Sep 17 00:00:00 2001 From: hongwei Date: Tue, 8 Jul 2025 11:21:28 +0200 Subject: [PATCH 11/26] refactor/enhance view permission migration logic and add special permission handling --- .../scala/code/api/constant/constant.scala | 7 +- .../MigrationOfViewPermissions.scala | 4 +- .../main/scala/code/views/MapperViews.scala | 98 ++++++++++++++----- .../code/views/system/ViewPermission.scala | 29 +++++- 4 files changed, 105 insertions(+), 33 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 887ef8411..8eb0f2be6 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -313,10 +313,9 @@ object Constant extends MdcLoggable { CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, CAN_SEE_TRANSACTION_STATUS, CAN_SEE_BANK_ACCOUNT_CURRENCY, - CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY - //TODO These two are speicial permissions, they need metaData for the view list, will fix it later -// CAN_GRANT_ACCESS_TO_VIEWS, -// CAN_REVOKE_ACCESS_TO_VIEWS, + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY, + CAN_GRANT_ACCESS_TO_VIEWS, + CAN_REVOKE_ACCESS_TO_VIEWS, ) } diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala index f7d372ea9..fdb872f0c 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala @@ -13,12 +13,14 @@ object MigrationOfViewPermissions { val commitId: String = APIUtil.gitCommit val allViewDefinitions = ViewDefinition.findAll() + val viewPermissionRowNumberBefore = ViewPermission.count allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) + val viewPermissionRowNumberAfter = ViewPermission.count val isSuccessful = true val endDate = System.currentTimeMillis() - val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission .""".stripMargin + val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin saveLog(name, commitId, isSuccessful, startDate, endDate, comment) isSuccessful diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 8f27f5c65..ffeab0c0e 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -632,33 +632,83 @@ object MapperViews extends Views with MdcLoggable { theView } - def migrateViewPermissions(view: View): Unit = { + /** + * This migrates the current View permissions to the new ViewPermission model. + * this will not add any new permission, it will only migrate the existing permissions. + * @param viewDefinition + */ + def migrateViewPermissions(viewDefinition: View): Unit = { + //first, we list all the current view permissions. val permissionNames: List[String] = code.api.Constant.VIEW_PERMISSION_NAMES - - permissionNames.foreach { permissionName => - // Get permission value - val permissionValue = view.getClass.getMethod(permissionName).invoke(view).asInstanceOf[Boolean] - ViewPermission.findViewPermissions(view).find(_.permission.get == permissionName) match { - case Some(permission) if !permissionValue => - ViewPermission.delete_!(permission) - case Some(permission) if permissionValue => - // View definition is in accordance with View permission - case _ if(view.isSystem) => - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(view.viewId.value) - .permission(permissionName) //TODO here ,we need to handle canRevokeAccessToViews and canGrantAccessToViews - .save - case _ => - ViewPermission.create - .bank_id(view.bankId.value) - .account_id(view.accountId.value) - .view_id(view.viewId.value) - .permission(permissionName) - .save + permissionNames.foreach { permissionName => + // CAN_REVOKE_ACCESS_TO_VIEWS and CAN_GRANT_ACCESS_TO_VIEWS are special cases, they have a list of view ids as metadata. + // For the rest of the permissions, they are just boolean values. + if (permissionName == CAN_REVOKE_ACCESS_TO_VIEWS || permissionName == CAN_GRANT_ACCESS_TO_VIEWS) { + + val permissionValueFromViewdefinition = viewDefinition.getClass.getMethod(permissionName).invoke(viewDefinition).asInstanceOf[Option[List[String]]] + + ViewPermission.findViewPermission(viewDefinition, permissionName) match { + // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we delete it. + case Full(permission) if permissionValueFromViewdefinition.isEmpty => + permission.delete_! + // If the permission already exists and permissionValueFromViewdefinition is defined, we update the metadata. + case Full(permission) if permissionValueFromViewdefinition.isDefined => + permission.metaData(permissionValueFromViewdefinition.get.mkString(",")).save + //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView + case Empty if (viewDefinition.isSystem && permissionValueFromViewdefinition.isDefined) => + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .metaData(permissionValueFromViewdefinition.get.mkString(",")) + .save + //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView + case Empty if (!viewDefinition.isSystem && permissionValueFromViewdefinition.isDefined) => + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .metaData(permissionValueFromViewdefinition.get.mkString(",")) + .save + case _ => + // This case should not happen, but if it does, we add an error log + logger.error(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") + } + } else { + // For the rest of the permissions, they are just boolean values. + val permissionValue = viewDefinition.getClass.getMethod(permissionName).invoke(viewDefinition).asInstanceOf[Boolean] + + ViewPermission.findViewPermission(viewDefinition, permissionName) match { + // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is false, we delete it. + case Full(permission) if !permissionValue => + permission.delete_! + // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we udpate it. + case Full(permission) if permissionValue => + permission.permission(permissionName).save + //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --systemView + case _ if (viewDefinition.isSystem && permissionValue) => + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .save + //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --customerView + case _ if (!viewDefinition.isSystem && permissionValue) => + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .save + case _ => + // This case should not happen, but if it does, we do nothing + logger.warn(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") + } } } } diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index d56b2feec..85db9aa85 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -2,7 +2,9 @@ package code.views.system import code.util.UUIDString import com.openbankproject.commons.model._ +import net.liftweb.common.Box import net.liftweb.mapper._ + class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with CreatedUpdated { def getSingleton = ViewPermission object bank_id extends MappedString(this, 255) @@ -13,10 +15,7 @@ class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with Crea } object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermission] { override def dbIndexes: List[BaseIndex[ViewPermission]] = UniqueIndex(bank_id, account_id, view_id, permission) :: super.dbIndexes -// "ReadAccountsBerlinGroup" - - //Work in progress def findCustomViewPermissions(bankId: BankId, accountId: AccountId, viewId: ViewId): List[ViewPermission] = ViewPermission.findAll( By(ViewPermission.bank_id, bankId.value), @@ -24,13 +23,28 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis By(ViewPermission.view_id, viewId.value) ) - //Work in progress def findSystemViewPermissions(viewId: ViewId): List[ViewPermission] = ViewPermission.findAll( NullRef(ViewPermission.bank_id), NullRef(ViewPermission.account_id), By(ViewPermission.view_id, viewId.value) ) + + def findCustomViewPermission(bankId: BankId, accountId: AccountId, viewId: ViewId, permission: String): Box[ViewPermission] = + ViewPermission.find( + By(ViewPermission.bank_id, bankId.value), + By(ViewPermission.account_id, accountId.value), + By(ViewPermission.view_id, viewId.value), + By(ViewPermission.permission,permission) + ) + + def findSystemViewPermission(viewId: ViewId, permission: String): Box[ViewPermission] = + ViewPermission.find( + NullRef(ViewPermission.bank_id), + NullRef(ViewPermission.account_id), + By(ViewPermission.view_id, viewId.value), + By(ViewPermission.permission,permission), + ) /** * Finds the permissions for a given view, if it is sytem view, @@ -44,4 +58,11 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis } else { findCustomViewPermissions(view.bankId, view.accountId, view.viewId) } + + def findViewPermission(view: View, permission: String): Box[ViewPermission] = + if(view.isSystem) { + findSystemViewPermission(view.viewId, permission) + } else { + findCustomViewPermission(view.bankId, view.accountId, view.viewId, permission) + } } From 7b6796a97f8537fb7226acda0f0fe464292d40e7 Mon Sep 17 00:00:00 2001 From: hongwei Date: Wed, 9 Jul 2025 09:47:38 +0200 Subject: [PATCH 12/26] refactor/update view permission handling to use allowed_actions --- .../main/scala/bootstrap/liftweb/Boot.scala | 4 +- .../scala/code/api/constant/constant.scala | 2 +- .../main/scala/code/api/util/APIUtil.scala | 22 +- .../code/api/util/migration/Migration.scala | 52 ++--- ...anAddTransactionRequestToBeneficiary.scala | 94 ++++----- ...iewDefinitionCanSeeTransactionStatus.scala | 160 +++++++-------- ...MigrationOfViewDefinitionPermissions.scala | 194 +++++++++--------- .../api/util/newstyle/BalanceNewStyle.scala | 10 +- .../scala/code/api/v1_2_1/APIMethods121.scala | 33 ++- .../code/api/v1_2_1/JSONFactory1.2.1.scala | 121 +++++------ .../scala/code/api/v2_0_0/APIMethods200.scala | 12 +- .../scala/code/api/v2_1_0/APIMethods210.scala | 7 +- .../code/api/v2_1_0/JSONFactory2.1.0.scala | 132 ++++++------ .../scala/code/api/v2_2_0/APIMethods220.scala | 50 +++-- .../code/api/v2_2_0/JSONFactory2.2.0.scala | 134 ++++++------ .../scala/code/api/v3_0_0/APIMethods300.scala | 19 +- .../code/api/v3_0_0/JSONFactory3.0.0.scala | 159 +++++++------- .../scala/code/api/v3_1_0/APIMethods310.scala | 15 +- .../scala/code/api/v4_0_0/APIMethods400.scala | 81 +++----- .../code/api/v4_0_0/JSONFactory4.0.0.scala | 2 +- .../scala/code/api/v5_0_0/APIMethods500.scala | 7 +- .../code/api/v5_0_0/JSONFactory5.0.0.scala | 151 +++++++------- .../scala/code/api/v5_1_0/APIMethods510.scala | 25 +-- .../code/api/v5_1_0/JSONFactory5.1.0.scala | 2 +- .../scala/code/bankconnectors/Connector.scala | 2 +- .../bankconnectors/LocalMappedConnector.scala | 2 +- .../LocalMappedConnectorInternal.scala | 2 +- .../code/model/ModeratedBankingData.scala | 9 +- obp-api/src/main/scala/code/model/View.scala | 14 +- .../code/model/dataAccess/AuthUser.scala | 2 +- .../code/transaction/MappedTransaction.scala | 2 +- .../code/views/system/ViewDefinition.scala | 23 +++ .../code/views/system/ViewPermission.scala | 5 +- .../scala/code/api/v1_2_1/API1_2_1Test.scala | 10 +- .../code/api/v3_1_0/ObpApiLoopbackTest.scala | 2 +- .../commons/model/ViewModel.scala | 7 +- 36 files changed, 797 insertions(+), 771 deletions(-) diff --git a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala index 5690b0f50..e44df81d3 100644 --- a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala +++ b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala @@ -406,7 +406,7 @@ class Boot extends MdcLoggable { } // ensure our relational database's tables are created/fit the schema - val connector = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") + val connector = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") val runningMode = Props.mode match { case Props.RunModes.Production => "Production mode" @@ -788,7 +788,7 @@ class Boot extends MdcLoggable { // export one Connector's methods as endpoints, it is just for develop APIUtil.getPropsValue("connector.name.export.as.endpoints").foreach { connectorName => // validate whether "connector.name.export.as.endpoints" have set a correct value - code.api.Constant.Connector match { + code.api.Constant.CONNECTOR match { case Full("star") => val starConnectorTypes = APIUtil.getPropsValue("starConnector_supported_types","mapped") .trim diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 8eb0f2be6..8e4cf7952 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -23,7 +23,7 @@ object Constant extends MdcLoggable { final val h2DatabaseDefaultUrlValue = "jdbc:h2:mem:OBPTest_H2_v2.1.214;NON_KEYWORDS=VALUE;DB_CLOSE_DELAY=10" final val HostName = APIUtil.getPropsValue("hostname").openOrThrowException(ErrorMessages.HostnameNotSpecified) - final val Connector = APIUtil.getPropsValue("connector") + final val CONNECTOR = APIUtil.getPropsValue("connector") final val openidConnectEnabled = APIUtil.getPropsAsBoolValue("openid_connect.enabled", false) final val bgRemoveSignOfAmounts = APIUtil.getPropsAsBoolValue("BG_remove_sign_of_amounts", false) diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index a80c555dc..3f255eeee 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -3470,7 +3470,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ )= createOBPId(s"$thisBankId$thisAccountId$counterpartyName$otherAccountRoutingScheme$otherAccountRoutingAddress") def isDataFromOBPSide (methodName: String, argNameToValue: Array[(String, AnyRef)] = Array.empty): Boolean = { - val connectorNameInProps = code.api.Constant.Connector.openOrThrowException(attemptedToOpenAnEmptyBox) + val connectorNameInProps = code.api.Constant.CONNECTOR.openOrThrowException(attemptedToOpenAnEmptyBox) //if the connector == mapped, then the data is always over obp database if(connectorNameInProps == "mapped") { true @@ -3713,9 +3713,9 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ lazy val view = APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, Some(user), callContext) - lazy val canAddTransactionRequestToAnyAccount = view.map(_.canAddTransactionRequestToAnyAccount).getOrElse(false) + lazy val canAddTransactionRequestToAnyAccount = view.map(_.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)).getOrElse(false) - lazy val canAddTransactionRequestToBeneficiary = view.map(_.canAddTransactionRequestToBeneficiary).getOrElse(false) + lazy val canAddTransactionRequestToBeneficiary = view.map(_.allowed_actions.exists( _ == CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY )).getOrElse(false) //1st check the admin level role/entitlement `canCreateAnyTransactionRequest` if (hasCanCreateAnyTransactionRequestRole) { Full(true) @@ -4183,8 +4183,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ allCanGrantAccessToViewsPermissions.contains(targetViewId.value) } else{ //2. if targetViewId is customView, we only need to check the `canGrantAccessToCustomViews`. - val allCanGrantAccessToCustomViewsPermissions: List[Boolean] = permission.map(_.views.map(_.canGrantAccessToCustomViews)).getOrElse(Nil) - + val allCanGrantAccessToCustomViewsPermissions: List[Boolean] = permission.map(_.views.map(_.allowed_actions.exists(_ == CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS))).getOrElse(Nil) allCanGrantAccessToCustomViewsPermissions.contains(true) } } @@ -4194,13 +4193,13 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ //1st: get the view val view: Box[View] = Views.views.vend.getViewByBankIdAccountIdViewIdUserPrimaryKey(bankIdAccountIdViewId, user.userPrimaryKey) - //2rd: If targetViewId is systemView. we need to check `view.canGrantAccessToViews` field. + //2nd: If targetViewId is systemView. we need to check `view.canGrantAccessToViews` field. if(isValidSystemViewId(targetViewId.value)){ val canGrantAccessToSystemViews: Box[List[String]] = view.map(_.canGrantAccessToViews.getOrElse(Nil)) canGrantAccessToSystemViews.getOrElse(Nil).contains(targetViewId.value) } else{ //3rd. if targetViewId is customView, we need to check `view.canGrantAccessToCustomViews` field. - view.map(_.canGrantAccessToCustomViews).getOrElse(false) + view.map(_.allowed_actions.exists(_ == CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS)).getOrElse(false) } } @@ -4219,7 +4218,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ //if the targetViewIds contains custom view ids, we need to check the both canGrantAccessToCustomViews and canGrantAccessToSystemViews if (targetViewIds.map(_.value).distinct.find(isValidCustomViewId).isDefined){ //check if we can grant all customViews Access. - val allCanGrantAccessToCustomViewsPermissions: List[Boolean] = permissionBox.map(_.views.map(_.canGrantAccessToCustomViews)).getOrElse(Nil) + val allCanGrantAccessToCustomViewsPermissions: List[Boolean] = permissionBox.map(_.views.map(_.allowed_actions.exists(_ ==CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS))).getOrElse(Nil) val canGrantAccessToAllCustomViews = allCanGrantAccessToCustomViewsPermissions.contains(true) //we need merge both system and custom access canGrantAllSystemViewsIdsTobeGranted && canGrantAccessToAllCustomViews @@ -4238,7 +4237,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ canRevokeAccessToSystemViews.getOrElse(Nil).contains(targetViewId.value) } else { //3rd. if targetViewId is customView, we need to check `view.canGrantAccessToCustomViews` field. - view.map(_.canRevokeAccessToCustomViews).getOrElse(false) + view.map(_.allowed_actions.exists(_ == CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS)).getOrElse(false) } } @@ -4255,7 +4254,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ allCanRevokeAccessToSystemViews.contains(targetViewId.value) } else { //2. if targetViewId is customView, we only need to check the `canRevokeAccessToCustomViews`. - val allCanRevokeAccessToCustomViewsPermissions: List[Boolean] = permission.map(_.views.map(_.canRevokeAccessToCustomViews)).getOrElse(Nil) + val allCanRevokeAccessToCustomViewsPermissions: List[Boolean] = permission.map(_.views.map(_.allowed_actions.exists( _ ==CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS))).getOrElse(Nil) allCanRevokeAccessToCustomViewsPermissions.contains(true) } @@ -4279,7 +4278,8 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ //if allTargetViewIds contains customViewId,we need to check both `canRevokeAccessToCustomViews` and `canRevokeAccessToSystemViews` fields if (allTargetViewIds.find(isValidCustomViewId).isDefined) { //check if we can revoke all customViews Access - val allCanRevokeAccessToCustomViewsPermissions: List[Boolean] = permissionBox.map(_.views.map(_.canRevokeAccessToCustomViews)).getOrElse(Nil) + val allCanRevokeAccessToCustomViewsPermissions: List[Boolean] = permissionBox.map(_.views.map(_.allowed_actions.exists( _ ==CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS))).getOrElse(Nil) + val canRevokeAccessToAllCustomViews = allCanRevokeAccessToCustomViewsPermissions.contains(true) //we need merge both system and custom access canRevokeAccessToAllSystemTargetViews && canRevokeAccessToAllCustomViews diff --git a/obp-api/src/main/scala/code/api/util/migration/Migration.scala b/obp-api/src/main/scala/code/api/util/migration/Migration.scala index 78c117351..ddc8966c4 100644 --- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala +++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala @@ -60,7 +60,7 @@ object Migration extends MdcLoggable { def executeScripts(startedBeforeSchemifier: Boolean): Boolean = executeScript { dummyScript() addAccountAccessConsumerId() - populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier) +// populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier) generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier) generateAndPopulateMissingConsumersUUIDs(startedBeforeSchemifier) populateTableRateLimiting() @@ -96,8 +96,8 @@ object Migration extends MdcLoggable { alterMappedCustomerAttribute(startedBeforeSchemifier) dropMappedBadLoginAttemptIndex() alterMetricColumnUrlLength() - populateViewDefinitionCanAddTransactionRequestToBeneficiary() - populateViewDefinitionCanSeeTransactionStatus() +// populateViewDefinitionCanAddTransactionRequestToBeneficiary() +// populateViewDefinitionCanSeeTransactionStatus() alterCounterpartyLimitFieldType() populateMigrationOfViewPermissions(startedBeforeSchemifier) } @@ -115,32 +115,32 @@ object Migration extends MdcLoggable { } } - private def populateViewDefinitionCanAddTransactionRequestToBeneficiary(): Boolean = { - val name = nameOf(populateViewDefinitionCanAddTransactionRequestToBeneficiary) - runOnce(name) { - MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary.populateTheField(name) - } - } +// private def populateViewDefinitionCanAddTransactionRequestToBeneficiary(): Boolean = { +// val name = nameOf(populateViewDefinitionCanAddTransactionRequestToBeneficiary) +// runOnce(name) { +// MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary.populateTheField(name) +// } +// } - private def populateViewDefinitionCanSeeTransactionStatus(): Boolean = { - val name = nameOf(populateViewDefinitionCanSeeTransactionStatus) - runOnce(name) { - MigrationOfViewDefinitionCanSeeTransactionStatus.populateTheField(name) - } - } +// private def populateViewDefinitionCanSeeTransactionStatus(): Boolean = { +// val name = nameOf(populateViewDefinitionCanSeeTransactionStatus) +// runOnce(name) { +// MigrationOfViewDefinitionCanSeeTransactionStatus.populateTheField(name) +// } +// } - private def populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier: Boolean): Boolean = { - if (startedBeforeSchemifier == true) { - logger.warn(s"Migration.database.populateMigrationOfViewDefinitionPermissions(true) cannot be run before Schemifier.") - true - } else { - val name = nameOf(populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier)) - runOnce(name) { - MigrationOfViewDefinitionPermissions.populate(name) - } - } - } +// private def populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier: Boolean): Boolean = { +// if (startedBeforeSchemifier == true) { +// logger.warn(s"Migration.database.populateMigrationOfViewDefinitionPermissions(true) cannot be run before Schemifier.") +// true +// } else { +// val name = nameOf(populateMigrationOfViewDefinitionPermissions(startedBeforeSchemifier)) +// runOnce(name) { +// MigrationOfViewDefinitionPermissions.populate(name) +// } +// } +// } private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { if (startedBeforeSchemifier == true) { diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary.scala index 32fec4883..8d4a11aa5 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary.scala @@ -1,47 +1,47 @@ -package code.api.util.migration - -import code.api.Constant.SYSTEM_OWNER_VIEW_ID - -import java.time.format.DateTimeFormatter -import java.time.{ZoneId, ZonedDateTime} -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.model.Consumer -import code.views.system.ViewDefinition - -object MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary { - - val oneDayAgo = ZonedDateTime.now(ZoneId.of("UTC")).minusDays(1) - val oneYearInFuture = ZonedDateTime.now(ZoneId.of("UTC")).plusYears(1) - val formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm'Z'") - - def populateTheField(name: String): Boolean = { - DbFunction.tableExists(ViewDefinition) match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - var isSuccessful = false - - val view = ViewDefinition.findSystemView(SYSTEM_OWNER_VIEW_ID).map(_.canAddTransactionRequestToBeneficiary_(true).saveMe()) - - - val endDate = System.currentTimeMillis() - val comment: String = - s"""set $SYSTEM_OWNER_VIEW_ID.canAddTransactionRequestToBeneficiary_ to {true}""".stripMargin - val value = view.map(_.canAddTransactionRequestToBeneficiary_.get).getOrElse(false) - isSuccessful = value - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""${Consumer._dbTableNameLC} table does not exist""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} +//package code.api.util.migration +// +//import code.api.Constant.SYSTEM_OWNER_VIEW_ID +// +//import java.time.format.DateTimeFormatter +//import java.time.{ZoneId, ZonedDateTime} +//import code.api.util.APIUtil +//import code.api.util.migration.Migration.{DbFunction, saveLog} +//import code.model.Consumer +//import code.views.system.ViewDefinition +// +//object MigrationOfViewDefinitionCanAddTransactionRequestToBeneficiary { +// +// val oneDayAgo = ZonedDateTime.now(ZoneId.of("UTC")).minusDays(1) +// val oneYearInFuture = ZonedDateTime.now(ZoneId.of("UTC")).plusYears(1) +// val formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm'Z'") +// +// def populateTheField(name: String): Boolean = { +// DbFunction.tableExists(ViewDefinition) match { +// case true => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// var isSuccessful = false +// +// val view = ViewDefinition.findSystemView(SYSTEM_OWNER_VIEW_ID).map(_.canAddTransactionRequestToBeneficiary_(true).saveMe()) +// +// +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""set $SYSTEM_OWNER_VIEW_ID.canAddTransactionRequestToBeneficiary_ to {true}""".stripMargin +// val value = view.map(_.canAddTransactionRequestToBeneficiary_.get).getOrElse(false) +// isSuccessful = value +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// +// case false => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// val isSuccessful = false +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""${Consumer._dbTableNameLC} table does not exist""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// } +// } +//} diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanSeeTransactionStatus.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanSeeTransactionStatus.scala index 63c3d026a..894701af4 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanSeeTransactionStatus.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionCanSeeTransactionStatus.scala @@ -1,80 +1,80 @@ -package code.api.util.migration - -import code.api.Constant._ -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.model.Consumer -import code.views.system.ViewDefinition - -import java.time.format.DateTimeFormatter -import java.time.{ZoneId, ZonedDateTime} - -object MigrationOfViewDefinitionCanSeeTransactionStatus { - - val oneDayAgo = ZonedDateTime.now(ZoneId.of("UTC")).minusDays(1) - val oneYearInFuture = ZonedDateTime.now(ZoneId.of("UTC")).plusYears(1) - val formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm'Z'") - - def populateTheField(name: String): Boolean = { - DbFunction.tableExists(ViewDefinition) match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - var isSuccessful = false - - val view = ViewDefinition.findSystemView(SYSTEM_OWNER_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view1 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view2 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view3 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view4 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_BASIC_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view8 = ViewDefinition.findSystemView(SYSTEM_AUDITOR_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view5 = ViewDefinition.findSystemView(SYSTEM_STAGE_ONE_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view6 = ViewDefinition.findSystemView(SYSTEM_STANDARD_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view7 = ViewDefinition.findSystemView(SYSTEM_FIREHOSE_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view9 = ViewDefinition.findSystemView(SYSTEM_ACCOUNTANT_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - val view10 = ViewDefinition.findSystemView(SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) - - - val endDate = System.currentTimeMillis() - val comment: String = - s"""set $SYSTEM_OWNER_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID.canSeeTransactionStatus_ to {true} - |set $SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_READ_TRANSACTIONS_BASIC_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_AUDITOR_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_STAGE_ONE_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_STANDARD_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_FIREHOSE_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_ACCOUNTANT_VIEW_ID.canSeeTransactionStatus_ to {true}; - |set $SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID.canSeeTransactionStatus_ to {true}; - |""".stripMargin - val value = view.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value1 = view1.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value2 = view1.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value3 = view3.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value4 = view4.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value5 = view5.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value6 = view6.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value7 = view7.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value8 = view8.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value9 = view9.map(_.canSeeTransactionStatus_.get).getOrElse(false) - val value10 = view10.map(_.canSeeTransactionStatus_.get).getOrElse(false) - - isSuccessful = value && value1 && value2 && value3 && value4 && value5 && value6 && value7 && value8 && value9 && value10 - - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""${Consumer._dbTableNameLC} table does not exist""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} +//package code.api.util.migration +// +//import code.api.Constant._ +//import code.api.util.APIUtil +//import code.api.util.migration.Migration.{DbFunction, saveLog} +//import code.model.Consumer +//import code.views.system.ViewDefinition +// +//import java.time.format.DateTimeFormatter +//import java.time.{ZoneId, ZonedDateTime} +// +//object MigrationOfViewDefinitionCanSeeTransactionStatus { +// +// val oneDayAgo = ZonedDateTime.now(ZoneId.of("UTC")).minusDays(1) +// val oneYearInFuture = ZonedDateTime.now(ZoneId.of("UTC")).plusYears(1) +// val formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm'Z'") +// +// def populateTheField(name: String): Boolean = { +// DbFunction.tableExists(ViewDefinition) match { +// case true => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// var isSuccessful = false +// +// val view = ViewDefinition.findSystemView(SYSTEM_OWNER_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view1 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view2 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view3 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view4 = ViewDefinition.findSystemView(SYSTEM_READ_TRANSACTIONS_BASIC_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view8 = ViewDefinition.findSystemView(SYSTEM_AUDITOR_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view5 = ViewDefinition.findSystemView(SYSTEM_STAGE_ONE_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view6 = ViewDefinition.findSystemView(SYSTEM_STANDARD_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view7 = ViewDefinition.findSystemView(SYSTEM_FIREHOSE_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view9 = ViewDefinition.findSystemView(SYSTEM_ACCOUNTANT_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// val view10 = ViewDefinition.findSystemView(SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID).map(_.canSeeTransactionStatus_(true).saveMe()) +// +// +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""set $SYSTEM_OWNER_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID.canSeeTransactionStatus_ to {true} +// |set $SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_READ_TRANSACTIONS_BASIC_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_AUDITOR_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_STAGE_ONE_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_STANDARD_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_FIREHOSE_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_ACCOUNTANT_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |set $SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID.canSeeTransactionStatus_ to {true}; +// |""".stripMargin +// val value = view.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value1 = view1.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value2 = view1.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value3 = view3.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value4 = view4.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value5 = view5.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value6 = view6.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value7 = view7.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value8 = view8.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value9 = view9.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// val value10 = view10.map(_.canSeeTransactionStatus_.get).getOrElse(false) +// +// isSuccessful = value && value1 && value2 && value3 && value4 && value5 && value6 && value7 && value8 && value9 && value10 +// +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// +// case false => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// val isSuccessful = false +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""${Consumer._dbTableNameLC} table does not exist""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// } +// } +//} diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala index 0c2fac0ce..2499248a1 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala @@ -1,97 +1,97 @@ -package code.api.util.migration - -import code.api.Constant.{DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, SYSTEM_OWNER_VIEW_ID, SYSTEM_STANDARD_VIEW_ID} -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.views.system.ViewDefinition -import net.liftweb.mapper.{By, DB, NullRef} -import net.liftweb.util.DefaultConnectionIdentifier - -object MigrationOfViewDefinitionPermissions { - def populate(name: String): Boolean = { - DbFunction.tableExists(ViewDefinition) match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val ownerView = ViewDefinition.find( - NullRef(ViewDefinition.bank_id), - NullRef(ViewDefinition.account_id), - By(ViewDefinition.view_id, SYSTEM_OWNER_VIEW_ID), - By(ViewDefinition.isSystem_,true) - ).map(view => - view - .canSeeTransactionRequestTypes_(true) - .canSeeTransactionRequests_(true) - .canSeeAvailableViewsForBankAccount_(true) - .canUpdateBankAccountLabel_(true) - .canSeeViewsWithPermissionsForOneUser_(true) - .canSeeViewsWithPermissionsForAllUsers_(true) - .canCreateCustomView_(false) - .canDeleteCustomView_(false) - .canUpdateCustomView_(false) - .canGrantAccessToCustomViews_(false) - .canRevokeAccessToCustomViews_(false) - .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - .save - ) - - val standardView = ViewDefinition.find( - NullRef(ViewDefinition.bank_id), - NullRef(ViewDefinition.account_id), - By(ViewDefinition.view_id, SYSTEM_STANDARD_VIEW_ID), - By(ViewDefinition.isSystem_,true) - ).map(view => - view - .canSeeTransactionRequestTypes_(true) - .canSeeTransactionRequests_(true) - .canSeeAvailableViewsForBankAccount_(true) - .canUpdateBankAccountLabel_(true) - .canSeeViewsWithPermissionsForOneUser_(true) - .canSeeViewsWithPermissionsForAllUsers_(true) - .canCreateCustomView_(false) - .canDeleteCustomView_(false) - .canUpdateCustomView_(false) - .canGrantAccessToCustomViews_(false) - .canRevokeAccessToCustomViews_(false) - .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - .save - ) - - - val isSuccessful = ownerView.isDefined && standardView.isDefined - val endDate = System.currentTimeMillis() - - val comment: String = - s"""ViewDefinition system $SYSTEM_OWNER_VIEW_ID and $SYSTEM_STANDARD_VIEW_ID views, update the following rows to true: - |${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName} - |${ViewDefinition.canSeeTransactionRequests_.dbColumnName} - |${ViewDefinition.canSeeAvailableViewsForBankAccount_.dbColumnName} - |${ViewDefinition.canUpdateBankAccountLabel_.dbColumnName} - |${ViewDefinition.canCreateCustomView_.dbColumnName} - |${ViewDefinition.canDeleteCustomView_.dbColumnName} - |${ViewDefinition.canUpdateCustomView_.dbColumnName} - |${ViewDefinition.canSeeViewsWithPermissionsForAllUsers_.dbColumnName} - |${ViewDefinition.canSeeViewsWithPermissionsForOneUser_.dbColumnName} - |${ViewDefinition.canGrantAccessToCustomViews_.dbColumnName} - |${ViewDefinition.canRevokeAccessToCustomViews_.dbColumnName} - |${ViewDefinition.canGrantAccessToViews_.dbColumnName} - |${ViewDefinition.canRevokeAccessToViews_.dbColumnName} - |Duration: ${endDate - startDate} ms; - """.stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""ViewDefinition does not exist!""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} +//package code.api.util.migration +// +//import code.api.Constant.{DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, SYSTEM_OWNER_VIEW_ID, SYSTEM_STANDARD_VIEW_ID} +//import code.api.util.APIUtil +//import code.api.util.migration.Migration.{DbFunction, saveLog} +//import code.views.system.ViewDefinition +//import net.liftweb.mapper.{By, DB, NullRef} +//import net.liftweb.util.DefaultConnectionIdentifier +// +//object MigrationOfViewDefinitionPermissions { +// def populate(name: String): Boolean = { +// DbFunction.tableExists(ViewDefinition) match { +// case true => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// val ownerView = ViewDefinition.find( +// NullRef(ViewDefinition.bank_id), +// NullRef(ViewDefinition.account_id), +// By(ViewDefinition.view_id, SYSTEM_OWNER_VIEW_ID), +// By(ViewDefinition.isSystem_,true) +// ).map(view => +// view +// .canSeeTransactionRequestTypes_(true) +// .canSeeTransactionRequests_(true) +// .canSeeAvailableViewsForBankAccount_(true) +// .canUpdateBankAccountLabel_(true) +// .canSeeViewsWithPermissionsForOneUser_(true) +// .canSeeViewsWithPermissionsForAllUsers_(true) +// .canCreateCustomView_(false) +// .canDeleteCustomView_(false) +// .canUpdateCustomView_(false) +// .canGrantAccessToCustomViews_(false) +// .canRevokeAccessToCustomViews_(false) +// .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) +// .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) +// .save +// ) +// +// val standardView = ViewDefinition.find( +// NullRef(ViewDefinition.bank_id), +// NullRef(ViewDefinition.account_id), +// By(ViewDefinition.view_id, SYSTEM_STANDARD_VIEW_ID), +// By(ViewDefinition.isSystem_,true) +// ).map(view => +// view +// .canSeeTransactionRequestTypes_(true) +// .canSeeTransactionRequests_(true) +// .canSeeAvailableViewsForBankAccount_(true) +// .canUpdateBankAccountLabel_(true) +// .canSeeViewsWithPermissionsForOneUser_(true) +// .canSeeViewsWithPermissionsForAllUsers_(true) +// .canCreateCustomView_(false) +// .canDeleteCustomView_(false) +// .canUpdateCustomView_(false) +// .canGrantAccessToCustomViews_(false) +// .canRevokeAccessToCustomViews_(false) +// .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) +// .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) +// .save +// ) +// +// +// val isSuccessful = ownerView.isDefined && standardView.isDefined +// val endDate = System.currentTimeMillis() +// +// val comment: String = +// s"""ViewDefinition system $SYSTEM_OWNER_VIEW_ID and $SYSTEM_STANDARD_VIEW_ID views, update the following rows to true: +// |${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName} +// |${ViewDefinition.canSeeTransactionRequests_.dbColumnName} +// |${ViewDefinition.canSeeAvailableViewsForBankAccount_.dbColumnName} +// |${ViewDefinition.canUpdateBankAccountLabel_.dbColumnName} +// |${ViewDefinition.canCreateCustomView_.dbColumnName} +// |${ViewDefinition.canDeleteCustomView_.dbColumnName} +// |${ViewDefinition.canUpdateCustomView_.dbColumnName} +// |${ViewDefinition.canSeeViewsWithPermissionsForAllUsers_.dbColumnName} +// |${ViewDefinition.canSeeViewsWithPermissionsForOneUser_.dbColumnName} +// |${ViewDefinition.canGrantAccessToCustomViews_.dbColumnName} +// |${ViewDefinition.canRevokeAccessToCustomViews_.dbColumnName} +// |${ViewDefinition.canGrantAccessToViews_.dbColumnName} +// |${ViewDefinition.canRevokeAccessToViews_.dbColumnName} +// |Duration: ${endDate - startDate} ms; +// """.stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// +// case false => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// val isSuccessful = false +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""ViewDefinition does not exist!""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// } +// } +//} diff --git a/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala b/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala index 094ece2e8..7619a03b6 100644 --- a/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala +++ b/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala @@ -1,12 +1,14 @@ package code.api.util.newstyle +import code.api.Constant._ import code.api.util.APIUtil.{OBPReturnType, unboxFullOrFail} -import code.api.util.ErrorMessages.{InvalidConnectorResponse} +import code.api.util.ErrorMessages.InvalidConnectorResponse import code.api.util.{APIUtil, CallContext} import code.bankconnectors.Connector import code.views.Views -import com.openbankproject.commons.model.{AccountBalances, AccountsBalances, BankId, BankIdAccountId, User, ViewId} import com.github.dwickern.macros.NameOf.nameOf +import com.openbankproject.commons.model._ + import scala.concurrent.Future object BalanceNewStyle { @@ -20,7 +22,7 @@ object BalanceNewStyle { Future { val (views, accountAccesses) = Views.views.vend.getAccountAccessAtBankThroughView(user, bankId, viewId) // Filter views which can read the balance - val canSeeBankAccountBalanceViews = views.filter(_.canSeeBankAccountBalance) + val canSeeBankAccountBalanceViews = views.filter(_.allowed_actions.exists( _ == CAN_SEE_BANK_ACCOUNT_BALANCE)) // Filter accounts the user has permission to see balances and remove duplicates val allowedAccounts = APIUtil.intersectAccountAccessAndView(accountAccesses, canSeeBankAccountBalanceViews) allowedAccounts @@ -35,7 +37,7 @@ object BalanceNewStyle { Future { val (views, accountAccesses) = Views.views.vend.privateViewsUserCanAccessAtBank(user, bankId) // Filter views which can read the balance - val canSeeBankAccountBalanceViews = views.filter(_.canSeeBankAccountBalance) + val canSeeBankAccountBalanceViews = views.filter(_.allowed_actions.exists( _ == CAN_SEE_BANK_ACCOUNT_BALANCE)) // Filter accounts the user has permission to see balances and remove duplicates val allowedAccounts = APIUtil.intersectAccountAccessAndView(accountAccesses, canSeeBankAccountBalanceViews) allowedAccounts diff --git a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala index 4fa5bd0c4..0a49ae910 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala @@ -1,5 +1,6 @@ package code.api.v1_2_1 +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.cache.Caching import code.api.util.APIUtil._ @@ -14,8 +15,6 @@ import code.model.{BankAccountX, BankX, ModeratedTransactionMetadata, UserX, toB import code.util.Helper import code.util.Helper.booleanToBox import code.views.Views -import code.views.system.ViewDefinition -import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.model._ import com.openbankproject.commons.util.ApiVersion @@ -478,10 +477,10 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) json <- NewStyle.function.tryons(InvalidJsonFormat, 400, callContext) { json.extract[UpdateAccountJSON] } (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - anyViewContainsCanUpdateBankAccountLabelPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canUpdateBankAccountLabel).find(_.==(true)).getOrElse(false)).getOrElse(false) + permission <- NewStyle.function.permission(account.bankId, account.accountId, u, callContext) + anyViewContainsCanUpdateBankAccountLabelPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)).find(true == _).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canUpdateBankAccountLabel_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", cc = callContext ) { anyViewContainsCanUpdateBankAccountLabelPermission @@ -541,10 +540,10 @@ trait APIMethods121 { u <- cc.user ?~ UserNotLoggedIn bankAccount <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound permission <- Views.views.vend.permission(BankIdAccountId(bankAccount.bankId, bankAccount.accountId), u) - anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false) + anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToBox( anyViewContainsCanSeeAvailableViewsForBankAccountPermission, - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeAvailableViewsForBankAccount_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views" ) views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId))) } yield { @@ -606,10 +605,10 @@ trait APIMethods121 { createViewJsonV121.allowed_actions ) anyViewContainsCanCreateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canCreateCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanCreateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canCreateCustomView_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views" ) view <- Views.views.vend.createCustomView(BankIdAccountId(bankId,accountId), createViewJson)?~ CreateCustomViewError } yield { @@ -668,10 +667,10 @@ trait APIMethods121 { allowed_actions = updateJsonV121.allowed_actions ) anyViewContainsCanUpdateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canUpdateCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanUpdateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canUpdateCustomView_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" ) updatedView <- Views.views.vend.updateCustomView(BankIdAccountId(bankId, accountId),viewId, updateViewJson) ?~ CreateCustomViewError } yield { @@ -714,9 +713,9 @@ trait APIMethods121 { _ <- NewStyle.function.customView(viewId, BankIdAccountId(bankId, accountId), callContext) anyViewContainsCanDeleteCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canDeleteCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_DELETE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canDeleteCustomView_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) { anyViewContainsCanDeleteCustomViewPermission @@ -753,10 +752,10 @@ trait APIMethods121 { u <- cc.user ?~ UserNotLoggedIn account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canSeeViewsWithPermissionsForAllUsers).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeViewsWithPermissionsForAllUsers_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views" ) permissions = Views.views.vend.permissions(BankIdAccountId(bankId, accountId)) } yield { @@ -797,11 +796,11 @@ trait APIMethods121 { loggedInUser <- cc.user ?~ UserNotLoggedIn account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound loggedInUserPermissionBox = Views.views.vend.permission(BankIdAccountId(bankId, accountId), loggedInUser) - anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.canSeeViewsWithPermissionsForOneUser) + anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) .find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeViewsWithPermissionsForOneUser_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" ) userFromURL <- UserX.findByProviderId(provider, providerId) ?~! UserNotFoundByProviderAndProvideId permission <- Views.views.vend.permission(BankIdAccountId(bankId, accountId), userFromURL) diff --git a/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala b/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala index 84db9b773..129383913 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala @@ -26,6 +26,7 @@ TESOBE (http://www.tesobe.com/) */ package code.api.v1_2_1 +import code.api.Constant._ import code.api.util.APIUtil import code.api.util.APIUtil._ import code.api.util.ErrorMessages.MandatoryPropertyIsNotSet @@ -372,7 +373,7 @@ object JSONFactory{ val phone = APIUtil.getPropsValue("hosted_by.phone", "+49 (0)30 8145 3994") val organisationWebsite = APIUtil.getPropsValue("organisation_website", "https://www.tesobe.com") - val connector = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") + val connector = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") val hostedBy = new HostedBy(organisation, email, phone, organisationWebsite) val apiInfoJSON = new APIInfoJSON(apiVersion.vDottedApiVersion, apiVersionStatus, gitCommit, connector, hostedBy) @@ -413,65 +414,65 @@ object JSONFactory{ is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.canAddComment, - can_add_corporate_location = view.canAddCorporateLocation, - can_add_image = view.canAddImage, - can_add_image_url = view.canAddImageURL, - can_add_more_info = view.canAddMoreInfo, - can_add_open_corporates_url = view.canAddOpenCorporatesUrl, - can_add_physical_location = view.canAddPhysicalLocation, - can_add_private_alias = view.canAddPrivateAlias, - can_add_public_alias = view.canAddPublicAlias, - can_add_tag = view.canAddTag, - can_add_url = view.canAddURL, - can_add_where_tag = view.canAddWhereTag, - can_delete_comment = view.canDeleteComment, - can_delete_corporate_location = view.canDeleteCorporateLocation, - can_delete_image = view.canDeleteImage, - can_delete_physical_location = view.canDeletePhysicalLocation, - can_delete_tag = view.canDeleteTag, - can_delete_where_tag = view.canDeleteWhereTag, - can_edit_owner_comment = view.canEditOwnerComment, - can_see_bank_account_balance = view.canSeeBankAccountBalance, - can_see_bank_account_bank_name = view.canSeeBankAccountBankName, - can_see_bank_account_currency = view.canSeeBankAccountCurrency, - can_see_bank_account_iban = view.canSeeBankAccountIban, - can_see_bank_account_label = view.canSeeBankAccountLabel, - can_see_bank_account_national_identifier = view.canSeeBankAccountNationalIdentifier, - can_see_bank_account_number = view.canSeeBankAccountNumber, - can_see_bank_account_owners = view.canSeeBankAccountOwners, - can_see_bank_account_swift_bic = view.canSeeBankAccountSwift_bic, - can_see_bank_account_type = view.canSeeBankAccountType, - can_see_comments = view.canSeeComments, - can_see_corporate_location = view.canSeeCorporateLocation, - can_see_image_url = view.canSeeImageUrl, - can_see_images = view.canSeeImages, - can_see_more_info = view.canSeeMoreInfo, - can_see_open_corporates_url = view.canSeeOpenCorporatesUrl, - can_see_other_account_bank_name = view.canSeeOtherAccountBankName, - can_see_other_account_iban = view.canSeeOtherAccountIBAN, - can_see_other_account_kind = view.canSeeOtherAccountKind, - can_see_other_account_metadata = view.canSeeOtherAccountMetadata, - can_see_other_account_national_identifier = view.canSeeOtherAccountNationalIdentifier, - can_see_other_account_number = view.canSeeOtherAccountNumber, - can_see_other_account_swift_bic = view.canSeeOtherAccountSWIFT_BIC, - can_see_owner_comment = view.canSeeOwnerComment, - can_see_physical_location = view.canSeePhysicalLocation, - can_see_private_alias = view.canSeePrivateAlias, - can_see_public_alias = view.canSeePublicAlias, - can_see_tags = view.canSeeTags, - can_see_transaction_amount = view.canSeeTransactionAmount, - can_see_transaction_balance = view.canSeeTransactionBalance, - can_see_transaction_currency = view.canSeeTransactionCurrency, - can_see_transaction_description = view.canSeeTransactionDescription, - can_see_transaction_finish_date = view.canSeeTransactionFinishDate, - can_see_transaction_metadata = view.canSeeTransactionMetadata, - can_see_transaction_other_bank_account = view.canSeeTransactionOtherBankAccount, - can_see_transaction_start_date = view.canSeeTransactionStartDate, - can_see_transaction_this_bank_account = view.canSeeTransactionThisBankAccount, - can_see_transaction_type = view.canSeeTransactionType, - can_see_url = view.canSeeUrl, - can_see_where_tag = view.canSeeWhereTag + can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) ) } diff --git a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala index 15dbbda2b..e100c508d 100644 --- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala +++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala @@ -2,6 +2,7 @@ package code.api.v2_0_0 import code.TransactionTypes.TransactionType import code.api.APIFailureNewStyle +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.util.APIUtil._ import code.api.util.ApiTag._ @@ -25,8 +26,6 @@ import code.users.Users import code.util.Helper import code.util.Helper.{booleanToBox, booleanToFuture} import code.views.Views -import code.views.system.ViewDefinition -import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.model._ import com.openbankproject.commons.util.ApiVersion @@ -1051,9 +1050,9 @@ trait APIMethods200 { (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canSeeViewsWithPermissionsForAllUsers).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeViewsWithPermissionsForAllUsers_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission @@ -1093,11 +1092,12 @@ trait APIMethods200 { (bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound // Check bank exists. account <- BankAccountX(bank.bankId, accountId) ?~! {ErrorMessages.AccountNotFound} // Check Account exists. loggedInUserPermissionBox = Views.views.vend.permission(BankIdAccountId(bankId, accountId), loggedInUser) - anyViewContainsCanSeePermissionForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.canSeeViewsWithPermissionsForOneUser) + anyViewContainsCanSeePermissionForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.allowed_actions.exists( _ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) .find(_.==(true)).getOrElse(false)).getOrElse(false) + _ <- booleanToBox( anyViewContainsCanSeePermissionForOneUserPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeViewsWithPermissionsForOneUser_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" ) userFromURL <- UserX.findByProviderId(provider, providerId) ?~! UserNotFoundByProviderAndProvideId permission <- Views.views.vend.permission(BankIdAccountId(bankId, accountId), userFromURL) diff --git a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala index bb3e0d058..88ca6fd5e 100644 --- a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala +++ b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala @@ -1,6 +1,7 @@ package code.api.v2_1_0 import code.TransactionTypes.TransactionType +import code.api.Constant.CAN_SEE_TRANSACTION_REQUESTS import code.api.util.ApiTag._ import code.api.util.ErrorMessages.TransactionDisabled import code.api.util.FutureUtil.EndpointContext @@ -24,8 +25,6 @@ import code.sandbox.SandboxData import code.usercustomerlinks.UserCustomerLink import code.users.Users import code.util.Helper.booleanToBox -import code.views.system.ViewDefinition -import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.dto.GetProductsParam import com.openbankproject.commons.model._ import com.openbankproject.commons.model.enums.TransactionRequestTypes._ @@ -744,8 +743,8 @@ trait APIMethods210 { (bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {BankNotFound} (fromAccount, callContext) <- BankAccountX(bankId, accountId, Some(cc)) ?~! {AccountNotFound} view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) - _ <- Helper.booleanToBox(view.canSeeTransactionRequests, - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionRequests_)).dropRight(1)}` permission on the View(${viewId.value} )") + _ <- Helper.booleanToBox(view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_REQUESTS), + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value} )") (transactionRequests,callContext) <- Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext) } yield { diff --git a/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala b/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala index b31c322da..a28849d92 100644 --- a/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala +++ b/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala @@ -26,12 +26,9 @@ TESOBE (http://www.tesobe.com/) */ package code.api.v2_1_0 -import java.lang -import java.util.Date - +import code.api.Constant._ import code.api.util.ApiRole -import code.api.v1_2_1.{BankRoutingJsonV121} -import com.openbankproject.commons.model.{AccountRoutingJsonV121, AmountOfMoneyJsonV121} +import code.api.v1_2_1.BankRoutingJsonV121 import code.api.v1_4_0.JSONFactory1_4_0._ import code.api.v2_0_0.JSONFactory200.{UserJsonV200, UsersJsonV200, createEntitlementJSONs} import code.api.v2_0_0.TransactionRequestChargeJsonV200 @@ -40,13 +37,12 @@ import code.entitlement.Entitlement import code.metrics.APIMetric import code.model.dataAccess.ResourceUser import code.model.{Consumer, _} -import com.openbankproject.commons.model.Product -import code.transactionrequests.TransactionRequests._ import code.users.Users import com.openbankproject.commons.model._ import net.liftweb.common.{Box, Full} -import scala.collection.immutable.List +import java.lang +import java.util.Date @@ -804,66 +800,66 @@ object JSONFactory210{ is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.canAddComment, - can_add_corporate_location = view.canAddCorporateLocation, - can_add_image = view.canAddImage, - can_add_image_url = view.canAddImageURL, - can_add_more_info = view.canAddMoreInfo, - can_add_open_corporates_url = view.canAddOpenCorporatesUrl, - can_add_physical_location = view.canAddPhysicalLocation, - can_add_private_alias = view.canAddPrivateAlias, - can_add_public_alias = view.canAddPublicAlias, - can_add_tag = view.canAddTag, - can_add_url = view.canAddURL, - can_add_where_tag = view.canAddWhereTag, - can_add_counterparty = view.canAddCounterparty, - can_delete_comment = view.canDeleteComment, - can_delete_corporate_location = view.canDeleteCorporateLocation, - can_delete_image = view.canDeleteImage, - can_delete_physical_location = view.canDeletePhysicalLocation, - can_delete_tag = view.canDeleteTag, - can_delete_where_tag = view.canDeleteWhereTag, - can_edit_owner_comment = view.canEditOwnerComment, - can_see_bank_account_balance = view.canSeeBankAccountBalance, - can_see_bank_account_bank_name = view.canSeeBankAccountBankName, - can_see_bank_account_currency = view.canSeeBankAccountCurrency, - can_see_bank_account_iban = view.canSeeBankAccountIban, - can_see_bank_account_label = view.canSeeBankAccountLabel, - can_see_bank_account_national_identifier = view.canSeeBankAccountNationalIdentifier, - can_see_bank_account_number = view.canSeeBankAccountNumber, - can_see_bank_account_owners = view.canSeeBankAccountOwners, - can_see_bank_account_swift_bic = view.canSeeBankAccountSwift_bic, - can_see_bank_account_type = view.canSeeBankAccountType, - can_see_comments = view.canSeeComments, - can_see_corporate_location = view.canSeeCorporateLocation, - can_see_image_url = view.canSeeImageUrl, - can_see_images = view.canSeeImages, - can_see_more_info = view.canSeeMoreInfo, - can_see_open_corporates_url = view.canSeeOpenCorporatesUrl, - can_see_other_account_bank_name = view.canSeeOtherAccountBankName, - can_see_other_account_iban = view.canSeeOtherAccountIBAN, - can_see_other_account_kind = view.canSeeOtherAccountKind, - can_see_other_account_metadata = view.canSeeOtherAccountMetadata, - can_see_other_account_national_identifier = view.canSeeOtherAccountNationalIdentifier, - can_see_other_account_number = view.canSeeOtherAccountNumber, - can_see_other_account_swift_bic = view.canSeeOtherAccountSWIFT_BIC, - can_see_owner_comment = view.canSeeOwnerComment, - can_see_physical_location = view.canSeePhysicalLocation, - can_see_private_alias = view.canSeePrivateAlias, - can_see_public_alias = view.canSeePublicAlias, - can_see_tags = view.canSeeTags, - can_see_transaction_amount = view.canSeeTransactionAmount, - can_see_transaction_balance = view.canSeeTransactionBalance, - can_see_transaction_currency = view.canSeeTransactionCurrency, - can_see_transaction_description = view.canSeeTransactionDescription, - can_see_transaction_finish_date = view.canSeeTransactionFinishDate, - can_see_transaction_metadata = view.canSeeTransactionMetadata, - can_see_transaction_other_bank_account = view.canSeeTransactionOtherBankAccount, - can_see_transaction_start_date = view.canSeeTransactionStartDate, - can_see_transaction_this_bank_account = view.canSeeTransactionThisBankAccount, - can_see_transaction_type = view.canSeeTransactionType, - can_see_url = view.canSeeUrl, - can_see_where_tag = view.canSeeWhereTag + can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) ) } diff --git a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala index 5d7edbcab..7820b7891 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala @@ -1,5 +1,6 @@ package code.api.v2_2_0 +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.util.APIUtil._ import code.api.util.ApiRole._ @@ -23,8 +24,7 @@ import code.model.dataAccess.BankAccountCreation import code.util.Helper import code.util.Helper._ import code.views.Views -import code.views.system.ViewDefinition -import com.github.dwickern.macros.NameOf.nameOf +import code.views.system.ViewPermission import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.model._ import com.openbankproject.commons.util.ApiVersion @@ -135,9 +135,9 @@ trait APIMethods220 { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) permission <- NewStyle.function.permission(bankId, accountId, u, callContext) - anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false) + anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(true == _).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeAvailableViewsForBankAccount_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT}` permission on any your views", cc= callContext ){ anyViewContainsCanSeeAvailableViewsForBankAccountPermission @@ -202,12 +202,13 @@ trait APIMethods220 { createViewJsonV121.which_alias_to_use, createViewJsonV121.hide_metadata_if_alias_used, createViewJsonV121.allowed_actions - ) - anyViewContainsCanCreateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canCreateCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + ) + permission <- Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) + anyViewContainsCanCreateCustomViewPermission = permission.views.map(_.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW)).find(_ == true).getOrElse(false) + _ <- booleanToBox( anyViewContainsCanCreateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canCreateCustomView_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${CAN_CREATE_CUSTOM_VIEW}` permission on any your views" ) view <- Views.views.vend.createCustomView(BankIdAccountId(bankId, accountId), createViewJson) ?~ CreateCustomViewError } yield { @@ -262,11 +263,13 @@ trait APIMethods220 { hide_metadata_if_alias_used = updateJsonV121.hide_metadata_if_alias_used, allowed_actions = updateJsonV121.allowed_actions ) - anyViewContainsCancanUpdateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canUpdateCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + + permission <- Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) + anyViewContainsCancanUpdateCustomViewPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)).find(true == _).getOrElse(false) + _ <- booleanToBox( anyViewContainsCancanUpdateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canUpdateCustomView_)).dropRight(1)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" ) updatedView <- Views.views.vend.updateCustomView(BankIdAccountId(bankId, accountId), viewId, updateViewJson) ?~ CreateCustomViewError } yield { @@ -366,8 +369,11 @@ trait APIMethods220 { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) - _ <- Helper.booleanToFuture(failMsg = s"${NoViewPermission} can_get_counterparty", cc=callContext) { - view.canGetCounterparty == true + _ <- Helper.booleanToFuture( + s"${ErrorMessages.NoViewPermission} You need the `${StringHelpers.snakify(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", + cc = callContext + ) { + ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_GET_COUNTERPARTY) } (counterparties, callContext) <- NewStyle.function.getCounterparties(bankId,accountId,viewId, callContext) //Here we need create the metadata for all the explicit counterparties. maybe show them in json response. @@ -416,9 +422,14 @@ trait APIMethods220 { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) - _ <- Helper.booleanToFuture(failMsg = s"${NoViewPermission}can_get_counterparty", cc=callContext) { - view.canGetCounterparty == true + + _ <- Helper.booleanToFuture( + s"${ErrorMessages.NoViewPermission} You need the `${StringHelpers.snakify(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", + cc = callContext + ) { + ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_GET_COUNTERPARTY) } + counterpartyMetadata <- NewStyle.function.getMetadata(bankId, accountId, counterpartyId.value, callContext) (counterparty, callContext) <- NewStyle.function.getCounterpartyTrait(bankId, accountId, counterpartyId.value, callContext) } yield { @@ -1190,9 +1201,12 @@ trait APIMethods220 { json.extract[PostCounterpartyJSON] } view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) - - _ <- Helper.booleanToFuture(s"$NoViewPermission can_add_counterparty. Please use a view with that permission or add the permission to this view.", cc=callContext) {view.canAddCounterparty} - + _ <- Helper.booleanToFuture( + s"${ErrorMessages.NoViewPermission} You need the `${StringHelpers.snakify(CAN_ADD_COUNTERPARTY)}` permission on the View(${viewId.value} )", + cc = callContext + ) { + ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_ADD_COUNTERPARTY) + } (counterparty, callContext) <- Connector.connector.vend.checkCounterpartyExists(postJson.name, bankId.value, accountId.value, viewId.value, callContext) _ <- Helper.booleanToFuture(CounterpartyAlreadyExists.replace("value for BANK_ID or ACCOUNT_ID or VIEW_ID or NAME.", diff --git a/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala b/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala index da14fd454..c0f649796 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala @@ -26,31 +26,27 @@ TESOBE (http://www.tesobe.com/) */ package code.api.v2_2_0 -import java.util.Date - import code.actorsystem.ObpActorConfig -import code.api.util.{APIUtil, ApiPropsWithAlias, CustomJsonFormats, OptionalFieldSerializer} +import code.api.Constant._ import code.api.util.APIUtil.{EndpointInfo, MessageDoc, getPropsValue} +import code.api.util.{APIUtil, ApiPropsWithAlias, CustomJsonFormats, OptionalFieldSerializer} import code.api.v1_2_1.BankRoutingJsonV121 -import com.openbankproject.commons.model.{AccountRoutingJsonV121, AmountOfMoneyJsonV121} import code.api.v1_4_0.JSONFactory1_4_0._ import code.api.v2_1_0.{JSONFactory210, LocationJsonV210, PostCounterpartyBespokeJson, ResourceUserJSON} import code.atms.Atms.Atm import code.branches.Branches.{Branch, DriveUpString, LobbyString} -import com.openbankproject.commons.model.FXRate import code.metrics.ConnectorMetric -import code.model.dataAccess.ResourceUser import code.model._ -import com.openbankproject.commons.model.Product +import code.model.dataAccess.ResourceUser import code.users.Users import code.util.Helper import com.openbankproject.commons.model._ -import com.openbankproject.commons.util.{ReflectUtils, RequiredFieldValidation, RequiredFields} +import com.openbankproject.commons.util.{ReflectUtils, RequiredFields} import net.liftweb.common.{Box, Full} import net.liftweb.json.Extraction.decompose import net.liftweb.json.JsonAST.JValue -import scala.collection.immutable.List +import java.util.Date case class ViewsJSONV220( @@ -395,66 +391,66 @@ object JSONFactory220 { is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.canAddComment, - can_add_corporate_location = view.canAddCorporateLocation, - can_add_image = view.canAddImage, - can_add_image_url = view.canAddImageURL, - can_add_more_info = view.canAddMoreInfo, - can_add_open_corporates_url = view.canAddOpenCorporatesUrl, - can_add_physical_location = view.canAddPhysicalLocation, - can_add_private_alias = view.canAddPrivateAlias, - can_add_public_alias = view.canAddPublicAlias, - can_add_tag = view.canAddTag, - can_add_url = view.canAddURL, - can_add_where_tag = view.canAddWhereTag, - can_add_counterparty = view.canAddCounterparty, - can_delete_comment = view.canDeleteComment, - can_delete_corporate_location = view.canDeleteCorporateLocation, - can_delete_image = view.canDeleteImage, - can_delete_physical_location = view.canDeletePhysicalLocation, - can_delete_tag = view.canDeleteTag, - can_delete_where_tag = view.canDeleteWhereTag, - can_edit_owner_comment = view.canEditOwnerComment, - can_see_bank_account_balance = view.canSeeBankAccountBalance, - can_see_bank_account_bank_name = view.canSeeBankAccountBankName, - can_see_bank_account_currency = view.canSeeBankAccountCurrency, - can_see_bank_account_iban = view.canSeeBankAccountIban, - can_see_bank_account_label = view.canSeeBankAccountLabel, - can_see_bank_account_national_identifier = view.canSeeBankAccountNationalIdentifier, - can_see_bank_account_number = view.canSeeBankAccountNumber, - can_see_bank_account_owners = view.canSeeBankAccountOwners, - can_see_bank_account_swift_bic = view.canSeeBankAccountSwift_bic, - can_see_bank_account_type = view.canSeeBankAccountType, - can_see_comments = view.canSeeComments, - can_see_corporate_location = view.canSeeCorporateLocation, - can_see_image_url = view.canSeeImageUrl, - can_see_images = view.canSeeImages, - can_see_more_info = view.canSeeMoreInfo, - can_see_open_corporates_url = view.canSeeOpenCorporatesUrl, - can_see_other_account_bank_name = view.canSeeOtherAccountBankName, - can_see_other_account_iban = view.canSeeOtherAccountIBAN, - can_see_other_account_kind = view.canSeeOtherAccountKind, - can_see_other_account_metadata = view.canSeeOtherAccountMetadata, - can_see_other_account_national_identifier = view.canSeeOtherAccountNationalIdentifier, - can_see_other_account_number = view.canSeeOtherAccountNumber, - can_see_other_account_swift_bic = view.canSeeOtherAccountSWIFT_BIC, - can_see_owner_comment = view.canSeeOwnerComment, - can_see_physical_location = view.canSeePhysicalLocation, - can_see_private_alias = view.canSeePrivateAlias, - can_see_public_alias = view.canSeePublicAlias, - can_see_tags = view.canSeeTags, - can_see_transaction_amount = view.canSeeTransactionAmount, - can_see_transaction_balance = view.canSeeTransactionBalance, - can_see_transaction_currency = view.canSeeTransactionCurrency, - can_see_transaction_description = view.canSeeTransactionDescription, - can_see_transaction_finish_date = view.canSeeTransactionFinishDate, - can_see_transaction_metadata = view.canSeeTransactionMetadata, - can_see_transaction_other_bank_account = view.canSeeTransactionOtherBankAccount, - can_see_transaction_start_date = view.canSeeTransactionStartDate, - can_see_transaction_this_bank_account = view.canSeeTransactionThisBankAccount, - can_see_transaction_type = view.canSeeTransactionType, - can_see_url = view.canSeeUrl, - can_see_where_tag = view.canSeeWhereTag + can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) ) } diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index d774b2f93..c75b91a52 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -1,7 +1,7 @@ package code.api.v3_0_0 import code.accountattribute.AccountAttributeX -import code.api.Constant.{PARAM_LOCALE, PARAM_TIMESTAMP} +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.{banksJSON, branchJsonV300, _} import code.api.util.APIUtil.{getGlossaryItems, _} @@ -28,7 +28,6 @@ import code.users.Users import code.util.Helper import code.util.Helper.{ObpS, booleanToFuture} import code.views.Views -import code.views.system.ViewDefinition import com.github.dwickern.macros.NameOf.nameOf import com.grum.geocalc.{Coordinate, EarthCalc, Point} import com.openbankproject.commons.ExecutionContext.Implicits.global @@ -141,9 +140,9 @@ trait APIMethods300 { (Full(u), callContext) <- authenticatedAccess(cc) (bankAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) permission <- NewStyle.function.permission(bankId, accountId, u, callContext) - anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false) + anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeAvailableViewsForBankAccount_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeeAvailableViewsForBankAccountPermission @@ -211,10 +210,10 @@ trait APIMethods300 { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) anyViewContainsCanCreateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canCreateCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canCreateCustomView_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) {anyViewContainsCanCreateCustomViewPermission} (view, callContext) <- NewStyle.function.createCustomView(BankIdAccountId(bankId, accountId), createViewJson, callContext) @@ -251,9 +250,9 @@ trait APIMethods300 { (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) anyViewContainsCanSeePermissionForOneUserPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), loggedInUser) - .map(_.views.map(_.canSeeViewsWithPermissionsForOneUser).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeViewsWithPermissionsForOneUser_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeePermissionForOneUserPermission @@ -317,10 +316,10 @@ trait APIMethods300 { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) anyViewContainsCancanUpdateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canUpdateCustomView).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canUpdateCustomView_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) { anyViewContainsCancanUpdateCustomViewPermission diff --git a/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala b/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala index 5a5319d99..90360ec62 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala @@ -26,14 +26,12 @@ Berlin 13359, Germany */ package code.api.v3_0_0 -import java.lang -import java.util.Date - +import code.api.Constant._ import code.api.util.APIUtil._ import code.api.util.Glossary.GlossaryItem import code.api.util.{APIUtil, PegdownOptions} import code.api.v1_2_1.JSONFactory._ -import code.api.v1_2_1.{UserJSONV121, _} +import code.api.v1_2_1._ import code.api.v1_4_0.JSONFactory1_4_0._ import code.api.v2_0_0.EntitlementJSONs import code.api.v2_0_0.JSONFactory200.{UserJsonV200, UsersJsonV200} @@ -51,10 +49,11 @@ import code.model.dataAccess.ResourceUser import code.scope.Scope import code.views.Views import com.openbankproject.commons.dto.CustomerAndAttribute -import com.openbankproject.commons.model.{Customer, _} +import com.openbankproject.commons.model._ import net.liftweb.common.{Box, Full} -import scala.collection.immutable.List +import java.lang +import java.util.Date //import code.api.v1_4_0.JSONFactory1_4_0._ import code.api.v2_0_0.JSONFactory200 @@ -740,81 +739,81 @@ object JSONFactory300{ is_system = view.isSystem, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.canAddComment, - can_add_corporate_location = view.canAddCorporateLocation, - can_add_image = view.canAddImage, - can_add_image_url = view.canAddImageURL, - can_add_more_info = view.canAddMoreInfo, - can_add_open_corporates_url = view.canAddOpenCorporatesUrl, - can_add_physical_location = view.canAddPhysicalLocation, - can_add_private_alias = view.canAddPrivateAlias, - can_add_public_alias = view.canAddPublicAlias, - can_add_tag = view.canAddTag, - can_add_url = view.canAddURL, - can_add_where_tag = view.canAddWhereTag, - can_delete_comment = view.canDeleteComment, - can_add_counterparty = view.canAddCounterparty, - can_delete_corporate_location = view.canDeleteCorporateLocation, - can_delete_image = view.canDeleteImage, - can_delete_physical_location = view.canDeletePhysicalLocation, - can_delete_tag = view.canDeleteTag, - can_delete_where_tag = view.canDeleteWhereTag, - can_edit_owner_comment = view.canEditOwnerComment, - can_see_bank_account_balance = view.canSeeBankAccountBalance, - can_query_available_funds = view.canQueryAvailableFunds, - can_see_bank_account_bank_name = view.canSeeBankAccountBankName, - can_see_bank_account_currency = view.canSeeBankAccountCurrency, - can_see_bank_account_iban = view.canSeeBankAccountIban, - can_see_bank_account_label = view.canSeeBankAccountLabel, - can_see_bank_account_national_identifier = view.canSeeBankAccountNationalIdentifier, - can_see_bank_account_number = view.canSeeBankAccountNumber, - can_see_bank_account_owners = view.canSeeBankAccountOwners, - can_see_bank_account_swift_bic = view.canSeeBankAccountSwift_bic, - can_see_bank_account_type = view.canSeeBankAccountType, - can_see_comments = view.canSeeComments, - can_see_corporate_location = view.canSeeCorporateLocation, - can_see_image_url = view.canSeeImageUrl, - can_see_images = view.canSeeImages, - can_see_more_info = view.canSeeMoreInfo, - can_see_open_corporates_url = view.canSeeOpenCorporatesUrl, - can_see_other_account_bank_name = view.canSeeOtherAccountBankName, - can_see_other_account_iban = view.canSeeOtherAccountIBAN, - can_see_other_account_kind = view.canSeeOtherAccountKind, - can_see_other_account_metadata = view.canSeeOtherAccountMetadata, - can_see_other_account_national_identifier = view.canSeeOtherAccountNationalIdentifier, - can_see_other_account_number = view.canSeeOtherAccountNumber, - can_see_other_account_swift_bic = view.canSeeOtherAccountSWIFT_BIC, - can_see_owner_comment = view.canSeeOwnerComment, - can_see_physical_location = view.canSeePhysicalLocation, - can_see_private_alias = view.canSeePrivateAlias, - can_see_public_alias = view.canSeePublicAlias, - can_see_tags = view.canSeeTags, - can_see_transaction_amount = view.canSeeTransactionAmount, - can_see_transaction_balance = view.canSeeTransactionBalance, - can_see_transaction_currency = view.canSeeTransactionCurrency, - can_see_transaction_description = view.canSeeTransactionDescription, - can_see_transaction_finish_date = view.canSeeTransactionFinishDate, - can_see_transaction_metadata = view.canSeeTransactionMetadata, - can_see_transaction_other_bank_account = view.canSeeTransactionOtherBankAccount, - can_see_transaction_start_date = view.canSeeTransactionStartDate, - can_see_transaction_this_bank_account = view.canSeeTransactionThisBankAccount, - can_see_transaction_type = view.canSeeTransactionType, - can_see_url = view.canSeeUrl, - can_see_where_tag = view.canSeeWhereTag, + can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_query_available_funds = view.allowed_actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS), + can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG), //V300 new - can_see_bank_routing_scheme = view.canSeeBankRoutingScheme, - can_see_bank_routing_address = view.canSeeBankRoutingAddress, - can_see_bank_account_routing_scheme = view.canSeeBankAccountRoutingScheme, - can_see_bank_account_routing_address = view.canSeeBankAccountRoutingAddress, - can_see_other_bank_routing_scheme = view.canSeeOtherBankRoutingScheme, - can_see_other_bank_routing_address = view.canSeeOtherBankRoutingAddress, - can_see_other_account_routing_scheme = view.canSeeOtherAccountRoutingScheme, - can_see_other_account_routing_address= view.canSeeOtherAccountRoutingAddress, - can_add_transaction_request_to_own_account = view.canAddTransactionRequestToOwnAccount, //added following two for payments - can_add_transaction_request_to_any_account = view.canAddTransactionRequestToAnyAccount, - can_see_bank_account_credit_limit = view.canSeeBankAccountCreditLimit, - can_create_direct_debit = view.canCreateDirectDebit, - can_create_standing_order = view.canCreateStandingOrder + can_see_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME), + can_see_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS), + can_see_bank_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME), + can_see_bank_account_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS), + can_see_other_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME), + can_see_other_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS), + can_see_other_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME), + can_see_other_account_routing_address= view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS), + can_add_transaction_request_to_own_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT), //added following two for payments + can_add_transaction_request_to_any_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT), + can_see_bank_account_credit_limit = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT), + can_create_direct_debit = view.allowed_actions.exists(_ == CAN_CREATE_DIRECT_DEBIT), + can_create_standing_order = view.allowed_actions.exists(_ == CAN_CREATE_STANDING_ORDER) ) } def createBasicViewJSON(view : View) : BasicViewJson = { diff --git a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala index 80692cf30..fc3483af0 100644 --- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala +++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala @@ -1,7 +1,7 @@ package code.api.v3_1_0 import code.api.Constant -import code.api.Constant.localIdentityProvider +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.ResourceDocs1_4_0.{MessageDocsSwaggerDefinitions, ResourceDocsAPIMethodsUtil, SwaggerDefinitionsJSON, SwaggerJSONFactory} import code.api.cache.Caching @@ -37,7 +37,6 @@ import code.users.Users import code.util.Helper import code.util.Helper.ObpS import code.views.Views -import code.views.system.ViewDefinition import code.webhook.AccountWebhook import code.webuiprops.{MappedWebUiPropsProvider, WebUiPropsCommons} import com.github.dwickern.macros.NameOf.nameOf @@ -654,8 +653,8 @@ trait APIMethods310 { (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) - _ <- Helper.booleanToFuture(failMsg = s"$ViewDoesNotPermitAccess + You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canQueryAvailableFunds_)).dropRight(1)}` permission on any your views", cc=callContext) { - view.canQueryAvailableFunds + _ <- Helper.booleanToFuture(failMsg = s"$ViewDoesNotPermitAccess + You need the `${StringHelpers.snakify(CAN_QUERY_AVAILABLE_FUNDS)}` permission on any your views", cc=callContext) { + view.allowed_actions.exists(_ ==CAN_QUERY_AVAILABLE_FUNDS) } httpParams: List[HTTPParam] <- NewStyle.function.extractHttpParamsFromUrl(cc.url) _ <- Helper.booleanToFuture(failMsg = MissingQueryParams + amount, cc=callContext) { @@ -672,7 +671,7 @@ trait APIMethods310 { _ <- NewStyle.function.moderatedBankAccountCore(account, view, Full(u), callContext) } yield { val ccy = httpParams.filter(_.name == currency).map(_.values.head).head - val fundsAvailable = (view.canQueryAvailableFunds, account.balance, account.currency) match { + val fundsAvailable = ( view.allowed_actions.exists(_ ==CAN_QUERY_AVAILABLE_FUNDS), account.balance, account.currency) match { case (false, _, _) => "" // 1st condition: MUST have a view can_query_available_funds case (true, _, c) if c != ccy => "no" // 2nd condition: Currency has to be matched case (true, b, _) if b.compare(available) >= 0 => "yes" // We have the vew, the right currency and enough funds @@ -1125,9 +1124,9 @@ trait APIMethods310 { (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionRequests_)).dropRight(1)}` permission on the View(${viewId.value})", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc=callContext){ - view.canSeeTransactionRequests + view.allowed_actions.exists(_ ==CAN_SEE_TRANSACTION_REQUESTS) } (transactionRequests, callContext) <- Future(Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext)) map { unboxFullOrFail(_, callContext, GetTransactionRequestsException) @@ -1870,7 +1869,7 @@ trait APIMethods310 { cc => implicit val ec = EndpointContext(Some(cc)) for { (_, callContext) <- anonymousAccess(cc) - connectorVersion = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet The missing props is 'connector'") + connectorVersion = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet The missing props is 'connector'") starConnectorProps = APIUtil.getPropsValue("starConnector_supported_types").openOr("notfound") //TODO we need to decide what kind of connector should we use. obpApiLoopback = ObpApiLoopback( diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index d14433bd5..a4b499940 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -1,35 +1,30 @@ package code.api.v4_0_0 -import java.net.URLEncoder -import java.text.SimpleDateFormat -import java.util -import java.util.{Calendar, Date} -import code.DynamicData.{DynamicData, DynamicDataProvider} +import code.DynamicData.DynamicData import code.DynamicEndpoint.DynamicEndpointSwagger import code.accountattribute.AccountAttributeX -import code.api.Constant.{CREATE_LOCALISED_RESOURCE_DOC_JSON_TTL, PARAM_LOCALE, PARAM_TIMESTAMP, SYSTEM_OWNER_VIEW_ID, localIdentityProvider} +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.{jsonDynamicResourceDoc, _} -import code.api.UKOpenBanking.v2_0_0.OBP_UKOpenBanking_200 -import code.api.UKOpenBanking.v3_1_0.OBP_UKOpenBanking_310 -import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.dynamic.endpoint.helper.practise.{DynamicEndpointCodeGenerator, PractiseEndpoint} -import code.api.dynamic.endpoint.helper.{CompiledObjects, DynamicEndpointHelper, DynamicEndpoints} +import code.api.dynamic.endpoint.helper.{CompiledObjects, DynamicEndpointHelper} +import code.api.dynamic.entity.helper.DynamicEntityInfo import code.api.util.APIUtil.{fullBoxOrException, _} import code.api.util.ApiRole._ import code.api.util.ApiTag._ import code.api.util.DynamicUtil.Validation import code.api.util.ErrorMessages.{BankNotFound, _} import code.api.util.ExampleValue._ -import code.api.util.Glossary.{getGlossaryItem, getGlossaryItemSimple} +import code.api.util.FutureUtil.EndpointContext +import code.api.util.Glossary.getGlossaryItem import code.api.util.NewStyle.HttpCode -import code.api.util.NewStyle.function.{isValidCurrencyISOCode => isValidCurrencyISOCodeNS, _} +import code.api.util.NewStyle.function._ import code.api.util._ import code.api.util.migration.Migration import code.api.util.newstyle.AttributeDefinition._ import code.api.util.newstyle.Consumer._ -import code.api.util.newstyle.{BalanceNewStyle, UserCustomerLinkNewStyle} import code.api.util.newstyle.UserCustomerLinkNewStyle.getUserCustomerLinks +import code.api.util.newstyle.{BalanceNewStyle, UserCustomerLinkNewStyle} import code.api.v1_2_1.{JSONFactory, PostTransactionTagJSON} import code.api.v1_4_0.JSONFactory1_4_0 import code.api.v1_4_0.JSONFactory1_4_0.TransactionRequestAccountJsonV140 @@ -38,21 +33,15 @@ import code.api.v2_0_0.{CreateEntitlementJSON, CreateUserCustomerLinkJson, Entit import code.api.v2_1_0._ import code.api.v3_0_0.{CreateScopeJson, JSONFactory300} import code.api.v3_1_0._ +import code.api.v4_0_0.APIMethods400.{createTransactionRequest, transactionRequestGeneralText} import code.api.v4_0_0.JSONFactory400._ -import code.fx.{MappedFXRate, fx} -import code.api.dynamic.endpoint.helper._ -import code.api.dynamic.endpoint.helper.practise.PractiseEndpoint -import code.api.dynamic.entity.helper.{DynamicEntityHelper, DynamicEntityInfo} -import code.api.util.FutureUtil.EndpointContext -import code.api.v4_0_0.APIMethods400.{createTransactionRequest, lowAmount, sharedChargePolicy, transactionRequestGeneralText} -import code.api.v4_0_0.TransactionRequestBodyAgentJsonV400 import code.api.{ChargePolicy, Constant, JsonResponseException} import code.apicollection.MappedApiCollectionsProvider import code.apicollectionendpoint.MappedApiCollectionEndpointsProvider import code.authtypevalidation.JsonAuthTypeValidation import code.bankconnectors.{Connector, DynamicConnector, InternalConnector} import code.connectormethod.{JsonConnectorMethod, JsonConnectorMethodMethodBody} -import code.consent.{ConsentRequests, ConsentStatus, Consents} +import code.consent.{ConsentStatus, Consents} import code.dynamicEntity.{DynamicEntityCommons, ReferenceType} import code.dynamicMessageDoc.JsonDynamicMessageDoc import code.dynamicResourceDoc.JsonDynamicResourceDoc @@ -62,13 +51,11 @@ import code.fx.fx import code.loginattempts.LoginAttempt import code.metadata.counterparties.{Counterparties, MappedCounterparty} import code.metadata.tags.Tags -import code.model.dataAccess.{AuthUser, BankAccountCreation} import code.model._ +import code.model.dataAccess.{AuthUser, BankAccountCreation} import code.ratelimiting.RateLimitingDI import code.scope.Scope import code.snippet.{WebUIPlaceholder, WebUITemplate} -import code.transactionChallenge.MappedExpectedChallengeAnswer -import code.transactionrequests.MappedTransactionRequestProvider import code.usercustomerlinks.UserCustomerLink import code.userlocks.UserLocksProvider import code.users.Users @@ -76,41 +63,39 @@ import code.util.Helper.{MdcLoggable, ObpS, SILENCE_IS_GOLDEN, booleanToFuture} import code.util.{Helper, JsonSchemaUtil} import code.validation.JsonValidation import code.views.Views -import code.views.system.ViewDefinition -import code.webhook.{AccountWebhook, BankAccountNotificationWebhookTrait, SystemAccountNotificationWebhookTrait} +import code.webhook.{BankAccountNotificationWebhookTrait, SystemAccountNotificationWebhookTrait} import code.webuiprops.MappedWebUiPropsProvider.getWebUiPropsValue import com.github.dwickern.macros.NameOf.nameOf import com.networknt.schema.ValidationMessage import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.dto.GetProductsParam +import com.openbankproject.commons.model._ import com.openbankproject.commons.model.enums.ChallengeType.OBP_TRANSACTION_REQUEST_CHALLENGE import com.openbankproject.commons.model.enums.DynamicEntityOperation._ -import com.openbankproject.commons.model.enums.{TransactionRequestStatus, _} -import com.openbankproject.commons.model._ import com.openbankproject.commons.model.enums.TransactionRequestTypes._ -import com.openbankproject.commons.model.enums.PaymentServiceTypes._ -import com.openbankproject.commons.util.{ApiVersion, JsonUtils, ScannedApiVersion} +import com.openbankproject.commons.model.enums.{TransactionRequestStatus, _} +import com.openbankproject.commons.util.{ApiVersion, ScannedApiVersion} import deletion._ import net.liftweb.common._ import net.liftweb.http.rest.RestHelper -import net.liftweb.http.{JsonResponse, Req, S} import net.liftweb.json.JsonAST.JValue import net.liftweb.json.JsonDSL._ import net.liftweb.json.Serialization.write import net.liftweb.json._ -import net.liftweb.mapper.By import net.liftweb.util.Helpers.{now, tryo} import net.liftweb.util.Mailer.{From, PlainMailBodyType, Subject, To, XHTMLMailBodyType} import net.liftweb.util.{Helpers, Mailer, StringHelpers} import org.apache.commons.lang3.StringUtils -import java.time.{LocalDate, ZoneId, ZonedDateTime} -import java.util.Date +import java.net.URLEncoder +import java.text.SimpleDateFormat +import java.time.{LocalDate, ZoneId} +import java.util +import java.util.{Calendar, Date} import scala.collection.immutable.{List, Nil} import scala.collection.mutable.ArrayBuffer import scala.concurrent.Future import scala.jdk.CollectionConverters.collectionAsScalaIterableConverter -import scala.math.BigDecimal import scala.xml.XML trait APIMethods400 extends MdcLoggable { @@ -2320,9 +2305,9 @@ trait APIMethods400 extends MdcLoggable { json.extract[UpdateAccountJsonV400] } anyViewContainsCanUpdateBankAccountLabelPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.canUpdateBankAccountLabel).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)).find(_.==(true)).getOrElse(false)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canUpdateBankAccountLabel_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", cc = callContext ) { anyViewContainsCanUpdateBankAccountLabelPermission @@ -2564,7 +2549,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_add_tag. Current ViewId($viewId)", cc=callContext) { - view.canAddTag + view.allowed_actions.exists( _ == CAN_ADD_TAG) } tagJson <- NewStyle.function.tryons(s"$InvalidJsonFormat The Json body should be the $PostTransactionTagJSON ", 400, callContext) { json.extract[PostTransactionTagJSON] @@ -2608,7 +2593,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_delete_tag. Current ViewId($viewId)", cc=callContext) { - view.canDeleteTag + view.allowed_actions.exists(_ ==CAN_DELETE_TAG) } deleted <- Future(Tags.tags.vend.deleteTagOnAccount(bankId, accountId)(tagId)) map { i => (connectorEmptyResponse(i, callContext), callContext) @@ -2650,7 +2635,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_tags. Current ViewId($viewId)", cc=callContext) { - view.canSeeTags + view.allowed_actions.exists(_ ==CAN_SEE_TAGS) } tags <- Future(Tags.tags.vend.getTagsOnAccount(bankId, accountId)(viewId)) } yield { @@ -3688,7 +3673,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_create_direct_debit. Current ViewId($viewId)", cc=callContext) { - view.canCreateDirectDebit + view.allowed_actions.exists(_ ==CAN_CREATE_DIRECT_DEBIT) } failMsg = s"$InvalidJsonFormat The Json body should be the $PostDirectDebitJsonV400 " postJson <- NewStyle.function.tryons(failMsg, 400, callContext) { @@ -3807,7 +3792,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_create_standing_order. Current ViewId($viewId)", cc=callContext) { - view.canCreateStandingOrder + view.allowed_actions.exists(_ ==CAN_CREATE_STANDING_ORDER) } failMsg = s"$InvalidJsonFormat The Json body should be the $PostStandingOrderJsonV400 " postJson <- NewStyle.function.tryons(failMsg, 400, callContext) { @@ -4738,9 +4723,9 @@ trait APIMethods400 extends MdcLoggable { _ <- NewStyle.function.isEnabledTransactionRequests(callContext) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionRequests_)).dropRight(1)}` permission on the View(${viewId.value})", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc = callContext) { - view.canSeeTransactionRequests + view.allowed_actions.exists(_ ==CAN_SEE_TRANSACTION_REQUESTS) } (transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(requestId, callContext) } yield { @@ -7500,7 +7485,7 @@ trait APIMethods400 extends MdcLoggable { } _ <- Helper.booleanToFuture(s"$NoViewPermission can_add_counterparty. Please use a view with that permission or add the permission to this view.", 403, cc=callContext) { - view.canAddCounterparty + view.allowed_actions.exists(_ ==CAN_ADD_COUNTERPARTY) } (counterparty, callContext) <- Connector.connector.vend.checkCounterpartyExists(postJson.name, bankId.value, accountId.value, viewId.value, callContext) @@ -7617,7 +7602,7 @@ trait APIMethods400 extends MdcLoggable { _ <- Helper.booleanToFuture(InvalidBankIdFormat, cc=callContext) {isValidID(bankId.value)} _ <- Helper.booleanToFuture(s"$NoViewPermission can_delete_counterparty. Please use a view with that permission or add the permission to this view.",403, cc=callContext) { - view.canDeleteCounterparty + view.allowed_actions.exists(_ ==CAN_DELETE_COUNTERPARTY) } (counterparty, callContext) <- NewStyle.function.deleteCounterpartyByCounterpartyId(counterpartyId, callContext) @@ -7825,7 +7810,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"${NoViewPermission}can_get_counterparty", 403, cc=callContext) { - view.canGetCounterparty == true + view.allowed_actions.exists(_ ==CAN_GET_COUNTERPARTY) } (counterparties, callContext) <- NewStyle.function.getCounterparties(bankId,accountId,viewId, callContext) //Here we need create the metadata for all the explicit counterparties. maybe show them in json response. @@ -7926,7 +7911,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- Helper.booleanToFuture(failMsg = s"${NoViewPermission}can_get_counterparty", 403, cc=callContext) { - view.canGetCounterparty == true + view.allowed_actions.exists(_ ==CAN_GET_COUNTERPARTY) } (counterparty, callContext) <- NewStyle.function.getCounterpartyByCounterpartyId(counterpartyId, callContext) counterpartyMetadata <- NewStyle.function.getMetadata(bankId, accountId, counterpartyId.value, callContext) diff --git a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala index 24217ff5e..0edb4f2fe 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala @@ -1108,7 +1108,7 @@ object JSONFactory400 { val organisationWebsiteEnergySource = APIUtil.getPropsValue("energy_source.organisation_website", "") val energySource = new EnergySource400(organisationEnergySource, organisationWebsiteEnergySource) - val connector = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") + val connector = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") val resourceDocsRequiresRole = APIUtil.getPropsAsBoolValue("resource_docs_requires_role", false) APIInfoJson400( diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 50e593848..0427e7ccf 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -1,6 +1,7 @@ package code.api.v5_0_0 import code.accountattribute.AccountAttributeX +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.util.APIUtil._ import code.api.util.ApiRole._ @@ -776,7 +777,7 @@ trait APIMethods500 { val accountId = AccountId(viewsFromJwtToken.head.account_id) val viewId = ViewId(viewsFromJwtToken.head.view_id) val helperInfoFromJwtToken = viewsFromJwtToken.head.helper_info - val viewCanGetCounterparty = Views.views.vend.customView(viewId, BankIdAccountId(bankId, accountId)).map(_.canGetCounterparty) + val viewCanGetCounterparty = Views.views.vend.customView(viewId, BankIdAccountId(bankId, accountId)).map(_.allowed_actions.exists( _ == CAN_GET_COUNTERPARTY)) val helperInfo = if(viewCanGetCounterparty==Full(true)) helperInfoFromJwtToken else None (Some(bankId), Some(accountId), Some(viewId), helperInfo) }else{ @@ -1884,9 +1885,9 @@ trait APIMethods500 { for { (Full(u), callContext) <- SS.user permission <- NewStyle.function.permission(bankId, accountId, u, callContext) - anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.canSeeAvailableViewsForBankAccount).find(_.==(true)).getOrElse(false) + anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeAvailableViewsForBankAccount_)).dropRight(1)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeeAvailableViewsForBankAccountPermission diff --git a/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala b/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala index 7be0bf05c..340bb9828 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala @@ -27,6 +27,7 @@ package code.api.v5_0_0 import code.api.Constant +import code.api.Constant._ import code.api.util.APIUtil import code.api.util.APIUtil.{gitCommit, nullToString, stringOptionOrNull, stringOrNull} import code.api.util.ErrorMessages.MandatoryPropertyIsNotSet @@ -559,7 +560,7 @@ object JSONFactory500 { val organisationWebsiteEnergySource = APIUtil.getPropsValue("energy_source.organisation_website", "") val energySource = new EnergySource400(organisationEnergySource, organisationWebsiteEnergySource) - val connector = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") + val connector = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") val resourceDocsRequiresRole = APIUtil.getPropsAsBoolValue("resource_docs_requires_role", false) APIInfoJson400( @@ -827,81 +828,81 @@ object JSONFactory500 { is_firehose = Some(view.isFirehose), alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.canAddComment, - can_add_corporate_location = view.canAddCorporateLocation, - can_add_image = view.canAddImage, - can_add_image_url = view.canAddImageURL, - can_add_more_info = view.canAddMoreInfo, - can_add_open_corporates_url = view.canAddOpenCorporatesUrl, - can_add_physical_location = view.canAddPhysicalLocation, - can_add_private_alias = view.canAddPrivateAlias, - can_add_public_alias = view.canAddPublicAlias, - can_add_tag = view.canAddTag, - can_add_url = view.canAddURL, - can_add_where_tag = view.canAddWhereTag, - can_delete_comment = view.canDeleteComment, - can_add_counterparty = view.canAddCounterparty, - can_delete_corporate_location = view.canDeleteCorporateLocation, - can_delete_image = view.canDeleteImage, - can_delete_physical_location = view.canDeletePhysicalLocation, - can_delete_tag = view.canDeleteTag, - can_delete_where_tag = view.canDeleteWhereTag, - can_edit_owner_comment = view.canEditOwnerComment, - can_see_bank_account_balance = view.canSeeBankAccountBalance, - can_query_available_funds = view.canQueryAvailableFunds, - can_see_bank_account_bank_name = view.canSeeBankAccountBankName, - can_see_bank_account_currency = view.canSeeBankAccountCurrency, - can_see_bank_account_iban = view.canSeeBankAccountIban, - can_see_bank_account_label = view.canSeeBankAccountLabel, - can_see_bank_account_national_identifier = view.canSeeBankAccountNationalIdentifier, - can_see_bank_account_number = view.canSeeBankAccountNumber, - can_see_bank_account_owners = view.canSeeBankAccountOwners, - can_see_bank_account_swift_bic = view.canSeeBankAccountSwift_bic, - can_see_bank_account_type = view.canSeeBankAccountType, - can_see_comments = view.canSeeComments, - can_see_corporate_location = view.canSeeCorporateLocation, - can_see_image_url = view.canSeeImageUrl, - can_see_images = view.canSeeImages, - can_see_more_info = view.canSeeMoreInfo, - can_see_open_corporates_url = view.canSeeOpenCorporatesUrl, - can_see_other_account_bank_name = view.canSeeOtherAccountBankName, - can_see_other_account_iban = view.canSeeOtherAccountIBAN, - can_see_other_account_kind = view.canSeeOtherAccountKind, - can_see_other_account_metadata = view.canSeeOtherAccountMetadata, - can_see_other_account_national_identifier = view.canSeeOtherAccountNationalIdentifier, - can_see_other_account_number = view.canSeeOtherAccountNumber, - can_see_other_account_swift_bic = view.canSeeOtherAccountSWIFT_BIC, - can_see_owner_comment = view.canSeeOwnerComment, - can_see_physical_location = view.canSeePhysicalLocation, - can_see_private_alias = view.canSeePrivateAlias, - can_see_public_alias = view.canSeePublicAlias, - can_see_tags = view.canSeeTags, - can_see_transaction_amount = view.canSeeTransactionAmount, - can_see_transaction_balance = view.canSeeTransactionBalance, - can_see_transaction_currency = view.canSeeTransactionCurrency, - can_see_transaction_description = view.canSeeTransactionDescription, - can_see_transaction_finish_date = view.canSeeTransactionFinishDate, - can_see_transaction_metadata = view.canSeeTransactionMetadata, - can_see_transaction_other_bank_account = view.canSeeTransactionOtherBankAccount, - can_see_transaction_start_date = view.canSeeTransactionStartDate, - can_see_transaction_this_bank_account = view.canSeeTransactionThisBankAccount, - can_see_transaction_type = view.canSeeTransactionType, - can_see_url = view.canSeeUrl, - can_see_where_tag = view.canSeeWhereTag, + can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_query_available_funds = view.allowed_actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS), + can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG), //V300 new - can_see_bank_routing_scheme = view.canSeeBankRoutingScheme, - can_see_bank_routing_address = view.canSeeBankRoutingAddress, - can_see_bank_account_routing_scheme = view.canSeeBankAccountRoutingScheme, - can_see_bank_account_routing_address = view.canSeeBankAccountRoutingAddress, - can_see_other_bank_routing_scheme = view.canSeeOtherBankRoutingScheme, - can_see_other_bank_routing_address = view.canSeeOtherBankRoutingAddress, - can_see_other_account_routing_scheme = view.canSeeOtherAccountRoutingScheme, - can_see_other_account_routing_address= view.canSeeOtherAccountRoutingAddress, - can_add_transaction_request_to_own_account = view.canAddTransactionRequestToOwnAccount, //added following two for payments - can_add_transaction_request_to_any_account = view.canAddTransactionRequestToAnyAccount, - can_see_bank_account_credit_limit = view.canSeeBankAccountCreditLimit, - can_create_direct_debit = view.canCreateDirectDebit, - can_create_standing_order = view.canCreateStandingOrder, + can_see_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME), + can_see_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS), + can_see_bank_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME), + can_see_bank_account_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS), + can_see_other_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME), + can_see_other_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS), + can_see_other_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME), + can_see_other_account_routing_address= view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS), + can_add_transaction_request_to_own_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT), //added following two for payments + can_add_transaction_request_to_any_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT), + can_see_bank_account_credit_limit = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT), + can_create_direct_debit = view.allowed_actions.exists(_ == CAN_CREATE_DIRECT_DEBIT), + can_create_standing_order = view.allowed_actions.exists(_ == CAN_CREATE_STANDING_ORDER), // Version 5.0.0 can_grant_access_to_views = view.canGrantAccessToViews.getOrElse(Nil), can_revoke_access_to_views = view.canRevokeAccessToViews.getOrElse(Nil), diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index d9ed88566..b9196a235 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -2,6 +2,7 @@ package code.api.v5_1_0 import code.api.Constant +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3.{ConsentAccessAccountsJson, ConsentAccessJson} import code.api.util.APIUtil._ @@ -3744,9 +3745,9 @@ trait APIMethods510 { (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionRequests_)).dropRight(1)}` permission on the View(${viewId.value})", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc=callContext){ - view.canSeeTransactionRequests + view.allowed_actions.exists(_ ==CAN_SEE_TRANSACTION_REQUESTS) } (transactionRequests, callContext) <- Future(Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext)) map { unboxFullOrFail(_, callContext, GetTransactionRequestsException) @@ -3933,9 +3934,9 @@ trait APIMethods510 { bankIdAccountId = BankIdAccountId(bankId, accountId) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, bankIdAccountId, Full(u), callContext) // Note we do one explicit check here rather than use moderated account because this provides an explicit message - failMsg = ViewDoesNotPermitAccess + s" You need the `${StringHelpers.snakify(nameOf(view.canSeeBankAccountBalance))}` permission on VIEW_ID(${viewId.value})" + failMsg = ViewDoesNotPermitAccess + s" You need the `${StringHelpers.snakify(CAN_SEE_BANK_ACCOUNT_BALANCE)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failMsg, 403, cc = callContext) { - view.canSeeBankAccountBalance + view.allowed_actions.exists(_ ==CAN_SEE_BANK_ACCOUNT_BALANCE) } (accountBalances, callContext) <- BalanceNewStyle.getBankAccountBalances(bankIdAccountId, callContext) } yield { @@ -4432,10 +4433,10 @@ trait APIMethods510 { permissionsFromTarget.toSet.subsetOf(permissionsFromSource) } - failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(view.canCreateCustomView))}` permission on VIEW_ID(${viewId.value})" + failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failMsg, cc = callContext) { - view.canCreateCustomView + view.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW) } (view, callContext) <- NewStyle.function.createCustomView(BankIdAccountId(bankId, accountId), createCustomViewJson.toCreateViewJson, callContext) } yield { @@ -4489,10 +4490,10 @@ trait APIMethods510 { permissionsFromTarget.toSet.subsetOf(permissionsFromSource) } - failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(view.canUpdateCustomView))}` permission on VIEW_ID(${viewId.value})" + failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failmsg, cc = callContext) { - view.canCreateCustomView + view.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW) } (view, callContext) <- NewStyle.function.updateCustomView(BankIdAccountId(bankId, accountId), targetViewId, targetCreateCustomViewJson.toUpdateViewJson, callContext) @@ -4555,9 +4556,9 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg = InvalidCustomViewFormat + s"Current TARGET_VIEW_ID (${targetViewId.value})", cc = callContext) { isValidCustomViewId(targetViewId.value) } - failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(view.canGetCustomView))}`permission on any your views. Current VIEW_ID (${viewId.value})" + failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_GET_CUSTOM_VIEW)}`permission on any your views. Current VIEW_ID (${viewId.value})" _ <- Helper.booleanToFuture(failmsg, cc = callContext) { - view.canGetCustomView + view.allowed_actions.exists(_ ==CAN_GET_CUSTOM_VIEW) } targetView <- NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) } yield { @@ -4597,9 +4598,9 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg = InvalidCustomViewFormat + s"Current TARGET_VIEW_ID (${targetViewId.value})", cc = callContext) { isValidCustomViewId(targetViewId.value) } - failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(view.canDeleteCustomView))}` permission on any your views.Current VIEW_ID (${viewId.value})" + failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views.Current VIEW_ID (${viewId.value})" _ <- Helper.booleanToFuture(failMsg, cc = callContext) { - view.canDeleteCustomView + view.allowed_actions.exists(_ ==CAN_DELETE_CUSTOM_VIEW) } _ <- NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) deleted <- NewStyle.function.removeCustomView(targetViewId, BankIdAccountId(bankId, accountId), callContext) diff --git a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala index e4f45ca05..0463b6cf6 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala @@ -999,7 +999,7 @@ object JSONFactory510 extends CustomJsonFormats { val organisationWebsiteEnergySource = APIUtil.getPropsValue("energy_source.organisation_website", "") val energySource = EnergySource400(organisationEnergySource, organisationWebsiteEnergySource) - val connector = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") + val connector = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") val resourceDocsRequiresRole = APIUtil.getPropsAsBoolValue("resource_docs_requires_role", false) APIInfoJsonV510( diff --git a/obp-api/src/main/scala/code/bankconnectors/Connector.scala b/obp-api/src/main/scala/code/bankconnectors/Connector.scala index 48d082dbd..2d3a8ae3e 100644 --- a/obp-api/src/main/scala/code/bankconnectors/Connector.scala +++ b/obp-api/src/main/scala/code/bankconnectors/Connector.scala @@ -80,7 +80,7 @@ object Connector extends SimpleInjector { val connector = new Inject(buildOne _) {} def buildOne: Connector = { - val connectorProps = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet The missing props is 'connector'") + val connectorProps = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet The missing props is 'connector'") getConnectorInstance(connectorProps) } diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala index 2bc99ae3e..f3fa9d7a0 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala @@ -4719,7 +4719,7 @@ object LocalMappedConnector extends Connector with MdcLoggable { for ( permission <- Views.views.vend.permissions(BankIdAccountId(bankId, accountId)) ) yield { - permission.views.exists(_.canAddTransactionRequestToAnyAccount == true) match { + permission.views.exists(_.allowed_actions.exists( _ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) match { case true => Some(permission.user) case _ => None } diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala index a49f32b74..45c002922 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala @@ -71,7 +71,7 @@ object LocalMappedConnectorInternal extends MdcLoggable { fromBankIdAccountId = BankIdAccountId(fromAccount.bankId, fromAccount.accountId) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, fromBankIdAccountId, Full(user), callContext) _ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest, cc = callContext) { - view.canAddTransactionRequestToAnyAccount + view.allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) } (paymentLimit, callContext) <- Connector.connector.vend.getPaymentLimit( diff --git a/obp-api/src/main/scala/code/model/ModeratedBankingData.scala b/obp-api/src/main/scala/code/model/ModeratedBankingData.scala index eb92b28d5..7314db295 100644 --- a/obp-api/src/main/scala/code/model/ModeratedBankingData.scala +++ b/obp-api/src/main/scala/code/model/ModeratedBankingData.scala @@ -26,6 +26,7 @@ TESOBE (http://www.tesobe.com/) */ package code.model +import code.api.Constant._ import code.api.util.ErrorMessages._ import code.api.util.{APIUtil, CallContext} import code.model.Moderation.Moderated @@ -123,7 +124,7 @@ class ModeratedTransactionMetadata( u <- Box(user) ?~ { UserNotLoggedIn} tagList <- Box(tags) ?~ { s"$NoViewPermission can_delete_tag. " } tag <- Box(tagList.find(tag => tag.id_ == tagId)) ?~ {"Tag with id " + tagId + "not found for this transaction"} - deleteFunc <- if(tag.postedBy == user||view.canDeleteTag) + deleteFunc <- if(tag.postedBy == user||view.allowed_actions.exists(_ == CAN_DELETE_TAG)) Box(deleteTag) ?~ "Deleting tags not permitted for this view" else Failure("deleting tags not permitted for the current user") @@ -140,7 +141,7 @@ class ModeratedTransactionMetadata( u <- Box(user) ?~ { UserNotLoggedIn} imageList <- Box(images) ?~ { s"$NoViewPermission can_delete_image." } image <- Box(imageList.find(image => image.id_ == imageId)) ?~ {"Image with id " + imageId + "not found for this transaction"} - deleteFunc <- if(image.postedBy == user || view.canDeleteImage) + deleteFunc <- if(image.postedBy == user || view.allowed_actions.exists(_ ==CAN_DELETE_IMAGE)) Box(deleteImage) ?~ "Deleting images not permitted for this view" else Failure("Deleting images not permitted for the current user") @@ -154,7 +155,7 @@ class ModeratedTransactionMetadata( u <- Box(user) ?~ { UserNotLoggedIn} commentList <- Box(comments) ?~ { s"$NoViewPermission can_delete_comment." } comment <- Box(commentList.find(comment => comment.id_ == commentId)) ?~ {"Comment with id "+commentId+" not found for this transaction"} - deleteFunc <- if(comment.postedBy == user || view.canDeleteComment) + deleteFunc <- if(comment.postedBy == user || view.allowed_actions.exists(_ ==CAN_DELETE_COMMENT)) Box(deleteComment) ?~ "Deleting comments not permitted for this view" else Failure("Deleting comments not permitted for the current user") @@ -168,7 +169,7 @@ class ModeratedTransactionMetadata( u <- Box(user) ?~ { UserNotLoggedIn} whereTagOption <- Box(whereTag) ?~ { s"$NoViewPermission can_delete_where_tag. Current ViewId($viewId)" } whereTag <- Box(whereTagOption) ?~ {"there is no tag to delete"} - deleteFunc <- if(whereTag.postedBy == user || view.canDeleteWhereTag) + deleteFunc <- if(whereTag.postedBy == user || view.allowed_actions.exists(_ ==CAN_DELETE_WHERE_TAG)) Box(deleteWhereTag) ?~ "Deleting tag is not permitted for this view" else Failure("Deleting tags not permitted for the current user") diff --git a/obp-api/src/main/scala/code/model/View.scala b/obp-api/src/main/scala/code/model/View.scala index 4d599023a..bd9dcc8fa 100644 --- a/obp-api/src/main/scala/code/model/View.scala +++ b/obp-api/src/main/scala/code/model/View.scala @@ -28,10 +28,10 @@ TESOBE (http://www.tesobe.com/) package code.model +import code.api.Constant._ import code.api.util.ErrorMessages import code.metadata.counterparties.Counterparties -import code.views.system.{ViewDefinition, ViewPermission} -import com.github.dwickern.macros.NameOf.nameOf +import code.views.system.ViewPermission import com.openbankproject.commons.model._ import com.openbankproject.commons.model.enums.AccountRoutingScheme import net.liftweb.common._ @@ -372,7 +372,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionThisBankAccount_)).dropRight(1)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } @@ -424,7 +424,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionThisBankAccount_)).dropRight(1)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } def moderateAccountCore(bankAccount: BankAccount) : Box[ModeratedBankAccountCore] = { @@ -459,7 +459,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionThisBankAccount_)).dropRight(1)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } // Moderate the Counterparty side of the Transaction (i.e. the Other Account involved in the transaction) @@ -584,7 +584,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionOtherBankAccount_)).dropRight(1)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } def moderateCore(counterpartyCore : CounterpartyCore) : Box[ModeratedOtherBankAccountCore] = { @@ -635,6 +635,6 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(nameOf(ViewDefinition.canSeeTransactionOtherBankAccount_)).dropRight(1)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } } diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala index cb056b0f7..29db243af 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala @@ -419,7 +419,7 @@ import net.liftweb.util.Helpers._ /**Marking the locked state to show different error message */ val usernameLockedStateCode = Long.MaxValue - val connector = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") + val connector = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet. The missing prop is `connector` ") val starConnectorSupportedTypes = APIUtil.getPropsValue("starConnector_supported_types","") override def dbIndexes: List[BaseIndex[AuthUser]] = UniqueIndex(username, provider) ::super.dbIndexes diff --git a/obp-api/src/main/scala/code/transaction/MappedTransaction.scala b/obp-api/src/main/scala/code/transaction/MappedTransaction.scala index 5ff7ab1bb..1e968ee0c 100644 --- a/obp-api/src/main/scala/code/transaction/MappedTransaction.scala +++ b/obp-api/src/main/scala/code/transaction/MappedTransaction.scala @@ -218,7 +218,7 @@ class MappedTransaction extends LongKeyedMapper[MappedTransaction] with IdPK wit } def toTransaction : Option[Transaction] = { - code.api.Constant.Connector match { + code.api.Constant.CONNECTOR match { case Full("akka_vDec2018") => for { acc <- getBankAccountCommon(theBankId, theAccountId, None).map(_._1) diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index 3e254982d..561ebde73 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -482,6 +482,29 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many def usePublicAliasIfOneExists: Boolean = usePublicAliasIfOneExists_.get def hideOtherAccountMetadataIfAlias: Boolean = hideOtherAccountMetadataIfAlias_.get + override def allowed_actions : List[String] = ViewPermission.findViewPermissions(this).map(_.permission.get).distinct + +// override def canGrantAccessToViews : Option[List[String]] = { +// ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp => +// { +// vp.metaData.get match { +// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) +// case _ => None +// } +// }) +// } +// +// override def canRevokeAccessToViews : Option[List[String]] = { +// ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp => +// { +// vp.metaData.get match { +// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) +// case _ => None +// } +// }) +// } + + //This current view can grant access to other views. override def canGrantAccessToViews : Option[List[String]] = { canGrantAccessToViews_.get == null || canGrantAccessToViews_.get.isEmpty() match { diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 85db9aa85..17c09f643 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -11,7 +11,10 @@ class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with Crea object account_id extends MappedString(this, 255) object view_id extends UUIDString(this) object permission extends MappedString(this, 255) - object metaData extends MappedString(this, 1024) //this is for special permissions like "canRevokeAccessToViews" and "canGrantAccessToViews", it need to support list of views. + + //this is for special permissions like "canRevokeAccessToViews" and "canGrantAccessToViews", it will be a list of view ids , + // eg: owner,auditor,accountant,firehose,standard,StageOne,ManageCustomViews,ReadAccountsBasic,ReadAccountsDetail,ReadBalances,ReadTransactionsBasic,ReadTransactionsDebits, + object metaData extends MappedString(this, 1024) } object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermission] { override def dbIndexes: List[BaseIndex[ViewPermission]] = UniqueIndex(bank_id, account_id, view_id, permission) :: super.dbIndexes diff --git a/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala b/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala index 4924a3521..ebc971366 100644 --- a/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala +++ b/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala @@ -26,12 +26,13 @@ TESOBE (http://www.tesobe.com/) */ package code.api.v1_2_1 -import code.api.Constant._ import _root_.net.liftweb.json.Serialization.write +import code.api.Constant._ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON import code.api.util.APIUtil import code.api.util.APIUtil.OAuth._ import code.api.util.APIUtil.isValidSystemViewId +import code.api.util.ErrorMessages._ import code.bankconnectors.Connector import code.setup.{APIResponse, DefaultUsers, PrivateUser2AccountsAndSetUpWithTestData, ServerSetupWithTestData} import code.views.Views @@ -39,7 +40,6 @@ import com.openbankproject.commons.model._ import net.liftweb.json._ import net.liftweb.util.Helpers._ import org.scalatest.Tag -import code.api.util.ErrorMessages._ import scala.util.Random._ @@ -2017,8 +2017,10 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val viewId = SYSTEM_OWNER_VIEW_ID val userId1 = resourceUser2.idGivenByProvider val userId2 = resourceUser2.idGivenByProvider - grantUserAccessToView(bankId, bankAccount.id, userId1, viewId, user1) - grantUserAccessToView(bankId, bankAccount.id, userId2, viewId, user1) + val replyGrant1 = grantUserAccessToView(bankId, bankAccount.id, userId1, viewId, user1) + replyGrant1.code should equal (201) + val replyGrant2 = grantUserAccessToView(bankId, bankAccount.id, userId2, viewId, user1) + replyGrant2.code should equal (201) val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId1, user1).body.extract[ViewsJSONV121].views.length When("the request is sent") val reply = revokeUserAccessToView(bankId, bankAccount.id, userId1, viewId, user1) diff --git a/obp-api/src/test/scala/code/api/v3_1_0/ObpApiLoopbackTest.scala b/obp-api/src/test/scala/code/api/v3_1_0/ObpApiLoopbackTest.scala index 482254d7c..3dd0e9a6f 100644 --- a/obp-api/src/test/scala/code/api/v3_1_0/ObpApiLoopbackTest.scala +++ b/obp-api/src/test/scala/code/api/v3_1_0/ObpApiLoopbackTest.scala @@ -51,7 +51,7 @@ class ObpApiLoopbackTest extends V310ServerSetup { val response310 = makeGetRequest(request310) Then("We should get a 400") response310.code should equal(400) - val connectorVersion = code.api.Constant.Connector.openOrThrowException(s"$MandatoryPropertyIsNotSet The missing props is 'connector'") + val connectorVersion = code.api.Constant.CONNECTOR.openOrThrowException(s"$MandatoryPropertyIsNotSet The missing props is 'connector'") val errorMessage = s"${NotImplemented}" And("error should be " + errorMessage) response310.body.extract[ErrorMessage].message should equal (errorMessage) diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index ca8bb81f2..dba7e7bdc 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -249,7 +249,12 @@ trait View { def usePrivateAliasIfOneExists: Boolean def hideOtherAccountMetadataIfAlias: Boolean - + /** + * These three will get the allowed actions from viewPermission table + */ + def allowed_actions : List[String] + + def canGrantAccessToViews : Option[List[String]] = None def canRevokeAccessToViews : Option[List[String]] = None From 7df10433373f8152ad36987a9f52ae3666fc06c6 Mon Sep 17 00:00:00 2001 From: hongwei Date: Wed, 9 Jul 2025 10:24:03 +0200 Subject: [PATCH 13/26] refactor/update import for currency validation function in APIMethods400 --- obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index a4b499940..c5bdea210 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -18,7 +18,7 @@ import code.api.util.ExampleValue._ import code.api.util.FutureUtil.EndpointContext import code.api.util.Glossary.getGlossaryItem import code.api.util.NewStyle.HttpCode -import code.api.util.NewStyle.function._ +import code.api.util.NewStyle.function.{isValidCurrencyISOCode => isValidCurrencyISOCodeNS, _} import code.api.util._ import code.api.util.migration.Migration import code.api.util.newstyle.AttributeDefinition._ From 41a29c3b42473dbc9a3e9c2b7e455a2fd11e3c55 Mon Sep 17 00:00:00 2001 From: hongwei Date: Thu, 10 Jul 2025 13:57:22 +0200 Subject: [PATCH 14/26] feature/viewPermission store snake case instead of camel case in database. --- .../scala/code/api/constant/constant.scala | 186 +++++++++--------- .../main/scala/code/views/MapperViews.scala | 22 +-- .../code/views/system/ViewDefinition.scala | 10 +- .../commons/model/ViewModel.scala | 10 +- 4 files changed, 114 insertions(+), 114 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 8e4cf7952..c47493fbe 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -128,99 +128,99 @@ object Constant extends MdcLoggable { final val GET_STATIC_RESOURCE_DOCS_TTL: Int = APIUtil.getPropsValue(s"staticResourceDocsObp.cache.ttl.seconds", "3600").toInt final val SHOW_USED_CONNECTOR_METHODS: Boolean = APIUtil.getPropsAsBoolValue(s"show_used_connector_methods", false) - final val CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT = "canSeeTransactionOtherBankAccount" - final val CAN_SEE_TRANSACTION_METADATA = "canSeeTransactionMetadata" - final val CAN_SEE_TRANSACTION_DESCRIPTION = "canSeeTransactionDescription" - final val CAN_SEE_TRANSACTION_AMOUNT = "canSeeTransactionAmount" - final val CAN_SEE_TRANSACTION_TYPE = "canSeeTransactionType" - final val CAN_SEE_TRANSACTION_CURRENCY = "canSeeTransactionCurrency" - final val CAN_SEE_TRANSACTION_START_DATE = "canSeeTransactionStartDate" - final val CAN_SEE_TRANSACTION_FINISH_DATE = "canSeeTransactionFinishDate" - final val CAN_SEE_TRANSACTION_BALANCE = "canSeeTransactionBalance" - final val CAN_SEE_COMMENTS = "canSeeComments" - final val CAN_SEE_OWNER_COMMENT = "canSeeOwnerComment" - final val CAN_SEE_TAGS = "canSeeTags" - final val CAN_SEE_IMAGES = "canSeeImages" - final val CAN_SEE_BANK_ACCOUNT_OWNERS = "canSeeBankAccountOwners" - final val CAN_SEE_BANK_ACCOUNT_TYPE = "canSeeBankAccountType" - final val CAN_SEE_BANK_ACCOUNT_BALANCE = "canSeeBankAccountBalance" - final val CAN_QUERY_AVAILABLE_FUNDS = "canQueryAvailableFunds" - final val CAN_SEE_BANK_ACCOUNT_LABEL = "canSeeBankAccountLabel" - final val CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER = "canSeeBankAccountNationalIdentifier" - final val CAN_SEE_BANK_ACCOUNT_SWIFT_BIC = "canSeeBankAccountSwift_bic" - final val CAN_SEE_BANK_ACCOUNT_IBAN = "canSeeBankAccountIban" - final val CAN_SEE_BANK_ACCOUNT_NUMBER = "canSeeBankAccountNumber" - final val CAN_SEE_BANK_ACCOUNT_BANK_NAME = "canSeeBankAccountBankName" - final val CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK = "canSeeBankAccountBankPermalink" - final val CAN_SEE_BANK_ROUTING_SCHEME = "canSeeBankRoutingScheme" - final val CAN_SEE_BANK_ROUTING_ADDRESS = "canSeeBankRoutingAddress" - final val CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME = "canSeeBankAccountRoutingScheme" - final val CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS = "canSeeBankAccountRoutingAddress" - final val CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER = "canSeeOtherAccountNationalIdentifier" - final val CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC = "canSeeOtherAccountSWIFT_BIC" - final val CAN_SEE_OTHER_ACCOUNT_IBAN = "canSeeOtherAccountIBAN" - final val CAN_SEE_OTHER_ACCOUNT_BANK_NAME = "canSeeOtherAccountBankName" - final val CAN_SEE_OTHER_ACCOUNT_NUMBER = "canSeeOtherAccountNumber" - final val CAN_SEE_OTHER_ACCOUNT_METADATA = "canSeeOtherAccountMetadata" - final val CAN_SEE_OTHER_ACCOUNT_KIND = "canSeeOtherAccountKind" - final val CAN_SEE_OTHER_BANK_ROUTING_SCHEME = "canSeeOtherBankRoutingScheme" - final val CAN_SEE_OTHER_BANK_ROUTING_ADDRESS = "canSeeOtherBankRoutingAddress" - final val CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME = "canSeeOtherAccountRoutingScheme" - final val CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS = "canSeeOtherAccountRoutingAddress" - final val CAN_SEE_MORE_INFO = "canSeeMoreInfo" - final val CAN_SEE_URL = "canSeeUrl" - final val CAN_SEE_IMAGE_URL = "canSeeImageUrl" - final val CAN_SEE_OPEN_CORPORATES_URL = "canSeeOpenCorporatesUrl" - final val CAN_SEE_CORPORATE_LOCATION = "canSeeCorporateLocation" - final val CAN_SEE_PHYSICAL_LOCATION = "canSeePhysicalLocation" - final val CAN_SEE_PUBLIC_ALIAS = "canSeePublicAlias" - final val CAN_SEE_PRIVATE_ALIAS = "canSeePrivateAlias" - final val CAN_ADD_MORE_INFO = "canAddMoreInfo" - final val CAN_ADD_URL = "canAddURL" - final val CAN_ADD_IMAGE_URL = "canAddImageURL" - final val CAN_ADD_OPEN_CORPORATES_URL = "canAddOpenCorporatesUrl" - final val CAN_ADD_CORPORATE_LOCATION = "canAddCorporateLocation" - final val CAN_ADD_PHYSICAL_LOCATION = "canAddPhysicalLocation" - final val CAN_ADD_PUBLIC_ALIAS = "canAddPublicAlias" - final val CAN_ADD_PRIVATE_ALIAS = "canAddPrivateAlias" - final val CAN_ADD_COUNTERPARTY = "canAddCounterparty" - final val CAN_GET_COUNTERPARTY = "canGetCounterparty" - final val CAN_DELETE_COUNTERPARTY = "canDeleteCounterparty" - final val CAN_DELETE_CORPORATE_LOCATION = "canDeleteCorporateLocation" - final val CAN_DELETE_PHYSICAL_LOCATION = "canDeletePhysicalLocation" - final val CAN_EDIT_OWNER_COMMENT = "canEditOwnerComment" - final val CAN_ADD_COMMENT = "canAddComment" - final val CAN_DELETE_COMMENT = "canDeleteComment" - final val CAN_ADD_TAG = "canAddTag" - final val CAN_DELETE_TAG = "canDeleteTag" - final val CAN_ADD_IMAGE = "canAddImage" - final val CAN_DELETE_IMAGE = "canDeleteImage" - final val CAN_ADD_WHERE_TAG = "canAddWhereTag" - final val CAN_SEE_WHERE_TAG = "canSeeWhereTag" - final val CAN_DELETE_WHERE_TAG = "canDeleteWhereTag" - final val CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT = "canAddTransactionRequestToOwnAccount" - final val CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT = "canAddTransactionRequestToAnyAccount" - final val CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT = "canSeeBankAccountCreditLimit" - final val CAN_CREATE_DIRECT_DEBIT = "canCreateDirectDebit" - final val CAN_CREATE_STANDING_ORDER = "canCreateStandingOrder" - final val CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS = "canRevokeAccessToCustomViews" - final val CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS = "canGrantAccessToCustomViews" - final val CAN_SEE_TRANSACTION_REQUESTS = "canSeeTransactionRequests" - final val CAN_SEE_TRANSACTION_REQUEST_TYPES = "canSeeTransactionRequestTypes" - final val CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT = "canSeeAvailableViewsForBankAccount" - final val CAN_UPDATE_BANK_ACCOUNT_LABEL = "canUpdateBankAccountLabel" - final val CAN_CREATE_CUSTOM_VIEW = "canCreateCustomView" - final val CAN_DELETE_CUSTOM_VIEW = "canDeleteCustomView" - final val CAN_UPDATE_CUSTOM_VIEW = "canUpdateCustomView" - final val CAN_GET_CUSTOM_VIEW = "canGetCustomView" - final val CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS = "canSeeViewsWithPermissionsForAllUsers" - final val CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER = "canSeeViewsWithPermissionsForOneUser" - final val CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT = "canSeeTransactionThisBankAccount" - final val CAN_SEE_TRANSACTION_STATUS = "canSeeTransactionStatus" - final val CAN_SEE_BANK_ACCOUNT_CURRENCY = "canSeeBankAccountCurrency" - final val CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY = "canAddTransactionRequestToBeneficiary" - final val CAN_GRANT_ACCESS_TO_VIEWS = "canGrantAccessToViews" - final val CAN_REVOKE_ACCESS_TO_VIEWS = "canRevokeAccessToViews" + final val CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT = "can_see_transaction_other_bank_account" + final val CAN_SEE_TRANSACTION_METADATA = "can_see_transaction_metadata" + final val CAN_SEE_TRANSACTION_DESCRIPTION = "can_see_transaction_description" + final val CAN_SEE_TRANSACTION_AMOUNT = "can_see_transaction_amount" + final val CAN_SEE_TRANSACTION_TYPE = "can_see_transaction_type" + final val CAN_SEE_TRANSACTION_CURRENCY = "can_see_transaction_currency" + final val CAN_SEE_TRANSACTION_START_DATE = "can_see_transaction_start_date" + final val CAN_SEE_TRANSACTION_FINISH_DATE = "can_see_transaction_finish_date" + final val CAN_SEE_TRANSACTION_BALANCE = "can_see_transaction_balance" + final val CAN_SEE_COMMENTS = "can_see_comments" + final val CAN_SEE_OWNER_COMMENT = "can_see_owner_comment" + final val CAN_SEE_TAGS = "can_see_tags" + final val CAN_SEE_IMAGES = "can_see_images" + final val CAN_SEE_BANK_ACCOUNT_OWNERS = "can_see_bank_account_owners" + final val CAN_SEE_BANK_ACCOUNT_TYPE = "can_see_bank_account_type" + final val CAN_SEE_BANK_ACCOUNT_BALANCE = "can_see_bank_account_balance" + final val CAN_QUERY_AVAILABLE_FUNDS = "can_query_available_funds" + final val CAN_SEE_BANK_ACCOUNT_LABEL = "can_see_bank_account_label" + final val CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER = "can_see_bank_account_national_identifier" + final val CAN_SEE_BANK_ACCOUNT_SWIFT_BIC = "can_see_bank_account_swift_bic" + final val CAN_SEE_BANK_ACCOUNT_IBAN = "can_see_bank_account_iban" + final val CAN_SEE_BANK_ACCOUNT_NUMBER = "can_see_bank_account_number" + final val CAN_SEE_BANK_ACCOUNT_BANK_NAME = "can_see_bank_account_bank_name" + final val CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK = "can_see_bank_account_bank_permalink" + final val CAN_SEE_BANK_ROUTING_SCHEME = "can_see_bank_routing_scheme" + final val CAN_SEE_BANK_ROUTING_ADDRESS = "can_see_bank_routing_address" + final val CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME = "can_see_bank_account_routing_scheme" + final val CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS = "can_see_bank_account_routing_address" + final val CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER = "can_see_other_account_national_identifier" + final val CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC = "can_see_other_account_swift_bic" + final val CAN_SEE_OTHER_ACCOUNT_IBAN = "can_see_other_account_iban" + final val CAN_SEE_OTHER_ACCOUNT_BANK_NAME = "can_see_other_account_bank_name" + final val CAN_SEE_OTHER_ACCOUNT_NUMBER = "can_see_other_account_number" + final val CAN_SEE_OTHER_ACCOUNT_METADATA = "can_see_other_account_metadata" + final val CAN_SEE_OTHER_ACCOUNT_KIND = "can_see_other_account_kind" + final val CAN_SEE_OTHER_BANK_ROUTING_SCHEME = "can_see_other_bank_routing_scheme" + final val CAN_SEE_OTHER_BANK_ROUTING_ADDRESS = "can_see_other_bank_routing_address" + final val CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME = "can_see_other_account_routing_scheme" + final val CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS = "can_see_other_account_routing_address" + final val CAN_SEE_MORE_INFO = "can_see_more_info" + final val CAN_SEE_URL = "can_see_url" + final val CAN_SEE_IMAGE_URL = "can_see_image_url" + final val CAN_SEE_OPEN_CORPORATES_URL = "can_see_open_corporates_url" + final val CAN_SEE_CORPORATE_LOCATION = "can_see_corporate_location" + final val CAN_SEE_PHYSICAL_LOCATION = "can_see_physical_location" + final val CAN_SEE_PUBLIC_ALIAS = "can_see_public_alias" + final val CAN_SEE_PRIVATE_ALIAS = "can_see_private_alias" + final val CAN_ADD_MORE_INFO = "can_add_more_info" + final val CAN_ADD_URL = "can_add_url" + final val CAN_ADD_IMAGE_URL = "can_add_image_url" + final val CAN_ADD_OPEN_CORPORATES_URL = "can_add_open_corporates_url" + final val CAN_ADD_CORPORATE_LOCATION = "can_add_corporate_location" + final val CAN_ADD_PHYSICAL_LOCATION = "can_add_physical_location" + final val CAN_ADD_PUBLIC_ALIAS = "can_add_public_alias" + final val CAN_ADD_PRIVATE_ALIAS = "can_add_private_alias" + final val CAN_ADD_COUNTERPARTY = "can_add_counterparty" + final val CAN_GET_COUNTERPARTY = "can_get_counterparty" + final val CAN_DELETE_COUNTERPARTY = "can_delete_counterparty" + final val CAN_DELETE_CORPORATE_LOCATION = "can_delete_corporate_location" + final val CAN_DELETE_PHYSICAL_LOCATION = "can_delete_physical_location" + final val CAN_EDIT_OWNER_COMMENT = "can_edit_owner_comment" + final val CAN_ADD_COMMENT = "can_add_comment" + final val CAN_DELETE_COMMENT = "can_delete_comment" + final val CAN_ADD_TAG = "can_add_tag" + final val CAN_DELETE_TAG = "can_delete_tag" + final val CAN_ADD_IMAGE = "can_add_image" + final val CAN_DELETE_IMAGE = "can_delete_image" + final val CAN_ADD_WHERE_TAG = "can_add_where_tag" + final val CAN_SEE_WHERE_TAG = "can_see_where_tag" + final val CAN_DELETE_WHERE_TAG = "can_delete_where_tag" + final val CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT = "can_add_transaction_request_to_own_account" + final val CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT = "can_add_transaction_request_to_any_account" + final val CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT = "can_see_bank_account_credit_limit" + final val CAN_CREATE_DIRECT_DEBIT = "can_create_direct_debit" + final val CAN_CREATE_STANDING_ORDER = "can_create_standing_order" + final val CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS = "can_revoke_access_to_custom_views" + final val CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS = "can_grant_access_to_custom_views" + final val CAN_SEE_TRANSACTION_REQUESTS = "can_see_transaction_requests" + final val CAN_SEE_TRANSACTION_REQUEST_TYPES = "can_see_transaction_request_types" + final val CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT = "can_see_available_views_for_bank_account" + final val CAN_UPDATE_BANK_ACCOUNT_LABEL = "can_update_bank_account_label" + final val CAN_CREATE_CUSTOM_VIEW = "can_create_custom_view" + final val CAN_DELETE_CUSTOM_VIEW = "can_delete_custom_view" + final val CAN_UPDATE_CUSTOM_VIEW = "can_update_custom_view" + final val CAN_GET_CUSTOM_VIEW = "can_get_custom_view" + final val CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS = "can_see_views_with_permissions_for_all_users" + final val CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER = "can_see_views_with_permissions_for_one_user" + final val CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT = "can_see_transaction_this_bank_account" + final val CAN_SEE_TRANSACTION_STATUS = "can_see_transaction_status" + final val CAN_SEE_BANK_ACCOUNT_CURRENCY = "can_see_bank_account_currency" + final val CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY = "can_add_transaction_request_to_beneficiary" + final val CAN_GRANT_ACCESS_TO_VIEWS = "can_grant_access_to_views" + final val CAN_REVOKE_ACCESS_TO_VIEWS = "can_revoke_access_to_views" final val VIEW_PERMISSION_NAMES = List( CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index ffeab0c0e..6c6217dad 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -647,32 +647,32 @@ object MapperViews extends Views with MdcLoggable { // For the rest of the permissions, they are just boolean values. if (permissionName == CAN_REVOKE_ACCESS_TO_VIEWS || permissionName == CAN_GRANT_ACCESS_TO_VIEWS) { - val permissionValueFromViewdefinition = viewDefinition.getClass.getMethod(permissionName).invoke(viewDefinition).asInstanceOf[Option[List[String]]] + val permissionValueFromViewDefinition = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Option[List[String]]] ViewPermission.findViewPermission(viewDefinition, permissionName) match { - // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we delete it. - case Full(permission) if permissionValueFromViewdefinition.isEmpty => + // If the permission already exists in ViewPermission, but permissionValueFromViewDefinition is empty, we delete it. + case Full(permission) if permissionValueFromViewDefinition.isEmpty => permission.delete_! - // If the permission already exists and permissionValueFromViewdefinition is defined, we update the metadata. - case Full(permission) if permissionValueFromViewdefinition.isDefined => - permission.metaData(permissionValueFromViewdefinition.get.mkString(",")).save + // If the permission already exists and permissionValueFromViewDefinition is defined, we update the metadata. + case Full(permission) if permissionValueFromViewDefinition.isDefined => + permission.metaData(permissionValueFromViewDefinition.get.mkString(",")).save //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView - case Empty if (viewDefinition.isSystem && permissionValueFromViewdefinition.isDefined) => + case Empty if (viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => ViewPermission.create .bank_id(null) .account_id(null) .view_id(viewDefinition.viewId.value) .permission(permissionName) - .metaData(permissionValueFromViewdefinition.get.mkString(",")) + .metaData(permissionValueFromViewDefinition.get.mkString(",")) .save //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView - case Empty if (!viewDefinition.isSystem && permissionValueFromViewdefinition.isDefined) => + case Empty if (!viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => ViewPermission.create .bank_id(viewDefinition.bankId.value) .account_id(viewDefinition.accountId.value) .view_id(viewDefinition.viewId.value) .permission(permissionName) - .metaData(permissionValueFromViewdefinition.get.mkString(",")) + .metaData(permissionValueFromViewDefinition.get.mkString(",")) .save case _ => // This case should not happen, but if it does, we add an error log @@ -680,7 +680,7 @@ object MapperViews extends Views with MdcLoggable { } } else { // For the rest of the permissions, they are just boolean values. - val permissionValue = viewDefinition.getClass.getMethod(permissionName).invoke(viewDefinition).asInstanceOf[Boolean] + val permissionValue = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Boolean] ViewPermission.findViewPermission(viewDefinition, permissionName) match { // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is false, we delete it. diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index 561ebde73..a5f7312b5 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -557,7 +557,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get - def canSeeBankAccountSwift_bic : Boolean = canSeeBankAccountSwift_bic_.get + def canSeeBankAccountSwiftBic : Boolean = canSeeBankAccountSwift_bic_.get def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get def canSeeBankAccountNumber : Boolean = canSeeBankAccountNumber_.get def canSeeBankAccountBankName : Boolean = canSeeBankAccountBankName_.get @@ -571,8 +571,8 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many //other bank account fields def canSeeOtherAccountNationalIdentifier : Boolean = canSeeOtherAccountNationalIdentifier_.get - def canSeeOtherAccountSWIFT_BIC : Boolean = canSeeOtherAccountSWIFT_BIC_.get - def canSeeOtherAccountIBAN : Boolean = canSeeOtherAccountIBAN_.get + def canSeeOtherAccountSwiftBic : Boolean = canSeeOtherAccountSWIFT_BIC_.get + def canSeeOtherAccountIban : Boolean = canSeeOtherAccountIBAN_.get def canSeeOtherAccountBankName : Boolean = canSeeOtherAccountBankName_.get def canSeeOtherAccountNumber : Boolean = canSeeOtherAccountNumber_.get def canSeeOtherAccountMetadata : Boolean = canSeeOtherAccountMetadata_.get @@ -592,8 +592,8 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many def canSeePublicAlias : Boolean = canSeePublicAlias_.get def canSeePrivateAlias : Boolean = canSeePrivateAlias_.get def canAddMoreInfo : Boolean = canAddMoreInfo_.get - def canAddURL : Boolean = canAddURL_.get - def canAddImageURL : Boolean = canAddImageURL_.get + def canAddUrl : Boolean = canAddURL_.get + def canAddImageUrl : Boolean = canAddImageURL_.get def canAddOpenCorporatesUrl : Boolean = canAddOpenCorporatesUrl_.get def canAddCorporateLocation : Boolean = canAddCorporateLocation_.get def canAddPhysicalLocation : Boolean = canAddPhysicalLocation_.get diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index dba7e7bdc..0cb5ad0e7 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -317,7 +317,7 @@ trait View { def canSeeBankAccountNationalIdentifier: Boolean - def canSeeBankAccountSwift_bic: Boolean + def canSeeBankAccountSwiftBic: Boolean def canSeeBankAccountIban: Boolean @@ -340,9 +340,9 @@ trait View { //other bank account (counterparty) fields def canSeeOtherAccountNationalIdentifier: Boolean - def canSeeOtherAccountSWIFT_BIC: Boolean + def canSeeOtherAccountSwiftBic: Boolean - def canSeeOtherAccountIBAN: Boolean + def canSeeOtherAccountIban: Boolean def canSeeOtherAccountBankName: Boolean @@ -380,9 +380,9 @@ trait View { //other bank account (Counterparty) meta data - write def canAddMoreInfo: Boolean - def canAddURL: Boolean + def canAddUrl: Boolean - def canAddImageURL: Boolean + def canAddImageUrl: Boolean def canAddOpenCorporatesUrl: Boolean From f885f8fba9220cfaeb7de316c350477e60f8f5d3 Mon Sep 17 00:00:00 2001 From: hongwei Date: Fri, 11 Jul 2025 17:58:17 +0200 Subject: [PATCH 15/26] feature/viewPermission store snake case instead of camel case in database - fixed Test --- .../SwaggerDefinitionsJSON.scala | 720 ++- .../main/scala/code/api/util/APIUtil.scala | 1 - .../scala/code/api/util/ExampleValue.scala | 191 +- .../main/scala/code/api/util/Glossary.scala | 13 +- .../scala/code/api/v1_2_1/APIMethods121.scala | 12 +- .../code/api/v1_2_1/JSONFactory1.2.1.scala | 120 +- .../scala/code/api/v2_0_0/APIMethods200.scala | 6 +- .../code/api/v2_1_0/JSONFactory2.1.0.scala | 121 +- .../code/api/v2_2_0/JSONFactory2.2.0.scala | 121 +- .../scala/code/api/v3_0_0/APIMethods300.scala | 6 +- .../code/api/v3_0_0/JSONFactory3.0.0.scala | 149 +- .../scala/code/api/v4_0_0/APIMethods400.scala | 6 +- .../scala/code/api/v5_0_0/APIMethods500.scala | 6 +- .../code/api/v5_0_0/JSONFactory5.0.0.scala | 150 +- .../bankconnectors/LocalMappedConnector.scala | 3 +- obp-api/src/main/scala/code/model/View.scala | 228 +- .../main/scala/code/views/MapperViews.scala | 6 +- .../code/views/system/ViewDefinition.scala | 181 +- .../code/views/system/ViewPermission.scala | 6 +- .../scala/code/api/v1_2_0/API12Test.scala | 5588 ----------------- .../scala/code/api/v1_2_1/API1_2_1Test.scala | 78 +- 21 files changed, 1079 insertions(+), 6633 deletions(-) delete mode 100644 obp-api/src/test/scala/code/api/v1_2_0/API12Test.scala diff --git a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala index e9cf374c9..c7f117117 100644 --- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala +++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala @@ -136,185 +136,179 @@ object SwaggerDefinitionsJSON { which_alias_to_use = "family", hide_metadata_if_alias_used = false, allowed_actions = List( - "can_see_transaction_this_bank_account", - "can_see_transaction_other_bank_account", - "can_see_transaction_metadata", - "can_see_transaction_label", - "can_see_transaction_amount", - "can_see_transaction_type", - "can_see_transaction_currency", - "can_see_transaction_start_date", - "can_see_transaction_finish_date", - "can_see_transaction_balance", - "can_see_comments", - "can_see_narrative", - "can_see_tags", - "can_see_images", - "can_see_bank_account_owners", - "can_see_bank_account_type", - "can_see_bank_account_balance", - "can_see_bank_account_currency", - "can_see_bank_account_label", - "can_see_bank_account_national_identifier", - "can_see_bank_account_swift_bic", - "can_see_bank_account_iban", - "can_see_bank_account_number", - "can_see_bank_account_bank_name", - "can_see_other_account_national_identifier", - "can_see_other_account_swift_bic", - "can_see_other_account_iban", - "can_see_other_account_bank_name", - "can_see_other_account_number", - "can_see_other_account_metadata", - "can_see_other_account_kind", - "can_see_more_info", - "can_see_url", - "can_see_image_url", - "can_see_open_corporates_url", - "can_see_corporate_location", - "can_see_physical_location", - "can_see_public_alias", - "can_see_private_alias", - "can_add_more_info", - "can_add_url", - "can_add_image_url", - "can_add_open_corporates_url", - "can_add_corporate_location", - "can_add_physical_location", - "can_add_public_alias", - "can_add_private_alias", - "can_delete_corporate_location", - "can_delete_physical_location", - "can_edit_narrative", - "can_add_comment", - "can_delete_comment", - "can_add_tag", - "can_delete_tag", - "can_add_image", - "can_delete_image", - "can_add_where_tag", - "can_see_where_tag", - "can_delete_where_tag", - "can_create_counterparty", + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, //V300 New - "can_see_bank_routing_scheme", - "can_see_bank_routing_address", - "can_see_bank_account_routing_scheme", - "can_see_bank_account_routing_address", - "can_see_other_bank_routing_scheme", - "can_see_other_bank_routing_address", - "can_see_other_account_routing_scheme", - "can_see_other_account_routing_address", + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, //v310 - "can_query_available_funds", - "can_add_transaction_request_to_own_account", - "can_add_transaction_request_to_any_account", - "can_see_bank_account_credit_limit", + CAN_QUERY_AVAILABLE_FUNDS, + CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT, //v400 - "can_create_direct_debit", - "can_create_standing_order", - + CAN_CREATE_DIRECT_DEBIT, + CAN_CREATE_STANDING_ORDER, + //payments - "can_add_transaction_request_to_any_account" + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT ) ) lazy val createSystemViewJsonV300 = createViewJsonV300.copy(name = "test", metadata_view = "test", is_public = false) lazy val allowedActionsV500 = List( - "can_see_transaction_this_bank_account", - "can_see_transaction_other_bank_account", - "can_see_transaction_metadata", - "can_see_transaction_label", - "can_see_transaction_amount", - "can_see_transaction_type", - "can_see_transaction_currency", - "can_see_transaction_start_date", - "can_see_transaction_finish_date", - "can_see_transaction_balance", - "can_see_comments", - "can_see_narrative", "can_see_tags", - "can_see_images", - "can_see_bank_account_owners", - "can_see_bank_account_type", - "can_see_bank_account_balance", - "can_see_bank_account_currency", - "can_see_bank_account_label", - "can_see_bank_account_national_identifier", - "can_see_bank_account_swift_bic", - "can_see_bank_account_iban", - "can_see_bank_account_number", - "can_see_bank_account_bank_name", - "can_see_other_account_national_identifier", - "can_see_other_account_swift_bic", - "can_see_other_account_iban", - "can_see_other_account_bank_name", - "can_see_other_account_number", - "can_see_other_account_metadata", - "can_see_other_account_kind", - "can_see_more_info", - "can_see_url", - "can_see_image_url", - "can_see_open_corporates_url", - "can_see_corporate_location", - "can_see_physical_location", - "can_see_public_alias", - "can_see_private_alias", - "can_add_more_info", - "can_add_url", - "can_add_image_url", - "can_add_open_corporates_url", - "can_add_corporate_location", - "can_add_physical_location", - "can_add_public_alias", - "can_add_private_alias", - "can_delete_corporate_location", - "can_delete_physical_location", - "can_edit_narrative", - "can_add_comment", - "can_delete_comment", - "can_add_tag", - "can_delete_tag", - "can_add_image", - "can_delete_image", - "can_add_where_tag", - "can_see_where_tag", - "can_delete_where_tag", - "can_create_counterparty", + CAN_EDIT_OWNER_COMMENT, + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, //V300 New - "can_see_bank_routing_scheme", - "can_see_bank_routing_address", - "can_see_bank_account_routing_scheme", - "can_see_bank_account_routing_address", - "can_see_other_bank_routing_scheme", - "can_see_other_bank_routing_address", - "can_see_other_account_routing_scheme", - "can_see_other_account_routing_address", + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, //v310 - "can_query_available_funds", - "can_add_transaction_request_to_own_account", - "can_add_transaction_request_to_any_account", - "can_see_bank_account_credit_limit", + CAN_QUERY_AVAILABLE_FUNDS, + CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT, //v400 - "can_create_direct_debit", - "can_create_standing_order", + CAN_CREATE_DIRECT_DEBIT, + CAN_CREATE_STANDING_ORDER, //payments - "can_add_transaction_request_to_any_account", + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, - "can_see_transaction_request_types", - "can_see_transaction_requests", - "can_see_available_views_for_bank_account", - "can_update_bank_account_label", - "can_create_custom_view", - "can_delete_custom_view", - "can_update_custom_view", - "can_see_views_with_permissions_for_one_user", - "can_see_views_with_permissions_for_all_users", - "can_grant_access_to_custom_views", - "can_revoke_access_to_custom_views", - "can_see_transaction_status" + CAN_SEE_TRANSACTION_REQUEST_TYPES, + CAN_SEE_TRANSACTION_REQUESTS, + CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT, + CAN_UPDATE_BANK_ACCOUNT_LABEL, + CAN_CREATE_CUSTOM_VIEW, + CAN_DELETE_CUSTOM_VIEW, + CAN_UPDATE_CUSTOM_VIEW, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS, + CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS, + CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS, + CAN_SEE_TRANSACTION_STATUS ) lazy val createCustomViewJson = CreateCustomViewJson( @@ -367,76 +361,76 @@ object SwaggerDefinitionsJSON { which_alias_to_use = "family", hide_metadata_if_alias_used = true, allowed_actions = List( - "can_see_transaction_this_bank_account", - "can_see_transaction_other_bank_account", - "can_see_transaction_metadata", - "can_see_transaction_label", - "can_see_transaction_amount", - "can_see_transaction_type", - "can_see_transaction_currency", - "can_see_transaction_start_date", - "can_see_transaction_finish_date", - "can_see_transaction_balance", - "can_see_comments", - "can_see_narrative", "can_see_tags", - "can_see_images", - "can_see_bank_account_owners", - "can_see_bank_account_type", - "can_see_bank_account_balance", - "can_see_bank_account_currency", - "can_see_bank_account_label", - "can_see_bank_account_national_identifier", - "can_see_bank_account_swift_bic", - "can_see_bank_account_iban", - "can_see_bank_account_number", - "can_see_bank_account_bank_name", - "can_see_other_account_national_identifier", - "can_see_other_account_swift_bic", - "can_see_other_account_iban", - "can_see_other_account_bank_name", - "can_see_other_account_number", - "can_see_other_account_metadata", - "can_see_other_account_kind", - "can_see_more_info", - "can_see_url", - "can_see_image_url", - "can_see_open_corporates_url", - "can_see_corporate_location", - "can_see_physical_location", - "can_see_public_alias", - "can_see_private_alias", - "can_add_more_info", - "can_add_url", - "can_add_image_url", - "can_add_open_corporates_url", - "can_add_corporate_location", - "can_add_physical_location", - "can_add_public_alias", - "can_add_private_alias", - "can_delete_corporate_location", - "can_delete_physical_location", - "can_edit_narrative", - "can_add_comment", - "can_delete_comment", - "can_add_tag", - "can_delete_tag", - "can_add_image", - "can_delete_image", - "can_add_where_tag", - "can_see_where_tag", - "can_delete_where_tag", - "can_create_counterparty", + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + //V300 New - "can_see_bank_routing_scheme", - "can_see_bank_routing_address", - "can_see_bank_account_routing_scheme", - "can_see_bank_account_routing_address", - "can_see_other_bank_routing_scheme", - "can_see_other_bank_routing_address", - "can_see_other_account_routing_scheme", - "can_see_other_account_routing_address", + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, //v310 - "can_query_available_funds" + CAN_QUERY_AVAILABLE_FUNDS ) ) lazy val updateSystemViewJson310 = updateViewJsonV300.copy(is_public = false, is_firehose = Some(false)) @@ -845,75 +839,72 @@ object SwaggerDefinitionsJSON { which_alias_to_use = "family", hide_metadata_if_alias_used = false, allowed_actions = List( - "can_see_transaction_this_bank_account", - "can_see_transaction_other_bank_account", - "can_see_transaction_metadata", - "can_see_transaction_label", - "can_see_transaction_amount", - "can_see_transaction_type", - "can_see_transaction_currency", - "can_see_transaction_start_date", - "can_see_transaction_finish_date", - "can_see_transaction_balance", - "can_see_comments", - "can_see_narrative", - "can_see_tags", - "can_see_images", - "can_see_bank_account_owners", - "can_see_bank_account_type", - "can_see_bank_account_balance", - "can_see_bank_account_currency", - "can_see_bank_account_label", - "can_see_bank_account_national_identifier", - "can_see_bank_account_swift_bic", - "can_see_bank_account_iban", - "can_see_bank_account_number", - "can_see_bank_account_bank_name", - "can_see_other_account_national_identifier", - "can_see_other_account_swift_bic", - "can_see_other_account_iban", - "can_see_other_account_bank_name", - "can_see_other_account_number", - "can_see_other_account_metadata", - "can_see_other_account_kind", - "can_see_more_info", - "can_see_url", - "can_see_image_url", - "can_see_open_corporates_url", - "can_see_corporate_location", - "can_see_physical_location", - "can_see_public_alias", - "can_see_private_alias", - "can_add_more_info", - "can_add_url", - "can_add_image_url", - "can_add_open_corporates_url", - "can_add_corporate_location", - "can_add_physical_location", - "can_add_public_alias", - "can_add_private_alias", - "can_delete_corporate_location", - "can_delete_physical_location", - "can_edit_narrative", - "can_add_comment", - "can_delete_comment", - "can_add_tag", - "can_delete_tag", - "can_add_image", - "can_delete_image", - "can_add_where_tag", - "can_see_where_tag", - "can_delete_where_tag", - "can_create_counterparty", + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + //V300 New - "can_see_bank_routing_scheme", - "can_see_bank_routing_address", - "can_see_bank_account_routing_scheme", - "can_see_bank_account_routing_address", - "can_see_other_bank_routing_scheme", - "can_see_other_bank_routing_address", - "can_see_other_account_routing_scheme", - "can_see_other_account_routing_address" + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS ) ) @@ -923,75 +914,72 @@ object SwaggerDefinitionsJSON { which_alias_to_use = "family", hide_metadata_if_alias_used = false, allowed_actions = List( - "can_see_transaction_this_bank_account", - "can_see_transaction_other_bank_account", - "can_see_transaction_metadata", - "can_see_transaction_label", - "can_see_transaction_amount", - "can_see_transaction_type", - "can_see_transaction_currency", - "can_see_transaction_start_date", - "can_see_transaction_finish_date", - "can_see_transaction_balance", - "can_see_comments", - "can_see_narrative", - "can_see_tags", - "can_see_images", - "can_see_bank_account_owners", - "can_see_bank_account_type", - "can_see_bank_account_balance", - "can_see_bank_account_currency", - "can_see_bank_account_label", - "can_see_bank_account_national_identifier", - "can_see_bank_account_swift_bic", - "can_see_bank_account_iban", - "can_see_bank_account_number", - "can_see_bank_account_bank_name", - "can_see_other_account_national_identifier", - "can_see_other_account_swift_bic", - "can_see_other_account_iban", - "can_see_other_account_bank_name", - "can_see_other_account_number", - "can_see_other_account_metadata", - "can_see_other_account_kind", - "can_see_more_info", - "can_see_url", - "can_see_image_url", - "can_see_open_corporates_url", - "can_see_corporate_location", - "can_see_physical_location", - "can_see_public_alias", - "can_see_private_alias", - "can_add_more_info", - "can_add_url", - "can_add_image_url", - "can_add_open_corporates_url", - "can_add_corporate_location", - "can_add_physical_location", - "can_add_public_alias", - "can_add_private_alias", - "can_delete_corporate_location", - "can_delete_physical_location", - "can_edit_narrative", - "can_add_comment", - "can_delete_comment", - "can_add_tag", - "can_delete_tag", - "can_add_image", - "can_delete_image", - "can_add_where_tag", - "can_see_where_tag", - "can_delete_where_tag", - "can_create_counterparty", + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + //V300 New - "can_see_bank_routing_scheme", - "can_see_bank_routing_address", - "can_see_bank_account_routing_scheme", - "can_see_bank_account_routing_address", - "can_see_other_bank_routing_scheme", - "can_see_other_bank_routing_address", - "can_see_other_account_routing_scheme", - "can_see_other_account_routing_address" + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS ) ) lazy val viewsJSONV121 = ViewsJSONV121( diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index 3f255eeee..a08076c4e 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -5054,7 +5054,6 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ } //get all the permission Pair from one record, eg: - //List("can_see_transaction_this_bank_account","can_see_transaction_requests"....) //Note, do not contain can_revoke_access_to_views and can_grant_access_to_views permission yet. def getViewPermissions(view: ViewDefinition) = view.allFields.map(x => (x.name, x.get)) .filter(pair =>pair._2.isInstanceOf[Boolean]) diff --git a/obp-api/src/main/scala/code/api/util/ExampleValue.scala b/obp-api/src/main/scala/code/api/util/ExampleValue.scala index e02db9cf2..0b516d606 100644 --- a/obp-api/src/main/scala/code/api/util/ExampleValue.scala +++ b/obp-api/src/main/scala/code/api/util/ExampleValue.scala @@ -2,6 +2,7 @@ package code.api.util import code.api.Constant +import code.api.Constant._ import code.api.util.APIUtil.{DateWithMs, DateWithMsExampleString, formatDate, oneYearAgoDate, parseDate} import code.api.util.ErrorMessages.{InvalidJsonFormat, UnknownError, UserHasMissingRoles, UserNotLoggedIn} import code.api.util.Glossary.{glossaryItems, makeGlossaryItem} @@ -709,7 +710,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("count", countExample) lazy val canSeeOtherAccountBankNameExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_bank_name", canSeeOtherAccountBankNameExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_BANK_NAME, canSeeOtherAccountBankNameExample) lazy val handleExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("handle", handleExample) @@ -730,7 +731,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("duration", durationExample) lazy val canSeeBankAccountTypeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_type", canSeeBankAccountTypeExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_TYPE, canSeeBankAccountTypeExample) lazy val toSepaExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("to_sepa", toSepaExample) @@ -739,7 +740,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("which_alias_to_use", whichAliasToUseExample) lazy val canAddImageExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_image", canAddImageExample) + glossaryItems += makeGlossaryItem(CAN_ADD_IMAGE, canAddImageExample) lazy val accountAttributeIdExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("account_attribute_id", accountAttributeIdExample) @@ -758,18 +759,18 @@ object ExampleValue { lazy val statusExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("status", statusExample) - + lazy val transactionStatusExample = ConnectorField(s" ${TransactionRequestStatus.COMPLETED.toString}",s"Status of the transaction, e.g. ${TransactionRequestStatus.COMPLETED.toString}, ${TransactionRequestStatus.PENDING.toString} ..") glossaryItems += makeGlossaryItem("status", transactionStatusExample) - + lazy val errorCodeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("errorCode", errorCodeExample) - + lazy val textExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("text", textExample) lazy val canSeeTransactionBalanceExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_balance", canSeeTransactionBalanceExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_BALANCE, canSeeTransactionBalanceExample) lazy val atmsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("atms", atmsExample) @@ -778,10 +779,10 @@ object ExampleValue { glossaryItems += makeGlossaryItem("overall_balance_date", overallBalanceDateExample) lazy val canDeletePhysicalLocationExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_delete_physical_location", canDeletePhysicalLocationExample) + glossaryItems += makeGlossaryItem(CAN_DELETE_PHYSICAL_LOCATION, canDeletePhysicalLocationExample) lazy val canAddWhereTagExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_where_tag", canAddWhereTagExample) + glossaryItems += makeGlossaryItem(CAN_ADD_WHERE_TAG, canAddWhereTagExample) lazy val pinResetExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("pin_reset", pinResetExample) @@ -811,10 +812,10 @@ object ExampleValue { glossaryItems += makeGlossaryItem("active", activeExample) lazy val canSeeOtherAccountMetadataExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_metadata", canSeeOtherAccountMetadataExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_METADATA, canSeeOtherAccountMetadataExample) lazy val canSeeBankAccountIbanExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_iban", canSeeBankAccountIbanExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_IBAN, canSeeBankAccountIbanExample) lazy val lobbyExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("lobby", lobbyExample) @@ -844,7 +845,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("function_name", functionNameExample) lazy val canSeeBankRoutingSchemeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_routing_scheme", canSeeBankRoutingSchemeExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ROUTING_SCHEME, canSeeBankRoutingSchemeExample) lazy val line1Example = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("line1", line1Example) @@ -865,7 +866,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("counterparties", counterpartiesExample) lazy val canSeeMoreInfoExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_more_info", canSeeMoreInfoExample) + glossaryItems += makeGlossaryItem(CAN_SEE_MORE_INFO, canSeeMoreInfoExample) lazy val transactionAttributesExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("transaction_attributes", transactionAttributesExample) @@ -883,31 +884,31 @@ object ExampleValue { glossaryItems += makeGlossaryItem("images", imagesExample) lazy val canSeeBankAccountBalanceExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_balance", canSeeBankAccountBalanceExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_BALANCE, canSeeBankAccountBalanceExample) lazy val parametersExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("parameters", parametersExample) lazy val canAddTransactionRequestToAnyAccountExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_transaction_request_to_any_account", canAddTransactionRequestToAnyAccountExample) + glossaryItems += makeGlossaryItem(CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, canAddTransactionRequestToAnyAccountExample) lazy val websiteExample = ConnectorField("www.openbankproject.com",NoDescriptionProvided) glossaryItems += makeGlossaryItem("website", websiteExample) lazy val atmIdExample = ConnectorField("atme-9a0f-4bfa-b30b-9003aa467f51","A string that MUST uniquely identify the ATM on this OBP instance.") glossaryItems += makeGlossaryItem("atm_id", atmIdExample) - + lazy val atmAttributeIdExample = ConnectorField("xxaf2a-9a0f-4bfa-b30b-9003aa467f51","A string that MUST uniquely identify the ATM Attribute on this OBP instance.") glossaryItems += makeGlossaryItem("ATM.attribute_id", atmIdExample) - + lazy val entityIdExample = ConnectorField("0af807d7-3c39-43ef-9712-82bcfde1b9ca", "A unique identifier for the entity.") glossaryItems += makeGlossaryItem("entity_id", entityIdExample) - + lazy val certificateAuthorityCaOwnerIdExample = ConnectorField("CY_CBC", "The certificate authority owner ID.") glossaryItems += makeGlossaryItem("certificate_authority_ca_owner_id", certificateAuthorityCaOwnerIdExample) - + lazy val entityCertificatePublicKeyExample = ConnectorField( - "MIICsjCCAZqgAwIBAgIGAYwQ62R0MA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNVBAMMD2FwcC5leGFtcGxlLmNvbT" + + "MIICsjCCAZqgAwIBAgIGAYwQ62R0MA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNVBAMMD2FwcC5leGFtcGxlLmNvbT" + "AeFw0yMzExMjcxMzE1MTFaFw0yNTExMjYxMzE1MTFaMBoxGDAWBgNVBAMMD2FwcC5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADC" + "CAQoCggEBAK9WIodZHWzKyCcf9YfWEhPURbfO6zKuMqzHN27GdqHsVVEGxP4F/J4mso+0ENcRr6ur4u81iREaVdCc40rHDHVJNEtniD8Icbz7tcsq" + "AewIVhc/q6WXGqImJpCq7hA0m247dDsaZT0lb/MVBiMoJxDEmAE/GYYnWTEn84R35WhJsMvuQ7QmLvNg6RkChY6POCT/YKe9NKwa1NqI1U+oA5RFz" + @@ -919,34 +920,34 @@ object ExampleValue { "The public key of the entity certificate." ) glossaryItems += makeGlossaryItem("entity_certificate_public_key", entityCertificatePublicKeyExample) - + lazy val entityNameExample = ConnectorField("EXAMPLE COMPANY LTD", "The name of the entity.") glossaryItems += makeGlossaryItem("entity_name", entityNameExample) - + lazy val entityCodeExample = ConnectorField("PSD_PICY_CBC!12345", "The code of the entity.") glossaryItems += makeGlossaryItem("entity_code", entityCodeExample) - + lazy val entityTypeExample = ConnectorField("PSD_PI", "The type of the entity.") glossaryItems += makeGlossaryItem("entity_type", entityTypeExample) - + lazy val entityAddressExample = ConnectorField("EXAMPLE COMPANY LTD, 5 SOME STREET", "The address of the entity.") glossaryItems += makeGlossaryItem("entity_address", entityAddressExample) - + lazy val entityTownCityExample = ConnectorField("SOME CITY", "The town or city of the entity.") glossaryItems += makeGlossaryItem("entity_town_city", entityTownCityExample) - + lazy val entityPostCodeExample = ConnectorField("1060", "The postal code of the entity.") glossaryItems += makeGlossaryItem("entity_post_code", entityPostCodeExample) - + lazy val entityCountryExample = ConnectorField("CY", "The country of the entity.") glossaryItems += makeGlossaryItem("entity_country", entityCountryExample) - + lazy val entityWebSiteExample = ConnectorField("www.example.com", "The website of the entity.") glossaryItems += makeGlossaryItem("entity_web_site", entityWebSiteExample) - + lazy val servicesExample = ConnectorField("""[{"CY":["PS_010","PS_020","PS_03C","PS_04C"]}]""", "The services provided by the entity.") glossaryItems += makeGlossaryItem("services", servicesExample) - + lazy val regulatedEntityAttributeIdExample = ConnectorField("attrafa-9a0f-4bfa-b30b-9003aa467f51","A string that MUST uniquely identify the Regulated Entity Attribute on this OBP instance.") glossaryItems += makeGlossaryItem("RegulatedEntity.attribute_id", regulatedEntityAttributeIdExample) @@ -1005,13 +1006,13 @@ object ExampleValue { glossaryItems += makeGlossaryItem("accessibility_features", accessibilityFeaturesExample) lazy val canSeeOtherBankRoutingSchemeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_bank_routing_scheme", canSeeOtherBankRoutingSchemeExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_BANK_ROUTING_SCHEME, canSeeOtherBankRoutingSchemeExample) lazy val physicalLocationExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("physical_location", physicalLocationExample) lazy val canSeeBankAccountRoutingSchemeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_routing_scheme", canSeeBankAccountRoutingSchemeExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, canSeeBankAccountRoutingSchemeExample) lazy val rankAmount2Example = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("rank_amount2", rankAmount2Example) @@ -1026,7 +1027,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("image_url", imageUrlExample) lazy val canSeeTransactionMetadataExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_metadata", canSeeTransactionMetadataExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_METADATA, canSeeTransactionMetadataExample) lazy val documentsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("documents", documentsExample) @@ -1056,13 +1057,13 @@ object ExampleValue { glossaryItems += makeGlossaryItem("other_accounts", otherAccountsExample) lazy val canSeeTransactionFinishDateExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_finish_date", canSeeTransactionFinishDateExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_FINISH_DATE, canSeeTransactionFinishDateExample) lazy val satisfiedExample = ConnectorField(booleanFalse,NoDescriptionProvided) glossaryItems += makeGlossaryItem("satisfied", satisfiedExample) lazy val canSeeOtherAccountIbanExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_iban", canSeeOtherAccountIbanExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_IBAN, canSeeOtherAccountIbanExample) lazy val attributeIdExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("attribute_id", attributeIdExample) @@ -1074,7 +1075,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("id", idExample) lazy val canAddCorporateLocationExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_corporate_location", canAddCorporateLocationExample) + glossaryItems += makeGlossaryItem(CAN_ADD_CORPORATE_LOCATION, canAddCorporateLocationExample) lazy val crmEventsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("crm_events", crmEventsExample) @@ -1107,7 +1108,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("requested_current_valid_end_date", requestedCurrentValidEndDateExample) lazy val canSeeOtherBankRoutingAddressExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_bank_routing_address", canSeeOtherBankRoutingAddressExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, canSeeOtherBankRoutingAddressExample) lazy val thursdayExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("thursday", thursdayExample) @@ -1117,27 +1118,27 @@ object ExampleValue { lazy val phoneExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("phone", phoneExample) - + lazy val sepaCreditTransferExample = ConnectorField("yes","no-description-provided") - glossaryItems += makeGlossaryItem("sepaCreditTransfer", sepaCreditTransferExample) - + glossaryItems += makeGlossaryItem("sepaCreditTransfer", sepaCreditTransferExample) + lazy val sepaSddCoreExample = ConnectorField("yes","no-description-provided") - glossaryItems += makeGlossaryItem("sepaSddCore", sepaSddCoreExample) - + glossaryItems += makeGlossaryItem("sepaSddCore", sepaSddCoreExample) + lazy val sepaB2bExample = ConnectorField("yes","no-description-provided") - glossaryItems += makeGlossaryItem("sepaB2b", sepaB2bExample) - + glossaryItems += makeGlossaryItem("sepaB2b", sepaB2bExample) + lazy val sepaCardClearingExample = ConnectorField("no","no-description-provided") - glossaryItems += makeGlossaryItem("sepaCardClearing", sepaCardClearingExample) - + glossaryItems += makeGlossaryItem("sepaCardClearing", sepaCardClearingExample) + lazy val bicExample = ConnectorField("BUKBGB22","The Business Identifier Code") - glossaryItems += makeGlossaryItem("bic", bicExample) - + glossaryItems += makeGlossaryItem("bic", bicExample) + lazy val sepaDirectDebitExample = ConnectorField("yes","no-description-provided") glossaryItems += makeGlossaryItem("sepaDirectDebit", sepaDirectDebitExample) lazy val canSeeTransactionOtherBankAccountExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_other_bank_account", canSeeTransactionOtherBankAccountExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, canSeeTransactionOtherBankAccountExample) lazy val itemsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("items", itemsExample) @@ -1149,7 +1150,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("bank_routings", bankRoutingsExample) lazy val canSeeOpenCorporatesUrlExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_open_corporates_url", canSeeOpenCorporatesUrlExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OPEN_CORPORATES_URL, canSeeOpenCorporatesUrlExample) lazy val branchesExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("branches", branchesExample) @@ -1233,7 +1234,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("comment_id", commentIdExample) lazy val canSeeBankAccountNationalIdentifierExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_national_identifier", canSeeBankAccountNationalIdentifierExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, canSeeBankAccountNationalIdentifierExample) lazy val perMinuteExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("per_minute", perMinuteExample) @@ -1266,7 +1267,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("this_view_id", thisViewIdExample) lazy val canSeeTransactionCurrencyExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_currency", canSeeTransactionCurrencyExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_CURRENCY, canSeeTransactionCurrencyExample) lazy val accountOtpExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("account_otp", accountOtpExample) @@ -1275,7 +1276,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("hide_metadata_if_alias_used", hideMetadataIfAliasUsedExample) lazy val canSeeBankAccountCurrencyExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_currency", canSeeBankAccountCurrencyExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_CURRENCY, canSeeBankAccountCurrencyExample) lazy val generateAuditorsViewExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("generate_auditors_view", generateAuditorsViewExample) @@ -1324,16 +1325,16 @@ object ExampleValue { glossaryItems += makeGlossaryItem("from_person", fromPersonExample) lazy val canSeePrivateAliasExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_private_alias", canSeePrivateAliasExample) + glossaryItems += makeGlossaryItem(CAN_SEE_PRIVATE_ALIAS, canSeePrivateAliasExample) lazy val typeOfLockExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("type_of_lock", typeOfLockExample) lazy val canSeeOtherAccountKindExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_kind", canSeeOtherAccountKindExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_KIND, canSeeOtherAccountKindExample) lazy val canAddOpenCorporatesUrlExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_open_corporates_url", canAddOpenCorporatesUrlExample) + glossaryItems += makeGlossaryItem(CAN_ADD_OPEN_CORPORATES_URL, canAddOpenCorporatesUrlExample) lazy val metadataViewExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("metadata_view", metadataViewExample) @@ -1342,7 +1343,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("alias", aliasExample) lazy val canSeeTransactionThisBankAccountExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_this_bank_account", canSeeTransactionThisBankAccountExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, canSeeTransactionThisBankAccountExample) lazy val triggerNameExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("trigger_name", triggerNameExample) @@ -1375,7 +1376,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("address", addressExample) lazy val canAddPrivateAliasExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_private_alias", canAddPrivateAliasExample) + glossaryItems += makeGlossaryItem(CAN_ADD_PRIVATE_ALIAS, canAddPrivateAliasExample) lazy val postcodeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("postcode", postcodeExample) @@ -1396,7 +1397,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("reset_password_url", resetPasswordUrlExample) lazy val canSeeBankAccountSwiftBicExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_swift_bic", canSeeBankAccountSwiftBicExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, canSeeBankAccountSwiftBicExample) lazy val jsonstringExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("jsonstring", jsonstringExample) @@ -1417,10 +1418,10 @@ object ExampleValue { glossaryItems += makeGlossaryItem("details", detailsExample) lazy val canSeeOwnerCommentExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_owner_comment", canSeeOwnerCommentExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OWNER_COMMENT, canSeeOwnerCommentExample) lazy val canSeeTagsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_tags", canSeeTagsExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TAGS, canSeeTagsExample) lazy val moreInfoUrlExample = ConnectorField("www.example.com/abc",NoDescriptionProvided) glossaryItems += makeGlossaryItem("more_info_url", moreInfoUrlExample) @@ -1441,7 +1442,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("terms_and_conditions_url_example", termsAndConditionsUrlExample) lazy val canAddUrlExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_url", canAddUrlExample) + glossaryItems += makeGlossaryItem(CAN_ADD_URL, canAddUrlExample) lazy val viewExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("view", viewExample) @@ -1450,7 +1451,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("display_name", displayNameExample) lazy val canDeleteTagExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_delete_tag", canDeleteTagExample) + glossaryItems += makeGlossaryItem(CAN_DELETE_TAG, canDeleteTagExample) lazy val hoursExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("hours", hoursExample) @@ -1513,7 +1514,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("kyc_document_id", kycDocumentIdExample) lazy val canSeePublicAliasExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_public_alias", canSeePublicAliasExample) + glossaryItems += makeGlossaryItem(CAN_SEE_PUBLIC_ALIAS, canSeePublicAliasExample) lazy val webUiPropsIdExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("web_ui_props_id", webUiPropsIdExample) @@ -1522,7 +1523,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("provider", providerExample) lazy val canSeePhysicalLocationExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_physical_location", canSeePhysicalLocationExample) + glossaryItems += makeGlossaryItem(CAN_SEE_PHYSICAL_LOCATION, canSeePhysicalLocationExample) lazy val accountRoutingsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("account_routings", accountRoutingsExample) @@ -1944,7 +1945,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("full_name", fullNameExample) lazy val canCreateDirectDebitExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_create_direct_debit", canCreateDirectDebitExample) + glossaryItems += makeGlossaryItem(CAN_CREATE_DIRECT_DEBIT, canCreateDirectDebitExample) lazy val futureDateExample = ConnectorField("20200127",NoDescriptionProvided) glossaryItems += makeGlossaryItem("future_date", futureDateExample) @@ -1962,19 +1963,19 @@ object ExampleValue { glossaryItems += makeGlossaryItem("document_number", documentNumberExample) lazy val canSeeOtherAccountNationalIdentifierExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_national_identifier", canSeeOtherAccountNationalIdentifierExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, canSeeOtherAccountNationalIdentifierExample) lazy val canSeeTransactionStartDateExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_start_date", canSeeTransactionStartDateExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_START_DATE, canSeeTransactionStartDateExample) lazy val canAddPhysicalLocationExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_physical_location", canAddPhysicalLocationExample) + glossaryItems += makeGlossaryItem(CAN_ADD_PHYSICAL_LOCATION, canAddPhysicalLocationExample) lazy val cacheExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("cache", cacheExample) lazy val canSeeBankRoutingAddressExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_routing_address", canSeeBankRoutingAddressExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ROUTING_ADDRESS, canSeeBankRoutingAddressExample) lazy val usersExample = ConnectorField("user list", "Please refer to the user object.") glossaryItems += makeGlossaryItem("users", usersExample) @@ -2004,7 +2005,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("metadata", metadataExample) lazy val canSeeTransactionAmountExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_amount", canSeeTransactionAmountExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_AMOUNT, canSeeTransactionAmountExample) lazy val methodRoutingIdExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("method_routing_id", methodRoutingIdExample) @@ -2028,10 +2029,10 @@ object ExampleValue { glossaryItems += makeGlossaryItem("country_code", countryCodeExample) lazy val canSeeBankAccountCreditLimitExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_credit_limit", canSeeBankAccountCreditLimitExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT, canSeeBankAccountCreditLimitExample) lazy val canSeeOtherAccountNumberExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_number", canSeeOtherAccountNumberExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_NUMBER, canSeeOtherAccountNumberExample) lazy val orderExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("order", orderExample) @@ -2052,7 +2053,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("is_active", isActiveExample) lazy val canSeeBankAccountBankNameExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_bank_name", canSeeBankAccountBankNameExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_BANK_NAME, canSeeBankAccountBankNameExample) lazy val firstNameExample = ConnectorField("Tom","The first name") glossaryItems += makeGlossaryItem("first_name", firstNameExample) @@ -2067,7 +2068,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("transaction_ids", transactionIdsExample) lazy val canSeeBankAccountOwnersExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_owners", canSeeBankAccountOwnersExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_OWNERS, canSeeBankAccountOwnersExample) lazy val actualDateExample = ConnectorField("2020-01-27",NoDescriptionProvided) glossaryItems += makeGlossaryItem("actual_date", actualDateExample) @@ -2076,10 +2077,10 @@ object ExampleValue { glossaryItems += makeGlossaryItem("example_outbound_message", exampleOutboundMessageExample) lazy val canDeleteWhereTagExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_delete_where_tag", canDeleteWhereTagExample) + glossaryItems += makeGlossaryItem(CAN_DELETE_WHERE_TAG, canDeleteWhereTagExample) lazy val canSeeUrlExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_url", canSeeUrlExample) + glossaryItems += makeGlossaryItem(CAN_SEE_URL, canSeeUrlExample) lazy val versionExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("version", versionExample) @@ -2088,7 +2089,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("collected", collectedExample) lazy val canAddPublicAliasExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_public_alias", canAddPublicAliasExample) + glossaryItems += makeGlossaryItem(CAN_ADD_PUBLIC_ALIAS, canAddPublicAliasExample) lazy val allowedActionsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("allowed_actions", allowedActionsExample) @@ -2106,7 +2107,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("implemented_in_version", implementedInVersionExample) lazy val canSeeImageUrlExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_image_url", canSeeImageUrlExample) + glossaryItems += makeGlossaryItem(CAN_SEE_IMAGE_URL, canSeeImageUrlExample) lazy val toTransferToPhoneExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("to_transfer_to_phone", toTransferToPhoneExample) @@ -2151,7 +2152,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("e", eExample) lazy val canSeeCorporateLocationExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_corporate_location", canSeeCorporateLocationExample) + glossaryItems += makeGlossaryItem(CAN_SEE_CORPORATE_LOCATION, canSeeCorporateLocationExample) lazy val userExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("user", userExample) @@ -2199,7 +2200,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("requiredfieldinfo", requiredfieldinfoExample) lazy val canSeeWhereTagExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_where_tag", canSeeWhereTagExample) + glossaryItems += makeGlossaryItem(CAN_SEE_WHERE_TAG, canSeeWhereTagExample) lazy val bankidExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("bankid", bankidExample) @@ -2262,10 +2263,10 @@ object ExampleValue { glossaryItems += makeGlossaryItem("to_sandbox_tan", toSandboxTanExample) lazy val canAddTagExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_tag", canAddTagExample) + glossaryItems += makeGlossaryItem(CAN_ADD_TAG, canAddTagExample) lazy val canSeeBankAccountLabelExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_label", canSeeBankAccountLabelExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_LABEL, canSeeBankAccountLabelExample) lazy val serviceAvailableExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("service_available", serviceAvailableExample) @@ -2280,7 +2281,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("link", linkExample) lazy val canSeeTransactionTypeExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_type", canSeeTransactionTypeExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_TYPE, canSeeTransactionTypeExample) lazy val implementedByPartialFunctionExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("implemented_by_partial_function", implementedByPartialFunctionExample) @@ -2289,7 +2290,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("drive_up", driveUpExample) lazy val canAddMoreInfoExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_more_info", canAddMoreInfoExample) + glossaryItems += makeGlossaryItem(CAN_ADD_MORE_INFO, canAddMoreInfoExample) lazy val detailExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("detail", detailExample) @@ -2317,21 +2318,21 @@ object ExampleValue { lazy val maxNumberOfYearlyTransactionsExample = ConnectorField("100",NoDescriptionProvided) glossaryItems += makeGlossaryItem("max_number_of_yearly_transactions", maxNumberOfYearlyTransactionsExample) - + lazy val maxNumberOfTransactionsExample = ConnectorField("100",NoDescriptionProvided) glossaryItems += makeGlossaryItem("max_number_of_transactions", maxNumberOfTransactionsExample) - + lazy val maxTotalAmountExample = ConnectorField("10000.12",NoDescriptionProvided) glossaryItems += makeGlossaryItem("max_total_amount", maxTotalAmountExample) lazy val canAddImageUrlExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_add_image_url", canAddImageUrlExample) + glossaryItems += makeGlossaryItem(CAN_ADD_IMAGE_URL, canAddImageUrlExample) lazy val jwksUrisExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("jwks_uris", jwksUrisExample) lazy val canSeeOtherAccountSwiftBicExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_other_account_swift_bic", canSeeOtherAccountSwiftBicExample) + glossaryItems += makeGlossaryItem(CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, canSeeOtherAccountSwiftBicExample) lazy val staffUserIdExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("staff_user_id", staffUserIdExample) @@ -2343,7 +2344,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("valid_from", validFromExample) lazy val canDeleteImageExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_delete_image", canDeleteImageExample) + glossaryItems += makeGlossaryItem(CAN_DELETE_IMAGE, canDeleteImageExample) lazy val toExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("to", toExample) @@ -2355,13 +2356,13 @@ object ExampleValue { glossaryItems += makeGlossaryItem("product_attributes", productAttributesExample) lazy val canSeeTransactionDescriptionExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_transaction_description", canSeeTransactionDescriptionExample) + glossaryItems += makeGlossaryItem(CAN_SEE_TRANSACTION_DESCRIPTION, canSeeTransactionDescriptionExample) lazy val faceImageExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("face_image", faceImageExample) lazy val canSeeBankAccountNumberExample = ConnectorField(booleanFalse,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_see_bank_account_number", canSeeBankAccountNumberExample) + glossaryItems += makeGlossaryItem(CAN_SEE_BANK_ACCOUNT_NUMBER, canSeeBankAccountNumberExample) lazy val glossaryItemsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("glossary_items", glossaryItemsExample) @@ -2391,8 +2392,8 @@ object ExampleValue { glossaryItems += makeGlossaryItem("DynamicResourceDoc.description", dynamicResourceDocDescriptionExample) lazy val canDeleteCommentExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_delete_comment", canDeleteCommentExample) - + glossaryItems += makeGlossaryItem(CAN_DELETE_COMMENT, canDeleteCommentExample) + lazy val commentsExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("comments", commentsExample) @@ -2400,7 +2401,7 @@ object ExampleValue { glossaryItems += makeGlossaryItem("banks", banksExample) lazy val canCreateStandingOrderExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) - glossaryItems += makeGlossaryItem("can_create_standing_order", canCreateStandingOrderExample) + glossaryItems += makeGlossaryItem(CAN_CREATE_STANDING_ORDER, canCreateStandingOrderExample) lazy val adapterImplementationExample = ConnectorField(NoExampleProvided,NoDescriptionProvided) glossaryItems += makeGlossaryItem("adapter_implementation", adapterImplementationExample) diff --git a/obp-api/src/main/scala/code/api/util/Glossary.scala b/obp-api/src/main/scala/code/api/util/Glossary.scala index 9507cc101..e8c8029ee 100644 --- a/obp-api/src/main/scala/code/api/util/Glossary.scala +++ b/obp-api/src/main/scala/code/api/util/Glossary.scala @@ -1,16 +1,13 @@ package code.api.util -import java.io.File import code.api.Constant -import code.api.Constant.{PARAM_LOCALE, directLoginHeaderName} +import code.api.Constant._ import code.api.util.APIUtil.{getObpApiRoot, getServerUrl} import code.api.util.ExampleValue.{accountIdExample, bankIdExample, customerIdExample, userIdExample} - import code.util.Helper.MdcLoggable -import code.util.HydraUtil import code.webuiprops.MappedWebUiPropsProvider.getWebUiPropsValue -import net.liftweb.http.LiftRules +import java.io.File import scala.collection.mutable.ArrayBuffer @@ -1336,7 +1333,7 @@ object Glossary extends MdcLoggable { | |Body: | - | { "name":"_test", "description":"This view is for family", "metadata_view":"_test", "is_public":true, "which_alias_to_use":"family", "hide_metadata_if_alias_used":false, "allowed_actions":["can_see_transaction_this_bank_account","can_see_transaction_other_bank_account","can_see_transaction_metadata","can_see_transaction_label","can_see_transaction_amount","can_see_transaction_type","can_see_transaction_currency","can_see_transaction_start_date","can_see_transaction_finish_date","can_see_transaction_balance","can_see_comments","can_see_narrative","can_see_tags","can_see_images","can_see_bank_account_owners","can_see_bank_account_type","can_see_bank_account_balance","can_see_bank_account_currency","can_see_bank_account_label","can_see_bank_account_national_identifier","can_see_bank_account_swift_bic","can_see_bank_account_iban","can_see_bank_account_number","can_see_bank_account_bank_name","can_see_other_account_national_identifier","can_see_other_account_swift_bic","can_see_other_account_iban","can_see_other_account_bank_name","can_see_other_account_number","can_see_other_account_metadata","can_see_other_account_kind","can_see_more_info","can_see_url","can_see_image_url","can_see_open_corporates_url","can_see_corporate_location","can_see_physical_location","can_see_public_alias","can_see_private_alias","can_add_more_info","can_add_url","can_add_image_url","can_add_open_corporates_url","can_add_corporate_location","can_add_physical_location","can_add_public_alias","can_add_private_alias","can_delete_corporate_location","can_delete_physical_location","can_edit_narrative","can_add_comment","can_delete_comment","can_add_tag","can_delete_tag","can_add_image","can_delete_image","can_add_where_tag","can_see_where_tag","can_delete_where_tag","can_create_counterparty","can_see_bank_routing_scheme","can_see_bank_routing_address","can_see_bank_account_routing_scheme","can_see_bank_account_routing_address","can_see_other_bank_routing_scheme","can_see_other_bank_routing_address","can_see_other_account_routing_scheme","can_see_other_account_routing_address","can_query_available_funds","can_add_transaction_request_to_own_account","can_add_transaction_request_to_any_account","can_see_bank_account_credit_limit","can_create_direct_debit","can_create_standing_order"]} | + | { "name":"_test", "description":"This view is for family", "metadata_view":"_test", "is_public":true, "which_alias_to_use":"family", "hide_metadata_if_alias_used":false, "allowed_actions":[$CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT,$CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,$CAN_SEE_TRANSACTION_METADATA,,$CAN_SEE_TRANSACTION_AMOUNT,$CAN_SEE_TRANSACTION_TYPE,$CAN_SEE_TRANSACTION_CURRENCY,$CAN_SEE_TRANSACTION_START_DATE,$CAN_SEE_TRANSACTION_FINISH_DATE,$CAN_SEE_TRANSACTION_BALANCE,$CAN_SEE_COMMENTS,$CAN_SEE_TAGS,$CAN_SEE_IMAGES,$CAN_SEE_BANK_ACCOUNT_OWNERS,$CAN_SEE_BANK_ACCOUNT_TYPE,$CAN_SEE_BANK_ACCOUNT_BALANCE,$CAN_SEE_BANK_ACCOUNT_CURRENCY,$CAN_SEE_BANK_ACCOUNT_LABEL,$CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER,$CAN_SEE_BANK_ACCOUNT_SWIFT_BIC,$CAN_SEE_BANK_ACCOUNT_IBAN,$CAN_SEE_BANK_ACCOUNT_NUMBER,$CAN_SEE_BANK_ACCOUNT_BANK_NAME,$CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER,$CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC,$CAN_SEE_OTHER_ACCOUNT_IBAN,$CAN_SEE_OTHER_ACCOUNT_BANK_NAME,$CAN_SEE_OTHER_ACCOUNT_NUMBER,$CAN_SEE_OTHER_ACCOUNT_METADATA,$CAN_SEE_OTHER_ACCOUNT_KIND,$CAN_SEE_MORE_INFO,$CAN_SEE_URL,$CAN_SEE_IMAGE_URL,$CAN_SEE_OPEN_CORPORATES_URL,$CAN_SEE_CORPORATE_LOCATION,$CAN_SEE_PHYSICAL_LOCATION,$CAN_SEE_PUBLIC_ALIAS,$CAN_SEE_PRIVATE_ALIAS,$CAN_ADD_MORE_INFO,$CAN_ADD_URL,$CAN_ADD_IMAGE_URL,$CAN_ADD_OPEN_CORPORATES_URL,$CAN_ADD_CORPORATE_LOCATION,$CAN_ADD_PHYSICAL_LOCATION,$CAN_ADD_PUBLIC_ALIAS,$CAN_ADD_PRIVATE_ALIAS,$CAN_DELETE_CORPORATE_LOCATION,$CAN_DELETE_PHYSICAL_LOCATION,$CAN_ADD_COMMENT,$CAN_DELETE_COMMENT,$CAN_ADD_TAG,$CAN_DELETE_TAG,$CAN_ADD_IMAGE,$CAN_DELETE_IMAGE,$CAN_ADD_WHERE_TAG,$CAN_SEE_WHERE_TAG,$CAN_DELETE_WHERE_TAG,$CAN_SEE_BANK_ROUTING_SCHEME,$CAN_SEE_BANK_ROUTING_ADDRESS,$CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME,$CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS,$CAN_SEE_OTHER_BANK_ROUTING_SCHEME,$CAN_SEE_OTHER_BANK_ROUTING_ADDRESS,$CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME,$CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS,$CAN_QUERY_AVAILABLE_FUNDS,$CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT,$CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT,$CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT,$CAN_CREATE_DIRECT_DEBIT,$CAN_CREATE_STANDING_ORDER]} | | Headers: | | Content-Type: application/json @@ -1432,7 +1429,7 @@ object Glossary extends MdcLoggable { | |Body: | - | { "name":"_test", "description":"good", "is_public":false, "which_alias_to_use":"accountant", "hide_metadata_if_alias_used":false, "allowed_actions": ["can_see_transaction_this_bank_account", "can_see_transaction_other_bank_account", "can_see_transaction_metadata", "can_see_transaction_label", "can_see_transaction_amount", "can_see_transaction_type", "can_see_transaction_currency", "can_see_transaction_start_date", "can_see_transaction_finish_date", "can_see_transaction_balance", "can_see_comments", "can_see_narrative", "can_see_tags", "can_see_images", "can_see_bank_account_owners", "can_see_bank_account_type", "can_see_bank_account_balance", "can_see_bank_account_currency", "can_see_bank_account_label", "can_see_bank_account_national_identifier", "can_see_bank_account_swift_bic", "can_see_bank_account_iban", "can_see_bank_account_number", "can_see_bank_account_bank_name", "can_see_other_account_national_identifier", "can_see_other_account_swift_bic", "can_see_other_account_iban", "can_see_other_account_bank_name", "can_see_other_account_number", "can_see_other_account_metadata", "can_see_other_account_kind", "can_see_more_info", "can_see_url", "can_see_image_url", "can_see_open_corporates_url", "can_see_corporate_location", "can_see_physical_location", "can_see_public_alias", "can_see_private_alias", "can_add_more_info", "can_add_url", "can_add_image_url", "can_add_open_corporates_url", "can_add_corporate_location", "can_add_physical_location", "can_add_public_alias", "can_add_private_alias", "can_delete_corporate_location", "can_delete_physical_location", "can_edit_narrative", "can_add_comment", "can_delete_comment", "can_add_tag", "can_delete_tag", "can_add_image", "can_delete_image", "can_add_where_tag", "can_see_where_tag", "can_delete_where_tag", "can_create_counterparty", "can_see_bank_routing_scheme", "can_see_bank_routing_address", "can_see_bank_account_routing_scheme", "can_see_bank_account_routing_address", "can_see_other_bank_routing_scheme", "can_see_other_bank_routing_address", "can_see_other_account_routing_scheme", "can_see_other_account_routing_address"]} + | { "name":"_test", "description":"good", "is_public":false, "which_alias_to_use":"accountant", "hide_metadata_if_alias_used":false, "allowed_actions": [$CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT,$CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,$CAN_SEE_TRANSACTION_METADATA,,$CAN_SEE_TRANSACTION_AMOUNT,$CAN_SEE_TRANSACTION_TYPE,$CAN_SEE_TRANSACTION_CURRENCY,$CAN_SEE_TRANSACTION_START_DATE,$CAN_SEE_TRANSACTION_FINISH_DATE,$CAN_SEE_TRANSACTION_BALANCE,$CAN_SEE_COMMENTS,$CAN_SEE_TAGS,$CAN_SEE_IMAGES,$CAN_SEE_BANK_ACCOUNT_OWNERS,$CAN_SEE_BANK_ACCOUNT_TYPE,$CAN_SEE_BANK_ACCOUNT_BALANCE,$CAN_SEE_BANK_ACCOUNT_CURRENCY,$CAN_SEE_BANK_ACCOUNT_LABEL,$CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER,$CAN_SEE_BANK_ACCOUNT_SWIFT_BIC,$CAN_SEE_BANK_ACCOUNT_IBAN,$CAN_SEE_BANK_ACCOUNT_NUMBER,$CAN_SEE_BANK_ACCOUNT_BANK_NAME,$CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER,$CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC,$CAN_SEE_OTHER_ACCOUNT_IBAN,$CAN_SEE_OTHER_ACCOUNT_BANK_NAME,$CAN_SEE_OTHER_ACCOUNT_NUMBER,$CAN_SEE_OTHER_ACCOUNT_METADATA,$CAN_SEE_OTHER_ACCOUNT_KIND,$CAN_SEE_MORE_INFO,$CAN_SEE_URL,$CAN_SEE_IMAGE_URL,$CAN_SEE_OPEN_CORPORATES_URL,$CAN_SEE_CORPORATE_LOCATION,$CAN_SEE_PHYSICAL_LOCATION,$CAN_SEE_PUBLIC_ALIAS,$CAN_SEE_PRIVATE_ALIAS,$CAN_ADD_MORE_INFO,$CAN_ADD_URL,$CAN_ADD_IMAGE_URL,$CAN_ADD_OPEN_CORPORATES_URL,$CAN_ADD_CORPORATE_LOCATION,$CAN_ADD_PHYSICAL_LOCATION,$CAN_ADD_PUBLIC_ALIAS,$CAN_ADD_PRIVATE_ALIAS,$CAN_DELETE_CORPORATE_LOCATION,$CAN_DELETE_PHYSICAL_LOCATION,$CAN_ADD_COMMENT,$CAN_DELETE_COMMENT,$CAN_ADD_TAG,$CAN_DELETE_TAG,$CAN_ADD_IMAGE,$CAN_DELETE_IMAGE,$CAN_ADD_WHERE_TAG,$CAN_SEE_WHERE_TAG,$CAN_DELETE_WHERE_TAG,$CAN_SEE_BANK_ROUTING_SCHEME,$CAN_SEE_BANK_ROUTING_ADDRESS,$CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME,$CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS,$CAN_SEE_OTHER_BANK_ROUTING_SCHEME,$CAN_SEE_OTHER_BANK_ROUTING_ADDRESS,$CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME,$CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS,$CAN_QUERY_AVAILABLE_FUNDS,$CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT,$CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT,$CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT,$CAN_CREATE_DIRECT_DEBIT,$CAN_CREATE_STANDING_ORDER]} | | Headers: | @@ -3352,7 +3349,7 @@ object Glossary extends MdcLoggable { | |Rule for calculating number of security challenges: |If product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges - |(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true) + |(one for every user that has a View where permission $CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT=true) |In case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute default value is 1. | |Transaction Requests contain charge information giving the client the opportunity to proceed or not (as long as the challenge level is appropriate). diff --git a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala index 0a49ae910..3eb76d5ea 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala @@ -605,7 +605,7 @@ trait APIMethods121 { createViewJsonV121.allowed_actions ) anyViewContainsCanCreateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanCreateCustomViewPermission, s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views" @@ -667,7 +667,7 @@ trait APIMethods121 { allowed_actions = updateJsonV121.allowed_actions ) anyViewContainsCanUpdateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanUpdateCustomViewPermission, s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" @@ -713,7 +713,7 @@ trait APIMethods121 { _ <- NewStyle.function.customView(viewId, BankIdAccountId(bankId, accountId), callContext) anyViewContainsCanDeleteCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_DELETE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_DELETE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views", cc = callContext @@ -752,7 +752,7 @@ trait APIMethods121 { u <- cc.user ?~ UserNotLoggedIn account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission, s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views" @@ -796,8 +796,8 @@ trait APIMethods121 { loggedInUser <- cc.user ?~ UserNotLoggedIn account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound loggedInUserPermissionBox = Views.views.vend.permission(BankIdAccountId(bankId, accountId), loggedInUser) - anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) - .find(_.==(true)).getOrElse(false)).getOrElse(false) + anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER))) + .getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission, s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" diff --git a/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala b/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala index 129383913..7d8313150 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/JSONFactory1.2.1.scala @@ -407,6 +407,8 @@ object JSONFactory{ else "" + val allowed_actions = view.allowed_actions + new ViewJSONV121( id = view.viewId.value, short_name = stringOrNull(view.name), @@ -414,65 +416,65 @@ object JSONFactory{ is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), - can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), - can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), - can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), - can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), - can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), - can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), - can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), - can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), - can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), - can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), - can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), - can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), - can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), - can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), - can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), - can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), - can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), - can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), - can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), - can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), - can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), - can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), - can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), - can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), - can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), - can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), - can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), - can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), - can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), - can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), - can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), - can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), - can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), - can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), - can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), - can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), - can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), - can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), - can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), - can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), - can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), - can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), - can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), - can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), - can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), - can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), - can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), - can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), - can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), - can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), - can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), - can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), - can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), - can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), - can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), - can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) + can_add_comment = allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_delete_comment = allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_delete_corporate_location = allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_see_bank_account_bank_name = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) ) } diff --git a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala index e100c508d..148605b09 100644 --- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala +++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala @@ -1050,7 +1050,7 @@ trait APIMethods200 { (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views", cc = callContext @@ -1092,8 +1092,8 @@ trait APIMethods200 { (bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound // Check bank exists. account <- BankAccountX(bank.bankId, accountId) ?~! {ErrorMessages.AccountNotFound} // Check Account exists. loggedInUserPermissionBox = Views.views.vend.permission(BankIdAccountId(bankId, accountId), loggedInUser) - anyViewContainsCanSeePermissionForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.allowed_actions.exists( _ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) - .find(_.==(true)).getOrElse(false)).getOrElse(false) + anyViewContainsCanSeePermissionForOneUserPermission = loggedInUserPermissionBox.map(_.views.map(_.allowed_actions.exists( _ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER))) + .getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeePermissionForOneUserPermission, diff --git a/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala b/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala index a28849d92..0b271e328 100644 --- a/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala +++ b/obp-api/src/main/scala/code/api/v2_1_0/JSONFactory2.1.0.scala @@ -793,6 +793,7 @@ object JSONFactory210{ else "" + val allowed_actions = view.allowed_actions new ViewJSON( id = view.viewId.value, short_name = stringOrNull(view.name), @@ -800,66 +801,66 @@ object JSONFactory210{ is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), - can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), - can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), - can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), - can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), - can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), - can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), - can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), - can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), - can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), - can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), - can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), - can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), - can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), - can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), - can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), - can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), - can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), - can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), - can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), - can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), - can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), - can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), - can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), - can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), - can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), - can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), - can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), - can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), - can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), - can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), - can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), - can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), - can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), - can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), - can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), - can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), - can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), - can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), - can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), - can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), - can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), - can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), - can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), - can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), - can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), - can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), - can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), - can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), - can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), - can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), - can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), - can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), - can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), - can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), - can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), - can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), - can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) + can_add_comment = allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_add_counterparty = allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_comment = allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_delete_corporate_location = allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_see_bank_account_bank_name = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) ) } diff --git a/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala b/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala index c0f649796..dcc955b3f 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/JSONFactory2.2.0.scala @@ -384,6 +384,7 @@ object JSONFactory220 { else "" + val allowed_actions = view.allowed_actions new ViewJSONV220( id = view.viewId.value, short_name = stringOrNull(view.name), @@ -391,66 +392,66 @@ object JSONFactory220 { is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), - can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), - can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), - can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), - can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), - can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), - can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), - can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), - can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), - can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), - can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), - can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), - can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), - can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), - can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), - can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), - can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), - can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), - can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), - can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), - can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), - can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), - can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), - can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), - can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), - can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), - can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), - can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), - can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), - can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), - can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), - can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), - can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), - can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), - can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), - can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), - can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), - can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), - can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), - can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), - can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), - can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), - can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), - can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), - can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), - can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), - can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), - can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), - can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), - can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), - can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), - can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), - can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), - can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), - can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), - can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), - can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), - can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) + can_add_comment = allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_add_counterparty = allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_comment = allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_delete_corporate_location = allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_see_bank_account_bank_name = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = allowed_actions.exists(_ == CAN_SEE_WHERE_TAG) ) } diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index c75b91a52..750ef0d8c 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -210,7 +210,7 @@ trait APIMethods300 { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) anyViewContainsCanCreateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views", @@ -250,7 +250,7 @@ trait APIMethods300 { (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) anyViewContainsCanSeePermissionForOneUserPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), loggedInUser) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views", cc = callContext @@ -316,7 +316,7 @@ trait APIMethods300 { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) anyViewContainsCancanUpdateCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views", diff --git a/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala b/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala index 90360ec62..838584229 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala @@ -730,6 +730,7 @@ object JSONFactory300{ else "" + val allowed_actions = view.allowed_actions ViewJsonV300( id = view.viewId.value, short_name = stringOrNull(view.name), @@ -739,81 +740,81 @@ object JSONFactory300{ is_system = view.isSystem, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), - can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), - can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), - can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), - can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), - can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), - can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), - can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), - can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), - can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), - can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), - can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), - can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), - can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), - can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), - can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), - can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), - can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), - can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), - can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), - can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), - can_query_available_funds = view.allowed_actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS), - can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), - can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), - can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), - can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), - can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), - can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), - can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), - can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), - can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), - can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), - can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), - can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), - can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), - can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), - can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), - can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), - can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), - can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), - can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), - can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), - can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), - can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), - can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), - can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), - can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), - can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), - can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), - can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), - can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), - can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), - can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), - can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), - can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), - can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), - can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), - can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), - can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG), + can_add_comment = allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_delete_comment = allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_add_counterparty = allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_corporate_location = allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_query_available_funds = allowed_actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS), + can_see_bank_account_bank_name = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = allowed_actions.exists(_ == CAN_SEE_WHERE_TAG), //V300 new - can_see_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME), - can_see_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS), - can_see_bank_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME), - can_see_bank_account_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS), - can_see_other_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME), - can_see_other_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS), - can_see_other_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME), - can_see_other_account_routing_address= view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS), - can_add_transaction_request_to_own_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT), //added following two for payments - can_add_transaction_request_to_any_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT), - can_see_bank_account_credit_limit = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT), - can_create_direct_debit = view.allowed_actions.exists(_ == CAN_CREATE_DIRECT_DEBIT), - can_create_standing_order = view.allowed_actions.exists(_ == CAN_CREATE_STANDING_ORDER) + can_see_bank_routing_scheme = allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME), + can_see_bank_routing_address = allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS), + can_see_bank_account_routing_scheme = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME), + can_see_bank_account_routing_address = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS), + can_see_other_bank_routing_scheme = allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME), + can_see_other_bank_routing_address = allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS), + can_see_other_account_routing_scheme = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME), + can_see_other_account_routing_address= allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS), + can_add_transaction_request_to_own_account = allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT), //added following two for payments + can_add_transaction_request_to_any_account = allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT), + can_see_bank_account_credit_limit = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT), + can_create_direct_debit = allowed_actions.exists(_ == CAN_CREATE_DIRECT_DEBIT), + can_create_standing_order = allowed_actions.exists(_ == CAN_CREATE_STANDING_ORDER) ) } def createBasicViewJSON(view : View) : BasicViewJson = { diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index c5bdea210..3b646d308 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -1014,7 +1014,7 @@ trait APIMethods400 extends MdcLoggable { "POST", "/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/TRANSACTION_REQUEST_TYPE/transaction-requests/TRANSACTION_REQUEST_ID/challenge", "Answer Transaction Request Challenge", - """In Sandbox mode, any string that can be converted to a positive integer will be accepted as an answer. + s"""In Sandbox mode, any string that can be converted to a positive integer will be accepted as an answer. | |This endpoint totally depends on createTransactionRequest, it need get the following data from createTransactionRequest response body. | @@ -1051,7 +1051,7 @@ trait APIMethods400 extends MdcLoggable { | |Rule for calculating number of security challenges: |If Product Account attribute REQUIRED_CHALLENGE_ANSWERS=N then create N challenges - |(one for every user that has a View where permission "can_add_transaction_request_to_any_account"=true) + |(one for every user that has a View where permission $CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT=true) |In the case REQUIRED_CHALLENGE_ANSWERS is not defined as an account attribute, the default number of security challenges created is one. | """.stripMargin, @@ -2305,7 +2305,7 @@ trait APIMethods400 extends MdcLoggable { json.extract[UpdateAccountJsonV400] } anyViewContainsCanUpdateBankAccountLabelPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) - .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)).find(_.==(true)).getOrElse(false)).getOrElse(false) + .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", cc = callContext diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 0427e7ccf..35e2bc52e 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -986,9 +986,9 @@ trait APIMethods500 { val vrpViewId = s"_vrp-${UUID.randomUUID.toString}".dropRight(5)// to make sure the length of the viewId is 36. val targetPermissions = List(//may need getTransactionRequest . so far only these payments. - "can_add_transaction_request_to_beneficiary", - "can_get_counterparty", - "can_see_transaction_requests" + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY, + CAN_GET_COUNTERPARTY, + CAN_SEE_TRANSACTION_REQUESTS, ) val targetCreateCustomViewJson = CreateCustomViewJson( diff --git a/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala b/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala index 340bb9828..73b2115c3 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/JSONFactory5.0.0.scala @@ -810,6 +810,8 @@ object JSONFactory500 { } def createViewJsonV500(view : View) : ViewJsonV500 = { + val allowed_actions = view.allowed_actions + val alias = if(view.usePublicAliasIfOneExists) "public" @@ -828,81 +830,81 @@ object JSONFactory500 { is_firehose = Some(view.isFirehose), alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - can_add_comment = view.allowed_actions.exists(_ == CAN_ADD_COMMENT), - can_add_corporate_location = view.allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), - can_add_image = view.allowed_actions.exists(_ == CAN_ADD_IMAGE), - can_add_image_url = view.allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), - can_add_more_info = view.allowed_actions.exists(_ == CAN_ADD_MORE_INFO), - can_add_open_corporates_url = view.allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), - can_add_physical_location = view.allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), - can_add_private_alias = view.allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), - can_add_public_alias = view.allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), - can_add_tag = view.allowed_actions.exists(_ == CAN_ADD_TAG), - can_add_url = view.allowed_actions.exists(_ == CAN_ADD_URL), - can_add_where_tag = view.allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), - can_delete_comment = view.allowed_actions.exists(_ == CAN_DELETE_COMMENT), - can_add_counterparty = view.allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), - can_delete_corporate_location = view.allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), - can_delete_image = view.allowed_actions.exists(_ == CAN_DELETE_IMAGE), - can_delete_physical_location = view.allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), - can_delete_tag = view.allowed_actions.exists(_ == CAN_DELETE_TAG), - can_delete_where_tag = view.allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), - can_edit_owner_comment = view.allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), - can_see_bank_account_balance = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), - can_query_available_funds = view.allowed_actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS), - can_see_bank_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), - can_see_bank_account_currency = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), - can_see_bank_account_iban = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), - can_see_bank_account_label = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), - can_see_bank_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_bank_account_number = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), - can_see_bank_account_owners = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), - can_see_bank_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), - can_see_bank_account_type = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), - can_see_comments = view.allowed_actions.exists(_ == CAN_SEE_COMMENTS), - can_see_corporate_location = view.allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), - can_see_image_url = view.allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), - can_see_images = view.allowed_actions.exists(_ == CAN_SEE_IMAGES), - can_see_more_info = view.allowed_actions.exists(_ == CAN_SEE_MORE_INFO), - can_see_open_corporates_url = view.allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), - can_see_other_account_bank_name = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), - can_see_other_account_iban = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), - can_see_other_account_kind = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), - can_see_other_account_metadata = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), - can_see_other_account_national_identifier = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), - can_see_other_account_number = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), - can_see_other_account_swift_bic = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), - can_see_owner_comment = view.allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), - can_see_physical_location = view.allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), - can_see_private_alias = view.allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), - can_see_public_alias = view.allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), - can_see_tags = view.allowed_actions.exists(_ == CAN_SEE_TAGS), - can_see_transaction_amount = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), - can_see_transaction_balance = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), - can_see_transaction_currency = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), - can_see_transaction_description = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), - can_see_transaction_finish_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), - can_see_transaction_metadata = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), - can_see_transaction_other_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), - can_see_transaction_start_date = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), - can_see_transaction_this_bank_account = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), - can_see_transaction_type = view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), - can_see_url = view.allowed_actions.exists(_ == CAN_SEE_URL), - can_see_where_tag = view.allowed_actions.exists(_ == CAN_SEE_WHERE_TAG), + can_add_comment = allowed_actions.exists(_ == CAN_ADD_COMMENT), + can_add_corporate_location = allowed_actions.exists(_ == CAN_ADD_CORPORATE_LOCATION), + can_add_image = allowed_actions.exists(_ == CAN_ADD_IMAGE), + can_add_image_url = allowed_actions.exists(_ == CAN_ADD_IMAGE_URL), + can_add_more_info = allowed_actions.exists(_ == CAN_ADD_MORE_INFO), + can_add_open_corporates_url = allowed_actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), + can_add_physical_location = allowed_actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), + can_add_private_alias = allowed_actions.exists(_ == CAN_ADD_PRIVATE_ALIAS), + can_add_public_alias = allowed_actions.exists(_ == CAN_ADD_PUBLIC_ALIAS), + can_add_tag = allowed_actions.exists(_ == CAN_ADD_TAG), + can_add_url = allowed_actions.exists(_ == CAN_ADD_URL), + can_add_where_tag = allowed_actions.exists(_ == CAN_ADD_WHERE_TAG), + can_delete_comment = allowed_actions.exists(_ == CAN_DELETE_COMMENT), + can_add_counterparty = allowed_actions.exists(_ == CAN_ADD_COUNTERPARTY), + can_delete_corporate_location = allowed_actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), + can_delete_image = allowed_actions.exists(_ == CAN_DELETE_IMAGE), + can_delete_physical_location = allowed_actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), + can_delete_tag = allowed_actions.exists(_ == CAN_DELETE_TAG), + can_delete_where_tag = allowed_actions.exists(_ == CAN_DELETE_WHERE_TAG), + can_edit_owner_comment = allowed_actions.exists(_ == CAN_EDIT_OWNER_COMMENT), + can_see_bank_account_balance = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE), + can_query_available_funds = allowed_actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS), + can_see_bank_account_bank_name = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME), + can_see_bank_account_currency = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY), + can_see_bank_account_iban = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN), + can_see_bank_account_label = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL), + can_see_bank_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_bank_account_number = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER), + can_see_bank_account_owners = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS), + can_see_bank_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC), + can_see_bank_account_type = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE), + can_see_comments = allowed_actions.exists(_ == CAN_SEE_COMMENTS), + can_see_corporate_location = allowed_actions.exists(_ == CAN_SEE_CORPORATE_LOCATION), + can_see_image_url = allowed_actions.exists(_ == CAN_SEE_IMAGE_URL), + can_see_images = allowed_actions.exists(_ == CAN_SEE_IMAGES), + can_see_more_info = allowed_actions.exists(_ == CAN_SEE_MORE_INFO), + can_see_open_corporates_url = allowed_actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), + can_see_other_account_bank_name = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME), + can_see_other_account_iban = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN), + can_see_other_account_kind = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND), + can_see_other_account_metadata = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA), + can_see_other_account_national_identifier = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER), + can_see_other_account_number = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER), + can_see_other_account_swift_bic = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC), + can_see_owner_comment = allowed_actions.exists(_ == CAN_SEE_OWNER_COMMENT), + can_see_physical_location = allowed_actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), + can_see_private_alias = allowed_actions.exists(_ == CAN_SEE_PRIVATE_ALIAS), + can_see_public_alias = allowed_actions.exists(_ == CAN_SEE_PUBLIC_ALIAS), + can_see_tags = allowed_actions.exists(_ == CAN_SEE_TAGS), + can_see_transaction_amount = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT), + can_see_transaction_balance = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE), + can_see_transaction_currency = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY), + can_see_transaction_description = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION), + can_see_transaction_finish_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE), + can_see_transaction_metadata = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_METADATA), + can_see_transaction_other_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT), + can_see_transaction_start_date = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE), + can_see_transaction_this_bank_account = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT), + can_see_transaction_type = allowed_actions.exists(_ == CAN_SEE_TRANSACTION_TYPE), + can_see_url = allowed_actions.exists(_ == CAN_SEE_URL), + can_see_where_tag = allowed_actions.exists(_ == CAN_SEE_WHERE_TAG), //V300 new - can_see_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME), - can_see_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS), - can_see_bank_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME), - can_see_bank_account_routing_address = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS), - can_see_other_bank_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME), - can_see_other_bank_routing_address = view.allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS), - can_see_other_account_routing_scheme = view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME), - can_see_other_account_routing_address= view.allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS), - can_add_transaction_request_to_own_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT), //added following two for payments - can_add_transaction_request_to_any_account = view.allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT), - can_see_bank_account_credit_limit = view.allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT), - can_create_direct_debit = view.allowed_actions.exists(_ == CAN_CREATE_DIRECT_DEBIT), - can_create_standing_order = view.allowed_actions.exists(_ == CAN_CREATE_STANDING_ORDER), + can_see_bank_routing_scheme = allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME), + can_see_bank_routing_address = allowed_actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS), + can_see_bank_account_routing_scheme = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME), + can_see_bank_account_routing_address = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS), + can_see_other_bank_routing_scheme = allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME), + can_see_other_bank_routing_address = allowed_actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS), + can_see_other_account_routing_scheme = allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME), + can_see_other_account_routing_address= allowed_actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS), + can_add_transaction_request_to_own_account = allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT), //added following two for payments + can_add_transaction_request_to_any_account = allowed_actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT), + can_see_bank_account_credit_limit = allowed_actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT), + can_create_direct_debit = allowed_actions.exists(_ == CAN_CREATE_DIRECT_DEBIT), + can_create_standing_order = allowed_actions.exists(_ == CAN_CREATE_STANDING_ORDER), // Version 5.0.0 can_grant_access_to_views = view.canGrantAccessToViews.getOrElse(Nil), can_revoke_access_to_views = view.canRevokeAccessToViews.getOrElse(Nil), diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala index f3fa9d7a0..19fcd715f 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala @@ -4719,7 +4719,8 @@ object LocalMappedConnector extends Connector with MdcLoggable { for ( permission <- Views.views.vend.permissions(BankIdAccountId(bankId, accountId)) ) yield { - permission.views.exists(_.allowed_actions.exists( _ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) match { + permission.views.exists(view =>view.view.allowed_actions.exists( _ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) + match { case true => Some(permission.user) case _ => None } diff --git a/obp-api/src/main/scala/code/model/View.scala b/obp-api/src/main/scala/code/model/View.scala index bd9dcc8fa..ddd4de222 100644 --- a/obp-api/src/main/scala/code/model/View.scala +++ b/obp-api/src/main/scala/code/model/View.scala @@ -67,60 +67,60 @@ case class ViewExtended(val view: View) { //transaction metadata val transactionMetadata = - if(viewPermissions.exists(_ == "canSeeTransactionMetadata")) + if(viewPermissions.exists(_ == CAN_SEE_TRANSACTION_METADATA)) { - val ownerComment = if (viewPermissions.exists(_ == "canSeeOwnerComment")) Some(transaction.metadata.ownerComment()) else None + val ownerComment = if (viewPermissions.exists(_ == CAN_SEE_OWNER_COMMENT)) Some(transaction.metadata.ownerComment()) else None val comments = - if (viewPermissions.exists(_ == "canSeeComments")) + if (viewPermissions.exists(_ == CAN_SEE_COMMENTS)) Some(transaction.metadata.comments(view.viewId)) else None - val addCommentFunc= if(viewPermissions.exists(_ == "canAddComment")) Some(transaction.metadata.addComment) else None + val addCommentFunc= if(viewPermissions.exists(_ == CAN_ADD_COMMENT)) Some(transaction.metadata.addComment) else None val deleteCommentFunc = - if(viewPermissions.exists(_ == "canDeleteComment")) + if(viewPermissions.exists(_ == CAN_DELETE_COMMENT)) Some(transaction.metadata.deleteComment) else None - val addOwnerCommentFunc:Option[String=> Boolean] = if (viewPermissions.exists(_ == "canEditOwnerComment")) Some(transaction.metadata.addOwnerComment) else None + val addOwnerCommentFunc:Option[String=> Boolean] = if (viewPermissions.exists(_ == CAN_EDIT_OWNER_COMMENT)) Some(transaction.metadata.addOwnerComment) else None val tags = - if(viewPermissions.exists(_ == "canSeeTags")) + if(viewPermissions.exists(_ == CAN_SEE_TAGS)) Some(transaction.metadata.tags(view.viewId)) else None val addTagFunc = - if(viewPermissions.exists(_ == "canAddTag")) + if(viewPermissions.exists(_ == CAN_ADD_TAG)) Some(transaction.metadata.addTag) else None val deleteTagFunc = - if(viewPermissions.exists(_ == "canDeleteTag")) + if(viewPermissions.exists(_ == CAN_DELETE_TAG)) Some(transaction.metadata.deleteTag) else None val images = - if(viewPermissions.exists(_ == "canSeeImages")) Some(transaction.metadata.images(view.viewId)) + if(viewPermissions.exists(_ == CAN_SEE_IMAGES)) Some(transaction.metadata.images(view.viewId)) else None val addImageFunc = - if(viewPermissions.exists(_ == "canAddImage")) Some(transaction.metadata.addImage) + if(viewPermissions.exists(_ == CAN_ADD_IMAGE)) Some(transaction.metadata.addImage) else None val deleteImageFunc = - if(viewPermissions.exists(_ == "canDeleteImage")) Some(transaction.metadata.deleteImage) + if(viewPermissions.exists(_ == CAN_DELETE_IMAGE)) Some(transaction.metadata.deleteImage) else None val whereTag = - if(viewPermissions.exists(_ == "canSeeWhereTag")) + if(viewPermissions.exists(_ == CAN_SEE_WHERE_TAG)) Some(transaction.metadata.whereTags(view.viewId)) else None val addWhereTagFunc : Option[(UserPrimaryKey, ViewId, Date, Double, Double) => Boolean] = - if(viewPermissions.exists(_ == "canAddWhereTag")) + if(viewPermissions.exists(_ == CAN_ADD_WHERE_TAG)) Some(transaction.metadata.addWhereTag) else Empty val deleteWhereTagFunc : Option[(ViewId) => Boolean] = - if (viewPermissions.exists(_ == "canDeleteWhereTag")) + if (viewPermissions.exists(_ == CAN_DELETE_WHERE_TAG)) Some(transaction.metadata.deleteWhereTag) else Empty @@ -149,35 +149,35 @@ case class ViewExtended(val view: View) { None val transactionType = - if (viewPermissions.exists(_ == "canSeeTransactionType")) Some(transaction.transactionType) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_TYPE)) Some(transaction.transactionType) else None val transactionAmount = - if (viewPermissions.exists(_ == "canSeeTransactionAmount")) Some(transaction.amount) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT)) Some(transaction.amount) else None val transactionCurrency = - if (viewPermissions.exists(_ == "canSeeTransactionCurrency")) Some(transaction.currency) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY)) Some(transaction.currency) else None val transactionDescription = - if (viewPermissions.exists(_ == "canSeeTransactionDescription")) transaction.description + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION)) transaction.description else None val transactionStartDate = - if (viewPermissions.exists(_ == "canSeeTransactionStartDate")) Some(transaction.startDate) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_START_DATE)) Some(transaction.startDate) else None val transactionFinishDate = - if (viewPermissions.exists(_ == "canSeeTransactionFinishDate")) Some(transaction.finishDate) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE)) Some(transaction.finishDate) else None val transactionBalance = - if (viewPermissions.exists(_ == "canSeeTransactionBalance") && transaction.balance != null) transaction.balance.toString() + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_BALANCE) && transaction.balance != null) transaction.balance.toString() else "" val transactionStatus = - if (viewPermissions.exists(_ == "canSeeTransactionStatus")) transaction.status + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_STATUS)) transaction.status else "" new ModeratedTransaction( @@ -223,31 +223,31 @@ case class ViewExtended(val view: View) { val otherBankAccount = moderateCore(transactionCore.otherAccount) val transactionType = - if (viewPermissions.exists(_ == "canSeeTransactionType")) Some(transactionCore.transactionType) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_TYPE)) Some(transactionCore.transactionType) else None val transactionAmount = - if (viewPermissions.exists(_ == "canSeeTransactionAmount")) Some(transactionCore.amount) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT)) Some(transactionCore.amount) else None val transactionCurrency = - if (viewPermissions.exists(_ == "canSeeTransactionCurrency")) Some(transactionCore.currency) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY)) Some(transactionCore.currency) else None val transactionDescription = - if (viewPermissions.exists(_ == "canSeeTransactionDescription")) transactionCore.description + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_DESCRIPTION)) transactionCore.description else None val transactionStartDate = - if (viewPermissions.exists(_ == "canSeeTransactionStartDate")) Some(transactionCore.startDate) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_START_DATE)) Some(transactionCore.startDate) else None val transactionFinishDate = - if (viewPermissions.exists(_ == "canSeeTransactionFinishDate")) Some(transactionCore.finishDate) + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE)) Some(transactionCore.finishDate) else None val transactionBalance = - if (viewPermissions.exists(_ == "canSeeTransactionBalance") && transactionCore.balance != null) transactionCore.balance.toString() + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_BALANCE) && transactionCore.balance != null) transactionCore.balance.toString() else "" new ModeratedTransactionCore( @@ -327,27 +327,27 @@ case class ViewExtended(val view: View) { def moderateAccount(bank: Bank, bankAccount: BankAccount) : Box[ModeratedBankAccount] = { val viewPermissions = getViewPermissions - if(viewPermissions.exists(_ == "canSeeTransactionThisBankAccount")) + if(viewPermissions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)) { - val owners : Set[User] = if(viewPermissions.exists(_ == "canSeeBankAccountOwners")) bankAccount.userOwners else Set() - val balance = if(viewPermissions.exists(_ == "canSeeBankAccountBalance") && bankAccount.balance != null) bankAccount.balance.toString else "" - val accountType = if(viewPermissions.exists(_ == "canSeeBankAccountType")) Some(bankAccount.accountType) else None - val currency = if(viewPermissions.exists(_ == "canSeeBankAccountCurrency")) Some(bankAccount.currency) else None - val label = if (viewPermissions.exists(_ == "canSeeBankAccountLabel")) Some(bankAccount.label) else None - val iban = if (viewPermissions.exists(_ == "canSeeBankAccountIban")) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None - val number = if (viewPermissions.exists(_ == "canSeeBankAccountNumber")) Some(bankAccount.number) else None + val owners : Set[User] = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS)) bankAccount.userOwners else Set() + val balance = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE) && bankAccount.balance != null) bankAccount.balance.toString else "" + val accountType = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE)) Some(bankAccount.accountType) else None + val currency = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY)) Some(bankAccount.currency) else None + val label = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL)) Some(bankAccount.label) else None + val iban = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN)) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None + val number = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER)) Some(bankAccount.number) else None //From V300, use scheme and address stuff... - val accountRoutingScheme = if (viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme")) bankAccount.accountRoutings.headOption.map(_.scheme) else None - val accountRoutingAddress = if (viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings.headOption.map(_.address) else None - val accountRoutings = if (viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme") && viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings else Nil - val accountRules = if (viewPermissions.exists(_ == "canSeeBankAccountCreditLimit")) bankAccount.accountRules else Nil + val accountRoutingScheme = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME)) bankAccount.accountRoutings.headOption.map(_.scheme) else None + val accountRoutingAddress = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) bankAccount.accountRoutings.headOption.map(_.address) else None + val accountRoutings = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME) && viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) bankAccount.accountRoutings else Nil + val accountRules = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT)) bankAccount.accountRules else Nil //followings are from the bank object. val bankId = bank.bankId - val bankName = if (viewPermissions.exists(_ == "canSeeBankAccountBankName")) Some(bank.fullName) else None - val nationalIdentifier = if (viewPermissions.exists(_ == "canSeeBankAccountNationalIdentifier")) Some(bank.nationalIdentifier) else None - val bankRoutingScheme = if (viewPermissions.exists(_ == "canSeeBankRoutingScheme")) Some(bank.bankRoutingScheme) else None - val bankRoutingAddress = if (viewPermissions.exists(_ == "canSeeBankRoutingAddress")) Some(bank.bankRoutingAddress) else None + val bankName = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME)) Some(bank.fullName) else None + val nationalIdentifier = if (viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER)) Some(bank.nationalIdentifier) else None + val bankRoutingScheme = if (viewPermissions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME)) Some(bank.bankRoutingScheme) else None + val bankRoutingAddress = if (viewPermissions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS)) Some(bank.bankRoutingAddress) else None Some( new ModeratedBankAccount( @@ -381,25 +381,25 @@ case class ViewExtended(val view: View) { def moderateAccountLegacy(bankAccount: BankAccount) : Box[ModeratedBankAccount] = { val viewPermissions = getViewPermissions - if(viewPermissions.exists(_ == "canSeeTransactionThisBankAccount")) + if(viewPermissions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)) { - val owners : Set[User] = if(viewPermissions.exists(_ == "canSeeBankAccountOwners")) bankAccount.userOwners else Set() - val balance = if(viewPermissions.exists(_ == "canSeeBankAccountBalance") && bankAccount.balance !=null) bankAccount.balance.toString else "" - val accountType = if(viewPermissions.exists(_ == "canSeeBankAccountType")) Some(bankAccount.accountType) else None - val currency = if(viewPermissions.exists(_ == "canSeeBankAccountCurrency")) Some(bankAccount.currency) else None - val label = if(viewPermissions.exists(_ == "canSeeBankAccountLabel")) Some(bankAccount.label) else None - val nationalIdentifier = if(viewPermissions.exists(_ == "canSeeBankAccountNationalIdentifier")) Some(bankAccount.nationalIdentifier) else None - val iban = if(viewPermissions.exists(_ == "canSeeBankAccountIban")) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None - val number = if(viewPermissions.exists(_ == "canSeeBankAccountNumber")) Some(bankAccount.number) else None - val bankName = if(viewPermissions.exists(_ == "canSeeBankAccountBankName")) Some(bankAccount.bankName) else None + val owners : Set[User] = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS)) bankAccount.userOwners else Set() + val balance = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE) && bankAccount.balance !=null) bankAccount.balance.toString else "" + val accountType = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE)) Some(bankAccount.accountType) else None + val currency = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY)) Some(bankAccount.currency) else None + val label = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL)) Some(bankAccount.label) else None + val nationalIdentifier = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER)) Some(bankAccount.nationalIdentifier) else None + val iban = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN)) bankAccount.accountRoutings.find(_.scheme == AccountRoutingScheme.IBAN.toString).map(_.address) else None + val number = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER)) Some(bankAccount.number) else None + val bankName = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME)) Some(bankAccount.bankName) else None val bankId = bankAccount.bankId //From V300, use scheme and address stuff... - val bankRoutingScheme = if(viewPermissions.exists(_ == "canSeeBankRoutingScheme")) Some(bankAccount.bankRoutingScheme) else None - val bankRoutingAddress = if(viewPermissions.exists(_ == "canSeeBankRoutingAddress")) Some(bankAccount.bankRoutingAddress) else None - val accountRoutingScheme = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme")) bankAccount.accountRoutings.headOption.map(_.scheme) else None - val accountRoutingAddress = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings.headOption.map(_.address) else None - val accountRoutings = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme") && viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings else Nil - val accountRules = if(viewPermissions.exists(_ == "canSeeBankAccountCreditLimit")) bankAccount.accountRules else Nil + val bankRoutingScheme = if(viewPermissions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME)) Some(bankAccount.bankRoutingScheme) else None + val bankRoutingAddress = if(viewPermissions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS)) Some(bankAccount.bankRoutingAddress) else None + val accountRoutingScheme = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME)) bankAccount.accountRoutings.headOption.map(_.scheme) else None + val accountRoutingAddress = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) bankAccount.accountRoutings.headOption.map(_.address) else None + val accountRoutings = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME) && viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) bankAccount.accountRoutings else Nil + val accountRules = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT)) bankAccount.accountRules else Nil Some( new ModeratedBankAccount( @@ -429,19 +429,19 @@ case class ViewExtended(val view: View) { def moderateAccountCore(bankAccount: BankAccount) : Box[ModeratedBankAccountCore] = { val viewPermissions = getViewPermissions - - if(viewPermissions.exists(_ == "canSeeTransactionThisBankAccount")) + + if(viewPermissions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)) { - val owners : Set[User] = if(viewPermissions.exists(_ == "canSeeBankAccountOwners")) bankAccount.userOwners else Set() - val balance = if(viewPermissions.exists(_ == "canSeeBankAccountBalance") && bankAccount.balance != null) Some(bankAccount.balance.toString) else None - val accountType = if(viewPermissions.exists(_ == "canSeeBankAccountType")) Some(bankAccount.accountType) else None - val currency = if(viewPermissions.exists(_ == "canSeeBankAccountCurrency")) Some(bankAccount.currency) else None - val label = if(viewPermissions.exists(_ == "canSeeBankAccountLabel")) Some(bankAccount.label) else None - val number = if(viewPermissions.exists(_ == "canSeeBankAccountNumber")) Some(bankAccount.number) else None + val owners : Set[User] = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS)) bankAccount.userOwners else Set() + val balance = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE) && bankAccount.balance != null) Some(bankAccount.balance.toString) else None + val accountType = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE)) Some(bankAccount.accountType) else None + val currency = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY)) Some(bankAccount.currency) else None + val label = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL)) Some(bankAccount.label) else None + val number = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER)) Some(bankAccount.number) else None val bankId = bankAccount.bankId //From V300, use scheme and address stuff... - val accountRoutings = if(viewPermissions.exists(_ == "canSeeBankAccountRoutingScheme") && viewPermissions.exists(_ == "canSeeBankAccountRoutingAddress")) bankAccount.accountRoutings else Nil - val accountRules = if(viewPermissions.exists(_ == "canSeeBankAccountCreditLimit")) bankAccount.accountRules else Nil + val accountRoutings = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME) && viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) bankAccount.accountRoutings else Nil + val accountRules = if(viewPermissions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT)) bankAccount.accountRules else Nil Some( ModeratedBankAccountCore( @@ -465,8 +465,8 @@ case class ViewExtended(val view: View) { // Moderate the Counterparty side of the Transaction (i.e. the Other Account involved in the transaction) def moderateOtherAccount(otherBankAccount : Counterparty) : Box[ModeratedOtherBankAccount] = { val viewPermissions = getViewPermissions - - if (viewPermissions.exists(_ == "canSeeTransactionOtherBankAccount")) + + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)) { //other account data val otherAccountId = otherBankAccount.counterpartyId @@ -507,37 +507,37 @@ case class ViewExtended(val view: View) { } implicit def optionStringToString(x : Option[String]) : String = x.getOrElse("") - val otherAccountNationalIdentifier = if(viewPermissions.exists(_ == "canSeeOtherAccountNationalIdentifier")) Some(otherBankAccount.nationalIdentifier) else None - val otherAccountSWIFT_BIC = if(viewPermissions.exists(_ == "canSeeOtherAccountSWIFT_BIC")) otherBankAccount.otherBankRoutingAddress else None - val otherAccountIBAN = if(viewPermissions.exists(_ == "canSeeOtherAccountIBAN")) otherBankAccount.otherAccountRoutingAddress else None - val otherAccountBankName = if(viewPermissions.exists(_ == "canSeeOtherAccountBankName")) Some(otherBankAccount.thisBankId.value) else None - val otherAccountNumber = if(viewPermissions.exists(_ == "canSeeOtherAccountNumber")) Some(otherBankAccount.thisAccountId.value) else None - val otherAccountKind = if(viewPermissions.exists(_ == "canSeeOtherAccountKind")) Some(otherBankAccount.kind) else None - val otherBankRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingScheme")) Some(otherBankAccount.otherBankRoutingScheme) else None - val otherBankRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingAddress")) otherBankAccount.otherBankRoutingAddress else None - val otherAccountRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingScheme")) Some(otherBankAccount.otherAccountRoutingScheme) else None - val otherAccountRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingAddress")) otherBankAccount.otherAccountRoutingAddress else None + val otherAccountNationalIdentifier = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER)) Some(otherBankAccount.nationalIdentifier) else None + val otherAccountSWIFT_BIC = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC)) otherBankAccount.otherBankRoutingAddress else None + val otherAccountIBAN = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN)) otherBankAccount.otherAccountRoutingAddress else None + val otherAccountBankName = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME)) Some(otherBankAccount.thisBankId.value) else None + val otherAccountNumber = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER)) Some(otherBankAccount.thisAccountId.value) else None + val otherAccountKind = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND)) Some(otherBankAccount.kind) else None + val otherBankRoutingScheme = if(viewPermissions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME)) Some(otherBankAccount.otherBankRoutingScheme) else None + val otherBankRoutingAddress = if(viewPermissions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS)) otherBankAccount.otherBankRoutingAddress else None + val otherAccountRoutingScheme = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME)) Some(otherBankAccount.otherAccountRoutingScheme) else None + val otherAccountRoutingAddress = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS)) otherBankAccount.otherAccountRoutingAddress else None val otherAccountMetadata = - if(viewPermissions.exists(_ == "canSeeOtherAccountMetadata")){ + if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA)){ //other bank account metadata - val moreInfo = moderateField(viewPermissions.exists(_ == "canSeeMoreInfo"), Counterparties.counterparties.vend.getMoreInfo(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val url = moderateField(viewPermissions.exists(_ == "canSeeUrl"), Counterparties.counterparties.vend.getUrl(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val imageUrl = moderateField(viewPermissions.exists(_ == "canSeeImageUrl"), Counterparties.counterparties.vend.getImageURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val openCorporatesUrl = moderateField (viewPermissions.exists(_ == "canSeeOpenCorporatesUrl"), Counterparties.counterparties.vend.getOpenCorporatesURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val corporateLocation : Option[Option[GeoTag]] = moderateField(viewPermissions.exists(_ == "canSeeCorporateLocation"), Counterparties.counterparties.vend.getCorporateLocation(otherBankAccount.counterpartyId).toOption) - val physicalLocation : Option[Option[GeoTag]] = moderateField(viewPermissions.exists(_ == "canSeePhysicalLocation"), Counterparties.counterparties.vend.getPhysicalLocation(otherBankAccount.counterpartyId).toOption) - val addMoreInfo = moderateField(viewPermissions.exists(_ == "canAddMoreInfo"), otherBankAccount.metadata.addMoreInfo) - val addURL = moderateField(viewPermissions.exists(_ == "canAddURL"), otherBankAccount.metadata.addURL) - val addImageURL = moderateField(viewPermissions.exists(_ == "canAddImageURL"), otherBankAccount.metadata.addImageURL) - val addOpenCorporatesUrl = moderateField(viewPermissions.exists(_ == "canAddOpenCorporatesUrl"), otherBankAccount.metadata.addOpenCorporatesURL) - val addCorporateLocation = moderateField(viewPermissions.exists(_ == "canAddCorporateLocation"), otherBankAccount.metadata.addCorporateLocation) - val addPhysicalLocation = moderateField(viewPermissions.exists(_ == "canAddPhysicalLocation"), otherBankAccount.metadata.addPhysicalLocation) - val publicAlias = moderateField(viewPermissions.exists(_ == "canSeePublicAlias"), Counterparties.counterparties.vend.getPublicAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val privateAlias = moderateField(viewPermissions.exists(_ == "canSeePrivateAlias"), Counterparties.counterparties.vend.getPrivateAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) - val addPublicAlias = moderateField(viewPermissions.exists(_ == "canAddPublicAlias"), otherBankAccount.metadata.addPublicAlias) - val addPrivateAlias = moderateField(viewPermissions.exists(_ == "canAddPrivateAlias"), otherBankAccount.metadata.addPrivateAlias) - val deleteCorporateLocation = moderateField(viewPermissions.exists(_ == "canDeleteCorporateLocation"), otherBankAccount.metadata.deleteCorporateLocation) - val deletePhysicalLocation= moderateField(viewPermissions.exists(_ == "canDeletePhysicalLocation"), otherBankAccount.metadata.deletePhysicalLocation) + val moreInfo = moderateField(viewPermissions.exists(_ == CAN_SEE_MORE_INFO), Counterparties.counterparties.vend.getMoreInfo(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val url = moderateField(viewPermissions.exists(_ == CAN_SEE_URL), Counterparties.counterparties.vend.getUrl(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val imageUrl = moderateField(viewPermissions.exists(_ == CAN_SEE_IMAGE_URL), Counterparties.counterparties.vend.getImageURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val openCorporatesUrl = moderateField (viewPermissions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL), Counterparties.counterparties.vend.getOpenCorporatesURL(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val corporateLocation : Option[Option[GeoTag]] = moderateField(viewPermissions.exists(_ == CAN_SEE_CORPORATE_LOCATION), Counterparties.counterparties.vend.getCorporateLocation(otherBankAccount.counterpartyId).toOption) + val physicalLocation : Option[Option[GeoTag]] = moderateField(viewPermissions.exists(_ == CAN_SEE_PHYSICAL_LOCATION), Counterparties.counterparties.vend.getPhysicalLocation(otherBankAccount.counterpartyId).toOption) + val addMoreInfo = moderateField(viewPermissions.exists(_ == CAN_ADD_MORE_INFO), otherBankAccount.metadata.addMoreInfo) + val addURL = moderateField(viewPermissions.exists(_ == CAN_ADD_URL), otherBankAccount.metadata.addURL) + val addImageURL = moderateField(viewPermissions.exists(_ == CAN_ADD_IMAGE_URL), otherBankAccount.metadata.addImageURL) + val addOpenCorporatesUrl = moderateField(viewPermissions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL), otherBankAccount.metadata.addOpenCorporatesURL) + val addCorporateLocation = moderateField(viewPermissions.exists(_ == CAN_ADD_CORPORATE_LOCATION), otherBankAccount.metadata.addCorporateLocation) + val addPhysicalLocation = moderateField(viewPermissions.exists(_ == CAN_ADD_PHYSICAL_LOCATION), otherBankAccount.metadata.addPhysicalLocation) + val publicAlias = moderateField(viewPermissions.exists(_ == CAN_SEE_PUBLIC_ALIAS), Counterparties.counterparties.vend.getPublicAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val privateAlias = moderateField(viewPermissions.exists(_ == CAN_SEE_PRIVATE_ALIAS), Counterparties.counterparties.vend.getPrivateAlias(otherBankAccount.counterpartyId).getOrElse("Unknown")) + val addPublicAlias = moderateField(viewPermissions.exists(_ == CAN_ADD_PUBLIC_ALIAS), otherBankAccount.metadata.addPublicAlias) + val addPrivateAlias = moderateField(viewPermissions.exists(_ == CAN_ADD_PRIVATE_ALIAS), otherBankAccount.metadata.addPrivateAlias) + val deleteCorporateLocation = moderateField(viewPermissions.exists(_ == CAN_DELETE_CORPORATE_LOCATION), otherBankAccount.metadata.deleteCorporateLocation) + val deletePhysicalLocation= moderateField(viewPermissions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION), otherBankAccount.metadata.deletePhysicalLocation) Some( new ModeratedOtherBankAccountMetadata( @@ -589,8 +589,8 @@ case class ViewExtended(val view: View) { def moderateCore(counterpartyCore : CounterpartyCore) : Box[ModeratedOtherBankAccountCore] = { val viewPermissions = getViewPermissions - - if (viewPermissions.exists(_ == "canSeeTransactionOtherBankAccount")) + + if (viewPermissions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)) { //other account data val otherAccountId = counterpartyCore.counterpartyId @@ -609,15 +609,15 @@ case class ViewExtended(val view: View) { } implicit def optionStringToString(x : Option[String]) : String = x.getOrElse("") - val otherAccountSWIFT_BIC = if(viewPermissions.exists(_ == "canSeeOtherAccountSWIFT_BIC")) counterpartyCore.otherBankRoutingAddress else None - val otherAccountIBAN = if(viewPermissions.exists(_ == "canSeeOtherAccountIBAN")) counterpartyCore.otherAccountRoutingAddress else None - val otherAccountBankName = if(viewPermissions.exists(_ == "canSeeOtherAccountBankName")) Some(counterpartyCore.thisBankId.value) else None - val otherAccountNumber = if(viewPermissions.exists(_ == "canSeeOtherAccountNumber")) Some(counterpartyCore.thisAccountId.value) else None - val otherAccountKind = if(viewPermissions.exists(_ == "canSeeOtherAccountKind")) Some(counterpartyCore.kind) else None - val otherBankRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingScheme")) Some(counterpartyCore.otherBankRoutingScheme) else None - val otherBankRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherBankRoutingAddress")) counterpartyCore.otherBankRoutingAddress else None - val otherAccountRoutingScheme = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingScheme")) Some(counterpartyCore.otherAccountRoutingScheme) else None - val otherAccountRoutingAddress = if(viewPermissions.exists(_ == "canSeeOtherAccountRoutingAddress")) counterpartyCore.otherAccountRoutingAddress else None + val otherAccountSWIFT_BIC = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC)) counterpartyCore.otherBankRoutingAddress else None + val otherAccountIBAN = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN)) counterpartyCore.otherAccountRoutingAddress else None + val otherAccountBankName = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME)) Some(counterpartyCore.thisBankId.value) else None + val otherAccountNumber = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER)) Some(counterpartyCore.thisAccountId.value) else None + val otherAccountKind = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND)) Some(counterpartyCore.kind) else None + val otherBankRoutingScheme = if(viewPermissions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME)) Some(counterpartyCore.otherBankRoutingScheme) else None + val otherBankRoutingAddress = if(viewPermissions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS)) counterpartyCore.otherBankRoutingAddress else None + val otherAccountRoutingScheme = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME)) Some(counterpartyCore.otherAccountRoutingScheme) else None + val otherAccountRoutingAddress = if(viewPermissions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS)) counterpartyCore.otherAccountRoutingAddress else None Some( new ModeratedOtherBankAccountCore( id = counterpartyCore.counterpartyId, diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 6c6217dad..6f01d4edd 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -655,7 +655,7 @@ object MapperViews extends Views with MdcLoggable { permission.delete_! // If the permission already exists and permissionValueFromViewDefinition is defined, we update the metadata. case Full(permission) if permissionValueFromViewDefinition.isDefined => - permission.metaData(permissionValueFromViewDefinition.get.mkString(",")).save + permission.extraData(permissionValueFromViewDefinition.get.mkString(",")).save //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView case Empty if (viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => ViewPermission.create @@ -663,7 +663,7 @@ object MapperViews extends Views with MdcLoggable { .account_id(null) .view_id(viewDefinition.viewId.value) .permission(permissionName) - .metaData(permissionValueFromViewDefinition.get.mkString(",")) + .extraData(permissionValueFromViewDefinition.get.mkString(",")) .save //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView case Empty if (!viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => @@ -672,7 +672,7 @@ object MapperViews extends Views with MdcLoggable { .account_id(viewDefinition.accountId.value) .view_id(viewDefinition.viewId.value) .permission(permissionName) - .metaData(permissionValueFromViewDefinition.get.mkString(",")) + .extraData(permissionValueFromViewDefinition.get.mkString(",")) .save case _ => // This case should not happen, but if it does, we add an error log diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index a5f7312b5..43c0c627a 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -1,5 +1,6 @@ package code.views.system +import code.api.Constant._ import code.api.util.APIUtil.{isValidCustomViewId, isValidSystemViewId} import code.api.util.ErrorMessages.{CreateSystemViewError, InvalidCustomViewFormat, InvalidSystemViewFormat} import code.util.{AccountIdString, UUIDString} @@ -364,99 +365,99 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many val actions = viewData.allowed_actions if (isSystem) { //The following are admin permissions, only system views are allowed to use them. - canGrantAccessToCustomViews_(actions.exists(_ == "can_grant_access_to_custom_views")) - canRevokeAccessToCustomViews_(actions.exists(_ == "can_revoke_access_to_custom_views")) + canGrantAccessToCustomViews_(actions.exists(_ == CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS)) + canRevokeAccessToCustomViews_(actions.exists(_ == CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS)) canGrantAccessToViews_(viewData.can_grant_access_to_views.getOrElse(Nil).mkString(",")) canRevokeAccessToViews_(viewData.can_revoke_access_to_views.getOrElse(Nil).mkString(",")) - canCreateCustomView_(actions.exists(_ == "can_create_custom_view")) - canDeleteCustomView_(actions.exists(_ == "can_delete_custom_view")) - canUpdateCustomView_(actions.exists(_ == "can_update_custom_view")) + canCreateCustomView_(actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)) + canDeleteCustomView_(actions.exists(_ == CAN_DELETE_CUSTOM_VIEW)) + canUpdateCustomView_(actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)) } - - canSeeTransactionThisBankAccount_(actions.exists(_ =="can_see_transaction_this_bank_account")) - canSeeTransactionOtherBankAccount_(actions.exists(_ =="can_see_transaction_other_bank_account")) - canSeeTransactionMetadata_(actions.exists(_ == "can_see_transaction_metadata")) - canSeeTransactionDescription_(actions.exists(a => a == "can_see_transaction_label" || a == "can_see_transaction_description")) - canSeeTransactionAmount_(actions.exists(_ == "can_see_transaction_amount")) - canSeeTransactionType_(actions.exists(_ == "can_see_transaction_type")) - canSeeTransactionCurrency_(actions.exists(_ == "can_see_transaction_currency")) - canSeeTransactionStartDate_(actions.exists(_ == "can_see_transaction_start_date")) - canSeeTransactionFinishDate_(actions.exists(_ == "can_see_transaction_finish_date")) - canSeeTransactionBalance_(actions.exists(_ == "can_see_transaction_balance")) - canSeeComments_(actions.exists(_ == "can_see_comments")) - canSeeOwnerComment_(actions.exists(_ == "can_see_narrative")) - canSeeTags_(actions.exists(_ == "can_see_tags")) - canSeeImages_(actions.exists(_ == "can_see_images")) - canSeeBankAccountOwners_(actions.exists(_ == "can_see_bank_account_owners")) - canSeeBankAccountType_(actions.exists(_ == "can_see_bank_account_type")) - canSeeBankAccountBalance_(actions.exists(_ == "can_see_bank_account_balance")) - canQueryAvailableFunds_(actions.exists(_ == "can_query_available_funds")) - canSeeBankAccountCurrency_(actions.exists(_ == "can_see_bank_account_currency")) - canSeeBankAccountLabel_(actions.exists(_ == "can_see_bank_account_label")) - canSeeBankAccountNationalIdentifier_(actions.exists(_ == "can_see_bank_account_national_identifier")) - canSeeBankAccountSwift_bic_(actions.exists(_ == "can_see_bank_account_swift_bic")) - canSeeBankAccountIban_(actions.exists(_ == "can_see_bank_account_iban")) - canSeeBankAccountNumber_(actions.exists(_ == "can_see_bank_account_number")) - canSeeBankAccountBankName_(actions.exists(_ == "can_see_bank_account_bank_name")) - canSeeBankAccountBankPermalink_(actions.exists(_ == "can_see_bank_account_bank_permalink")) - canSeeBankRoutingScheme_(actions.exists(_ == "can_see_bank_routing_scheme")) - canSeeBankRoutingAddress_(actions.exists(_ == "can_see_bank_routing_address")) - canSeeBankAccountRoutingScheme_(actions.exists(_ == "can_see_bank_account_routing_scheme")) - canSeeBankAccountRoutingAddress_(actions.exists(_ == "can_see_bank_account_routing_address")) - canSeeOtherAccountNationalIdentifier_(actions.exists(_ == "can_see_other_account_national_identifier")) - canSeeOtherAccountSWIFT_BIC_(actions.exists(_ == "can_see_other_account_swift_bic")) - canSeeOtherAccountIBAN_(actions.exists(_ == "can_see_other_account_iban")) - canSeeOtherAccountBankName_(actions.exists(_ == "can_see_other_account_bank_name")) - canSeeOtherAccountNumber_(actions.exists(_ == "can_see_other_account_number")) - canSeeOtherAccountMetadata_(actions.exists(_ == "can_see_other_account_metadata")) - canSeeOtherAccountKind_(actions.exists(_ == "can_see_other_account_kind")) - canSeeOtherBankRoutingScheme_(actions.exists(_ == "can_see_other_bank_routing_scheme")) - canSeeOtherBankRoutingAddress_(actions.exists(_ == "can_see_other_bank_routing_address")) - canSeeOtherAccountRoutingScheme_(actions.exists(_ == "can_see_other_account_routing_scheme")) - canSeeOtherAccountRoutingAddress_(actions.exists(_ == "can_see_other_account_routing_address")) - canSeeMoreInfo_(actions.exists(_ == "can_see_more_info")) - canSeeUrl_(actions.exists(_ == "can_see_url")) - canSeeImageUrl_(actions.exists(_ == "can_see_image_url")) - canSeeOpenCorporatesUrl_(actions.exists(_ == "can_see_open_corporates_url")) - canSeeCorporateLocation_(actions.exists(_ == "can_see_corporate_location")) - canSeePhysicalLocation_(actions.exists(_ == "can_see_physical_location")) - canSeePublicAlias_(actions.exists(_ == "can_see_public_alias")) - canSeePrivateAlias_(actions.exists(_ == "can_see_private_alias")) - canAddMoreInfo_(actions.exists(_ == "can_add_more_info")) - canAddURL_(actions.exists(_ == "can_add_url")) - canAddImageURL_(actions.exists(_ == "can_add_image_url")) - canAddOpenCorporatesUrl_(actions.exists(_ == "can_add_open_corporates_url")) - canAddCorporateLocation_(actions.exists(_ == "can_add_corporate_location")) - canAddPhysicalLocation_(actions.exists(_ == "can_add_physical_location")) - canAddPublicAlias_(actions.exists(_ == "can_add_public_alias")) - canAddPrivateAlias_(actions.exists(_ == "can_add_private_alias")) - canAddCounterparty_(actions.exists(_ == "can_add_counterparty")) - canDeleteCounterparty_(actions.exists(_ == "can_delete_counterparty")) - canGetCounterparty_(actions.exists(_ == "can_get_counterparty")) - canDeleteCorporateLocation_(actions.exists(_ == "can_delete_corporate_location")) - canDeletePhysicalLocation_(actions.exists(_ == "can_delete_physical_location")) - canEditOwnerComment_(actions.exists(_ == "can_edit_narrative")) - canAddComment_(actions.exists(_ == "can_add_comment")) - canDeleteComment_(actions.exists(_ == "can_delete_comment")) - canAddTag_(actions.exists(_ == "can_add_tag")) - canDeleteTag_(actions.exists(_ == "can_delete_tag")) - canAddImage_(actions.exists(_ == "can_add_image")) - canDeleteImage_(actions.exists(_ == "can_delete_image")) - canAddWhereTag_(actions.exists(_ == "can_add_where_tag")) - canSeeWhereTag_(actions.exists(_ == "can_see_where_tag")) - canDeleteWhereTag_(actions.exists(_ == "can_delete_where_tag")) - canAddTransactionRequestToBeneficiary_(actions.exists(_ == "can_add_transaction_request_to_beneficiary")) - canAddTransactionRequestToAnyAccount_(actions.exists(_ == "can_add_transaction_request_to_any_account")) - canSeeBankAccountCreditLimit_(actions.exists(_ == "can_see_bank_account_credit_limit")) - canCreateDirectDebit_(actions.exists(_ == "can_create_direct_debit")) - canCreateStandingOrder_(actions.exists(_ == "can_create_standing_order")) - canSeeTransactionRequests_(actions.exists(_ == "can_see_transaction_requests")) - canSeeTransactionRequestTypes_(actions.exists(_ == "can_see_transaction_request_types")) - canUpdateBankAccountLabel_(actions.exists(_ == "can_update_bank_account_label")) - canSeeAvailableViewsForBankAccount_(actions.exists(_ == "can_see_available_views_for_bank_account")) - canSeeViewsWithPermissionsForAllUsers_(actions.exists(_ == "can_see_views_with_permissions_for_all_users")) - canSeeViewsWithPermissionsForOneUser_(actions.exists(_ == "can_see_views_with_permissions_for_one_user")) - canSeeTransactionStatus_(actions.exists(_ == "can_see_transaction_status")) + + canSeeTransactionThisBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)) + canSeeTransactionOtherBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)) + canSeeTransactionMetadata_(actions.exists(_ == CAN_SEE_TRANSACTION_METADATA)) + canSeeTransactionDescription_(actions.exists(_ ==CAN_SEE_TRANSACTION_DESCRIPTION)) + canSeeTransactionAmount_(actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT)) + canSeeTransactionType_(actions.exists(_ == CAN_SEE_TRANSACTION_TYPE)) + canSeeTransactionCurrency_(actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY)) + canSeeTransactionStartDate_(actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE)) + canSeeTransactionFinishDate_(actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE)) + canSeeTransactionBalance_(actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE)) + canSeeComments_(actions.exists(_ == CAN_SEE_COMMENTS)) + canSeeOwnerComment_(actions.exists(_ == CAN_SEE_OWNER_COMMENT)) + canSeeTags_(actions.exists(_ == CAN_SEE_TAGS)) + canSeeImages_(actions.exists(_ == CAN_SEE_IMAGES)) + canSeeBankAccountOwners_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS)) + canSeeBankAccountType_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE)) + canSeeBankAccountBalance_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE)) + canQueryAvailableFunds_(actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS)) + canSeeBankAccountCurrency_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY)) + canSeeBankAccountLabel_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL)) + canSeeBankAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER)) + canSeeBankAccountSwift_bic_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC)) + canSeeBankAccountIban_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN)) + canSeeBankAccountNumber_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER)) + canSeeBankAccountBankName_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME)) + canSeeBankAccountBankPermalink_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK)) + canSeeBankRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME)) + canSeeBankRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS)) + canSeeBankAccountRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME)) + canSeeBankAccountRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) + canSeeOtherAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER)) + canSeeOtherAccountSWIFT_BIC_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC)) + canSeeOtherAccountIBAN_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN)) + canSeeOtherAccountBankName_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME)) + canSeeOtherAccountNumber_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER)) + canSeeOtherAccountMetadata_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA)) + canSeeOtherAccountKind_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND)) + canSeeOtherBankRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME)) + canSeeOtherBankRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS)) + canSeeOtherAccountRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME)) + canSeeOtherAccountRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS)) + canSeeMoreInfo_(actions.exists(_ == CAN_SEE_MORE_INFO)) + canSeeUrl_(actions.exists(_ == CAN_SEE_URL)) + canSeeImageUrl_(actions.exists(_ == CAN_SEE_IMAGE_URL)) + canSeeOpenCorporatesUrl_(actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL)) + canSeeCorporateLocation_(actions.exists(_ == CAN_SEE_CORPORATE_LOCATION)) + canSeePhysicalLocation_(actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION)) + canSeePublicAlias_(actions.exists(_ == CAN_SEE_PUBLIC_ALIAS)) + canSeePrivateAlias_(actions.exists(_ == CAN_SEE_PRIVATE_ALIAS)) + canAddMoreInfo_(actions.exists(_ == CAN_ADD_MORE_INFO)) + canAddURL_(actions.exists(_ == CAN_ADD_URL)) + canAddImageURL_(actions.exists(_ == CAN_ADD_IMAGE_URL)) + canAddOpenCorporatesUrl_(actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL)) + canAddCorporateLocation_(actions.exists(_ == CAN_ADD_CORPORATE_LOCATION)) + canAddPhysicalLocation_(actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION)) + canAddPublicAlias_(actions.exists(_ == CAN_ADD_PUBLIC_ALIAS)) + canAddPrivateAlias_(actions.exists(_ == CAN_ADD_PRIVATE_ALIAS)) + canAddCounterparty_(actions.exists(_ == CAN_ADD_COUNTERPARTY)) + canDeleteCounterparty_(actions.exists(_ == CAN_DELETE_COUNTERPARTY)) + canGetCounterparty_(actions.exists(_ == CAN_GET_COUNTERPARTY)) + canDeleteCorporateLocation_(actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION)) + canDeletePhysicalLocation_(actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION)) + canEditOwnerComment_(actions.exists(_ == CAN_EDIT_OWNER_COMMENT)) + canAddComment_(actions.exists(_ == CAN_ADD_COMMENT)) + canDeleteComment_(actions.exists(_ == CAN_DELETE_COMMENT)) + canAddTag_(actions.exists(_ == CAN_ADD_TAG)) + canDeleteTag_(actions.exists(_ == CAN_DELETE_TAG)) + canAddImage_(actions.exists(_ == CAN_ADD_IMAGE)) + canDeleteImage_(actions.exists(_ == CAN_DELETE_IMAGE)) + canAddWhereTag_(actions.exists(_ == CAN_ADD_WHERE_TAG)) + canSeeWhereTag_(actions.exists(_ == CAN_SEE_WHERE_TAG)) + canDeleteWhereTag_(actions.exists(_ == CAN_DELETE_WHERE_TAG)) + canAddTransactionRequestToBeneficiary_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY)) + canAddTransactionRequestToAnyAccount_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) + canSeeBankAccountCreditLimit_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT)) + canCreateDirectDebit_(actions.exists(_ == CAN_CREATE_DIRECT_DEBIT)) + canCreateStandingOrder_(actions.exists(_ == CAN_CREATE_STANDING_ORDER)) + canSeeTransactionRequests_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUESTS)) + canSeeTransactionRequestTypes_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUEST_TYPES)) + canUpdateBankAccountLabel_(actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)) + canSeeAvailableViewsForBankAccount_(actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)) + canSeeViewsWithPermissionsForAllUsers_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)) + canSeeViewsWithPermissionsForOneUser_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) + canSeeTransactionStatus_(actions.exists(_ == CAN_SEE_TRANSACTION_STATUS)) } diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 17c09f643..3de76e629 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -12,9 +12,9 @@ class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with Crea object view_id extends UUIDString(this) object permission extends MappedString(this, 255) - //this is for special permissions like "canRevokeAccessToViews" and "canGrantAccessToViews", it will be a list of view ids , - // eg: owner,auditor,accountant,firehose,standard,StageOne,ManageCustomViews,ReadAccountsBasic,ReadAccountsDetail,ReadBalances,ReadTransactionsBasic,ReadTransactionsDebits, - object metaData extends MappedString(this, 1024) + //this is for special permissions like CAN_REVOKE_ACCESS_TO_VIEWS and CAN_GRANT_ACCESS_TO_VIEWS, it will be a list of view ids , + // eg: owner,auditor,accountant,firehose,standard,StageOne,ManageCustomViews,ReadAccountsBasic + object extraData extends MappedString(this, 1024) } object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermission] { override def dbIndexes: List[BaseIndex[ViewPermission]] = UniqueIndex(bank_id, account_id, view_id, permission) :: super.dbIndexes diff --git a/obp-api/src/test/scala/code/api/v1_2_0/API12Test.scala b/obp-api/src/test/scala/code/api/v1_2_0/API12Test.scala deleted file mode 100644 index c85d5d896..000000000 --- a/obp-api/src/test/scala/code/api/v1_2_0/API12Test.scala +++ /dev/null @@ -1,5588 +0,0 @@ -///** -//Open Bank Project - API -//Copyright (C) 2011-2019, TESOBE GmbH -// -//This program is free software: you can redistribute it and/or modify -//it under the terms of the GNU Affero General Public License as published by -//the Free Software Foundation, either version 3 of the License, or -//(at your option) any later version. -// -//This program is distributed in the hope that it will be useful, -//but WITHOUT ANY WARRANTY; without even the implied warranty of -//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -//GNU Affero General Public License for more details. -// -//You should have received a copy of the GNU Affero General Public License -//along with this program. If not, see . -// -//Email: contact@tesobe.com -//TESOBE GmbH -//Osloerstrasse 16/17 -//Berlin 13359, Germany -// -// This product includes software developed at -// TESOBE (http://www.tesobe.com/) -// by -// Simon Redfern : simon AT tesobe DOT com -// Stefan Bethge : stefan AT tesobe DOT com -// Everett Sochowski : everett AT tesobe DOT com -// Ayoub Benali: ayoub AT tesobe DOT com -// -// */ -//package code.api.v1_2_0 -// -//import java.util.Date -// -//import _root_.net.liftweb.json.JsonAST.JObject -//import _root_.net.liftweb.json.Serialization.write -//import _root_.net.liftweb.util._ -//import code.api.util.APIUtil -//import code.api.util.APIUtil.OAuth._ -//import code.api.v1_2._ -//import code.model.{Consumer => OBPConsumer, Token => OBPToken, _} -//import code.setup.{APIResponse, DefaultUsers, User1AllPrivileges} -//import code.views.Views -//import net.liftweb.json.JsonDSL._ -//import net.liftweb.util.Helpers._ -//import org.scalatest._ -// -//import scala.util.Random._ -// -// -//class API1_2Test extends User1AllPrivileges with DefaultUsers { -// -// def v1_2Request = baseRequest / "obp" / "v1.2" -// -// val viewfields = List( -// "can_see_transaction_this_bank_account","can_see_transaction_other_bank_account", -// "can_see_transaction_metadata","can_see_transaction_label","can_see_transaction_amount", -// "can_see_transaction_type","can_see_transaction_currency","can_see_transaction_start_date", -// "can_see_transaction_finish_date","can_see_transaction_balance","can_see_comments", -// "can_see_narrative","can_see_tags","can_see_images","can_see_bank_account_owners", -// "can_see_bank_account_type","can_see_bank_account_balance","can_see_bank_account_currency", -// "can_see_bank_account_label","can_see_bank_account_national_identifier", -// "can_see_bank_account_swift_bic","can_see_bank_account_iban","can_see_bank_account_number", -// "can_see_bank_account_bank_name","can_see_other_account_national_identifier", -// "can_see_other_account_swift_bic","can_see_other_account_iban", -// "can_see_other_account_bank_name","can_see_other_account_number", -// "can_see_other_account_metadata","can_see_other_account_kind","can_see_more_info", -// "can_see_url","can_see_image_url","can_see_open_corporates_url","can_see_corporate_location", -// "can_see_physical_location","can_see_public_alias","can_see_private_alias","can_add_more_info", -// "can_add_url","can_add_image_url","can_add_open_corporates_url","can_add_corporate_location", -// "can_add_physical_location","can_add_public_alias","can_add_private_alias", -// "can_delete_corporate_location","can_delete_physical_location","can_edit_narrative", -// "can_add_comment","can_delete_comment","can_add_tag","can_delete_tag","can_add_image", -// "can_delete_image","can_add_where_tag","can_see_where_tag","can_delete_where_tag" -// ) -// -// /************************* test tags ************************/ -// -// /** -// * Example: To run tests with tag "getPermissions": -// * mvn test -D tagsToInclude -// * -// * This is made possible by the scalatest maven plugin -// */ -// -// object CurrentTest extends Tag("currentScenario") -// object API1_2 extends Tag("api1.2") -// object APIInfo extends Tag("apiInfo") -// object GetHostedBanks extends Tag("hostedBanks") -// object GetHostedBank extends Tag("getHostedBank") -// object GetBankAccounts extends Tag("getBankAccounts") -// object GetPublicBankAccounts extends Tag("getPublicBankAccounts") -// object GetPrivateBankAccounts extends Tag("getPrivateBankAccounts") -// object GetBankAccount extends Tag("getBankAccount") -// object GetViews extends Tag("getViews") -// object PostView extends Tag("postView") -// object PutView extends Tag("putView") -// object DeleteView extends Tag("deleteView") -// object GetPermissions extends Tag("getPermissions") -// object GetPermission extends Tag("getPermission") -// object PostPermission extends Tag("postPermission") -// object PostPermissions extends Tag("postPermissions") -// object DeletePermission extends Tag("deletePermission") -// object DeletePermissions extends Tag("deletePermissions") -// object GetOtherBankAccounts extends Tag("getOtherBankAccounts") -// object GetOtherBankAccount extends Tag("getOtherBankAccount") -// object GetOtherBankAccountMetadata extends Tag("getOtherBankAccountMetadata") -// object GetPublicAlias extends Tag("getPublicAlias") -// object PostPublicAlias extends Tag("postPublicAlias") -// object PutPublicAlias extends Tag("putPublicAlias") -// object DeletePublicAlias extends Tag("deletePublicAlias") -// object GetPrivateAlias extends Tag("getPrivateAlias") -// object PostPrivateAlias extends Tag("postPrivateAlias") -// object PutPrivateAlias extends Tag("putPrivateAlias") -// object DeletePrivateAlias extends Tag("deletePrivateAlias") -// object PostMoreInfo extends Tag("postMoreInfo") -// object PutMoreInfo extends Tag("putMoreInfo") -// object DeleteMoreInfo extends Tag("deleteMoreInfo") -// object PostURL extends Tag("postURL") -// object PutURL extends Tag("putURL") -// object DeleteURL extends Tag("deleteURL") -// object PostImageURL extends Tag("postImageURL") -// object PutImageURL extends Tag("putImageURL") -// object DeleteImageURL extends Tag("DeleteImageURL") -// object PostOpenCorporatesURL extends Tag("postOpenCorporatesURL") -// object PutOpenCorporatesURL extends Tag("putOpenCorporatesURL") -// object DeleteOpenCorporatesURL extends Tag("deleteOpenCorporatesURL") -// object PostCorporateLocation extends Tag("postCorporateLocation") -// object PutCorporateLocation extends Tag("putCorporateLocation") -// object DeleteCorporateLocation extends Tag("deleteCorporateLocation") -// object PostPhysicalLocation extends Tag("postPhysicalLocation") -// object PutPhysicalLocation extends Tag("putPhysicalLocation") -// object DeletePhysicalLocation extends Tag("deletePhysicalLocation") -// object GetTransactions extends Tag("getTransactions") -// object GetTransactionsWithParams extends Tag("getTransactionsWithParams") -// object GetTransaction extends Tag("getTransaction") -// object GetNarrative extends Tag("getNarrative") -// object PostNarrative extends Tag("postNarrative") -// object PutNarrative extends Tag("putNarrative") -// object DeleteNarrative extends Tag("deleteNarrative") -// object GetComments extends Tag("getComments") -// object PostComment extends Tag("postComment") -// object DeleteComment extends Tag("deleteComment") -// object GetTags extends Tag("getTags") -// object PostTag extends Tag("postTag") -// object DeleteTag extends Tag("deleteTag") -// object GetImages extends Tag("getImages") -// object PostImage extends Tag("postImage") -// object DeleteImage extends Tag("deleteImage") -// object GetWhere extends Tag("getWhere") -// object PostWhere extends Tag("postWhere") -// object PutWhere extends Tag("putWhere") -// object DeleteWhere extends Tag("deleteWhere") -// object GetTransactionAccount extends Tag("getTransactionAccount") -// -// /********************* API test methods ********************/ -// -// def randomViewPermalink(bankId: String, account: AccountJSON) : String = { -// val request = v1_2Request / "banks" / bankId / "accounts" / account.id / "views" <@(consumer, token1) -// val reply = makeGetRequest(request) -// val possibleViewsPermalinks = reply.body.extract[ViewsJSON].views.filterNot(_.is_public==true) -// val randomPosition = nextInt(possibleViewsPermalinks.size) -// possibleViewsPermalinks(randomPosition).id -// } -// -// def randomViewPermalinkButNotOwner(bankId: String, account: AccountJSON) : String = { -// val request = v1_2Request / "banks" / bankId / "accounts" / account.id / "views" <@(consumer, token1) -// val reply = makeGetRequest(request) -// val possibleViewsPermalinksWithoutOwner = reply.body.extract[ViewsJSON].views.filterNot(_.is_public==true).filterNot(_.id == Constant.SYSTEM_OWNER_VIEW_ID) -// val randomPosition = nextInt(possibleViewsPermalinksWithoutOwner.size) -// possibleViewsPermalinksWithoutOwner(randomPosition).id -// } -// -// def randomBank : String = { -// val banksJson = getBanksInfo.body.extract[BanksJSON] -// val randomPosition = nextInt(banksJson.banks.size) -// val bank = banksJson.banks(randomPosition) -// bank.id -// } -// -// def randomPublicAccount(bankId : String) : AccountJSON = { -// val accountsJson = getPublicAccounts(bankId).body.extract[AccountsJSON].accounts -// val randomPosition = nextInt(accountsJson.size) -// accountsJson(randomPosition) -// } -// -// def randomPrivateAccount(bankId : String) : AccountJSON = { -// val accountsJson = getPrivateAccounts(bankId, user1).body.extract[AccountsJSON].accounts -// val randomPosition = nextInt(accountsJson.size) -// accountsJson(randomPosition) -// } -// -// def randomAccountPermission(bankId : String, accountId : String) : PermissionJSON = { -// val persmissionsInfo = getAccountPermissions(bankId, accountId, user1).body.extract[PermissionsJSON] -// val randomPermission = nextInt(persmissionsInfo.permissions.size) -// persmissionsInfo.permissions(randomPermission) -// } -// -// def randomOtherBankAccount(bankId : String, accountId : String, viewId : String): OtherAccountJSON = { -// val otherAccounts = getTheOtherBankAccounts(bankId, accountId, viewId, user1).body.extract[OtherAccountsJSON].other_accounts -// otherAccounts(nextInt(otherAccounts.size)) -// } -// -// def randomLocation : LocationPlainJSON = { -// def sign = { -// val b = nextBoolean -// if(b) 1 -// else -1 -// } -// val longitude : Double = nextInt(180)*sign*nextDouble -// val latitude : Double = nextInt(90)*sign*nextDouble -// JSONFactory.createLocationPlainJSON(latitude, longitude) -// } -// -// def randomTransaction(bankId : String, accountId : String, viewId: String) : TransactionJSON = { -// val transactionsJson = getTransactions(bankId, accountId, viewId, user1).body.extract[TransactionsJSON].transactions -// val randomPosition = nextInt(transactionsJson.size) -// transactionsJson(randomPosition) -// } -// -// def randomViewsIdsToGrant(bankId : String, accountId : String) : List[String]= { -// //get the view ids of the available views on the bank accounts -// val viewsIds = getAccountViews(bankId, accountId, user1).body.extract[ViewsJSON].views.map(_.id) -// //choose randomly some view ids to grant -// val (viewsIdsToGrant, _) = viewsIds.splitAt(nextInt(viewsIds.size) + 1) -// viewsIdsToGrant -// } -// -// def randomView(isPublic: Boolean, alias: String) : CreateViewJson = { -// CreateViewJson( -// name = randomString(3), -// description = randomString(3), -// is_public = isPublic, -// which_alias_to_use=alias, -// hide_metadata_if_alias_used=false, -// allowed_actions = viewfields -// ) -// } -// def getAPIInfo : APIResponse = { -// val request = v1_2Request -// makeGetRequest(request) -// } -// -// def getBanksInfo : APIResponse = { -// val request = v1_2Request / "banks" -// makeGetRequest(request) -// } -// -// def getBankInfo(bankId : String) : APIResponse = { -// val request = v1_2Request / "banks" / bankId -// makeGetRequest(request) -// } -// -// def getPublicAccounts(bankId : String) : APIResponse= { -// val request = v1_2Request / "banks" / bankId / "accounts" / "public" -// makeGetRequest(request) -// } -// -// def getPrivateAccounts(bankId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / "private" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getBankAccounts(bankId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getPublicBankAccountDetails(bankId : String, accountId : String, viewId : String) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "account" -// makeGetRequest(request) -// } -// -// def getPrivateBankAccountDetails(bankId : String, accountId : String, viewId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "account" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getAccountViews(bankId : String, accountId : String, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / "views" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postView(bankId: String, accountId: String, view: CreateViewJson, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "views").POST <@(consumerAndToken) -// makePostRequest(request, write(view)) -// } -// -// def putView(bankId: String, accountId: String, viewId : String, view: UpdateViewJSON, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "views" / viewId).PUT <@(consumerAndToken) -// makePutRequest(request, write(view)) -// } -// -// def deleteView(bankId: String, accountId: String, viewId: String, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "views" / viewId).DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getAccountPermissions(bankId : String, accountId : String, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / "permissions" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getUserAccountPermission(bankId : String, accountId : String, userId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse= { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / "permissions"/ userId <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def grantUserAccessToView(bankId : String, accountId : String, userId : String, viewId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse= { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "permissions"/ userId / "views" / viewId).POST <@(consumerAndToken) -// makePostRequest(request) -// } -// -// def grantUserAccessToViews(bankId : String, accountId : String, userId : String, viewIds : List[String], consumerAndToken: Option[(Consumer, Token)]) : APIResponse= { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "permissions"/ userId / "views").POST <@(consumerAndToken) -// val viewsJson = ViewIdsJson(viewIds) -// makePostRequest(request, write(viewsJson)) -// } -// -// def revokeUserAccessToView(bankId : String, accountId : String, userId : String, viewId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse= { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "permissions"/ userId / "views" / viewId).DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def revokeUserAccessToAllViews(bankId : String, accountId : String, userId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse= { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / "permissions"/ userId / "views").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getTheOtherBankAccounts(bankId : String, accountId : String, viewId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getTheOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getMetadataOfOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "metadata" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getThePublicAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "public_alias" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postAPublicAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, alias : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "public_alias").POST <@(consumerAndToken) -// val aliasJson = AliasJSON(alias) -// makePostRequest(request, write(aliasJson)) -// } -// -// def updateThePublicAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, alias : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "public_alias").PUT <@(consumerAndToken) -// val aliasJson = AliasJSON(alias) -// makePutRequest(request, write(aliasJson)) -// } -// -// def deleteThePublicAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "public_alias").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getThePrivateAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "private_alias" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postAPrivateAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, alias : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "private_alias").POST <@(consumerAndToken) -// val aliasJson = AliasJSON(alias) -// makePostRequest(request, write(aliasJson)) -// } -// -// def updateThePrivateAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, alias : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "private_alias").PUT <@(consumerAndToken) -// val aliasJson = AliasJSON(alias) -// makePutRequest(request, write(aliasJson)) -// } -// -// def deleteThePrivateAliasForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "private_alias").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getMoreInfoForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : String = { -// getMetadataOfOneOtherBankAccount(bankId,accountId,viewId,otherBankAccountId,consumerAndToken).body.extract[OtherAccountMetadataJSON].more_info -// } -// -// def postMoreInfoForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, moreInfo : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "more_info").POST <@(consumerAndToken) -// val moreInfoJson = MoreInfoJSON(moreInfo) -// makePostRequest(request, write(moreInfoJson)) -// } -// -// def updateMoreInfoForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, moreInfo : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "more_info").PUT <@(consumerAndToken) -// val moreInfoJson = MoreInfoJSON(moreInfo) -// makePutRequest(request, write(moreInfoJson)) -// } -// -// def deleteMoreInfoForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "more_info").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : String = { -// getMetadataOfOneOtherBankAccount(bankId,accountId, viewId,otherBankAccountId,consumerAndToken).body.extract[OtherAccountMetadataJSON].URL -// } -// -// def postUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, url : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "url").POST <@(consumerAndToken) -// val urlJson = UrlJSON(url) -// makePostRequest(request, write(urlJson)) -// } -// -// def updateUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, url : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "url").PUT <@(consumerAndToken) -// val urlJson = UrlJSON(url) -// makePutRequest(request, write(urlJson)) -// } -// -// def deleteUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "url").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getImageUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : String = { -// getMetadataOfOneOtherBankAccount(bankId,accountId, viewId,otherBankAccountId,consumerAndToken).body.extract[OtherAccountMetadataJSON].image_URL -// } -// -// def postImageUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, imageUrl : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "image_url").POST <@(consumerAndToken) -// val imageUrlJson = ImageUrlJSON(imageUrl) -// makePostRequest(request, write(imageUrlJson)) -// } -// -// def updateImageUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, imageUrl : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "image_url").PUT <@(consumerAndToken) -// val imageUrlJson = ImageUrlJSON(imageUrl) -// makePutRequest(request, write(imageUrlJson)) -// } -// -// def deleteImageUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "image_url").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getOpenCorporatesUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : String = { -// getMetadataOfOneOtherBankAccount(bankId,accountId, viewId,otherBankAccountId, consumerAndToken).body.extract[OtherAccountMetadataJSON].open_corporates_URL -// } -// -// def postOpenCorporatesUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, openCorporateUrl : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "open_corporates_url").POST <@(consumerAndToken) -// val openCorporateUrlJson = OpenCorporateUrlJSON(openCorporateUrl) -// makePostRequest(request, write(openCorporateUrlJson)) -// } -// -// def updateOpenCorporatesUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, openCorporateUrl : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "open_corporates_url").PUT <@(consumerAndToken) -// val openCorporateUrlJson = OpenCorporateUrlJSON(openCorporateUrl) -// makePutRequest(request, write(openCorporateUrlJson)) -// } -// -// def deleteOpenCorporatesUrlForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "open_corporates_url").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getCorporateLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : LocationJSON = { -// getMetadataOfOneOtherBankAccount(bankId,accountId, viewId,otherBankAccountId, consumerAndToken).body.extract[OtherAccountMetadataJSON].corporate_location -// } -// -// def postCorporateLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, corporateLocation : LocationPlainJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "corporate_location").POST <@(consumerAndToken) -// val corpLocationJson = CorporateLocationJSON(corporateLocation) -// makePostRequest(request, write(corpLocationJson)) -// } -// -// def updateCorporateLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, corporateLocation : LocationPlainJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "corporate_location").PUT <@(consumerAndToken) -// val corpLocationJson = CorporateLocationJSON(corporateLocation) -// makePutRequest(request, write(corpLocationJson)) -// } -// -// def deleteCorporateLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "corporate_location").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getPhysicalLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : LocationJSON = { -// getMetadataOfOneOtherBankAccount(bankId,accountId, viewId,otherBankAccountId, consumerAndToken).body.extract[OtherAccountMetadataJSON].physical_location -// } -// -// def postPhysicalLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, physicalLocation : LocationPlainJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "physical_location").POST <@(consumerAndToken) -// val physLocationJson = PhysicalLocationJSON(physicalLocation) -// makePostRequest(request, write(physLocationJson)) -// } -// -// def updatePhysicalLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, physicalLocation : LocationPlainJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "physical_location").PUT <@(consumerAndToken) -// val physLocationJson = PhysicalLocationJSON(physicalLocation) -// makePutRequest(request, write(physLocationJson)) -// } -// -// def deletePhysicalLocationForOneOtherBankAccount(bankId : String, accountId : String, viewId : String, otherBankAccountId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "other_accounts" / otherBankAccountId / "physical_location").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getTransactions(bankId : String, accountId : String, viewId : String, consumerAndToken: Option[(Consumer, Token)], params: List[(String, String)] = Nil) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" <@(consumerAndToken) -// makeGetRequest(request, params) -// } -// -// def getTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "transaction" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def getNarrativeForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "narrative" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postNarrativeForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, narrative: String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "narrative").POST <@(consumerAndToken) -// val narrativeJson = TransactionNarrativeJSON(narrative) -// makePostRequest(request, write(narrativeJson)) -// } -// -// def updateNarrativeForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, narrative: String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "narrative").PUT <@(consumerAndToken) -// val narrativeJson = TransactionNarrativeJSON(narrative) -// makePutRequest(request, write(narrativeJson)) -// } -// -// def deleteNarrativeForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "narrative").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getCommentsForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "comments" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postCommentForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, comment: PostTransactionCommentJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "comments").POST <@(consumerAndToken) -// makePostRequest(request, write(comment)) -// } -// -// def deleteCommentForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, commentId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "comments" / commentId).DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getTagsForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "tags" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postTagForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, tag: PostTransactionTagJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "tags").POST <@(consumerAndToken) -// makePostRequest(request, write(tag)) -// } -// -// def deleteTagForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, tagId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "tags" / tagId).DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getImagesForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "images" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postImageForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, image: PostTransactionImageJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "images").POST <@(consumerAndToken) -// makePostRequest(request, write(image)) -// } -// -// def deleteImageForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, imageId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "images" / imageId).DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getWhereForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "where" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// def postWhereForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, where : LocationPlainJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "where").POST <@(consumerAndToken) -// val whereJson = PostTransactionWhereJSON(where) -// makePostRequest(request, write(whereJson)) -// } -// -// def updateWhereForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, where : LocationPlainJSON, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "where").PUT <@(consumerAndToken) -// val whereJson = PostTransactionWhereJSON(where) -// makePutRequest(request, write(whereJson)) -// } -// -// def deleteWhereForOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = (v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "metadata" / "where").DELETE <@(consumerAndToken) -// makeDeleteRequest(request) -// } -// -// def getTheOtherBankAccountOfOneTransaction(bankId : String, accountId : String, viewId : String, transactionId : String, consumerAndToken: Option[(Consumer, Token)]) : APIResponse = { -// val request = v1_2Request / "banks" / bankId / "accounts" / accountId / viewId / "transactions" / transactionId / "other_account" <@(consumerAndToken) -// makeGetRequest(request) -// } -// -// -///************************ the tests ************************/ -// feature("base line URL works"){ -// scenario("we get the api information", API1_2, APIInfo) { -// Given("We will not use an access token") -// When("the request is sent") -// val reply = getAPIInfo -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val apiInfo = reply.body.extract[APIInfoJSON] -// apiInfo.version should equal ("v1.2") -///* apiInfo.git_commit.nonEmpty should equal (true)*/ -// } -// } -// -// feature("Information about the hosted banks"){ -// scenario("we get the hosted banks information", API1_2, GetHostedBanks) { -// Given("We will not use an access token") -// When("the request is sent") -// val reply = getBanksInfo -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val banksInfo = reply.body.extract[BanksJSON] -// banksInfo.banks.foreach(b => { -// b.id.nonEmpty should equal (true) -// }) -// } -// } -// -// feature("Information about one hosted bank"){ -// scenario("we get the hosted bank information", API1_2, GetHostedBank) { -// Given("We will not use an access token") -// When("the request is sent") -// val reply = getBankInfo(randomBank) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val bankInfo = reply.body.extract[BankJSON] -// bankInfo.id.nonEmpty should equal (true) -// } -// -// scenario("we don't get the hosted bank information", API1_2, GetHostedBank) { -// Given("We will not use an access token and request a random bankId") -// When("the request is sent") -// val reply = getBankInfo(randomString(5)) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// def assertViewExistsWithCondition(accJson: AccountsJSON, cond: ViewJSON => Boolean): Unit = { -// val exists = accJson.accounts.exists(acc => acc.views_available.exists(cond)) -// exists should equal(true) -// } -// -// def assertAllAccountsHaveAViewWithCondition(accJson: AccountsJSON, cond: ViewJSON => Boolean): Unit = { -// val forAll = accJson.accounts.forall(acc => acc.views_available.exists(cond)) -// forAll should equal(true) -// } -// -// def assertAccountsFromOneBank(accJson : AccountsJSON) : Unit = { -// accJson.accounts.size should be > 0 -// val theBankId = accJson.accounts.head.bank_id -// theBankId should not be ("") -// -// accJson.accounts.foreach(acc => acc.bank_id should equal (theBankId)) -// } -// -// def assertNoDuplicateAccounts(accJson : AccountsJSON) : Unit = { -// //bankId : String, accountId: String -// type AccountIdentifier = (String, String) -// //unique accounts have unique bankId + accountId -// val accountIdentifiers : Set[AccountIdentifier] = { -// accJson.accounts.map(acc => (acc.bank_id, acc.id)).toSet -// } -// //if they are all unique, the set will contain the same number of elements as the list -// accJson.accounts.size should equal(accountIdentifiers.size) -// } -// -// feature("Information about all the bank accounts for a single bank"){ -// scenario("we get only the public bank accounts", API1_2, GetBankAccounts) { -// Given("We will not use an access token") -// When("the request is sent") -// val reply = getBankAccounts(randomBank, None) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val publicAccountsInfo = reply.body.extract[AccountsJSON] -// And("some fields should not be empty") -// publicAccountsInfo.accounts.foreach(a => { -// a.id.nonEmpty should equal (true) -// a.views_available.nonEmpty should equal (true) -// a.views_available.foreach( -// //check that all the views are public -// v => v.is_public should equal (true) -// ) -// }) -// -// And("The accounts are only from one bank") -// assertAccountsFromOneBank(publicAccountsInfo) -// -// And("There are no duplicate accounts") -// assertNoDuplicateAccounts(publicAccountsInfo) -// } -// scenario("we get the bank accounts the user have access to", API1_2, GetBankAccounts) { -// Given("We will use an access token") -// When("the request is sent") -// val reply = getBankAccounts(randomBank, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val accountsInfo = reply.body.extract[AccountsJSON] -// And("some fields should not be empty") -// accountsInfo.accounts.foreach(a => { -// a.id.nonEmpty should equal (true) -// a.views_available.nonEmpty should equal (true) -// }) -// -// //Note: this API call is technically wrong, as it was originally intended to have returned -// // public + private accounts when logged in, but actually returned only the accounts with -// // more than public access. This test therefore does not test that condition as the v1.2 API -// // call is being kept that way to avoid breaking any existing applications using it. This API -// // call is fixed in v1.2.1 -// And("Some accounts should have private views") -// assertViewExistsWithCondition(accountsInfo, !_.is_public) -// -// And("The accounts are only from one bank") -// assertAccountsFromOneBank(accountsInfo) -// -// And("There are no duplicate accounts") -// assertNoDuplicateAccounts(accountsInfo) -// } -// } -// -// feature("Information about the public bank accounts for a single bank"){ -// scenario("we get the public bank accounts", API1_2, GetPublicBankAccounts) { -// Given("We will not use an access token") -// When("the request is sent") -// val reply = getPublicAccounts(randomBank) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val publicAccountsInfo = reply.body.extract[AccountsJSON] -// And("some fields should not be empty") -// publicAccountsInfo.accounts.foreach(a => { -// a.id.nonEmpty should equal (true) -// a.views_available.nonEmpty should equal (true) -// a.views_available.foreach( -// //check that all the views are public -// v => v.is_public should equal (true) -// ) -// }) -// -// And("The accounts are only from one bank") -// assertAccountsFromOneBank(publicAccountsInfo) -// -// And("There are no duplicate accounts") -// assertNoDuplicateAccounts(publicAccountsInfo) -// } -// } -// -// feature("Information about the private bank accounts for a single bank"){ -// scenario("we get the private bank accounts", API1_2, GetPrivateBankAccounts) { -// Given("We will use an access token") -// When("the request is sent") -// val reply = getPrivateAccounts(randomBank, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// And("some fields should not be empty") -// val privateAccountsInfo = reply.body.extract[AccountsJSON] -// privateAccountsInfo.accounts.foreach(a => { -// a.id.nonEmpty should equal (true) -// a.views_available.nonEmpty should equal (true) -// }) -// -// And("All accounts should have at least one private view") -// assertAllAccountsHaveAViewWithCondition(privateAccountsInfo, !_.is_public) -// -// And("The accounts are only from one bank") -// assertAccountsFromOneBank(privateAccountsInfo) -// -// And("There are no duplicate accounts") -// assertNoDuplicateAccounts(privateAccountsInfo) -// } -// scenario("we don't get the private bank accounts", API1_2, GetPrivateBankAccounts) { -// Given("We will not use an access token") -// When("the request is sent") -// val reply = getPrivateAccounts(randomBank, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Information about a bank account"){ -// scenario("we get data without using an access token", API1_2, GetBankAccount) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPublicAccount(bankId) -// val randomPosition = nextInt(bankAccount.views_available.size) -// val view = bankAccount.views_available.toList(randomPosition) -// When("the request is sent") -// val reply = getPublicBankAccountDetails(bankId, bankAccount.id, view.id) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// And("some fields should not be empty") -// val publicAccountDetails = reply.body.extract[ModeratedAccountJSON] -// publicAccountDetails.id.nonEmpty should equal (true) -// publicAccountDetails.bank_id.nonEmpty should equal (true) -// publicAccountDetails.views_available.nonEmpty should equal (true) -// } -// -// scenario("we get data by using an access token", API1_2, GetBankAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val randomPosition = nextInt(bankAccount.views_available.size) -// val view = bankAccount.views_available.toList(randomPosition) -// When("the request is sent") -// val reply = getPrivateBankAccountDetails(bankId, bankAccount.id, view.id, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val privateAccountDetails = reply.body.extract[ModeratedAccountJSON] -// And("some fields should not be empty") -// privateAccountDetails.id.nonEmpty should equal (true) -// privateAccountDetails.bank_id.nonEmpty should equal (true) -// privateAccountDetails.views_available.nonEmpty should equal (true) -// } -// } -// -// feature("List of the views of specific bank account"){ -// scenario("We will get the list of the available views on a bank account", API1_2, GetViews) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getAccountViews(bankId, bankAccount.id, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// reply.body.extract[ViewsJSON] -// } -// -// scenario("We will not get the list of the available views on a bank account due to missing token", API1_2, GetViews) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getAccountViews(bankId, bankAccount.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("We will not get the list of the available views on a bank account due to insufficient privileges", API1_2, GetViews) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getAccountViews(bankId, bankAccount.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// feature("Create a view on a bank account"){ -// scenario("we will create a view on a bank account", API1_2, PostView) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val viewsBefore = getAccountViews(bankId, bankAccount.id, user1).body.extract[ViewsJSON].views -// val view = randomView(true, "") -// When("the request is sent") -// val reply = postView(bankId, bankAccount.id, view, user1) -// Then("we should get a 201 code") -// reply.code should equal (201) -// reply.body.extract[ViewJSON] -// And("we should get a new view") -// val viewsAfter = getAccountViews(bankId, bankAccount.id, user1).body.extract[ViewsJSON].views -// viewsBefore.size should equal (viewsAfter.size -1) -// } -// -// scenario("We will not create a view on a bank account due to missing token", API1_2, PostView) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomView(true, "") -// When("the request is sent") -// val reply = postView(bankId, bankAccount.id, view, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("We will not create a view on a bank account due to insufficient privileges", API1_2, PostView) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomView(true, "") -// When("the request is sent") -// val reply = postView(bankId, bankAccount.id, view, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("We will not create a view because the bank account does not exist", API1_2, PostView) { -// Given("We will use an access token") -// val bankId = randomBank -// val view = randomView(true, "") -// When("the request is sent") -// val reply = postView(bankId, randomString(3), view, user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("We will not create a view because the view already exists", API1_2, PostView) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomView(true, "") -// postView(bankId, bankAccount.id, view, user1) -// When("the request is sent") -// val reply = postView(bankId, bankAccount.id, view, user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Update a view on a bank account") { -// -// val updatedViewDescription = "aloha" -// val updatedAliasToUse = "public" -// val allowedActions = List("can_see_images", "can_delete_comment") -// -// def viewUpdateJson(originalView : ViewJSON) = { -// //it's not perfect, assumes too much about originalView (i.e. randomView(true, "")) -// new UpdateViewJSON( -// description = updatedViewDescription, -// is_public = !originalView.is_public, -// which_alias_to_use = updatedAliasToUse, -// hide_metadata_if_alias_used = !originalView.hide_metadata_if_alias, -// allowed_actions = allowedActions -// ) -// } -// -// def someViewUpdateJson() = { -// new UpdateViewJSON( -// description = updatedViewDescription, -// is_public = true, -// which_alias_to_use = updatedAliasToUse, -// hide_metadata_if_alias_used = true, -// allowed_actions = allowedActions -// ) -// } -// -// scenario("we will update a view on a bank account", API1_2, PutView) { -// Given("A view exists") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomView(true, "") -// val creationReply = postView(bankId, bankAccount.id, view, user1) -// creationReply.code should equal (201) -// val createdView : ViewJSON = creationReply.body.extract[ViewJSON] -// createdView.can_see_images should equal(true) -// createdView.can_delete_comment should equal(true) -// createdView.can_delete_physical_location should equal(true) -// createdView.can_edit_owner_comment should equal(true) -// createdView.description should not equal(updatedViewDescription) -// createdView.is_public should equal(true) -// createdView.hide_metadata_if_alias should equal(false) -// -// When("We use a valid access token and valid put json") -// val reply = putView(bankId, bankAccount.id, createdView.id, viewUpdateJson(createdView), user1) -// Then("We should get back the updated view") -// reply.code should equal (200) -// val updatedView = reply.body.extract[ViewJSON] -// updatedView.can_see_images should equal(true) -// updatedView.can_delete_comment should equal(true) -// updatedView.can_delete_physical_location should equal(false) -// updatedView.can_edit_owner_comment should equal(false) -// updatedView.description should equal(updatedViewDescription) -// updatedView.is_public should equal(false) -// updatedView.hide_metadata_if_alias should equal(true) -// } -// -// scenario("we will not update a view that doesn't exist", API1_2, PutView) { -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// -// Given("a view does not exist") -// val nonExistantViewId = "asdfasdfasdfasdfasdf" -// val getReply = getAccountViews(bankId, bankAccount.id, user1) -// getReply.code should equal (200) -// val views : ViewsJSON = getReply.body.extract[ViewsJSON] -// views.views.foreach(v => v.id should not equal(nonExistantViewId)) -// -// When("we try to update that view") -// val reply = putView(bankId, bankAccount.id, nonExistantViewId, someViewUpdateJson(), user1) -// Then("We should get a 404") -// reply.code should equal(404) -// } -// -// scenario("We will not update a view on a bank account due to missing token", API1_2, PutView) { -// Given("A view exists") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomView(true, "") -// val creationReply = postView(bankId, bankAccount.id, view, user1) -// creationReply.code should equal (201) -// val createdView : ViewJSON = creationReply.body.extract[ViewJSON] -// -// When("we don't use an access token") -// val reply = putView(bankId, bankAccount.id, createdView.id, viewUpdateJson(createdView), None) -// Then("we should get a 400") -// reply.code should equal(400) -// -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update a view on a bank account due to insufficient privileges", API1_2, PutView) { -// Given("A view exists") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomView(true, "") -// val creationReply = postView(bankId, bankAccount.id, view, user1) -// creationReply.code should equal (201) -// val createdView : ViewJSON = creationReply.body.extract[ViewJSON] -// -// When("we try to update a view without having sufficient privileges to do so") -// val reply = putView(bankId, bankAccount.id, createdView.id, viewUpdateJson(createdView), user3) -// Then("we should get a 400") -// reply.code should equal(400) -// -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// //TODO: no get view call? just get views? -// -// feature("Delete a view on a bank account"){ -// scenario("we will delete a view on a bank account", API1_2, DeleteView) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = postView(bankId, bankAccount.id, randomView(true, ""), user1).body.extract[ViewJSON] -// val viewsBefore = getAccountViews(bankId, bankAccount.id, user1).body.extract[ViewsJSON].views -// When("the request is sent") -// val reply = deleteView(bankId, bankAccount.id, view.id, user1) -// Then("we should get a 204 code") -// reply.code should equal (204) -// And("the views should be updated") -// val viewsAfter = getAccountViews(bankId, bankAccount.id, user1).body.extract[ViewsJSON].views -// viewsBefore.size should equal (viewsAfter.size +1) -// } -// -// scenario("We will not delete a view on a bank account due to missing token", API1_2, DeleteView) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = deleteView(bankId, bankAccount.id, view, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("We will not delete a view on a bank account due to insufficient privileges", API1_2, DeleteView) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = deleteView(bankId, bankAccount.id, view, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("We will not delete a view on a bank account because it does not exist", API1_2, PostView) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = deleteView(bankId, bankAccount.id, randomString(3), user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Information about the permissions of a specific bank account"){ -// scenario("we will get one bank account permissions by using an access token", API1_2, GetPermissions) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getAccountPermissions(bankId, bankAccount.id, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// reply.body.extract[PermissionsJSON] -// -// val permissions = reply.body.extract[PermissionsJSON] -// -// def stringNotEmpty(s : String) { -// s should not equal null -// s should not equal "" -// } -// -// for { -// permission <- permissions.permissions -// } { -// val user = permission.user -// -// //TODO: Need to come up with a better way to check that information is not missing -// // idea: reflection on all the json case classes, marking "required" information with annotations -// stringNotEmpty(user.id) -// stringNotEmpty(user.provider) -// -// for { -// view <- permission.views -// } { -// stringNotEmpty(view.id) -// } -// } -// } -// -// scenario("we will not get one bank account permissions", API1_2, GetPermissions) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getAccountPermissions(bankId, bankAccount.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get one bank account permissions by using an other access token", API1_2, GetPermissions) { -// Given("We will use an access token, but that does not grant owner view") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getAccountPermissions(bankId, bankAccount.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Information about the permissions of a specific user on a specific bank account"){ -// scenario("we will get the permissions by using an access token", API1_2, GetPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val permission = randomAccountPermission(bankId, bankAccount.id) -// val userID = permission.user.id -// When("the request is sent") -// val reply = getUserAccountPermission(bankId, bankAccount.id, userID, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val viewsInfo = reply.body.extract[ViewsJSON] -// And("some fields should not be empty") -// viewsInfo.views.foreach(v => v.id.nonEmpty should equal (true)) -// } -// -// scenario("we will not get the permissions of a specific user", API1_2, GetPermission) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val permission = randomAccountPermission(bankId, bankAccount.id) -// val userID = permission.user.id -// When("the request is sent") -// val reply = getUserAccountPermission(bankId, bankAccount.id, userID, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the permissions of a random user", API1_2, GetPermission) { -// Given("We will use an access token with random user id") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getUserAccountPermission(bankId, bankAccount.id, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Grant a user access to a view on a bank account"){ -// scenario("we will grant a user access to a view on an bank account", API1_2, PostPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val userId = resourceUser2.idGivenByProvider -// val reply = grantUserAccessToView(bankId, bankAccount.id, userId, randomViewPermalink(bankId, bankAccount), user1) -// Then("we should get a 201 ok code") -// reply.code should equal (201) -// val viewInfo = reply.body.extract[ViewJSON] -// And("some fields should not be empty") -// viewInfo.id.nonEmpty should equal (true) -// } -// -// scenario("we cannot grant a user access to a view on an bank account because the user does not exist", API1_2, PostPermission) { -// Given("We will use an access token with a random user Id") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = grantUserAccessToView(bankId, bankAccount.id, randomString(5), randomViewPermalink(bankId, bankAccount), user1) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we cannot grant a user access to a view on an bank account because the view does not exist", API1_2, PostPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser2.idGivenByProvider -// When("the request is sent") -// val reply = grantUserAccessToView(bankId, bankAccount.id, userId, randomString(5), user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we cannot grant a user access to a view on an bank account because the user does not have owner view access", API1_2, PostPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser2.idGivenByProvider -// When("the request is sent") -// val reply = grantUserAccessToView(bankId, bankAccount.id, userId, randomViewPermalink(bankId, bankAccount), user3) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Grant a user access to a list of views on a bank account"){ -// scenario("we will grant a user access to a list of views on an bank account", API1_2, PostPermissions) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser3.idGivenByProvider -// val viewsIdsToGrant = randomViewsIdsToGrant(bankId, bankAccount.id) -// When("the request is sent") -// val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// Then("we should get a 201 ok code") -// reply.code should equal (201) -// val viewsInfo = reply.body.extract[ViewsJSON] -// And("some fields should not be empty") -// viewsInfo.views.foreach(v => v.id.nonEmpty should equal (true)) -// And("the granted views should be the same") -// viewsIdsToGrant.toSet should equal(viewsInfo.views.map(_.id).toSet) -// //we revoke access to the granted views for the next tests -// revokeUserAccessToAllViews(bankId, bankAccount.id, userId, user1) -// } -// -// scenario("we cannot grant a user access to a list of views on an bank account because the user does not exist", API1_2, PostPermissions) { -// Given("We will use an access token with a random user Id") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = randomString(5) -// val viewsIdsToGrant= randomViewsIdsToGrant(bankId, bankAccount.id) -// When("the request is sent") -// val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we cannot grant a user access to a list of views on an bank account because they don't exist", API1_2, PostPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser3.idGivenByProvider -// val viewsIdsToGrant= List(randomString(3),randomString(3)) -// When("the request is sent") -// val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we cannot grant a user access to a list of views on an bank account because some views don't exist", API1_2, PostPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser3.idGivenByProvider -// val viewsIdsToGrant= randomViewsIdsToGrant(bankId, bankAccount.id) ++ List(randomString(3),randomString(3)) -// When("the request is sent") -// val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we cannot grant a user access to a list of views on an bank account because the user does not have owner view access", API1_2, PostPermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser3.idGivenByProvider -// val viewsIdsToGrant= randomViewsIdsToGrant(bankId, bankAccount.id) ++ List(randomString(3),randomString(3)) -// When("the request is sent") -// val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user3) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("Revoke a user access to a view on a bank account"){ -// scenario("we will revoke the access of a user to a view different from owner on an bank account", API1_2, DeletePermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser2.idGivenByProvider -// val viewId = randomViewPermalinkButNotOwner(bankId, bankAccount) -// val viewsIdsToGrant = viewId :: Nil -// grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSON].views.length -// When("the request is sent") -// val reply = revokeUserAccessToView(bankId, bankAccount.id, userId, viewId, user1) -// Then("we should get a 204 no content code") -// reply.code should equal (204) -// val viewsAfter = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSON].views.length -// viewsAfter should equal(viewsBefore -1) -// } -// -// scenario("we will revoke the access of a user to owner view on an bank account if there is more than one user", API1_2, DeletePermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val viewId = Constant.SYSTEM_OWNER_VIEW_ID -// val userId1 = resourceUser2.idGivenByProvider -// val userId2 = resourceUser2.idGivenByProvider -// grantUserAccessToView(bankId, bankAccount.id, userId1, viewId, user1) -// grantUserAccessToView(bankId, bankAccount.id, userId2, viewId, user1) -// val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId1, user1).body.extract[ViewsJSON].views.length -// When("the request is sent") -// val reply = revokeUserAccessToView(bankId, bankAccount.id, userId1, viewId, user1) -// Then("we should get a 204 no content code") -// reply.code should equal (204) -// val viewsAfter = getUserAccountPermission(bankId, bankAccount.id, userId1, user1).body.extract[ViewsJSON].views.length -// viewsAfter should equal(viewsBefore -1) -// } -// -// scenario("we cannot revoke the access of a user to owner view on an bank account if there is only one user", API1_2, DeletePermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val viewId = ViewId(Constant.SYSTEM_OWNER_VIEW_ID) -// val view = Views.views.vend.view(BankIdAccountIdViewId(BankId(bankId), AccountId(bankAccount.id), viewId)).get -// if(Views.views.vend.getOwners(view).toList.length == 0){ -// val userId = resourceUser2.idGivenByProvider -// grantUserAccessToView(bankId, bankAccount.id, userId, viewId.value, user1) -// } -// while(Views.views.vend.getOwners(view).toList.length > 1){ -// revokeUserAccessToView(bankId, bankAccount.id, Views.views.vend.getOwners(view).toList(0).idGivenByProvider, viewId.value, user1) -// } -// val viewUsersBefore = Views.views.vend.getOwners(view).toList -// When("the request is sent") -// val reply = revokeUserAccessToView(bankId, bankAccount.id, viewUsersBefore(0).idGivenByProvider, viewId.value, user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// val viewUsersAfter = Views.views.vend.getOwners(view).toList -// viewUsersAfter.length should equal(viewUsersBefore.length) -// } -// -// scenario("we cannot revoke the access to a user that does not exist", API1_2, DeletePermission) { -// Given("We will use an access token with a random user Id") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = revokeUserAccessToView(bankId, bankAccount.id, randomString(5), randomViewPermalink(bankId, bankAccount), user1) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// } -// -// scenario("we cannot revoke a user access to a view on an bank account because the view does not exist", API1_2, DeletePermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId =resourceUser2.idGivenByProvider -// When("the request is sent") -// val reply = revokeUserAccessToView(bankId, bankAccount.id, userId, randomString(5), user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// } -// -// scenario("we cannot revoke a user access to a view on an bank account because the user does not have owner view access", API1_2, DeletePermission) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser2.idGivenByProvider -// When("the request is sent") -// val reply = revokeUserAccessToView(bankId, bankAccount.id, userId, randomViewPermalink(bankId, bankAccount), user3) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// } -// } -// -// feature("Revoke a user access to all the views on a bank account"){ -// scenario("we will revoke the access of a user to all the views on an bank account", API1_2, DeletePermissions) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser2.idGivenByProvider -// val viewId = randomViewPermalink(bankId, bankAccount) -// val viewsIdsToGrant = viewId :: Nil -// grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// When("the request is sent") -// val reply = revokeUserAccessToAllViews(bankId, bankAccount.id, userId, user1) -// Then("we should get a 204 no content code") -// reply.code should equal (204) -// } -// scenario("we cannot revoke the access to a user that does not exist", API1_2, DeletePermissions) { -// Given("We will use an access token with a random user Id") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = revokeUserAccessToAllViews(bankId, bankAccount.id, randomString(5), user1) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// } -// -// scenario("we cannot revoke a user access to a view on an bank account because the user does not have owner view access", API1_2, DeletePermissions) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val userId = resourceUser2.idGivenByProvider -// val viewId = randomViewPermalink(bankId, bankAccount) -// val viewsIdsToGrant = viewId :: Nil -// grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) -// When("the request is sent") -// val reply = revokeUserAccessToAllViews(bankId, bankAccount.id, userId, user3) -// Then("we should get a 400 ok code") -// reply.code should equal (400) -// } -// } -// -// feature("We get the list of the other bank accounts linked with a bank account"){ -// scenario("we will get the other bank accounts of a bank account", API1_2, GetOtherBankAccounts) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getTheOtherBankAccounts(bankId, bankAccount.id, randomViewPermalink(bankId, bankAccount), user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// val accountsJson = reply.body.extract[OtherAccountsJSON] -// And("some fields should not be empty") -// accountsJson.other_accounts.foreach( a => -// a.id.nonEmpty should equal (true) -// ) -// } -// -// scenario("we will not get the other bank accounts of a bank account due to missing access token", API1_2, GetOtherBankAccounts) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getTheOtherBankAccounts(bankId, bankAccount.id, randomViewPermalink(bankId, bankAccount), None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the other bank accounts of a bank account because the user does not have enough privileges", API1_2, GetOtherBankAccounts) { -// Given("We will use an access token ") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getTheOtherBankAccounts(bankId, bankAccount.id, randomViewPermalink(bankId, bankAccount), user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the other bank accounts of a bank account because the view does not exist", API1_2, GetOtherBankAccounts) { -// Given("We will use an access token ") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// When("the request is sent") -// val reply = getTheOtherBankAccounts(bankId, bankAccount.id, randomString(5), user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We get one specific other bank account among the other accounts "){ -// scenario("we will get one random other bank account of a bank account", API1_2, GetOtherBankAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// val accountJson = reply.body.extract[OtherAccountJSON] -// And("some fields should not be empty") -// accountJson.id.nonEmpty should equal (true) -// } -// -// scenario("we will not get one random other bank account of a bank account due to a missing token", API1_2, GetOtherBankAccount) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get one random other bank account of a bank account because the user does not have enough privileges", API1_2, GetOtherBankAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get one random other bank account of a bank account because the view does not exist", API1_2, GetOtherBankAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, randomViewPermalink(bankId, bankAccount)) -// When("the request is sent") -// val reply = getTheOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get one random other bank account of a bank account because the account does not exist", API1_2, GetOtherBankAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getTheOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We get the metadata of one specific other bank account among the other accounts"){ -// scenario("we will get the metadata of one random other bank account", API1_2, GetOtherBankAccountMetadata) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getMetadataOfOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("some fields should not be empty") -// reply.body.extract[OtherAccountMetadataJSON] -// } -// -// scenario("we will not get the metadata of one random other bank account due to a missing token", API1_2, GetOtherBankAccountMetadata) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getMetadataOfOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the metadata of one random other bank account because the user does not have enough privileges", API1_2, GetOtherBankAccountMetadata) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getMetadataOfOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the metadata of one random other bank account because the view does not exist", API1_2, GetOtherBankAccountMetadata) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getMetadataOfOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the metadata of one random other bank account because the account does not exist", API1_2, GetOtherBankAccountMetadata) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getMetadataOfOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We get the public alias of one specific other bank account among the other accounts "){ -// scenario("we will get the public alias of one random other bank account", API1_2, GetPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// reply.body.extract[AliasJSON] -// } -// -// scenario("we will not get the public alias of one random other bank account due to a missing token", API1_2, GetPublicAlias) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the public alias of one random other bank account because the user does not have enough privileges", API1_2, GetPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the public alias of one random other bank account because the view does not exist", API1_2, GetPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the public alias of one random other bank account because the account does not exist", API1_2, GetPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post a public alias for one specific other bank"){ -// scenario("we will post a public alias for one random other bank account", API1_2, PostPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomAlias = randomString(5) -// val postReply = postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the alias should be changed") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a public alias for a random other bank account due to a missing token", API1_2, PostPublicAlias) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a public alias for a random other bank account because the user does not have enough privileges", API1_2, PostPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a public alias for a random other bank account because the view does not exist", API1_2, PostPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomAlias, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a public alias for a random other bank account because the account does not exist", API1_2, PostPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomAlias, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the public alias for one specific other bank"){ -// scenario("we will update the public alias for one random other bank account", API1_2, PutPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomAlias = randomString(5) -// val putReply = updateThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the alias should be changed") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not update the public alias for a random other bank account due to a missing token", API1_2, PutPublicAlias) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val putReply = updateThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not update the public alias for a random other bank account because the user does not have enough privileges", API1_2, PutPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val putReply = updateThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the public alias for a random other bank account because the account does not exist", API1_2, PutPublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomAlias = randomString(5) -// When("the request is sent") -// val putReply = updateThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomAlias, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the public alias for one specific other bank"){ -// scenario("we will delete the public alias for one random other bank account", API1_2, DeletePublicAlias) { -// Given("We will use an access token and will set an alias first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// When("the delete request is sent") -// val deleteReply = deleteThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the public alias should be null") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterTheDelete : AliasJSON = getReply.body.extract[AliasJSON] -// theAliasAfterTheDelete.alias should equal (null) -// } -// scenario("we will not delete the public alias for a random other bank account due to a missing token", API1_2, DeletePublicAlias) { -// Given("We will not use an access token and will set an alias first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// When("the delete request is sent") -// val deleteReply = deleteThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the public alias should not be null") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterTheDelete : AliasJSON = getReply.body.extract[AliasJSON] -// theAliasAfterTheDelete.alias should not equal (null) -// } -// scenario("we will not delete the public alias for a random other bank account because the user does not have enough privileges", API1_2, DeletePublicAlias) { -// Given("We will use an access token and will set an alias first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// postAPublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// When("the delete request is sent") -// val deleteReply = deleteThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the public alias should not be null") -// val getReply = getThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterTheDelete : AliasJSON = getReply.body.extract[AliasJSON] -// theAliasAfterTheDelete.alias should not equal (null) -// } -// scenario("we will not delete the public alias for a random other bank account because the account does not exist", API1_2, DeletePublicAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomAlias = randomString(5) -// When("the delete request is sent") -// val deleteReply = deleteThePublicAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We get the private alias of one specific other bank account among the other accounts "){ -// scenario("we will get the private alias of one random other bank account", API1_2, GetPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// reply.body.extract[AliasJSON] -// } -// -// scenario("we will not get the private alias of one random other bank account due to a missing token", API1_2, GetPrivateAlias) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the private alias of one random other bank account because the user does not have enough privileges", API1_2, GetPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the private alias of one random other bank account because the view does not exist", API1_2, GetPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the private alias of one random other bank account because the account does not exist", API1_2, GetPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// -// When("the request is sent") -// val reply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post a private alias for one specific other bank"){ -// scenario("we will post a private alias for one random other bank account", API1_2, PostPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomAlias = randomString(5) -// val postReply = postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the alias should be changed") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a private alias for a random other bank account due to a missing token", API1_2, PostPrivateAlias) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a private alias for a random other bank account because the user does not have enough privileges", API1_2, PostPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a private alias for a random other bank account because the view does not exist", API1_2, PostPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomAlias, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not post a private alias for a random other bank account because the account does not exist", API1_2, PostPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomAlias = randomString(5) -// When("the request is sent") -// val postReply = postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomAlias, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the private alias for one specific other bank"){ -// scenario("we will update the private alias for one random other bank account", API1_2, PutPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomAlias = randomString(5) -// val putReply = updateThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the alias should be changed") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not update the private alias for a random other bank account due to a missing token", API1_2, PutPrivateAlias) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val putReply = updateThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the alias should not be changed") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterThePost : AliasJSON = getReply.body.extract[AliasJSON] -// randomAlias should not equal (theAliasAfterThePost.alias) -// } -// -// scenario("we will not update the private alias for a random other bank account because the user does not have enough privileges", API1_2, PutPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// When("the request is sent") -// val putReply = updateThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the private alias for a random other bank account because the account does not exist", API1_2, PutPrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomAlias = randomString(5) -// When("the request is sent") -// val putReply = updateThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomAlias, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the private alias for one specific other bank"){ -// scenario("we will delete the private alias for one random other bank account", API1_2, DeletePrivateAlias) { -// Given("We will use an access token and will set an alias first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// When("the delete request is sent") -// val deleteReply = deleteThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the Private alias should be null") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterTheDelete : AliasJSON = getReply.body.extract[AliasJSON] -// theAliasAfterTheDelete.alias should equal (null) -// } -// scenario("we will not delete the private alias for a random other bank account due to a missing token", API1_2, DeletePrivateAlias) { -// Given("We will not use an access token and will set an alias first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// When("the delete request is sent") -// val deleteReply = deleteThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the Private alias should not be null") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterTheDelete : AliasJSON = getReply.body.extract[AliasJSON] -// theAliasAfterTheDelete.alias should not equal (null) -// } -// scenario("we will not delete the private alias for a random other bank account because the user does not have enough privileges", API1_2, DeletePrivateAlias) { -// Given("We will use an access token and will set an alias first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomAlias = randomString(5) -// postAPrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomAlias, user1) -// When("the delete request is sent") -// val deleteReply = deleteThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the Private alias should not be null") -// val getReply = getThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// val theAliasAfterTheDelete : AliasJSON = getReply.body.extract[AliasJSON] -// theAliasAfterTheDelete.alias should not equal (null) -// } -// scenario("we will not delete the private alias for a random other bank account because the account does not exist", API1_2, DeletePrivateAlias) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomAlias = randomString(5) -// When("the delete request is sent") -// val deleteReply = deleteThePrivateAliasForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We post more information for one specific other bank"){ -// scenario("we will post more information for one random other bank account", API1_2, PostMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomInfo = randomString(20) -// val postReply = postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the information should be changed") -// val moreInfo = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomInfo should equal (moreInfo) -// } -// -// scenario("we will not post more information for a random other bank account due to a missing token", API1_2, PostMoreInfo) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// When("the request is sent") -// val postReply = postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the information should not be changed") -// val moreInfo = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomInfo should not equal (moreInfo) -// } -// -// scenario("we will not post more information for a random other bank account because the user does not have enough privileges", API1_2, PostMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// When("the request is sent") -// val postReply = postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the information should not be changed") -// val moreInfo = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomInfo should not equal (moreInfo) -// } -// -// scenario("we will not post more information for a random other bank account because the view does not exist", API1_2, PostMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// When("the request is sent") -// val postReply = postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomInfo, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the information should not be changed") -// val moreInfo = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomInfo should not equal (moreInfo) -// } -// -// scenario("we will not post more information for a random other bank account because the account does not exist", API1_2, PostMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomInfo = randomString(20) -// When("the request is sent") -// val postReply = postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomInfo, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the information for one specific other bank"){ -// scenario("we will update the information for one random other bank account", API1_2, PutMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomInfo = randomString(20) -// val putReply = updateMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the information should be changed") -// val moreInfo = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomInfo should equal (moreInfo) -// } -// -// scenario("we will not update the information for a random other bank account due to a missing token", API1_2, PutMoreInfo) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// When("the request is sent") -// val putReply = updateMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the information should not be changed") -// val moreInfo = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomInfo should not equal (moreInfo) -// } -// -// scenario("we will not update the information for a random other bank account because the user does not have enough privileges", API1_2, PutMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// When("the request is sent") -// val putReply = updateMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the information for a random other bank account because the account does not exist", API1_2, PutMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomInfo = randomString(20) -// When("the request is sent") -// val putReply = updateMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomInfo, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the information for one specific other bank"){ -// scenario("we will delete the information for one random other bank account", API1_2, DeleteMoreInfo) { -// Given("We will use an access token and will set an info first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user1) -// When("the delete request is sent") -// val deleteReply = deleteMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the info should be null") -// val infoAfterDelete = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// infoAfterDelete should equal (null) -// } -// -// scenario("we will not delete the information for a random other bank account due to a missing token", API1_2, DeleteMoreInfo) { -// Given("We will not use an access token and will set an info first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user1) -// When("the delete request is sent") -// val deleteReply = deleteMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the info should not be null") -// val infoAfterDelete = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// infoAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the information for a random other bank account because the user does not have enough privileges", API1_2, DeleteMoreInfo) { -// Given("We will use an access token and will set an info first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomInfo = randomString(20) -// postMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomInfo, user1) -// When("the delete request is sent") -// val deleteReply = deleteMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the info should not be null") -// val infoAfterDelete = getMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// infoAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the information for a random other bank account because the account does not exist", API1_2, DeleteMoreInfo) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomInfo = randomString(20) -// When("the delete request is sent") -// val deleteReply = deleteMoreInfoForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We post the url for one specific other bank"){ -// scenario("we will post the url for one random other bank account", API1_2, PostURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomURL = randomString(20) -// val postReply = postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the url should be changed") -// val url = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should equal (url) -// } -// -// scenario("we will not post the url for a random other bank account due to a missing token", API1_2, PostURL) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the url should not be changed") -// val url = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not post the url for a random other bank account because the user does not have enough privileges", API1_2, PostURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the url should not be changed") -// val url = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not post the url for a random other bank account because the view does not exist", API1_2, PostURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postUrlForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomURL, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the url should not be changed") -// val url = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not post the url for a random other bank account because the account does not exist", API1_2, PostURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomURL, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the url for one specific other bank"){ -// scenario("we will update the url for one random other bank account", API1_2, PutURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomURL = randomString(20) -// val putReply = updateUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the url should be changed") -// val url = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should equal (url) -// } -// -// scenario("we will not update the url for a random other bank account due to a missing token", API1_2, PutURL) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val putReply = updateUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the url should not be changed") -// val url = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not update the url for a random other bank account because the user does not have enough privileges", API1_2, PutURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val putReply = updateUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the url for a random other bank account because the account does not exist", API1_2, PutURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomURL = randomString(20) -// When("the request is sent") -// val putReply = updateUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomURL, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the url for one specific other bank"){ -// scenario("we will delete the url for one random other bank account", API1_2, DeleteURL) { -// Given("We will use an access token and will set an open corporates url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the url should be null") -// val urlAfterDelete = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should equal (null) -// } -// -// scenario("we will not delete the url for a random other bank account due to a missing token", API1_2, DeleteURL) { -// Given("We will not use an access token and will set an open corporates url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the url should not be null") -// val urlAfterDelete = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the url for a random other bank account because the user does not have enough privileges", API1_2, DeleteURL) { -// Given("We will use an access token and will set an open corporates url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// postUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the url should not be null") -// val urlAfterDelete = getUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the url for a random other bank account because the account does not exist", API1_2, DeleteURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomURL = randomString(20) -// When("the delete request is sent") -// val deleteReply = deleteUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We post the image url for one specific other bank"){ -// scenario("we will post the image url for one random other bank account", API1_2, PostImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomImageURL = randomString(20) -// val postReply = postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the image url should be changed") -// val url = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomImageURL should equal (url) -// } -// -// scenario("we will not post the image url for a random other bank account due to a missing token", API1_2, PostImageURL) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val postReply = postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image url should not be changed") -// val url = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomImageURL should not equal (url) -// } -// -// scenario("we will not post the image url for a random other bank account because the user does not have enough privileges", API1_2, PostImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val postReply = postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image url should not be changed") -// val url = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomImageURL should not equal (url) -// } -// -// scenario("we will not post the image url for a random other bank account because the view does not exist", API1_2, PostImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val postReply = postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomImageURL, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image url should not be changed") -// val url = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomImageURL should not equal (url) -// } -// -// scenario("we will not post the image url for a random other bank account because the account does not exist", API1_2, PostImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val postReply = postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomImageURL, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the image url for one specific other bank"){ -// scenario("we will update the image url for one random other bank account", API1_2, PutImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomImageURL = randomString(20) -// val putReply = updateImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the image url should be changed") -// val url = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomImageURL should equal (url) -// } -// -// scenario("we will not update the image url for a random other bank account due to a missing token", API1_2, PutImageURL) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val putReply = updateImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image url should not be changed") -// val url = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomImageURL should not equal (url) -// } -// -// scenario("we will not update the image url for a random other bank account because the user does not have enough privileges", API1_2, PutImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val putReply = updateImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the image url for a random other bank account because the account does not exist", API1_2, PutImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomImageURL = randomString(20) -// When("the request is sent") -// val putReply = updateImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomImageURL, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the image url for one specific other bank"){ -// scenario("we will delete the image url for one random other bank account", API1_2, DeleteImageURL) { -// Given("We will use an access token and will set a url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the image url should be null") -// val urlAfterDelete = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should equal (null) -// } -// -// scenario("we will not delete the image url for a random other bank account due to a missing token", API1_2, DeleteImageURL) { -// Given("We will not use an access token and will set a url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the image url should not be null") -// val urlAfterDelete = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the image url for a random other bank account because the user does not have enough privileges", API1_2, DeleteImageURL) { -// Given("We will use an access token and will set a url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomImageURL = randomString(20) -// postImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomImageURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the image url should not be null") -// val urlAfterDelete = getImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the image url for a random other bank account because the account does not exist", API1_2, DeleteImageURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomImageURL = randomString(20) -// When("the delete request is sent") -// val deleteReply = deleteImageUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We post the open corporates url for one specific other bank"){ -// scenario("we will post the open corporates url for one random other bank account", API1_2, PostOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomURL = randomString(20) -// val postReply = postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the open corporates url should be changed") -// val url = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should equal (url) -// } -// -// scenario("we will not post the open corporates url for a random other bank account due to a missing token", API1_2, PostOpenCorporatesURL) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the open corporates url should not be changed") -// val url = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not post the open corporates url for a random other bank account because the user does not have enough privileges", API1_2, PostOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the open corporates url should not be changed") -// val url = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not post the open corporates url for a random other bank account because the view does not exist", API1_2, PostOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomURL, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the open corporates url should not be changed") -// val url = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not post the open corporates url for a random other bank account because the account does not exist", API1_2, PostOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomURL = randomString(20) -// When("the request is sent") -// val postReply = postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomURL, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the open corporates url for one specific other bank"){ -// scenario("we will update the open corporates url for one random other bank account", API1_2, PutOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomURL = randomString(20) -// val putReply = updateOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the open corporates url should be changed") -// val url = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should equal (url) -// } -// -// scenario("we will not update the open corporates url for a random other bank account due to a missing token", API1_2, PutOpenCorporatesURL) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val putReply = updateOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the open corporates url should not be changed") -// val url = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomURL should not equal (url) -// } -// -// scenario("we will not update the open corporates url for a random other bank account because the user does not have enough privileges", API1_2, PutOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// When("the request is sent") -// val putReply = updateOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the open corporates url for a random other bank account because the account does not exist", API1_2, PutOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomURL = randomString(20) -// When("the request is sent") -// val putReply = updateOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomURL, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the open corporates url for one specific other bank"){ -// scenario("we will delete the open corporates url for one random other bank account", API1_2, DeleteOpenCorporatesURL) { -// Given("We will use an access token and will set an open corporates url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the open corporates url should be null") -// val urlAfterDelete = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should equal (null) -// } -// -// scenario("we will not delete the open corporates url for a random other bank account due to a missing token", API1_2, DeleteOpenCorporatesURL) { -// Given("We will not use an access token and will set an open corporates url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the open corporates url should not be null") -// val urlAfterDelete = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the open corporates url for a random other bank account because the user does not have enough privileges", API1_2, DeleteOpenCorporatesURL) { -// Given("We will use an access token and will set an open corporates url first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomURL = randomString(20) -// postOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomURL, user1) -// When("the delete request is sent") -// val deleteReply = deleteOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the open corporates url should not be null") -// val urlAfterDelete = getOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// urlAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the open corporates url for a random other bank account because the account does not exist", API1_2, DeleteOpenCorporatesURL) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomURL = randomString(20) -// When("the delete request is sent") -// val deleteReply = deleteOpenCorporatesUrlForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We post the corporate location for one specific other bank"){ -// scenario("we will post the corporate location for one random other bank account", API1_2, PostCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the corporate location should be changed") -// val location = getCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomLoc.latitude should equal (location.latitude) -// randomLoc.longitude should equal (location.longitude) -// } -// -// scenario("we will not post the corporate location for a random other bank account due to a missing token", API1_2, PostCorporateLocation) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the corporate location for one random other bank account because the coordinates don't exist", API1_2, PostCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// var randomLoc = JSONFactory.createLocationPlainJSON(400,200) -// When("the request is sent") -// val postReply = postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the corporate location for a random other bank account because the user does not have enough privileges", API1_2, PostCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the corporate location for a random other bank account because the view does not exist", API1_2, PostCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomLoc, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the corporate location for a random other bank account because the account does not exist", API1_2, PostCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomLoc, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the corporate location for one specific other bank"){ -// scenario("we will update the corporate location for one random other bank account", API1_2, PutCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomLoc = randomLocation -// val putReply = updateCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the corporate location should be changed") -// val location = getCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomLoc.latitude should equal (location.latitude) -// randomLoc.longitude should equal (location.longitude) -// } -// -// scenario("we will not update the corporate location for one random other bank account because the coordinates don't exist", API1_2, PutCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// var randomLoc = JSONFactory.createLocationPlainJSON(400,200) -// When("the request is sent") -// val putReply = updateCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the corporate location for a random other bank account due to a missing token", API1_2, PutCorporateLocation) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updateCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the corporate location for a random other bank account because the user does not have enough privileges", API1_2, PutCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updateCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the corporate location for a random other bank account because the account does not exist", API1_2, PutCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updateCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomLoc, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the corporate location for one specific other bank"){ -// scenario("we will delete the corporate location for one random other bank account", API1_2, DeleteCorporateLocation) { -// Given("We will use an access token and will set a corporate location first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the corporate location should be null") -// val locationAfterDelete = getCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// locationAfterDelete should equal (null) -// } -// -// scenario("we will not delete the corporate location for a random other bank account due to a missing token", API1_2, DeleteCorporateLocation) { -// Given("We will not use an access token and will set a corporate location first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the corporate location should not be null") -// val locationAfterDelete = getCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// locationAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the corporate location for a random other bank account because the user does not have enough privileges", API1_2, DeleteCorporateLocation) { -// Given("We will use an access token and will set a corporate location first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the corporate location should not be null") -// val locationAfterDelete = getCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// locationAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the corporate location for a random other bank account because the account does not exist", API1_2, DeleteCorporateLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the delete request is sent") -// val deleteReply = deleteCorporateLocationForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We post the physical location for one specific other bank"){ -// scenario("we will post the physical location for one random other bank account", API1_2, PostPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the physical location should be changed") -// val location = getPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomLoc.latitude should equal (location.latitude) -// randomLoc.longitude should equal (location.longitude) -// } -// -// scenario("we will not post the physical location for one random other bank account because the coordinates don't exist", API1_2, PostPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// var randomLoc = JSONFactory.createLocationPlainJSON(400,200) -// When("the request is sent") -// val postReply = postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the physical location for a random other bank account due to a missing token", API1_2, PostPhysicalLocation) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the physical location for a random other bank account because the user does not have enough privileges", API1_2, PostPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the physical location for a random other bank account because the view does not exist", API1_2, PostPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, randomString(5), otherBankAccount.id, randomLoc, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the physical location for a random other bank account because the account does not exist", API1_2, PostPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomLoc, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the physical location for one specific other bank"){ -// scenario("we will update the physical location for one random other bank account", API1_2, PutPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomLoc = randomLocation -// val putReply = updatePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the physical location should be changed") -// val location = getPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// randomLoc.latitude should equal (location.latitude) -// randomLoc.longitude should equal (location.longitude) -// } -// -// scenario("we will not update the physical location for one random other bank account because the coordinates don't exist", API1_2, PutPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// var randomLoc = JSONFactory.createLocationPlainJSON(400,200) -// When("the request is sent") -// val putReply = updatePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the physical location for a random other bank account due to a missing token", API1_2, PutPhysicalLocation) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updatePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the physical location for a random other bank account because the user does not have enough privileges", API1_2, PutPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updatePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the physical location for a random other bank account because the account does not exist", API1_2, PutPhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updatePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), randomLoc, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the physical location for one specific other bank"){ -// scenario("we will delete the physical location for one random other bank account", API1_2, DeletePhysicalLocation) { -// Given("We will use an access token and will set a physical location first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deletePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the physical location should be null") -// val locationAfterDelete = getPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// locationAfterDelete should equal (null) -// } -// -// scenario("we will not delete the physical location for a random other bank account due to a missing token", API1_2, DeletePhysicalLocation) { -// Given("We will not use an access token and will set a physical location first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deletePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the physical location should not be null") -// val locationAfterDelete = getPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// locationAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the physical location for a random other bank account because the user does not have enough privileges", API1_2, DeletePhysicalLocation) { -// Given("We will use an access token and will set a physical location first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val otherBankAccount = randomOtherBankAccount(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deletePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the physical location should not be null") -// val locationAfterDelete = getPhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, otherBankAccount.id, user1) -// locationAfterDelete should not equal (null) -// } -// -// scenario("we will not delete the physical location for a random other bank account because the account does not exist", API1_2, DeletePhysicalLocation) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the delete request is sent") -// val deleteReply = deletePhysicalLocationForOneOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("Information about all the transaction"){ -// scenario("we get all the transactions of one random (private) bank account", API1_2, GetTransactions) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getTransactions(bankId,bankAccount.id,view, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions array should not be empty") -// transactions.transactions.size should not equal (0) -// -// } -// -// scenario("we do not get transactions of one random bank account, because the account doesn't exist", API1_2, GetTransactions) { -// Given("We will use an access token") -// When("the request is sent") -// val bankId = randomBank -// val reply = getTransactions(bankId,randomString(5),randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// -// scenario("we do not get transactions of one random bank account, because the view doesn't exist", API1_2, GetTransactions) { -// Given("We will use an access token") -// When("the request is sent") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val reply = getTransactions(bankId,bankAccount.id,randomString(5), user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// } -// } -// -// feature("transactions with params"){ -// import java.text.SimpleDateFormat -// import java.util.Calendar -// val defaultFormat = APIUtil.DateWithMsFormat -// val rollbackFormat = APIUtil.DateWithMsRollbackFormat -// scenario("we don't get transactions due to wrong value for obp_sort_direction parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_sort_direction") -// val params = ("obp_sort_direction", "foo") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we get all the transactions sorted by ASC", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with the value ASC for param obp_sort_by") -// val params = ("obp_sort_direction", "ASC") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions array should not be empty") -// transactions.transactions.size should not equal (0) -// val transaction1 = transactions.transactions(0) -// val transaction2 = transactions.transactions(1) -// transaction1.details.completed.before(transaction2.details.completed) should equal(true) -// } -// scenario("we get all the transactions sorted by asc", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with the value asc for param obp_sort_by") -// val params = ("obp_sort_direction", "asc") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions array should not be empty") -// transactions.transactions.size should not equal (0) -// val transaction1 = transactions.transactions(0) -// val transaction2 = transactions.transactions(1) -// transaction1.details.completed.before(transaction2.details.completed) should equal(true) -// } -// scenario("we get all the transactions sorted by DESC", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with the value DESC for param obp_sort_by") -// val params = ("obp_sort_direction", "DESC") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions array should not be empty") -// transactions.transactions.size should not equal (0) -// val transaction1 = transactions.transactions(0) -// val transaction2 = transactions.transactions(1) -// transaction1.details.completed.before(transaction2.details.completed) should equal(false) -// } -// scenario("we get all the transactions sorted by desc", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with the value desc for param obp_sort_by") -// val params = ("obp_sort_direction", "desc") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions array should not be empty") -// transactions.transactions.size should not equal (0) -// val transaction1 = transactions.transactions(0) -// val transaction2 = transactions.transactions(1) -// transaction1.details.completed.before(transaction2.details.completed) should equal(false) -// -// } -// scenario("we don't get transactions due to wrong value (not a number) for obp_limit parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_limit") -// val params = ("obp_limit", "foo") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we don't get transactions due to wrong value (0) for obp_limit parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_limit") -// val params = ("obp_limit", "0") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we don't get transactions due to wrong value (-100) for obp_limit parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_limit") -// val params = ("obp_limit", "-100") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we get only 5 transactions due to the obp_limit parameter value", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with the value ASC for parameter obp_limit") -// val params = ("obp_limit", "5") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions size should be equal to 5") -// transactions.transactions.size should equal (5) -// } -// scenario("we don't get transactions due to wrong value for obp_from_date parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_from_date") -// val params = ("obp_from_date", "foo") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we get transactions from a previous date with the right format", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with obp_from_date into a proper format") -// val currentDate = new Date() -// val calendar = Calendar.getInstance -// calendar.setTime(currentDate) -// calendar.add(Calendar.YEAR, -1) -// val pastDate = calendar.getTime -// val formatedPastDate = defaultFormat.format(pastDate) -// val params = ("obp_from_date", formatedPastDate) :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should not be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should not equal (0) -// } -// scenario("we get transactions from a previous date (obp_from_date) with the fallback format", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with obp_from_date into an accepted format") -// val currentDate = new Date() -// val calendar = Calendar.getInstance -// calendar.setTime(currentDate) -// calendar.add(Calendar.YEAR, -1) -// val pastDate = calendar.getTime -// val formatedPastDate = rollbackFormat.format(pastDate) -// val params = ("obp_from_date", formatedPastDate) :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should not be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should not equal (0) -// } -// scenario("we don't get transactions from a date in the future", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with obp_from_date into a proper format") -// val currentDate = new Date() -// val calendar = Calendar.getInstance -// calendar.setTime(currentDate) -// calendar.add(Calendar.YEAR, 1) -// val futureDate = calendar.getTime -// val formatedFutureDate = defaultFormat.format(futureDate) -// val params = ("obp_from_date", formatedFutureDate) :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should not be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should equal (0) -// } -// scenario("we don't get transactions due to wrong value for obp_to_date parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_to_date") -// val params = ("obp_to_date", "foo") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we get transactions from a previous (obp_to_date) date with the right format", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with obp_to_date into a proper format") -// val currentDate = new Date() -// val formatedCurrentDate = defaultFormat.format(currentDate) -// val params = ("obp_to_date", formatedCurrentDate) :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should not be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should not equal (0) -// } -// scenario("we get transactions from a previous date with the fallback format", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with obp_to_date into an accepted format") -// val currentDate = new Date() -// val formatedCurrentDate = defaultFormat.format(currentDate) -// val params = ("obp_to_date", formatedCurrentDate) :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should not be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should not equal (0) -// } -// scenario("we don't get transactions from a date in the past", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with obp_to_date into a proper format") -// val currentDate = new Date() -// val calendar = Calendar.getInstance -// calendar.setTime(currentDate) -// calendar.add(Calendar.YEAR, -1) -// val pastDate = calendar.getTime -// val formatedPastDate = defaultFormat.format(pastDate) -// val params = ("obp_to_date", formatedPastDate) :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should equal (0) -// } -// scenario("we don't get transactions due to wrong value (not a number) for obp_offset parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_offset") -// val params = ("obp_offset", "foo") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we don't get transactions due to the (2000) for obp_offset parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_offset") -// val params = ("obp_offset", "2000") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 code") -// reply.code should equal (200) -// And("transactions size should be empty") -// val transactions = reply.body.extract[TransactionsJSON] -// transactions.transactions.size should equal (0) -// } -// scenario("we don't get transactions due to wrong value (-100) for obp_offset parameter", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with a wrong value for param obp_offset") -// val params = ("obp_offset", "-100") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// scenario("we get only 5 transactions due to the obp_offset parameter value", API1_2, GetTransactions, GetTransactionsWithParams) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent with the value ASC for parameter obp_offset") -// val params = ("obp_offset", "5") :: Nil -// val reply = getTransactions(bankId,bankAccount.id,view, user1, params) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// val transactions = reply.body.extract[TransactionsJSON] -// And("transactions size should be equal to 5") -// transactions.transactions.size should equal (5) -// } -// } -// -// feature("Information about a transaction"){ -// scenario("we get transaction data by using an access token", API1_2, GetTransaction) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 ok code") -// reply.code should equal (200) -// reply.body.extract[TransactionJSON] -// } -// -// scenario("we will not get transaction data due to a missing token", API1_2, GetTransaction) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// -// scenario("we will not get transaction data because user does not have enough privileges", API1_2, GetTransaction) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// -// scenario("we will not get transaction data because the account does not exist", API1_2, GetTransaction) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTransaction(bankId, randomString(5), view, transaction.id, user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// -// scenario("we will not get transaction data because the view does not exist", API1_2, GetTransaction) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// } -// -// scenario("we will not get transaction data because the transaction does not exist", API1_2, GetTransaction) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// } -// -// } -// -// feature("We get the narrative of one random transaction"){ -// scenario("we will get the narrative of one random transaction", API1_2, GetNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// reply.body.extract[TransactionNarrativeJSON] -// } -// -// scenario("we will not get the narrative of one random transaction due to a missing token", API1_2, GetNarrative) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the narrative of one random transaction because the user does not have enough privileges", API1_2, GetNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the narrative of one random transaction because the view does not exist", API1_2, GetNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getNarrativeForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the narrative of one random transaction because the transaction does not exist", API1_2, GetNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post the narrative for one random transaction"){ -// scenario("we will post the narrative for one random transaction", API1_2, PostNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomNarrative = randomString(20) -// val postReply = postNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the narrative should be added") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theNarrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should equal (theNarrativeAfterThePost.narrative) -// } -// -// scenario("we will not post the narrative for one random transaction due to a missing token", API1_2, PostNarrative) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// When("the request is sent") -// val postReply = postNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the narrative should not be added") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theNarrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should not equal (theNarrativeAfterThePost.narrative) -// } -// -// scenario("we will not post the narrative for one random transaction because the user does not have enough privileges", API1_2, PostNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// When("the request is sent") -// val postReply = postNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the narrative should not be added") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theNarrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should not equal (theNarrativeAfterThePost.narrative) -// } -// -// scenario("we will not post the narrative for one random transaction because the view does not exist", API1_2, PostNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// When("the request is sent") -// val postReply = postNarrativeForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, randomNarrative, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the narrative should not be added") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theNarrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should not equal (theNarrativeAfterThePost.narrative) -// } -// -// scenario("we will not post the narrative for one random transaction because the transaction does not exist", API1_2, PostNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val randomNarrative = randomString(20) -// When("the request is sent") -// val postReply = postNarrativeForOneTransaction(bankId, bankAccount.id, view, randomString(5), randomNarrative, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the narrative for one random transaction"){ -// scenario("we will the narrative for one random transaction", API1_2, PutNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomNarrative = randomString(20) -// val putReply = updateNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the narrative should be changed") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val narrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should equal (narrativeAfterThePost.narrative) -// } -// -// scenario("we will not update the narrative for one random transaction due to a missing token", API1_2, PutNarrative) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// When("the request is sent") -// val putReply = updateNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the narrative should not be changed") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val narrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should not equal (narrativeAfterThePost.narrative) -// } -// -// scenario("we will not update the narrative for one random transaction because the user does not have enough privileges", API1_2, PutNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// When("the request is sent") -// val putReply = updateNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the narrative should not be changed") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val narrativeAfterThePost : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// randomNarrative should not equal (narrativeAfterThePost.narrative) -// } -// -// scenario("we will not update the narrative for one random transaction because the transaction does not exist", API1_2, PutNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transactionId = randomString(5) -// val randomNarrative = randomString(20) -// When("the request is sent") -// val putReply = updateNarrativeForOneTransaction(bankId, bankAccount.id, view, transactionId, randomNarrative, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the narrative for one random transaction"){ -// scenario("we will delete the narrative for one random transaction", API1_2, DeleteNarrative) { -// Given("We will use an access token and will set a narrative first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// postNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user1) -// When("the delete request is sent") -// val deleteReply = deleteNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the narrative should be null") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val narrativeAfterTheDelete : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// narrativeAfterTheDelete.narrative should equal (null) -// } -// -// scenario("we will not delete narrative for one random transaction due to a missing token", API1_2, DeleteNarrative) { -// Given("We will not use an access token and will set a narrative first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// postNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user1) -// When("the delete request is sent") -// val deleteReply = deleteNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the public narrative should not be null") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val narrativeAfterTheDelete : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// narrativeAfterTheDelete.narrative should not equal (null) -// } -// -// scenario("we will not delete the narrative for one random transaction because the user does not have enough privileges", API1_2, DeleteNarrative) { -// Given("We will use an access token and will set a narrative first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomNarrative = randomString(20) -// postNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomNarrative, user1) -// When("the delete request is sent") -// val deleteReply = deleteNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// And("the narrative should not be null") -// val getReply = getNarrativeForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val narrativeAfterTheDelete : TransactionNarrativeJSON = getReply.body.extract[TransactionNarrativeJSON] -// narrativeAfterTheDelete.narrative should not equal (null) -// } -// -// scenario("we will not delete the narrative for one random transaction because the transaction does not exist", API1_2, DeleteNarrative) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = Constant.SYSTEM_OWNER_VIEW_ID -// val randomNarrative = randomString(20) -// When("the delete request is sent") -// val deleteReply = deleteNarrativeForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We get the comments of one random transaction"){ -// scenario("we will get the comments of one random transaction", API1_2, GetComments) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// reply.body.extract[TransactionCommentsJSON] -// } -// -// scenario("we will not get the comments of one random transaction due to a missing token", API1_2, GetComments) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the comments of one random transaction because the user does not have enough privileges", API1_2, GetComments) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the comments of one random transaction because the view does not exist", API1_2, GetComments) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getCommentsForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the comments of one random transaction because the transaction does not exist", API1_2, GetComments) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getCommentsForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post a comment for one random transaction"){ -// scenario("we will post a comment for one random transaction", API1_2, PostComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[TransactionCommentJSON] -// And("the comment should be added") -// val getReply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theCommentsAfterThePost = getReply.body.extract[TransactionCommentsJSON].comments -// val theComment = theCommentsAfterThePost.find(_.value == randomComment.value) -// theComment.nonEmpty should equal (true) -// theComment.get.user should not equal (null) -// -// } -// -// scenario("we will not post a comment for one random transaction due to a missing token", API1_2, PostComment) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// When("the request is sent") -// val postReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the comment should not be added") -// val getReply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theCommentsAfterThePost = getReply.body.extract[TransactionCommentsJSON].comments -// val notFound = theCommentsAfterThePost.find(_.value == randomComment.value) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// -// scenario("we will not post a comment for one random transaction because the user does not have enough privileges", API1_2, PostComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// When("the request is sent") -// val postReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the comment should not be added") -// val getReply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theCommentsAfterThePost = getReply.body.extract[TransactionCommentsJSON].comments -// val notFound = theCommentsAfterThePost.find(_.value == randomComment.value) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post a comment for one random transaction because the view does not exist", API1_2, PostComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// When("the request is sent") -// val postReply = postCommentForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, randomComment, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the comment should not be added") -// val getReply = getCommentsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theCommentsAfterThePost = getReply.body.extract[TransactionCommentsJSON].comments -// val notFound = theCommentsAfterThePost.find(_.value == randomComment.value) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post a comment for one random transaction because the transaction does not exist", API1_2, PostComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// When("the request is sent") -// val postReply = postCommentForOneTransaction(bankId, bankAccount.id, view, randomString(5), randomComment, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete a comment for one random transaction"){ -// scenario("we will delete a comment for one random transaction", API1_2, DeleteComment) { -// Given("We will use an access token and will set a comment first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postedReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user1) -// val postedComment = postedReply.body.extract[TransactionCommentJSON] -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedComment.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// } -// -// scenario("we will not delete a comment for one random transaction due to a missing token", API1_2, DeleteComment) { -// Given("We will not use an access token and will set a comment first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postedReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user1) -// val postedComment = postedReply.body.extract[TransactionCommentJSON] -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedComment.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a comment for one random transaction because the user does not have enough privileges", API1_2, DeleteComment) { -// Given("We will use an access token and will set a comment first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postedReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user1) -// val postedComment = postedReply.body.extract[TransactionCommentJSON] -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedComment.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a comment for one random transaction because the user did not post the comment", API1_2, DeleteComment) { -// Given("We will use an access token and will set a comment first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = "public" -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postedReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user2) -// val postedComment = postedReply.body.extract[TransactionCommentJSON] -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedComment.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a comment for one random transaction because the comment does not exist", API1_2, DeleteComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a comment for one random transaction because the transaction does not exist", API1_2, DeleteComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postedReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user1) -// val postedComment = postedReply.body.extract[TransactionCommentJSON] -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, view, randomString(5), postedComment.id, user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a comment for one random transaction because the view does not exist", API1_2, DeleteComment) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomComment = PostTransactionCommentJSON(randomString(20)) -// val postedReply = postCommentForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomComment, user1) -// val postedComment = postedReply.body.extract[TransactionCommentJSON] -// When("the delete request is sent") -// val deleteReply = deleteCommentForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, postedComment.id, user1) -// Then("we should get a 404 code") -// deleteReply.code should equal (404) -// } -// } -// -// feature("We get the tags of one random transaction"){ -// scenario("we will get the tags of one random transaction", API1_2, GetTags) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// reply.body.extract[TransactionTagsJSON] -// } -// -// scenario("we will not get the tags of one random transaction due to a missing token", API1_2, GetTags) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the tags of one random transaction because the user does not have enough privileges", API1_2, GetTags) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the tags of one random transaction because the view does not exist", API1_2, GetTags) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTagsForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the tags of one random transaction because the transaction does not exist", API1_2, GetTags) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getTagsForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post a tag for one random transaction"){ -// scenario("we will post a tag for one random transaction", API1_2, PostTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[TransactionTagJSON] -// And("the tag should be added") -// val getReply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theTagsAfterThePost = getReply.body.extract[TransactionTagsJSON].tags -// val theTag = theTagsAfterThePost.find(_.value == randomTag.value) -// theTag.nonEmpty should equal (true) -// theTag.get.user should not equal (null) -// } -// -// scenario("we will not post a tag for one random transaction due to a missing token", API1_2, PostTag) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// When("the request is sent") -// val postReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the tag should not be added") -// val getReply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theTagsAfterThePost = getReply.body.extract[TransactionTagsJSON].tags -// val notFound = theTagsAfterThePost.find(_.value == randomTag.value) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post a tag for one random transaction because the user does not have enough privileges", API1_2, PostTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// When("the request is sent") -// val postReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the tag should not be added") -// val getReply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theTagsAfterThePost = getReply.body.extract[TransactionTagsJSON].tags -// val notFound = theTagsAfterThePost.find(_.value == randomTag.value) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post a tag for one random transaction because the view does not exist", API1_2, PostTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// When("the request is sent") -// val postReply = postTagForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, randomTag, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the tag should not be added") -// val getReply = getTagsForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theTagsAfterThePost = getReply.body.extract[TransactionTagsJSON].tags -// val notFound = theTagsAfterThePost.find(_.value == randomTag.value) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post a tag for one random transaction because the transaction does not exist", API1_2, PostTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// When("the request is sent") -// val postReply = postTagForOneTransaction(bankId, bankAccount.id, view, randomString(5), randomTag, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete a tag for one random transaction"){ -// scenario("we will delete a tag for one random transaction", API1_2, DeleteTag) { -// Given("We will use an access token and will set a tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postedReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user1) -// val postedTag = postedReply.body.extract[TransactionTagJSON] -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedTag.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// } -// -// scenario("we will not delete a tag for one random transaction due to a missing token", API1_2, DeleteTag) { -// Given("We will not use an access token and will set a tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postedReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user1) -// val postedTag = postedReply.body.extract[TransactionTagJSON] -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedTag.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a tag for one random transaction because the user does not have enough privileges", API1_2, DeleteTag) { -// Given("We will use an access token and will set a tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postedReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user1) -// val postedTag = postedReply.body.extract[TransactionTagJSON] -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedTag.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a tag for one random transaction because the user did not post the tag", API1_2, DeleteTag) { -// Given("We will use an access token and will set a tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = "public" -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postedReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user2) -// val postedTag = postedReply.body.extract[TransactionTagJSON] -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedTag.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a tag for one random transaction because the tag does not exist", API1_2, DeleteTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a tag for one random transaction because the transaction does not exist", API1_2, DeleteTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postedReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user1) -// val postedTag = postedReply.body.extract[TransactionTagJSON] -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, view, randomString(5), postedTag.id, user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete a tag for one random transaction because the view does not exist", API1_2, DeleteTag) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomTag = PostTransactionTagJSON(randomString(5)) -// val postedReply = postTagForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomTag, user1) -// val postedTag = postedReply.body.extract[TransactionTagJSON] -// When("the delete request is sent") -// val deleteReply = deleteTagForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, postedTag.id, user1) -// Then("we should get a 404 code") -// deleteReply.code should equal (404) -// } -// } -// -// feature("We get the images of one random transaction"){ -// scenario("we will get the images of one random transaction", API1_2, GetImages) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// reply.body.extract[TransactionImagesJSON] -// } -// -// scenario("we will not get the images of one random transaction due to a missing token", API1_2, GetImages) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the images of one random transaction because the user does not have enough privileges", API1_2, GetImages) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the images of one random transaction because the view does not exist", API1_2, GetImages) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getImagesForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the images of one random transaction because the transaction does not exist", API1_2, GetImages) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getImagesForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post an image for one random transaction"){ -// scenario("we will post an image for one random transaction", API1_2, PostImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[TransactionImageJSON] -// And("the image should be added") -// val getReply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theImagesAfterThePost = getReply.body.extract[TransactionImagesJSON].images -// val theImage = theImagesAfterThePost.find(_.URL == randomImage.URL) -// theImage.nonEmpty should equal (true) -// theImage.get.user should not equal (null) -// } -// -// scenario("we will not post an image for one random transaction due to a missing token", API1_2, PostImage) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com/"+randomString(5)) -// When("the request is sent") -// val postReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image should not be added") -// val getReply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theImagesAfterThePost = getReply.body.extract[TransactionImagesJSON].images -// val notFound = theImagesAfterThePost.find(_.URL == randomImage.URL) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post an image for one random transaction because the user does not have enough privileges", API1_2, PostImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// When("the request is sent") -// val postReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image should not be added") -// val getReply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theImagesAfterThePost = getReply.body.extract[TransactionImagesJSON].images -// val notFound = theImagesAfterThePost.find(_.URL == randomImage.URL) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post an image for one random transaction because the view does not exist", API1_2, PostImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com/"+randomString(5)) -// When("the request is sent") -// val postReply = postImageForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, randomImage, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// And("the image should not be added") -// val getReply = getImagesForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// val theImagesAfterThePost = getReply.body.extract[TransactionImagesJSON].images -// val notFound = theImagesAfterThePost.find(_.URL == randomImage.URL) match { -// case None => true -// case Some(_) => false -// } -// notFound should equal (true) -// } -// -// scenario("we will not post an image for one random transaction because the transaction does not exist", API1_2, PostImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// When("the request is sent") -// val postReply = postImageForOneTransaction(bankId, bankAccount.id, view, randomString(5), randomImage, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete an image for one random transaction"){ -// scenario("we will delete an image for one random transaction", API1_2, DeleteImage) { -// Given("We will use an access token and will set an image first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postedReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// val postedImage = postedReply.body.extract[TransactionImageJSON] -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedImage.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// } -// -// scenario("we will not delete an image for one random transaction due to a missing token", API1_2, DeleteImage) { -// Given("We will not use an access token and will set an image first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postedReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// val postedImage = postedReply.body.extract[TransactionImageJSON] -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedImage.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete an image for one random transaction because the user does not have enough privileges", API1_2, DeleteImage) { -// Given("We will use an access token and will set an image first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postedReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// val postedImage = postedReply.body.extract[TransactionImageJSON] -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedImage.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete an image for one random transaction because the user did not post the image", API1_2, DeleteImage) { -// Given("We will use an access token and will set an image first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = "public" -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postedReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// val postedImage = postedReply.body.extract[TransactionImageJSON] -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, postedImage.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete an image for one random transaction because the image does not exist", API1_2, DeleteImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete an image for one random transaction because the transaction does not exist", API1_2, DeleteImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postedReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// val postedImage = postedReply.body.extract[TransactionImageJSON] -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, view, randomString(5), postedImage.id, user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete an image for one random transaction because the view does not exist", API1_2, DeleteImage) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomImage = PostTransactionImageJSON(randomString(5),"http://www.mysuperimage.com") -// val postedReply = postImageForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomImage, user1) -// val postedImage = postedReply.body.extract[TransactionImageJSON] -// When("the delete request is sent") -// val deleteReply = deleteImageForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, postedImage.id, user1) -// Then("we should get a 404 code") -// deleteReply.code should equal (404) -// } -// } -// -// feature("We get the where of one random transaction"){ -// scenario("we will get the where of one random transaction", API1_2, GetWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the request is sent") -// val reply = getWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// } -// -// scenario("we will not get the where of one random transaction due to a missing token", API1_2, GetWhere) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the request is sent") -// val reply = getWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the where of one random transaction because the user does not have enough privileges", API1_2, GetWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the request is sent") -// val reply = getWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the where of one random transaction because the view does not exist", API1_2, GetWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the request is sent") -// val reply = getWhereForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the where of one random transaction because the transaction does not exist", API1_2, GetWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getWhereForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We post the where for one random transaction"){ -// scenario("we will post the where for one random transaction", API1_2, PostWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// Then("we should get a 201 code") -// postReply.code should equal (201) -// postReply.body.extract[SuccessMessage] -// And("the where should be posted") -// val location = getWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1).body.extract[TransactionWhereJSON] -// randomLoc.latitude should equal (location.where.latitude) -// randomLoc.longitude should equal (location.where.longitude) -// location.where.user should not equal (null) -// } -// -// scenario("we will not post the where for one random transaction because the coordinates don't exist", API1_2, PostWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// var randomLoc = JSONFactory.createLocationPlainJSON(400,200) -// When("the request is sent") -// val postReply = postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the where for a random transaction due to a missing token", API1_2, PostWhere) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, None) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the where for a random transaction because the user does not have enough privileges", API1_2, PostWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user3) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the where for a random transaction because the view does not exist", API1_2, PostWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postWhereForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, randomLoc, user1) -// Then("we should get a 404 code") -// postReply.code should equal (404) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not post the where for a random transaction because the transaction does not exist", API1_2, PostWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the request is sent") -// val postReply = postWhereForOneTransaction(bankId, bankAccount.id, view, randomString(5), randomLoc, user1) -// Then("we should get a 400 code") -// postReply.code should equal (400) -// And("we should get an error message") -// postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We update the where for one random transaction"){ -// scenario("we will update the where for one random transaction", API1_2, PutWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val randomLoc = randomLocation -// val putReply = updateWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// Then("we should get a 200 code") -// putReply.code should equal (200) -// putReply.body.extract[SuccessMessage] -// And("the where should be changed") -// val location = getWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1).body.extract[TransactionWhereJSON] -// randomLoc.latitude should equal (location.where.latitude) -// randomLoc.longitude should equal (location.where.longitude) -// } -// -// scenario("we will not update the where for one random transaction because the coordinates don't exist", API1_2, PutWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// var randomLoc = JSONFactory.createLocationPlainJSON(400,200) -// When("the request is sent") -// val putReply = updateWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the where for a random transaction due to a missing token", API1_2, PutWhere) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// var randomLoc = randomLocation -// When("the request is sent") -// val putReply = updateWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, None) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the where for a random transaction because the user does not have enough privileges", API1_2, PutWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updateWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user3) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not update the where for a random transaction because the transaction does not exist", API1_2, PutWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the request is sent") -// val putReply = updateWhereForOneTransaction(bankId, bankAccount.id, view, randomString(5), randomLoc, user1) -// Then("we should get a 400 code") -// putReply.code should equal (400) -// And("we should get an error message") -// putReply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -// -// feature("We delete the where for one random transaction"){ -// scenario("we will delete the where for one random transaction", API1_2, DeleteWhere) { -// Given("We will use an access token and will set a where tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 204 code") -// deleteReply.code should equal (204) -// And("the where should be null") -// val locationAfterDelete = getWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user1).body.extract[TransactionWhereJSON] -// locationAfterDelete.where should equal (null) -// } -// -// scenario("we will not delete the where for a random transaction due to a missing token", API1_2, DeleteWhere) { -// Given("We will not use an access token and will set a where tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// // And("the where should not be null") -// } -// -// scenario("we will not delete the where for a random transaction because the user does not have enough privileges", API1_2, DeleteWhere) { -// Given("We will use an access token and will set a where tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// // And("the where should not be null") -// } -// -// scenario("we will not delete the where for one random transaction because the user did not post the geo tag", API1_2, DeleteWhere) { -// Given("We will use an access token and will set a where tag first") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = "public" -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// val randomLoc = randomLocation -// postWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, randomLoc, user1) -// When("the delete request is sent") -// val deleteReply = deleteWhereForOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// -// scenario("we will not delete the where for a random transaction because the transaction does not exist", API1_2, DeleteWhere) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val randomLoc = randomLocation -// When("the delete request is sent") -// val deleteReply = deleteWhereForOneTransaction(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// deleteReply.code should equal (400) -// } -// } -// -// feature("We get the other bank account of a transaction "){ -// scenario("we will get the other bank account of a random transaction", API1_2, GetTransactionAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccountOfOneTransaction(bankId, bankAccount.id, view, transaction.id, user1) -// Then("we should get a 200 code") -// reply.code should equal (200) -// val accountJson = reply.body.extract[OtherAccountJSON] -// And("some fields should not be empty") -// accountJson.id.nonEmpty should equal (true) -// } -// -// scenario("we will not get the other bank account of a random transaction due to a missing token", API1_2, GetTransactionAccount) { -// Given("We will not use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccountOfOneTransaction(bankId, bankAccount.id, view, transaction.id, None) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get get the other bank account of a random transaction because the user does not have enough privileges", API1_2, GetTransactionAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccountOfOneTransaction(bankId, bankAccount.id, view, transaction.id, user3) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get the other bank account of a random transaction because the view does not exist", API1_2, GetTransactionAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// val transaction = randomTransaction(bankId, bankAccount.id, view) -// When("the request is sent") -// val reply = getTheOtherBankAccountOfOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, user1) -// Then("we should get a 404 code") -// reply.code should equal (404) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// -// scenario("we will not get get the other bank account of a random transaction because the transaction does not exist", API1_2, GetTransactionAccount) { -// Given("We will use an access token") -// val bankId = randomBank -// val bankAccount : AccountJSON = randomPrivateAccount(bankId) -// val view = randomViewPermalink(bankId, bankAccount) -// When("the request is sent") -// val reply = getTheOtherBankAccount(bankId, bankAccount.id, view, randomString(5), user1) -// Then("we should get a 400 code") -// reply.code should equal (400) -// And("we should get an error message") -// reply.body.extract[ErrorMessage].error.nonEmpty should equal (true) -// } -// } -//} diff --git a/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala b/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala index ebc971366..2b18e387d 100644 --- a/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala +++ b/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala @@ -48,25 +48,65 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat def v1_2_1Request = baseRequest / "obp" / "v1.2.1" val viewFields = List( - "can_see_transaction_this_bank_account","can_see_transaction_other_bank_account", - "can_see_transaction_metadata","can_see_transaction_label","can_see_transaction_amount", - "can_see_transaction_type","can_see_transaction_currency","can_see_transaction_start_date", - "can_see_transaction_finish_date","can_see_transaction_balance","can_see_comments", - "can_see_narrative","can_see_tags","can_see_images","can_see_bank_account_owners", - "can_see_bank_account_type","can_see_bank_account_balance","can_see_bank_account_currency", - "can_see_bank_account_label","can_see_bank_account_national_identifier", - "can_see_bank_account_swift_bic","can_see_bank_account_iban","can_see_bank_account_number", - "can_see_bank_account_bank_name","can_see_other_account_national_identifier", - "can_see_other_account_swift_bic","can_see_other_account_iban", - "can_see_other_account_bank_name","can_see_other_account_number", - "can_see_other_account_metadata","can_see_other_account_kind","can_see_more_info", - "can_see_url","can_see_image_url","can_see_open_corporates_url","can_see_corporate_location", - "can_see_physical_location","can_see_public_alias","can_see_private_alias","can_add_more_info", - "can_add_url","can_add_image_url","can_add_open_corporates_url","can_add_corporate_location", - "can_add_physical_location","can_add_public_alias","can_add_private_alias", - "can_delete_corporate_location","can_delete_physical_location","can_edit_narrative", - "can_add_comment","can_delete_comment","can_add_tag","can_delete_tag","can_add_image", - "can_delete_image","can_add_where_tag","can_see_where_tag","can_delete_where_tag" + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG ) /************************* test tags ************************/ From 103914dceab4437fe86b0e6831b8f844cf4d7687 Mon Sep 17 00:00:00 2001 From: hongwei Date: Fri, 11 Jul 2025 18:45:50 +0200 Subject: [PATCH 16/26] feature/viewPermission store snake case instead of camel case in database - step3 --- .../main/scala/code/api/v1_2_1/APIMethods121.scala | 14 +++++++------- .../main/scala/code/api/v1_4_0/APIMethods140.scala | 2 +- .../main/scala/code/api/v2_0_0/APIMethods200.scala | 4 ++-- .../main/scala/code/api/v2_1_0/APIMethods210.scala | 2 +- .../main/scala/code/api/v2_2_0/APIMethods220.scala | 8 ++++---- .../main/scala/code/api/v3_0_0/APIMethods300.scala | 8 ++++---- .../main/scala/code/api/v3_1_0/APIMethods310.scala | 4 ++-- .../main/scala/code/api/v4_0_0/APIMethods400.scala | 4 ++-- .../main/scala/code/api/v5_0_0/APIMethods500.scala | 2 +- .../main/scala/code/api/v5_1_0/APIMethods510.scala | 12 ++++++------ obp-api/src/main/scala/code/model/View.scala | 10 +++++----- 11 files changed, 35 insertions(+), 35 deletions(-) diff --git a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala index 3eb76d5ea..2dc61c52b 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala @@ -480,7 +480,7 @@ trait APIMethods121 { permission <- NewStyle.function.permission(account.bankId, account.accountId, u, callContext) anyViewContainsCanUpdateBankAccountLabelPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)).find(true == _).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", cc = callContext ) { anyViewContainsCanUpdateBankAccountLabelPermission @@ -543,7 +543,7 @@ trait APIMethods121 { anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToBox( anyViewContainsCanSeeAvailableViewsForBankAccountPermission, - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views" + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views" ) views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId))) } yield { @@ -608,7 +608,7 @@ trait APIMethods121 { .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanCreateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views" ) view <- Views.views.vend.createCustomView(BankIdAccountId(bankId,accountId), createViewJson)?~ CreateCustomViewError } yield { @@ -670,7 +670,7 @@ trait APIMethods121 { .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanUpdateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" ) updatedView <- Views.views.vend.updateCustomView(BankIdAccountId(bankId, accountId),viewId, updateViewJson) ?~ CreateCustomViewError } yield { @@ -715,7 +715,7 @@ trait APIMethods121 { anyViewContainsCanDeleteCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) .map(_.views.map(_.allowed_actions.exists(_ == CAN_DELETE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) { anyViewContainsCanDeleteCustomViewPermission @@ -755,7 +755,7 @@ trait APIMethods121 { .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views" ) permissions = Views.views.vend.permissions(BankIdAccountId(bankId, accountId)) } yield { @@ -800,7 +800,7 @@ trait APIMethods121 { .getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- booleanToBox( anyViewContainsCanSeeViewsWithPermissionsForOneUserPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" ) userFromURL <- UserX.findByProviderId(provider, providerId) ?~! UserNotFoundByProviderAndProvideId permission <- Views.views.vend.permission(BankIdAccountId(bankId, accountId), userFromURL) diff --git a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala index 8fb9e4160..c07d4ebd0 100644 --- a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala +++ b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala @@ -453,7 +453,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{ _ <- NewStyle.function.isValidCurrencyISOCode(fromAccount.currency, failMsg, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUEST_TYPES)}` permission on the View(${viewId.value} )", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUEST_TYPES)}` permission on the View(${viewId.value} )", cc = callContext ) { ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_SEE_TRANSACTION_REQUEST_TYPES) diff --git a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala index 148605b09..c3a1e215d 100644 --- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala +++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala @@ -1052,7 +1052,7 @@ trait APIMethods200 { anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeeViewsWithPermissionsForAllUsersPermission @@ -1097,7 +1097,7 @@ trait APIMethods200 { _ <- booleanToBox( anyViewContainsCanSeePermissionForOneUserPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views" ) userFromURL <- UserX.findByProviderId(provider, providerId) ?~! UserNotFoundByProviderAndProvideId permission <- Views.views.vend.permission(BankIdAccountId(bankId, accountId), userFromURL) diff --git a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala index 88ca6fd5e..5280a9267 100644 --- a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala +++ b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala @@ -744,7 +744,7 @@ trait APIMethods210 { (fromAccount, callContext) <- BankAccountX(bankId, accountId, Some(cc)) ?~! {AccountNotFound} view <- APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) _ <- Helper.booleanToBox(view.allowed_actions.exists(_ == CAN_SEE_TRANSACTION_REQUESTS), - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value} )") + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value} )") (transactionRequests,callContext) <- Connector.connector.vend.getTransactionRequests210(u, fromAccount, callContext) } yield { diff --git a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala index 7820b7891..86bc14586 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala @@ -269,7 +269,7 @@ trait APIMethods220 { _ <- booleanToBox( anyViewContainsCancanUpdateCustomViewPermission, - s"${ErrorMessages.CreateCustomViewError} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" + s"${ErrorMessages.CreateCustomViewError} You need the `${(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views" ) updatedView <- Views.views.vend.updateCustomView(BankIdAccountId(bankId, accountId), viewId, updateViewJson) ?~ CreateCustomViewError } yield { @@ -370,7 +370,7 @@ trait APIMethods220 { (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.NoViewPermission} You need the `${StringHelpers.snakify(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", + s"${ErrorMessages.NoViewPermission} You need the `${(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", cc = callContext ) { ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_GET_COUNTERPARTY) @@ -424,7 +424,7 @@ trait APIMethods220 { view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.NoViewPermission} You need the `${StringHelpers.snakify(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", + s"${ErrorMessages.NoViewPermission} You need the `${(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", cc = callContext ) { ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_GET_COUNTERPARTY) @@ -1202,7 +1202,7 @@ trait APIMethods220 { } view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.NoViewPermission} You need the `${StringHelpers.snakify(CAN_ADD_COUNTERPARTY)}` permission on the View(${viewId.value} )", + s"${ErrorMessages.NoViewPermission} You need the `${(CAN_ADD_COUNTERPARTY)}` permission on the View(${viewId.value} )", cc = callContext ) { ViewPermission.findViewPermissions(view).exists(_.permission.get == CAN_ADD_COUNTERPARTY) diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index 750ef0d8c..869fe6de4 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -142,7 +142,7 @@ trait APIMethods300 { permission <- NewStyle.function.permission(bankId, accountId, u, callContext) anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeeAvailableViewsForBankAccountPermission @@ -213,7 +213,7 @@ trait APIMethods300 { .map(_.views.map(_.allowed_actions.exists(_ == CAN_CREATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) {anyViewContainsCanCreateCustomViewPermission} (view, callContext) <- NewStyle.function.createCustomView(BankIdAccountId(bankId, accountId), createViewJson, callContext) @@ -252,7 +252,7 @@ trait APIMethods300 { anyViewContainsCanSeePermissionForOneUserPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), loggedInUser) .map(_.views.map(_.allowed_actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeePermissionForOneUserPermission @@ -319,7 +319,7 @@ trait APIMethods300 { .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_UPDATE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) { anyViewContainsCancanUpdateCustomViewPermission diff --git a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala index fc3483af0..dd46757b0 100644 --- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala +++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala @@ -653,7 +653,7 @@ trait APIMethods310 { (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) - _ <- Helper.booleanToFuture(failMsg = s"$ViewDoesNotPermitAccess + You need the `${StringHelpers.snakify(CAN_QUERY_AVAILABLE_FUNDS)}` permission on any your views", cc=callContext) { + _ <- Helper.booleanToFuture(failMsg = s"$ViewDoesNotPermitAccess + You need the `${(CAN_QUERY_AVAILABLE_FUNDS)}` permission on any your views", cc=callContext) { view.allowed_actions.exists(_ ==CAN_QUERY_AVAILABLE_FUNDS) } httpParams: List[HTTPParam] <- NewStyle.function.extractHttpParamsFromUrl(cc.url) @@ -1124,7 +1124,7 @@ trait APIMethods310 { (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc=callContext){ view.allowed_actions.exists(_ ==CAN_SEE_TRANSACTION_REQUESTS) } diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index 3b646d308..3c6090467 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -2307,7 +2307,7 @@ trait APIMethods400 extends MdcLoggable { anyViewContainsCanUpdateBankAccountLabelPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) .map(_.views.map(_.allowed_actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL))).getOrElse(Nil).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_UPDATE_BANK_ACCOUNT_LABEL)}` permission on any your views", cc = callContext ) { anyViewContainsCanUpdateBankAccountLabelPermission @@ -4723,7 +4723,7 @@ trait APIMethods400 extends MdcLoggable { _ <- NewStyle.function.isEnabledTransactionRequests(callContext) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc = callContext) { view.allowed_actions.exists(_ ==CAN_SEE_TRANSACTION_REQUESTS) } diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 35e2bc52e..528d4ee34 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -1887,7 +1887,7 @@ trait APIMethods500 { permission <- NewStyle.function.permission(bankId, accountId, u, callContext) anyViewContainsCanSeeAvailableViewsForBankAccountPermission = permission.views.map(_.allowed_actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)).find(_.==(true)).getOrElse(false) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)}` permission on any your views", cc = callContext ) { anyViewContainsCanSeeAvailableViewsForBankAccountPermission diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index b9196a235..135c7624f 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -3745,7 +3745,7 @@ trait APIMethods510 { (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( - s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", + s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc=callContext){ view.allowed_actions.exists(_ ==CAN_SEE_TRANSACTION_REQUESTS) } @@ -3934,7 +3934,7 @@ trait APIMethods510 { bankIdAccountId = BankIdAccountId(bankId, accountId) view <- NewStyle.function.checkViewAccessAndReturnView(viewId, bankIdAccountId, Full(u), callContext) // Note we do one explicit check here rather than use moderated account because this provides an explicit message - failMsg = ViewDoesNotPermitAccess + s" You need the `${StringHelpers.snakify(CAN_SEE_BANK_ACCOUNT_BALANCE)}` permission on VIEW_ID(${viewId.value})" + failMsg = ViewDoesNotPermitAccess + s" You need the `${(CAN_SEE_BANK_ACCOUNT_BALANCE)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failMsg, 403, cc = callContext) { view.allowed_actions.exists(_ ==CAN_SEE_BANK_ACCOUNT_BALANCE) } @@ -4433,7 +4433,7 @@ trait APIMethods510 { permissionsFromTarget.toSet.subsetOf(permissionsFromSource) } - failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_CREATE_CUSTOM_VIEW)}` permission on VIEW_ID(${viewId.value})" + failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_CREATE_CUSTOM_VIEW)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failMsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW) @@ -4490,7 +4490,7 @@ trait APIMethods510 { permissionsFromTarget.toSet.subsetOf(permissionsFromSource) } - failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_UPDATE_CUSTOM_VIEW)}` permission on VIEW_ID(${viewId.value})" + failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_UPDATE_CUSTOM_VIEW)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failmsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW) @@ -4556,7 +4556,7 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg = InvalidCustomViewFormat + s"Current TARGET_VIEW_ID (${targetViewId.value})", cc = callContext) { isValidCustomViewId(targetViewId.value) } - failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_GET_CUSTOM_VIEW)}`permission on any your views. Current VIEW_ID (${viewId.value})" + failmsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_GET_CUSTOM_VIEW)}`permission on any your views. Current VIEW_ID (${viewId.value})" _ <- Helper.booleanToFuture(failmsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_GET_CUSTOM_VIEW) } @@ -4598,7 +4598,7 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg = InvalidCustomViewFormat + s"Current TARGET_VIEW_ID (${targetViewId.value})", cc = callContext) { isValidCustomViewId(targetViewId.value) } - failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views.Current VIEW_ID (${viewId.value})" + failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_DELETE_CUSTOM_VIEW)}` permission on any your views.Current VIEW_ID (${viewId.value})" _ <- Helper.booleanToFuture(failMsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_DELETE_CUSTOM_VIEW) } diff --git a/obp-api/src/main/scala/code/model/View.scala b/obp-api/src/main/scala/code/model/View.scala index ddd4de222..e8c2364f2 100644 --- a/obp-api/src/main/scala/code/model/View.scala +++ b/obp-api/src/main/scala/code/model/View.scala @@ -372,7 +372,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } @@ -424,7 +424,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } def moderateAccountCore(bankAccount: BankAccount) : Box[ModeratedBankAccountCore] = { @@ -459,7 +459,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } // Moderate the Counterparty side of the Transaction (i.e. the Other Account involved in the transaction) @@ -584,7 +584,7 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } def moderateCore(counterpartyCore : CounterpartyCore) : Box[ModeratedOtherBankAccountCore] = { @@ -635,6 +635,6 @@ case class ViewExtended(val view: View) { ) } else - Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${StringHelpers.snakify(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") + Failure(s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)}` permission on the view(${view.viewId.value})") } } From 177f6f3e2ac4bfed080942f749a829021b1aa3e9 Mon Sep 17 00:00:00 2001 From: hongwei Date: Fri, 11 Jul 2025 19:12:54 +0200 Subject: [PATCH 17/26] feature/viewPermission store snake case instead of camel case in database - step4 --- .../main/scala/code/api/util/newstyle/BalanceNewStyle.scala | 2 ++ .../code/bankconnectors/LocalMappedConnectorInternal.scala | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala b/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala index 7619a03b6..21b29039c 100644 --- a/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala +++ b/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala @@ -37,6 +37,8 @@ object BalanceNewStyle { Future { val (views, accountAccesses) = Views.views.vend.privateViewsUserCanAccessAtBank(user, bankId) // Filter views which can read the balance +// println("xxxxxxx") + println(views.map(_.allowed_actions)) val canSeeBankAccountBalanceViews = views.filter(_.allowed_actions.exists( _ == CAN_SEE_BANK_ACCOUNT_BALANCE)) // Filter accounts the user has permission to see balances and remove duplicates val allowedAccounts = APIUtil.intersectAccountAccessAndView(accountAccesses, canSeeBankAccountBalanceViews) diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala index 45c002922..51db97dbd 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala @@ -71,6 +71,10 @@ object LocalMappedConnectorInternal extends MdcLoggable { fromBankIdAccountId = BankIdAccountId(fromAccount.bankId, fromAccount.accountId) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, fromBankIdAccountId, Full(user), callContext) _ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest, cc = callContext) { +// println("xxxxxxxxx") +// println(view.allowed_actions) +// println(CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) +// println(view.allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) view.allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) } From f0bb8caca2bea289d6a1b6f851a69cb556ef06e9 Mon Sep 17 00:00:00 2001 From: hongwei Date: Fri, 11 Jul 2025 19:25:31 +0200 Subject: [PATCH 18/26] feature/viewPermission store snake case instead of camel case in database - step5 --- .../api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala | 1 + .../scala/code/api/util/newstyle/BalanceNewStyle.scala | 9 +++++---- .../bankconnectors/LocalMappedConnectorInternal.scala | 7 ++----- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala index c7f117117..943b7d8c0 100644 --- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala +++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala @@ -136,6 +136,7 @@ object SwaggerDefinitionsJSON { which_alias_to_use = "family", hide_metadata_if_alias_used = false, allowed_actions = List( + CAN_EDIT_OWNER_COMMENT, CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, CAN_SEE_TRANSACTION_METADATA, diff --git a/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala b/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala index 21b29039c..ecee3e4c3 100644 --- a/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala +++ b/obp-api/src/main/scala/code/api/util/newstyle/BalanceNewStyle.scala @@ -37,10 +37,11 @@ object BalanceNewStyle { Future { val (views, accountAccesses) = Views.views.vend.privateViewsUserCanAccessAtBank(user, bankId) // Filter views which can read the balance -// println("xxxxxxx") - println(views.map(_.allowed_actions)) - val canSeeBankAccountBalanceViews = views.filter(_.allowed_actions.exists( _ == CAN_SEE_BANK_ACCOUNT_BALANCE)) - // Filter accounts the user has permission to see balances and remove duplicates + + val viewsWithActions = views.map(view => (view, view.allowed_actions)) + val canSeeBankAccountBalanceViews = viewsWithActions.filter { + case (_, actions) => actions.contains(CAN_SEE_BANK_ACCOUNT_BALANCE) + }.map(_._1) val allowedAccounts = APIUtil.intersectAccountAccessAndView(accountAccesses, canSeeBankAccountBalanceViews) allowedAccounts } map { diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala index 51db97dbd..6fefe90b9 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala @@ -71,11 +71,8 @@ object LocalMappedConnectorInternal extends MdcLoggable { fromBankIdAccountId = BankIdAccountId(fromAccount.bankId, fromAccount.accountId) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, fromBankIdAccountId, Full(user), callContext) _ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest, cc = callContext) { -// println("xxxxxxxxx") -// println(view.allowed_actions) -// println(CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) -// println(view.allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) - view.allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) + val allowed_actions = view.allowed_actions + allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) } (paymentLimit, callContext) <- Connector.connector.vend.getPaymentLimit( From cd56a316f19e0201d23a906ff5ce0e8918b748c3 Mon Sep 17 00:00:00 2001 From: hongwei Date: Sat, 12 Jul 2025 15:43:30 +0200 Subject: [PATCH 19/26] feature/viewPermission remove the permissions in view --- .../scala/code/api/constant/constant.scala | 185 ++++++ .../code/api/util/migration/Migration.scala | 26 +- .../MigrationOfViewPermissions.scala | 76 +-- .../main/scala/code/views/MapperViews.scala | 392 ++---------- .../code/views/system/ViewDefinition.scala | 571 +----------------- .../code/views/system/ViewPermission.scala | 68 +++ ...onnectorSetupWithStandardPermissions.scala | 156 ++--- .../commons/model/ViewModel.scala | 285 +-------- 8 files changed, 475 insertions(+), 1284 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index c47493fbe..744bed921 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -222,6 +222,191 @@ object Constant extends MdcLoggable { final val CAN_GRANT_ACCESS_TO_VIEWS = "can_grant_access_to_views" final val CAN_REVOKE_ACCESS_TO_VIEWS = "can_revoke_access_to_views" + final val SYSTEM_OWNER_VIEW_PERMISSION_ADMIN = List( + CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_REQUESTS, + CAN_SEE_TRANSACTION_REQUEST_TYPES, + CAN_UPDATE_BANK_ACCOUNT_LABEL, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY, + CAN_GRANT_ACCESS_TO_VIEWS, + CAN_REVOKE_ACCESS_TO_VIEWS + ) + + final val SYSTEM_MANAGER_VIEW_PERMISSION = List( + CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS, + CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS, + CAN_CREATE_CUSTOM_VIEW, + CAN_DELETE_CUSTOM_VIEW, + CAN_UPDATE_CUSTOM_VIEW, + CAN_GET_CUSTOM_VIEW + ) + + final val SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION = List( + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY + ) + + final val SYSTEM_PUBLIC_VIEW_PERMISSION = List( + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_ADD_COUNTERPARTY, + CAN_GET_COUNTERPARTY, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_ADD_TAG, + CAN_ADD_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_TRANSACTION_STATUS + ) + + final val SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION = List( + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_CURRENCY + ) + + final val SYSTEM_VIEW_PERMISSION_COMMON = List( + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_ADD_COUNTERPARTY, + CAN_GET_COUNTERPARTY, + CAN_DELETE_COUNTERPARTY, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_TRANSACTION_STATUS, + CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT + ) + final val VIEW_PERMISSION_NAMES = List( CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, CAN_SEE_TRANSACTION_METADATA, diff --git a/obp-api/src/main/scala/code/api/util/migration/Migration.scala b/obp-api/src/main/scala/code/api/util/migration/Migration.scala index ddc8966c4..3cb356cbb 100644 --- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala +++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala @@ -99,7 +99,7 @@ object Migration extends MdcLoggable { // populateViewDefinitionCanAddTransactionRequestToBeneficiary() // populateViewDefinitionCanSeeTransactionStatus() alterCounterpartyLimitFieldType() - populateMigrationOfViewPermissions(startedBeforeSchemifier) +// populateMigrationOfViewPermissions(startedBeforeSchemifier) } private def dummyScript(): Boolean = { @@ -141,18 +141,18 @@ object Migration extends MdcLoggable { // } // } // } - - private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { - if (startedBeforeSchemifier == true) { - logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") - true - } else { - val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) - runOnce(name) { - MigrationOfViewPermissions.populate(name) - } - } - } +// +// private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { +// if (startedBeforeSchemifier == true) { +// logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") +// true +// } else { +// val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) +// runOnce(name) { +// MigrationOfViewPermissions.populate(name) +// } +// } +// } private def generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier: Boolean): Boolean = { if(startedBeforeSchemifier == true) { diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala index fdb872f0c..e3cbd23f4 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala @@ -1,38 +1,38 @@ -package code.api.util.migration - -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.views.MapperViews -import code.views.system.{ViewDefinition, ViewPermission} - -object MigrationOfViewPermissions { - def populate(name: String): Boolean = { - DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - - val allViewDefinitions = ViewDefinition.findAll() - val viewPermissionRowNumberBefore = ViewPermission.count - allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) - val viewPermissionRowNumberAfter = ViewPermission.count - - val isSuccessful = true - val endDate = System.currentTimeMillis() - - val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""ViewDefinition or ViewPermission does not exist!""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} +//package code.api.util.migration +// +//import code.api.util.APIUtil +//import code.api.util.migration.Migration.{DbFunction, saveLog} +//import code.views.MapperViews +//import code.views.system.{ViewDefinition, ViewPermission} +// +//object MigrationOfViewPermissions { +// def populate(name: String): Boolean = { +// DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { +// case true => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// +// val allViewDefinitions = ViewDefinition.findAll() +// val viewPermissionRowNumberBefore = ViewPermission.count +// allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) +// val viewPermissionRowNumberAfter = ViewPermission.count +// +// val isSuccessful = true +// val endDate = System.currentTimeMillis() +// +// val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// +// case false => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// val isSuccessful = false +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""ViewDefinition or ViewPermission does not exist!""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// } +// } +//} diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 6f01d4edd..489a2ebbd 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -392,12 +392,10 @@ object MapperViews extends Views with MdcLoggable { Failure(s"$SystemViewAlreadyExistsError Current VIEW_ID($viewId)") case false => val createdView = ViewDefinition.create.name_(view.name).view_id(viewId) - createdView.setFromViewData(view) + createdView.createViewAndPermissions(view) createdView.isSystem_(true) createdView.isPublic_(false) - val viewSaved = Full(createdView.saveMe) - viewSaved.map(v => MapperViews.migrateViewPermissions(v)) - viewSaved + Full(createdView.saveMe) } } } @@ -436,28 +434,20 @@ object MapperViews extends Views with MdcLoggable { bank_id(bankAccountId.bankId.value). account_id(bankAccountId.accountId.value) - createdView.setFromViewData(view) - - val viewSaved = Full(createdView.saveMe) - - viewSaved.map(v => MapperViews.migrateViewPermissions(v)) - - viewSaved + createdView.createViewAndPermissions(view) + Full(createdView.saveMe) } } /* Update the specification of the view (what data/actions are allowed) */ def updateCustomView(bankAccountId : BankIdAccountId, viewId: ViewId, viewUpdateJson : UpdateViewJSON) : Box[View] = { - for { view <- ViewDefinition.findCustomView(bankAccountId.bankId.value, bankAccountId.accountId.value, viewId.value) } yield { - view.setFromViewData(viewUpdateJson) + view.createViewAndPermissions(viewUpdateJson) view.saveMe - MapperViews.migrateViewPermissions(view) - view } } /* Update the specification of the system view (what data/actions are allowed) */ @@ -465,10 +455,8 @@ object MapperViews extends Views with MdcLoggable { for { view <- ViewDefinition.findSystemView(viewId.value) } yield { - view.setFromViewData(viewUpdateJson) + view.createViewAndPermissions(viewUpdateJson) view.saveMe - MapperViews.migrateViewPermissions(view) - view } } @@ -632,96 +620,11 @@ object MapperViews extends Views with MdcLoggable { theView } - /** - * This migrates the current View permissions to the new ViewPermission model. - * this will not add any new permission, it will only migrate the existing permissions. - * @param viewDefinition - */ - def migrateViewPermissions(viewDefinition: View): Unit = { - - //first, we list all the current view permissions. - val permissionNames: List[String] = code.api.Constant.VIEW_PERMISSION_NAMES - - permissionNames.foreach { permissionName => - // CAN_REVOKE_ACCESS_TO_VIEWS and CAN_GRANT_ACCESS_TO_VIEWS are special cases, they have a list of view ids as metadata. - // For the rest of the permissions, they are just boolean values. - if (permissionName == CAN_REVOKE_ACCESS_TO_VIEWS || permissionName == CAN_GRANT_ACCESS_TO_VIEWS) { - - val permissionValueFromViewDefinition = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Option[List[String]]] - - ViewPermission.findViewPermission(viewDefinition, permissionName) match { - // If the permission already exists in ViewPermission, but permissionValueFromViewDefinition is empty, we delete it. - case Full(permission) if permissionValueFromViewDefinition.isEmpty => - permission.delete_! - // If the permission already exists and permissionValueFromViewDefinition is defined, we update the metadata. - case Full(permission) if permissionValueFromViewDefinition.isDefined => - permission.extraData(permissionValueFromViewDefinition.get.mkString(",")).save - //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView - case Empty if (viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(permissionValueFromViewDefinition.get.mkString(",")) - .save - //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView - case Empty if (!viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(permissionValueFromViewDefinition.get.mkString(",")) - .save - case _ => - // This case should not happen, but if it does, we add an error log - logger.error(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") - } - } else { - // For the rest of the permissions, they are just boolean values. - val permissionValue = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Boolean] - - ViewPermission.findViewPermission(viewDefinition, permissionName) match { - // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is false, we delete it. - case Full(permission) if !permissionValue => - permission.delete_! - // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we udpate it. - case Full(permission) if permissionValue => - permission.permission(permissionName).save - //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --systemView - case _ if (viewDefinition.isSystem && permissionValue) => - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .save - //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --customerView - case _ if (!viewDefinition.isSystem && permissionValue) => - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .save - case _ => - // This case should not happen, but if it does, we do nothing - logger.warn(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") - } - } - } - } - def getOrCreateSystemView(viewId: String) : Box[View] = { getExistingSystemView(viewId) match { case Empty => - val view = createDefaultSystemView(viewId) - view.map(v => migrateViewPermissions(v)) - view - case Full(v) => - migrateViewPermissions(v) - Full(v) + createDefaultSystemView(viewId) + case Full(v) => Full(v) case Failure(msg, t, c) => Failure(msg, t, c) case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q) } @@ -742,11 +645,8 @@ object MapperViews extends Views with MdcLoggable { def getOrCreateCustomPublicView(bankId: BankId, accountId: AccountId, description: String = "Public View") : Box[View] = { getExistingCustomView(bankId, accountId, CUSTOM_PUBLIC_VIEW_ID) match { case Empty=> - val view = createDefaultCustomPublicView(bankId, accountId, description) - view.map(v => migrateViewPermissions(v)) - view + createDefaultCustomPublicView(bankId, accountId, description) case Full(v)=> - migrateViewPermissions(v) Full(v) case Failure(msg, t, c) => Failure(msg, t, c) case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q) @@ -793,6 +693,7 @@ object MapperViews extends Views with MdcLoggable { def bulkDeleteAllPermissionsAndViews() : Boolean = { ViewDefinition.bulkDelete_!!() AccountAccess.bulkDelete_!!() + ViewPermission.bulkDelete_!!() true } @@ -809,156 +710,51 @@ object MapperViews extends Views with MdcLoggable { .usePrivateAliasIfOneExists_(false) //(default is false anyways) .usePublicAliasIfOneExists_(false) //(default is false anyways) .hideOtherAccountMetadataIfAlias_(false) //(default is false anyways) - .canSeeTransactionThisBankAccount_(true) - .canSeeTransactionOtherBankAccount_(true) - .canSeeTransactionMetadata_(true) - .canSeeTransactionDescription_(true) - .canSeeTransactionAmount_(true) - .canSeeTransactionType_(true) - .canSeeTransactionCurrency_(true) - .canSeeTransactionStartDate_(true) - .canSeeTransactionFinishDate_(true) - .canSeeTransactionBalance_(true) - .canSeeComments_(true) - .canSeeOwnerComment_(true) - .canSeeTags_(true) - .canSeeImages_(true) - .canSeeBankAccountOwners_(true) - .canSeeBankAccountType_(true) - .canSeeBankAccountBalance_(true) - .canSeeBankAccountCurrency_(true) - .canSeeBankAccountLabel_(true) - .canSeeBankAccountNationalIdentifier_(true) - .canSeeBankAccountSwift_bic_(true) - .canSeeBankAccountIban_(true) - .canSeeBankAccountNumber_(true) - .canSeeBankAccountBankName_(true) - .canSeeBankAccountBankPermalink_(true) - .canSeeOtherAccountNationalIdentifier_(true) - .canSeeOtherAccountSWIFT_BIC_(true) - .canSeeOtherAccountIBAN_(true) - .canSeeOtherAccountBankName_(true) - .canSeeOtherAccountNumber_(true) - .canSeeOtherAccountMetadata_(true) - .canSeeOtherAccountKind_(true) - .canSeeMoreInfo_(true) - .canSeeUrl_(true) - .canSeeImageUrl_(true) - .canSeeOpenCorporatesUrl_(true) - .canSeeCorporateLocation_(true) - .canSeePhysicalLocation_(true) - .canSeePublicAlias_(true) - .canSeePrivateAlias_(true) - .canAddMoreInfo_(true) - .canAddURL_(true) - .canAddImageURL_(true) - .canAddOpenCorporatesUrl_(true) - .canAddCorporateLocation_(true) - .canAddPhysicalLocation_(true) - .canAddPublicAlias_(true) - .canAddPrivateAlias_(true) - .canAddCounterparty_(true) - .canGetCounterparty_(true) - .canDeleteCounterparty_(true) - .canDeleteCorporateLocation_(true) - .canDeletePhysicalLocation_(true) - .canEditOwnerComment_(true) - .canAddComment_(true) - .canDeleteComment_(true) - .canAddTag_(true) - .canDeleteTag_(true) - .canAddImage_(true) - .canDeleteImage_(true) - .canAddWhereTag_(true) - .canSeeWhereTag_(true) - .canDeleteWhereTag_(true) - .canSeeBankRoutingScheme_(true) //added following in V300 - .canSeeBankRoutingAddress_(true) - .canSeeBankAccountRoutingScheme_(true) - .canSeeBankAccountRoutingAddress_(true) - .canSeeOtherBankRoutingScheme_(true) - .canSeeOtherBankRoutingAddress_(true) - .canSeeOtherAccountRoutingScheme_(true) - .canSeeOtherAccountRoutingAddress_(true) - .canSeeTransactionStatus_(true) - - // TODO Allow use only for certain cases - .canAddTransactionRequestToOwnAccount_(true) //added following two for payments - .canAddTransactionRequestToAnyAccount_(true) - .canAddTransactionRequestToBeneficiary_(true) - - .canSeeAvailableViewsForBankAccount_(false) - .canSeeTransactionRequests_(false) - .canSeeTransactionRequestTypes_(false) - .canUpdateBankAccountLabel_(false) - .canSeeViewsWithPermissionsForOneUser_(false) - .canSeeViewsWithPermissionsForAllUsers_(false) - .canRevokeAccessToCustomViews_(false) - .canGrantAccessToCustomViews_(false) - .canCreateCustomView_(false) - .canDeleteCustomView_(false) - .canUpdateCustomView_(false) - .canGetCustomView_(false) - + viewId match { - case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID => - entity // Make additional setup to the existing view - .canSeeAvailableViewsForBankAccount_(true) - .canSeeTransactionRequests_(true) - .canSeeTransactionRequestTypes_(true) - .canUpdateBankAccountLabel_(true) - .canSeeViewsWithPermissionsForOneUser_(true) - .canSeeViewsWithPermissionsForAllUsers_(true) - .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - case SYSTEM_STAGE_ONE_VIEW_ID => - entity // Make additional setup to the existing view - .canSeeTransactionDescription_(false) - .canAddTransactionRequestToAnyAccount_(false) - .canAddTransactionRequestToBeneficiary_(false) - case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID => - entity // Make additional setup to the existing view - .canRevokeAccessToCustomViews_(true) - .canGrantAccessToCustomViews_(true) - .canCreateCustomView_(true) - .canDeleteCustomView_(true) - .canUpdateCustomView_(true) - .canGetCustomView_(true) - case SYSTEM_FIREHOSE_VIEW_ID => + case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_OWNER_VIEW_PERMISSION_ADMIN, + DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, + DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS + ) + ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) + entity + } + case SYSTEM_STAGE_ONE_VIEW_ID =>{ + ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON) + entity + } + case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_MANAGER_VIEW_PERMISSION + ) + entity + } + case SYSTEM_FIREHOSE_VIEW_ID =>{ + ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) entity // Make additional setup to the existing view .isFirehose_(true) + } case SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID | SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID => - create // A new one - .isSystem_(true) - .isFirehose_(false) - .name_(StringHelpers.capify(viewId)) - .view_id(viewId) - .description_(viewId) - case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID => - create // A new one - .isSystem_(true) - .isFirehose_(false) - .name_(StringHelpers.capify(viewId)) - .view_id(viewId) - .description_(viewId) - .canSeeTransactionThisBankAccount_(true) - .canSeeTransactionOtherBankAccount_(true) - .canSeeTransactionAmount_(true) - .canSeeTransactionCurrency_(true) - .canSeeTransactionBalance_(true) - .canSeeTransactionStartDate_(true) - .canSeeTransactionFinishDate_(true) - .canSeeTransactionDescription_(true) - case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID => - create // A new one - .isSystem_(true) - .isFirehose_(false) - .name_(StringHelpers.capify(viewId)) - .view_id(viewId) - .description_(viewId) - .canAddTransactionRequestToAnyAccount_(true) - .canAddTransactionRequestToBeneficiary_(true) + entity + case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION + ) + entity + } + case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION + ) + entity + } case _ => entity } @@ -983,87 +779,13 @@ object MapperViews extends Views with MdcLoggable { account_id(accountId.value). usePrivateAliasIfOneExists_(false). usePublicAliasIfOneExists_(true). - hideOtherAccountMetadataIfAlias_(true). - canSeeTransactionThisBankAccount_(true). - canSeeTransactionOtherBankAccount_(true). - canSeeTransactionMetadata_(true). - canSeeTransactionDescription_(false). - canSeeTransactionAmount_(true). - canSeeTransactionType_(true). - canSeeTransactionCurrency_(true). - canSeeTransactionStartDate_(true). - canSeeTransactionFinishDate_(true). - canSeeTransactionBalance_(true). - canSeeComments_(true). - canSeeOwnerComment_(true). - canSeeTags_(true). - canSeeImages_(true). - canSeeBankAccountOwners_(true). - canSeeBankAccountType_(true). - canSeeBankAccountBalance_(true). - canSeeBankAccountCurrency_(true). - canSeeBankAccountLabel_(true). - canSeeBankAccountNationalIdentifier_(true). - canSeeBankAccountIban_(true). - canSeeBankAccountNumber_(true). - canSeeBankAccountBankName_(true). - canSeeBankAccountBankPermalink_(true). - canSeeOtherAccountNationalIdentifier_(true). - canSeeOtherAccountIBAN_(true). - canSeeOtherAccountBankName_(true). - canSeeOtherAccountNumber_(true). - canSeeOtherAccountMetadata_(true). - canSeeOtherAccountKind_(true) - entity. - canSeeMoreInfo_(true). - canSeeUrl_(true). - canSeeImageUrl_(true). - canSeeOpenCorporatesUrl_(true). - canSeeCorporateLocation_(true). - canSeePhysicalLocation_(true). - canSeePublicAlias_(true). - canSeePrivateAlias_(true). - canAddMoreInfo_(true). - canAddURL_(true). - canAddImageURL_(true). - canAddOpenCorporatesUrl_(true). - canAddCorporateLocation_(true). - canAddPhysicalLocation_(true). - canAddPublicAlias_(true). - canAddPrivateAlias_(true). - canAddCounterparty_(true). - canGetCounterparty_(true). - canDeleteCounterparty_(false). - canDeleteCorporateLocation_(false). - canDeletePhysicalLocation_(false). - canEditOwnerComment_(true). - canAddComment_(true). - canDeleteComment_(false). - canAddTag_(true). - canDeleteTag_(false). - canAddImage_(true). - canDeleteImage_(false). - canAddWhereTag_(true). - canSeeWhereTag_(true). - canSeeBankRoutingScheme_(true). //added following in V300 - canSeeBankRoutingAddress_(true). - canSeeBankAccountRoutingScheme_(true). - canSeeBankAccountRoutingAddress_(true). - canSeeOtherBankRoutingScheme_(true). - canSeeOtherBankRoutingAddress_(true). - canSeeOtherAccountRoutingScheme_(true). - canSeeOtherAccountRoutingAddress_(true). - canAddTransactionRequestToOwnAccount_(false). //added following two for payments - canAddTransactionRequestToAnyAccount_(false). - canAddTransactionRequestToBeneficiary_(false). - canSeeTransactionRequests_(false). - canSeeTransactionRequestTypes_(false). - canUpdateBankAccountLabel_(false). - canCreateCustomView_(false). - canDeleteCustomView_(false). - canUpdateCustomView_(false). - canGetCustomView_(false). - canSeeTransactionStatus_(true) + hideOtherAccountMetadataIfAlias_(true) + + ViewPermission.createViewPermissions( + entity, + SYSTEM_PUBLIC_VIEW_PERMISSION + ) + entity } def createAndSaveDefaultPublicCustomView(bankId : BankId, accountId: AccountId, description: String) : Box[View] = { diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index 43c0c627a..fed312280 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -5,10 +5,10 @@ import code.api.util.APIUtil.{isValidCustomViewId, isValidSystemViewId} import code.api.util.ErrorMessages.{CreateSystemViewError, InvalidCustomViewFormat, InvalidSystemViewFormat} import code.util.{AccountIdString, UUIDString} import com.openbankproject.commons.model._ -import net.liftweb.common.Box +import net.liftweb.common.{Box, Full} import net.liftweb.common.Box.tryo import net.liftweb.mapper._ - +import code.api.Constant._ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with ManyToMany with CreatedUpdated{ def getSingleton = ViewDefinition @@ -50,305 +50,12 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many object hideOtherAccountMetadataIfAlias_ extends MappedBoolean(this){ override def defaultValue = false } - - //This is the system views list, custom views please check `canGrantAccessToCustomViews_` field - object canGrantAccessToViews_ extends MappedText(this){ - override def defaultValue = "" - } - //This is the system views list.custom views please check `canRevokeAccessToCustomViews_` field - object canRevokeAccessToViews_ extends MappedText(this){ - override def defaultValue = "" - } - - object canRevokeAccessToCustomViews_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGrantAccessToCustomViews_ extends MappedBoolean(this) { - override def defaultValue = false - } - object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionRequests_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionRequestTypes_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionMetadata_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionDescription_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionAmount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionType_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionCurrency_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionStartDate_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionFinishDate_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionBalance_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeComments_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOwnerComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTags_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeImages_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountOwners_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){ - override def defaultValue = true - } - object canSeeBankAccountType_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBalance_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canQueryAvailableFunds_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountCurrency_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountLabel_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canUpdateBankAccountLabel_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountSwift_bic_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountIban_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountNumber_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBankName_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBankPermalink_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountNationalIdentifier_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountSWIFT_BIC_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountIBAN_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountBankName_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountNumber_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountMetadata_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountKind_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherBankRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherBankRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeMoreInfo_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeImageUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOpenCorporatesUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePublicAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePrivateAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddMoreInfo_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddURL_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddImageURL_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddOpenCorporatesUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPublicAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPrivateAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGetCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeletePhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canEditOwnerComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddImage_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteImage_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - - //internal transfer between my own accounts - - @deprecated("we added new field `canAddTransactionRequestToBeneficiary_`","25-07-2024") - object canAddTransactionRequestToOwnAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canAddTransactionRequestToBeneficiary_ extends MappedBoolean(this){ - override def defaultValue = false - } - - // transfer to any account - object canAddTransactionRequestToAnyAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountCreditLimit_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canCreateDirectDebit_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canCreateStandingOrder_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canCreateCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canUpdateCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGetCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeViewsWithPermissionsForAllUsers_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeViewsWithPermissionsForOneUser_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionStatus_ extends MappedBoolean(this){ - override def defaultValue = false - } - - //Important! If you add a field, be sure to handle it here in this function - def setFromViewData(viewData : ViewSpecification) = { - if(viewData.which_alias_to_use == "public"){ + def createViewAndPermissions(viewSpecification : ViewSpecification) = { + if(viewSpecification.which_alias_to_use == "public"){ usePublicAliasIfOneExists_(true) usePrivateAliasIfOneExists_(false) - } else if(viewData.which_alias_to_use == "private"){ + } else if(viewSpecification.which_alias_to_use == "private"){ usePublicAliasIfOneExists_(false) usePrivateAliasIfOneExists_(true) } else { @@ -356,108 +63,19 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many usePrivateAliasIfOneExists_(false) } - hideOtherAccountMetadataIfAlias_(viewData.hide_metadata_if_alias_used) - description_(viewData.description) - isPublic_(viewData.is_public) - isFirehose_(viewData.is_firehose.getOrElse(false)) - metadataView_(viewData.metadata_view) + hideOtherAccountMetadataIfAlias_(viewSpecification.hide_metadata_if_alias_used) + description_(viewSpecification.description) + isPublic_(viewSpecification.is_public) + isFirehose_(viewSpecification.is_firehose.getOrElse(false)) + metadataView_(viewSpecification.metadata_view) + + ViewPermission.createViewPermissions( + this, + viewSpecification.allowed_actions, + viewSpecification.can_grant_access_to_views.getOrElse(Nil), + viewSpecification.can_revoke_access_to_views.getOrElse(Nil) + ) - val actions = viewData.allowed_actions - - if (isSystem) { //The following are admin permissions, only system views are allowed to use them. - canGrantAccessToCustomViews_(actions.exists(_ == CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS)) - canRevokeAccessToCustomViews_(actions.exists(_ == CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS)) - canGrantAccessToViews_(viewData.can_grant_access_to_views.getOrElse(Nil).mkString(",")) - canRevokeAccessToViews_(viewData.can_revoke_access_to_views.getOrElse(Nil).mkString(",")) - canCreateCustomView_(actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)) - canDeleteCustomView_(actions.exists(_ == CAN_DELETE_CUSTOM_VIEW)) - canUpdateCustomView_(actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)) - } - - canSeeTransactionThisBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)) - canSeeTransactionOtherBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)) - canSeeTransactionMetadata_(actions.exists(_ == CAN_SEE_TRANSACTION_METADATA)) - canSeeTransactionDescription_(actions.exists(_ ==CAN_SEE_TRANSACTION_DESCRIPTION)) - canSeeTransactionAmount_(actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT)) - canSeeTransactionType_(actions.exists(_ == CAN_SEE_TRANSACTION_TYPE)) - canSeeTransactionCurrency_(actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY)) - canSeeTransactionStartDate_(actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE)) - canSeeTransactionFinishDate_(actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE)) - canSeeTransactionBalance_(actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE)) - canSeeComments_(actions.exists(_ == CAN_SEE_COMMENTS)) - canSeeOwnerComment_(actions.exists(_ == CAN_SEE_OWNER_COMMENT)) - canSeeTags_(actions.exists(_ == CAN_SEE_TAGS)) - canSeeImages_(actions.exists(_ == CAN_SEE_IMAGES)) - canSeeBankAccountOwners_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS)) - canSeeBankAccountType_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE)) - canSeeBankAccountBalance_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE)) - canQueryAvailableFunds_(actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS)) - canSeeBankAccountCurrency_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY)) - canSeeBankAccountLabel_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL)) - canSeeBankAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER)) - canSeeBankAccountSwift_bic_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC)) - canSeeBankAccountIban_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN)) - canSeeBankAccountNumber_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER)) - canSeeBankAccountBankName_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME)) - canSeeBankAccountBankPermalink_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK)) - canSeeBankRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME)) - canSeeBankRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS)) - canSeeBankAccountRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME)) - canSeeBankAccountRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) - canSeeOtherAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER)) - canSeeOtherAccountSWIFT_BIC_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC)) - canSeeOtherAccountIBAN_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN)) - canSeeOtherAccountBankName_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME)) - canSeeOtherAccountNumber_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER)) - canSeeOtherAccountMetadata_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA)) - canSeeOtherAccountKind_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND)) - canSeeOtherBankRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME)) - canSeeOtherBankRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS)) - canSeeOtherAccountRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME)) - canSeeOtherAccountRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS)) - canSeeMoreInfo_(actions.exists(_ == CAN_SEE_MORE_INFO)) - canSeeUrl_(actions.exists(_ == CAN_SEE_URL)) - canSeeImageUrl_(actions.exists(_ == CAN_SEE_IMAGE_URL)) - canSeeOpenCorporatesUrl_(actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL)) - canSeeCorporateLocation_(actions.exists(_ == CAN_SEE_CORPORATE_LOCATION)) - canSeePhysicalLocation_(actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION)) - canSeePublicAlias_(actions.exists(_ == CAN_SEE_PUBLIC_ALIAS)) - canSeePrivateAlias_(actions.exists(_ == CAN_SEE_PRIVATE_ALIAS)) - canAddMoreInfo_(actions.exists(_ == CAN_ADD_MORE_INFO)) - canAddURL_(actions.exists(_ == CAN_ADD_URL)) - canAddImageURL_(actions.exists(_ == CAN_ADD_IMAGE_URL)) - canAddOpenCorporatesUrl_(actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL)) - canAddCorporateLocation_(actions.exists(_ == CAN_ADD_CORPORATE_LOCATION)) - canAddPhysicalLocation_(actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION)) - canAddPublicAlias_(actions.exists(_ == CAN_ADD_PUBLIC_ALIAS)) - canAddPrivateAlias_(actions.exists(_ == CAN_ADD_PRIVATE_ALIAS)) - canAddCounterparty_(actions.exists(_ == CAN_ADD_COUNTERPARTY)) - canDeleteCounterparty_(actions.exists(_ == CAN_DELETE_COUNTERPARTY)) - canGetCounterparty_(actions.exists(_ == CAN_GET_COUNTERPARTY)) - canDeleteCorporateLocation_(actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION)) - canDeletePhysicalLocation_(actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION)) - canEditOwnerComment_(actions.exists(_ == CAN_EDIT_OWNER_COMMENT)) - canAddComment_(actions.exists(_ == CAN_ADD_COMMENT)) - canDeleteComment_(actions.exists(_ == CAN_DELETE_COMMENT)) - canAddTag_(actions.exists(_ == CAN_ADD_TAG)) - canDeleteTag_(actions.exists(_ == CAN_DELETE_TAG)) - canAddImage_(actions.exists(_ == CAN_ADD_IMAGE)) - canDeleteImage_(actions.exists(_ == CAN_DELETE_IMAGE)) - canAddWhereTag_(actions.exists(_ == CAN_ADD_WHERE_TAG)) - canSeeWhereTag_(actions.exists(_ == CAN_SEE_WHERE_TAG)) - canDeleteWhereTag_(actions.exists(_ == CAN_DELETE_WHERE_TAG)) - canAddTransactionRequestToBeneficiary_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY)) - canAddTransactionRequestToAnyAccount_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) - canSeeBankAccountCreditLimit_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT)) - canCreateDirectDebit_(actions.exists(_ == CAN_CREATE_DIRECT_DEBIT)) - canCreateStandingOrder_(actions.exists(_ == CAN_CREATE_STANDING_ORDER)) - canSeeTransactionRequests_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUESTS)) - canSeeTransactionRequestTypes_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUEST_TYPES)) - canUpdateBankAccountLabel_(actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)) - canSeeAvailableViewsForBankAccount_(actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)) - canSeeViewsWithPermissionsForAllUsers_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)) - canSeeViewsWithPermissionsForOneUser_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) - canSeeTransactionStatus_(actions.exists(_ == CAN_SEE_TRANSACTION_STATUS)) } @@ -485,152 +103,25 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many override def allowed_actions : List[String] = ViewPermission.findViewPermissions(this).map(_.permission.get).distinct -// override def canGrantAccessToViews : Option[List[String]] = { -// ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp => -// { -// vp.metaData.get match { -// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) -// case _ => None -// } -// }) -// } -// -// override def canRevokeAccessToViews : Option[List[String]] = { -// ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp => -// { -// vp.metaData.get match { -// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) -// case _ => None -// } -// }) -// } - - - //This current view can grant access to other views. override def canGrantAccessToViews : Option[List[String]] = { - canGrantAccessToViews_.get == null || canGrantAccessToViews_.get.isEmpty() match { - case true => None - case _ => Some(canGrantAccessToViews_.get.split(",").toList.map(_.trim)) - } + ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp => + { + vp.extraData.get match { + case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) + case _ => None + } + }) } - - def canGrantAccessToCustomViews : Boolean = canGrantAccessToCustomViews_.get - //the current view can revoke access to other views. override def canRevokeAccessToViews : Option[List[String]] = { - canRevokeAccessToViews_.get == null || canRevokeAccessToViews_.get.isEmpty() match { - case true => None - case _ => Some(canRevokeAccessToViews_.get.split(",").toList.map(_.trim)) - } + ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp => + { + vp.extraData.get match { + case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) + case _ => None + } + }) } - override def canRevokeAccessToCustomViews : Boolean = canRevokeAccessToCustomViews_.get - - //reading access - - //transaction fields - def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get - def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get - def canSeeTransactionRequestTypes: Boolean = canSeeTransactionRequestTypes_.get - def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get - def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get - def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get - def canSeeTransactionAmount: Boolean = canSeeTransactionAmount_.get - def canSeeTransactionType: Boolean = canSeeTransactionType_.get - def canSeeTransactionCurrency: Boolean = canSeeTransactionCurrency_.get - def canSeeTransactionStartDate: Boolean = canSeeTransactionStartDate_.get - def canSeeTransactionFinishDate: Boolean = canSeeTransactionFinishDate_.get - def canSeeTransactionBalance: Boolean = canSeeTransactionBalance_.get - def canSeeTransactionStatus: Boolean = canSeeTransactionStatus_.get - - //transaction metadata - def canSeeComments: Boolean = canSeeComments_.get - def canSeeOwnerComment: Boolean = canSeeOwnerComment_.get - def canSeeTags : Boolean = canSeeTags_.get - def canSeeImages : Boolean = canSeeImages_.get - - //Bank account fields - def canSeeAvailableViewsForBankAccount : Boolean = canSeeAvailableViewsForBankAccount_.get - def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get - def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get - def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get - def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get - def canQueryAvailableFunds : Boolean = canQueryAvailableFunds_.get - def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get - def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get - def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get - def canSeeBankAccountSwiftBic : Boolean = canSeeBankAccountSwift_bic_.get - def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get - def canSeeBankAccountNumber : Boolean = canSeeBankAccountNumber_.get - def canSeeBankAccountBankName : Boolean = canSeeBankAccountBankName_.get - def canSeeBankAccountBankPermalink : Boolean = canSeeBankAccountBankPermalink_.get - def canSeeBankRoutingScheme : Boolean = canSeeBankRoutingScheme_.get - def canSeeBankRoutingAddress : Boolean = canSeeBankRoutingAddress_.get - def canSeeBankAccountRoutingScheme : Boolean = canSeeBankAccountRoutingScheme_.get - def canSeeBankAccountRoutingAddress : Boolean = canSeeBankAccountRoutingAddress_.get - def canSeeViewsWithPermissionsForOneUser: Boolean = canSeeViewsWithPermissionsForOneUser_.get - def canSeeViewsWithPermissionsForAllUsers : Boolean = canSeeViewsWithPermissionsForAllUsers_.get - - //other bank account fields - def canSeeOtherAccountNationalIdentifier : Boolean = canSeeOtherAccountNationalIdentifier_.get - def canSeeOtherAccountSwiftBic : Boolean = canSeeOtherAccountSWIFT_BIC_.get - def canSeeOtherAccountIban : Boolean = canSeeOtherAccountIBAN_.get - def canSeeOtherAccountBankName : Boolean = canSeeOtherAccountBankName_.get - def canSeeOtherAccountNumber : Boolean = canSeeOtherAccountNumber_.get - def canSeeOtherAccountMetadata : Boolean = canSeeOtherAccountMetadata_.get - def canSeeOtherAccountKind : Boolean = canSeeOtherAccountKind_.get - def canSeeOtherBankRoutingScheme : Boolean = canSeeOtherBankRoutingScheme_.get - def canSeeOtherBankRoutingAddress : Boolean = canSeeOtherBankRoutingAddress_.get - def canSeeOtherAccountRoutingScheme : Boolean = canSeeOtherAccountRoutingScheme_.get - def canSeeOtherAccountRoutingAddress : Boolean = canSeeOtherAccountRoutingAddress_.get - - //other bank account meta data - def canSeeMoreInfo: Boolean = canSeeMoreInfo_.get - def canSeeUrl: Boolean = canSeeUrl_.get - def canSeeImageUrl: Boolean = canSeeImageUrl_.get - def canSeeOpenCorporatesUrl: Boolean = canSeeOpenCorporatesUrl_.get - def canSeeCorporateLocation : Boolean = canSeeCorporateLocation_.get - def canSeePhysicalLocation : Boolean = canSeePhysicalLocation_.get - def canSeePublicAlias : Boolean = canSeePublicAlias_.get - def canSeePrivateAlias : Boolean = canSeePrivateAlias_.get - def canAddMoreInfo : Boolean = canAddMoreInfo_.get - def canAddUrl : Boolean = canAddURL_.get - def canAddImageUrl : Boolean = canAddImageURL_.get - def canAddOpenCorporatesUrl : Boolean = canAddOpenCorporatesUrl_.get - def canAddCorporateLocation : Boolean = canAddCorporateLocation_.get - def canAddPhysicalLocation : Boolean = canAddPhysicalLocation_.get - def canAddPublicAlias : Boolean = canAddPublicAlias_.get - def canAddPrivateAlias : Boolean = canAddPrivateAlias_.get - def canAddCounterparty : Boolean = canAddCounterparty_.get - def canGetCounterparty : Boolean = canGetCounterparty_.get - def canDeleteCounterparty : Boolean = canDeleteCounterparty_.get - def canDeleteCorporateLocation : Boolean = canDeleteCorporateLocation_.get - def canDeletePhysicalLocation : Boolean = canDeletePhysicalLocation_.get - - //writing access - def canEditOwnerComment: Boolean = canEditOwnerComment_.get - def canAddComment : Boolean = canAddComment_.get - def canDeleteComment: Boolean = canDeleteComment_.get - def canAddTag : Boolean = canAddTag_.get - def canDeleteTag : Boolean = canDeleteTag_.get - def canAddImage : Boolean = canAddImage_.get - def canDeleteImage : Boolean = canDeleteImage_.get - def canAddWhereTag : Boolean = canAddWhereTag_.get - def canSeeWhereTag : Boolean = canSeeWhereTag_.get - def canDeleteWhereTag : Boolean = canDeleteWhereTag_.get - - def canAddTransactionRequestToOwnAccount: Boolean = false //we do not need this field, set this to false. - def canAddTransactionRequestToAnyAccount: Boolean = canAddTransactionRequestToAnyAccount_.get - def canAddTransactionRequestToBeneficiary: Boolean = canAddTransactionRequestToBeneficiary_.get - def canSeeBankAccountCreditLimit: Boolean = canSeeBankAccountCreditLimit_.get - - def canCreateDirectDebit: Boolean = canCreateDirectDebit_.get - def canCreateStandingOrder: Boolean = canCreateStandingOrder_.get - def canCreateCustomView: Boolean = canCreateCustomView_.get - def canDeleteCustomView: Boolean = canDeleteCustomView_.get - def canUpdateCustomView: Boolean = canUpdateCustomView_.get - def canGetCustomView: Boolean = canGetCustomView_.get - //TODO: if you add new permissions here, remember to set them wherever views are created - // (e.g. BankAccountCreationDispatcher) } object ViewDefinition extends ViewDefinition with LongKeyedMetaMapper[ViewDefinition] { diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 3de76e629..3d8b7ba85 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -1,5 +1,6 @@ package code.views.system +import code.api.Constant.{CAN_GRANT_ACCESS_TO_VIEWS, CAN_REVOKE_ACCESS_TO_VIEWS} import code.util.UUIDString import com.openbankproject.commons.model._ import net.liftweb.common.Box @@ -68,4 +69,71 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis } else { findCustomViewPermission(view.bankId, view.accountId, view.viewId, permission) } + + def createViewPermissions( + viewDefinition: View, + permissionNames: List[String], + canGrantAccessToViews: List[String] = Nil, + canRevokeAccessToViews: List[String] = Nil + ): Unit = { + if (viewDefinition.isSystem) { + permissionNames.map( + permissionName => + if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canGrantAccessToViews.mkString(",")) + .save + } else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canRevokeAccessToViews.mkString(",")) + .save + } + else { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(null) + .save + }) + } else { + permissionNames.map( + permissionName => + if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canGrantAccessToViews.mkString(",")) + .save + } else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canRevokeAccessToViews.mkString(",")) + .save + } + else { + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(null) + .save + }) + } + } } diff --git a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala index b95122594..38c7b0273 100644 --- a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala +++ b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala @@ -8,16 +8,91 @@ import code.api.util.ErrorMessages._ import code.model._ import code.model.dataAccess._ import code.views.MapperViews.getExistingCustomView -import code.views.system.ViewDefinition +import code.views.system.{ViewDefinition, ViewPermission} import code.views.{MapperViews, Views} import com.openbankproject.commons.model._ import net.liftweb.common.{Failure, Full, ParamFailure} import net.liftweb.mapper.MetaMapper import net.liftweb.util.Helpers._ +import code.api.Constant._ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { + final val SYSTEM_CUSTOM_VIEW_PERMISSION_TEST = List( + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT, + CAN_SEE_TRANSACTION_STATUS + ) + + override protected def setAccountHolder(user: User, bankId : BankId, accountId : AccountId) = { AccountHolders.accountHolders.vend.getOrCreateAccountHolder(user, BankIdAccountId(bankId, accountId)) } @@ -57,82 +132,13 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { usePrivateAliasIfOneExists_(false). usePublicAliasIfOneExists_(false). hideOtherAccountMetadataIfAlias_(false). - canSeeTransactionThisBankAccount_(true). - canSeeTransactionOtherBankAccount_(true). - canSeeTransactionMetadata_(true). - canSeeTransactionDescription_(true). - canSeeTransactionAmount_(true). - canSeeTransactionType_(true). - canSeeTransactionCurrency_(true). - canSeeTransactionStartDate_(true). - canSeeTransactionFinishDate_(true). - canSeeTransactionBalance_(true). - canSeeComments_(true). - canSeeOwnerComment_(true). - canSeeTags_(true). - canSeeImages_(true). - canSeeBankAccountOwners_(true). - canSeeBankAccountType_(true). - canSeeBankAccountBalance_(true). - canSeeBankAccountCurrency_(true). - canSeeBankAccountLabel_(true). - canSeeBankAccountNationalIdentifier_(true). - canSeeBankAccountSwift_bic_(true). - canSeeBankAccountIban_(true). - canSeeBankAccountNumber_(true). - canSeeBankAccountBankName_(true). - canSeeBankAccountBankPermalink_(true). - canSeeOtherAccountNationalIdentifier_(true). - canSeeOtherAccountSWIFT_BIC_(true). - canSeeOtherAccountIBAN_(true). - canSeeOtherAccountBankName_(true). - canSeeOtherAccountNumber_(true). - canSeeOtherAccountMetadata_(true). - canSeeOtherAccountKind_(true). - canSeeMoreInfo_(true). - canSeeUrl_(true). - canSeeImageUrl_(true). - canSeeOpenCorporatesUrl_(true). - canSeeCorporateLocation_(true). - canSeePhysicalLocation_(true). - canSeePublicAlias_(true). - canSeePrivateAlias_(true). - canAddMoreInfo_(true). - canAddURL_(true). - canAddImageURL_(true). - canAddOpenCorporatesUrl_(true). - canAddCorporateLocation_(true). - canAddPhysicalLocation_(true). - canAddPublicAlias_(true). - canAddPrivateAlias_(true). - canDeleteCorporateLocation_(true). - canDeletePhysicalLocation_(true). - canEditOwnerComment_(true). - canAddComment_(true). - canDeleteComment_(true). - canAddTag_(true). - canDeleteTag_(true). - canAddImage_(true). - canDeleteImage_(true). - canAddWhereTag_(true). - canSeeWhereTag_(true). - canDeleteWhereTag_(true). - canSeeBankRoutingScheme_(true). //added following in V300 - canSeeBankRoutingAddress_(true). - canSeeBankAccountRoutingScheme_(true). - canSeeBankAccountRoutingAddress_(true). - canSeeOtherBankRoutingScheme_(true). - canSeeOtherBankRoutingAddress_(true). - canSeeOtherAccountRoutingScheme_(true). - canSeeOtherAccountRoutingAddress_(true). - canAddTransactionRequestToOwnAccount_(false). //added following two for payments - canAddTransactionRequestToAnyAccount_(false). - canAddTransactionRequestToBeneficiary_(false). - canSeeBankAccountCreditLimit_(true). - canSeeTransactionStatus_(true). saveMe } - view.map(v => MapperViews.migrateViewPermissions(v)) + view.map(ViewPermission.createViewPermissions( + _, + SYSTEM_CUSTOM_VIEW_PERMISSION_TEST + )) + view } case Full(v) => Full(v) diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index 0cb5ad0e7..5ed322f92 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -87,103 +87,6 @@ case class UpdateViewJSON( override val can_revoke_access_to_views : Option[List[String]] = None) extends ViewSpecification - -/** Views moderate access to an Account. That is, they are used to: - * 1) Show/hide fields on the account, its transactions and related counterparties - * 2) Store/partition meta data - e.g. comments posted on a "team" view are not visible via a "public" view and visa versa. - * - * Users can be granted access to one or more Views - * Each View has a set of entitlements aka permissions which hide / show data fields and enable / disable operations on the account - * - * @define viewId A short url friendly, (singular) human readable name for the view. e.g. "team", "auditor" or "public". Note: "owner" is a default and reserved name. Other reserved names should include "public", "accountant" and "auditor" - * @define accountId The account that the view moderates - * @define bankId The bank where the account is held - * @define name The name of the view - * @define description A description of the view - * @define isPublic Set to True if the view should be open to the public (no authorisation required!) Set to False to require authorisation - * @define users A list of users that can use this view - * @define usePublicAliasIfOneExists If true and the counterparty in a transaction has a public alias set, use it. Else use the raw counterparty name (if both usePublicAliasIfOneExists and usePrivateAliasIfOneExists are true, public alias will be used) - * @define usePrivateAliasIfOneExists If true and the counterparty in a transaction has a private alias set, use it. Else use the raw counterparty name (if both usePublicAliasIfOneExists and usePrivateAliasIfOneExists are true, public alias will be used) - * @define hideOtherAccountMetadataIfAlias If true, the view will hide counterparty metadata if the counterparty has an alias. This is to preserve anonymity if required. - * - * @define canSeeTransactionThisBankAccount If true, the view will show information about the Transaction account (this account) - * @define canSeeTransactionOtherBankAccount If true, the view will show information about the Transaction counterparty - * @define canSeeTransactionMetadata If true, the view will show any Transaction metadata - * @define canSeeTransactionDescription If true, the view will show the Transaction description - * @define canSeeTransactionAmount If true, the view will show the Transaction amount (value, not currency) - * @define canSeeTransactionType If true, the view will show the Transaction type - * @define canSeeTransactionCurrency If true, the view will show the Transaction currency (not value) - * @define canSeeTransactionStartDate If true, the view will show the Transaction start date - * @define canSeeTransactionFinishDate If true, the view will show the Transaction finish date - * @define canSeeTransactionBalance If true, the view will show the Transaction balance (after each transaction) - * - * @define canSeeComments If true, the view will show the Transaction Metadata comments - * @define canSeeOwnerComment If true, the view will show the Transaction Metadata owner comment - * @define canSeeTags If true, the view will show the Transaction Metadata tags - * @define canSeeImages If true, the view will show the Transaction Metadata images - - * @define canSeeBankAccountOwners If true, the view will show the Account owners - * @define canSeeBankAccountType If true, the view will show the Account type. The account type is a human friendly financial product name - * @define canSeeBankAccountBalance If true, the view will show the Account balance - * @define canSeeBankAccountCurrency If true, the view will show the Account currency - * @define canSeeBankAccountLabel If true, the view will show the Account label. The label can be edited via the API. It does not come from the core banking system. - * @define canSeeBankAccountNationalIdentifier If true, the view will show the national identifier of the bank - * @define canSeeBankAccountSwift_bic If true, the view will show the Swift / Bic code of the bank - * @define canSeeBankAccountIban If true, the view will show the IBAN - * @define canSeeBankAccountNumber If true, the view will show the account number - * @define canSeeBankAccountBankName If true, the view will show the bank name - * @define canSeeBankRoutingScheme If true, the view will show the BankRoutingScheme - * @define canSeeBankRoutingAddress If true, the view will show the BankRoutingAddress - * @define canSeeBankAccountRoutingScheme If true, the view will show the BankAccountRoutingScheme - * @define canSeeBankAccountRoutingAddress If true, the view will show the BankAccountRoutingAddress - - * @define canSeeOtherAccountNationalIdentifier If true, the view will show the Counterparty bank national identifier - * @define canSeeOtherAccountSWIFT_BIC If true, the view will show the Counterparty SWIFT BIC - * @define canSeeOtherAccountIBAN If true, the view will show the Counterparty IBAN - * @define canSeeOtherAccountBankName If true, the view will show the Counterparty Bank Name - * @define canSeeOtherAccountNumber If true, the view will show the Counterparty Account Number - * @define canSeeOtherAccountMetadata If true, the view will show the Counterparty Metadata - * @define canSeeOtherAccountKind If true, the view will show the Counterparty Account Type. This is unlikely to be a full financial product name. - * @define canSeeOtherBankRoutingScheme If true, the view will show the OtherBankRoutingScheme - * @define canSeeOtherBankRoutingAddress If true, the view will show the OtherBankRoutingScheme - * @define canSeeOtherAccountRoutingScheme If true, the view will show the OtherBankRoutingScheme - * @define canSeeOtherAccountRoutingAddress If true, the view will show the OtherBankRoutingScheme - - * @define canSeeMoreInfo If true, the view will show the Counterparty More Info text - * @define canSeeUrl If true, the view will show the Counterparty Url - * @define canSeeImageUrl If true, the view will show the Counterparty Image Url - * @define canSeeOpenCorporatesUrl If true, the view will show the Counterparty OpenCorporatesUrl - * @define canSeeCorporateLocation If true, the view will show the Counterparty CorporateLocation - * @define canSeePhysicalLocation If true, the view will show the Counterparty PhysicalLocation - * @define canSeePublicAlias If true, the view will show the Counterparty PublicAlias - * @define canSeePrivateAlias If true, the view will show the Counterparty PrivateAlias - * - * @define canAddMoreInfo If true, the view can add the Counterparty MoreInfo - * @define canAddURL If true, the view can add the Counterparty Url - * @define canAddImageURL If true, the view can add the Counterparty Image Url - * @define canAddOpenCorporatesUrl If true, the view can add the Counterparty OpenCorporatesUrl - * @define canAddCorporateLocation If true, the view can add the Counterparty CorporateLocation - * @define canAddPhysicalLocation If true, the view can add the Counterparty PhysicalLocation - * @define canAddPublicAlias If true, the view can add the Counterparty PublicAlias - * @define canAddPrivateAlias If true, the view can add the Counterparty PrivateAlias - * @define canDeleteCorporateLocation If true, the can add show the Counterparty CorporateLocation - * @define canDeletePhysicalLocation If true, the can add show the Counterparty PhysicalLocation - * - * @define canEditOwnerComment If true, the view can edit the Transaction Owner Comment - * @define canAddComment If true, the view can add a Transaction Comment - * @define canDeleteComment If true, the view can delete a Transaction Comment - * @define canAddTag If true, the view can add a Transaction/Account Tag - * @define canDeleteTag If true, the view can delete a Transaction/Account Tag - * @define canAddImage If true, the view can add a Transaction Image - * @define canDeleteImage If true, the view can delete a Transaction Image - * @define canAddWhereTag If true, the view can add a Transaction Where Tag - * @define canSeeWhereTag If true, the view can show the Transaction Where Tag - * @define canDeleteWhereTag If true, the view can delete the Transaction Where Tag - - * @define canAddCounterparty If true, view can add counterparty / create counterparty. - - - */ trait View { def id: Long @@ -229,9 +132,9 @@ trait View { //the Value from developer, can be any string value. def description: String - /** This users is tricky, this use ManyToMany relationship, + /** These users are tricky, this use ManyToMany relationship, * 1st: when create view, we need carefully map this view to the owner user. - * 2rd: the view can grant the access to any other (not owner) users. eg: Simon's accountant view can grant access to Carola, then Carola can see Simon's accountant data + * 2nd: the view can grant the access to any other (not owner) users. eg: Simon's accountant view can grant access to Carola, then Carola can see Simon's accountant data * also look into some createView methods in code, you can understand more: * create1: code.bankconnectors.Connector.createViews * after createViews method, always need call addPermission(v.uid, user). This will create this field @@ -253,191 +156,7 @@ trait View { * These three will get the allowed actions from viewPermission table */ def allowed_actions : List[String] - - def canGrantAccessToViews : Option[List[String]] = None def canRevokeAccessToViews : Option[List[String]] = None - def canGrantAccessToCustomViews : Boolean // if this true, we can grant custom views, if it is false, no one can grant custom views. - def canRevokeAccessToCustomViews : Boolean // if this true, we can revoke custom views,if it is false, no one can revoke custom views. - - //reading access - - //transaction fields - def canSeeTransactionRequests: Boolean - - def canSeeTransactionRequestTypes: Boolean - - def canSeeTransactionThisBankAccount: Boolean - - def canSeeTransactionOtherBankAccount: Boolean - - def canSeeTransactionMetadata: Boolean - - def canSeeTransactionDescription: Boolean - - def canSeeTransactionAmount: Boolean - - def canSeeTransactionType: Boolean - - def canSeeTransactionCurrency: Boolean - - def canSeeTransactionStartDate: Boolean - - def canSeeTransactionFinishDate: Boolean - - def canSeeTransactionBalance: Boolean - - def canSeeTransactionStatus: Boolean - - //transaction metadata - def canSeeComments: Boolean - - def canSeeOwnerComment: Boolean - - def canSeeTags: Boolean - - def canSeeImages: Boolean - - //Bank account fields - def canSeeAvailableViewsForBankAccount: Boolean - - def canSeeBankAccountOwners: Boolean - - def canSeeBankAccountType: Boolean - def canUpdateBankAccountLabel: Boolean - - def canSeeBankAccountBalance: Boolean - - def canQueryAvailableFunds: Boolean - - def canSeeBankAccountCurrency: Boolean - - def canSeeBankAccountLabel: Boolean - - def canSeeBankAccountNationalIdentifier: Boolean - - def canSeeBankAccountSwiftBic: Boolean - - def canSeeBankAccountIban: Boolean - - def canSeeBankAccountNumber: Boolean - - def canSeeBankAccountBankName: Boolean - - def canSeeBankRoutingScheme: Boolean - - def canSeeBankRoutingAddress: Boolean - - def canSeeBankAccountRoutingScheme: Boolean - - def canSeeBankAccountRoutingAddress: Boolean - - def canSeeViewsWithPermissionsForOneUser: Boolean - - def canSeeViewsWithPermissionsForAllUsers: Boolean - - //other bank account (counterparty) fields - def canSeeOtherAccountNationalIdentifier: Boolean - - def canSeeOtherAccountSwiftBic: Boolean - - def canSeeOtherAccountIban: Boolean - - def canSeeOtherAccountBankName: Boolean - - def canSeeOtherAccountNumber: Boolean - - def canSeeOtherAccountMetadata: Boolean - - def canSeeOtherAccountKind: Boolean - - def canSeeOtherBankRoutingScheme: Boolean - - def canSeeOtherBankRoutingAddress: Boolean - - def canSeeOtherAccountRoutingScheme: Boolean - - def canSeeOtherAccountRoutingAddress: Boolean - - //other bank account meta data - read - def canSeeMoreInfo: Boolean - - def canSeeUrl: Boolean - - def canSeeImageUrl: Boolean - - def canSeeOpenCorporatesUrl: Boolean - - def canSeeCorporateLocation: Boolean - - def canSeePhysicalLocation: Boolean - - def canSeePublicAlias: Boolean - - def canSeePrivateAlias: Boolean - - //other bank account (Counterparty) meta data - write - def canAddMoreInfo: Boolean - - def canAddUrl: Boolean - - def canAddImageUrl: Boolean - - def canAddOpenCorporatesUrl: Boolean - - def canAddCorporateLocation: Boolean - - def canAddPhysicalLocation: Boolean - - def canAddPublicAlias: Boolean - - def canAddPrivateAlias: Boolean - - def canAddCounterparty: Boolean - - def canGetCounterparty: Boolean - - def canDeleteCounterparty: Boolean - - def canDeleteCorporateLocation: Boolean - - def canDeletePhysicalLocation: Boolean - - //writing access - def canEditOwnerComment: Boolean - - def canAddComment: Boolean - - def canDeleteComment: Boolean - - def canAddTag: Boolean - - def canDeleteTag: Boolean - - def canAddImage: Boolean - - def canDeleteImage: Boolean - - def canAddWhereTag: Boolean - - def canSeeWhereTag: Boolean - - def canDeleteWhereTag: Boolean - - def canAddTransactionRequestToOwnAccount: Boolean //added following two for payments - def canAddTransactionRequestToAnyAccount: Boolean - def canAddTransactionRequestToBeneficiary: Boolean - - def canSeeBankAccountCreditLimit: Boolean - - def canCreateDirectDebit: Boolean - - def canCreateStandingOrder: Boolean - - //If any view set these to true, you can create/delete/update the custom view - def canCreateCustomView: Boolean - def canDeleteCustomView: Boolean - def canUpdateCustomView: Boolean - def canGetCustomView: Boolean } \ No newline at end of file From 6a62fea8fef9404d67aaf4df113a10883b1c6478 Mon Sep 17 00:00:00 2001 From: hongwei Date: Sat, 12 Jul 2025 18:26:16 +0200 Subject: [PATCH 20/26] feature/viewPermission removed APIUtil.getViewPermissions --- .../main/scala/code/api/util/APIUtil.scala | 13 +-- .../scala/code/api/v5_0_0/APIMethods500.scala | 3 +- .../scala/code/api/v5_1_0/APIMethods510.scala | 6 +- .../code/api/v5_1_0/JSONFactory5.1.0.scala | 2 +- .../main/scala/code/views/MapperViews.scala | 9 +- obp-api/src/main/scala/code/views/Views.scala | 6 +- .../code/views/system/ViewDefinition.scala | 4 + .../code/views/system/ViewPermission.scala | 93 +++++++------------ .../scala/code/util/APIUtilHeavyTest.scala | 7 +- .../commons/model/ViewModel.scala | 2 + 10 files changed, 58 insertions(+), 87 deletions(-) diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index d42dd1594..27c7c0d46 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -67,7 +67,7 @@ import code.usercustomerlinks.UserCustomerLink import code.users.Users import code.util.Helper.{MdcLoggable, ObpS, SILENCE_IS_GOLDEN} import code.util.{Helper, JsonSchemaUtil} -import code.views.system.{AccountAccess, ViewDefinition} +import code.views.system.AccountAccess import code.views.{MapperViews, Views} import code.webuiprops.MappedWebUiPropsProvider.getWebUiPropsValue import com.alibaba.ttl.internal.javassist.CannotCompileException @@ -5059,15 +5059,4 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ .distinct // List pairs (bank_id, account_id) } - //get all the permission Pair from one record, eg: - //Note, do not contain can_revoke_access_to_views and can_grant_access_to_views permission yet. - def getViewPermissions(view: ViewDefinition) = view.allFields.map(x => (x.name, x.get)) - .filter(pair =>pair._2.isInstanceOf[Boolean]) - .filter(pair => pair._1.startsWith("can")) - .filter(pair => pair._2.equals(true)) - .map(pair => - StringHelpers.snakify(pair._1) - .dropRight(1) //Remove the "_" in the end, eg canCreateStandingOrder_ --> canCreateStandingOrder - ).toSet - } \ No newline at end of file diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 528d4ee34..76dd5ad40 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -28,7 +28,6 @@ import code.model.dataAccess.BankAccountCreation import code.util.Helper import code.util.Helper.{SILENCE_IS_GOLDEN, booleanToFuture} import code.views.Views -import code.views.system.ViewDefinition import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.model._ @@ -1015,7 +1014,7 @@ trait APIMethods500 { //2rd: create the Custom View for the fromAccount. //we do not need sourceViewId so far, we need to get all the view access for the login user, and permission <- NewStyle.function.permission(fromAccount.bankId, fromAccount.accountId, user, callContext) - permissionsFromSource = permission.views.map(view =>APIUtil.getViewPermissions(view.asInstanceOf[ViewDefinition]).toList).flatten.toSet + permissionsFromSource = permission.views.map(_.allowed_actions).flatten.toSet permissionsFromTarget = targetCreateCustomViewJson.allowed_permissions //eg: permissionsFromTarget=List(1,2), permissionsFromSource = List(1,3,4) => userMissingPermissions = List(2) diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 5e0ac46e9..b8e18caa9 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -2,8 +2,8 @@ package code.api.v5_1_0 import code.api.Constant -import code.api.OAuth2Login.Keycloak import code.api.Constant._ +import code.api.OAuth2Login.Keycloak import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3.{ConsentAccessAccountsJson, ConsentAccessJson} import code.api.util.APIUtil._ @@ -4459,7 +4459,7 @@ trait APIMethods510 { isValidCustomViewName(createCustomViewJson.name) } - permissionsFromSource = APIUtil.getViewPermissions(view.asInstanceOf[ViewDefinition]) + permissionsFromSource = view.asInstanceOf[ViewDefinition].allowed_actions.toSet permissionsFromTarget = createCustomViewJson.allowed_permissions _ <- Helper.booleanToFuture(failMsg = SourceViewHasLessPermission + s"Current source viewId($viewId) permissions ($permissionsFromSource), target viewName${createCustomViewJson.name} permissions ($permissionsFromTarget)", cc = callContext) { @@ -4516,7 +4516,7 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg = InvalidCustomViewFormat + s"Current TARGET_VIEW_ID (${targetViewId})", cc = callContext) { isValidCustomViewId(targetViewId.value) } - permissionsFromSource = APIUtil.getViewPermissions(view.asInstanceOf[ViewDefinition]) + permissionsFromSource = view.asInstanceOf[ViewDefinition].allowed_actions.toSet permissionsFromTarget = targetCreateCustomViewJson.allowed_permissions _ <- Helper.booleanToFuture(failMsg = SourceViewHasLessPermission + s"Current source view permissions ($permissionsFromSource), target view permissions ($permissionsFromTarget)", cc = callContext) { diff --git a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala index 910851ad4..fb2af9db7 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala @@ -722,7 +722,7 @@ object JSONFactory510 extends CustomJsonFormats { is_public = view.isPublic, alias = alias, hide_metadata_if_alias_used = view.hideOtherAccountMetadataIfAlias, - allowed_permissions = APIUtil.getViewPermissions(view.asInstanceOf[ViewDefinition]).toList + allowed_permissions = view.asInstanceOf[ViewDefinition].allowed_actions.toList ) } def createCustomersIds(customers : List[Customer]): CustomersIdsJsonV510 = diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 489a2ebbd..a954dec53 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -472,6 +472,7 @@ object MapperViews extends Views with MdcLoggable { case false => Full() } } yield { + customView.deleteViewPermissions customView.delete_! } } @@ -483,6 +484,7 @@ object MapperViews extends Views with MdcLoggable { case false => Full() } } yield { + view.deleteViewPermissions view.delete_! } } @@ -676,21 +678,22 @@ object MapperViews extends Views with MdcLoggable { res } - def removeAllPermissions(bankId: BankId, accountId: AccountId) : Boolean = { + def removeAllAccountAccess(bankId: BankId, accountId: AccountId) : Boolean = { AccountAccess.bulkDelete_!!( By(AccountAccess.bank_id, bankId.value), By(AccountAccess.account_id, accountId.value) ) } - def removeAllViews(bankId: BankId, accountId: AccountId) : Boolean = { + def removeAllViewsAndVierPermissions(bankId: BankId, accountId: AccountId) : Boolean = { ViewDefinition.bulkDelete_!!( By(ViewDefinition.bank_id, bankId.value), By(ViewDefinition.account_id, accountId.value) ) + ViewPermission.bulkDelete_!!() } - def bulkDeleteAllPermissionsAndViews() : Boolean = { + def bulkDeleteAllViewsAndAccountAccessAndViewPermission() : Boolean = { ViewDefinition.bulkDelete_!!() AccountAccess.bulkDelete_!!() ViewPermission.bulkDelete_!!() diff --git a/obp-api/src/main/scala/code/views/Views.scala b/obp-api/src/main/scala/code/views/Views.scala index 1dbeb893a..1627f90a8 100644 --- a/obp-api/src/main/scala/code/views/Views.scala +++ b/obp-api/src/main/scala/code/views/Views.scala @@ -102,10 +102,10 @@ trait Views { def getOwners(view: View): Set[User] - def removeAllPermissions(bankId: BankId, accountId: AccountId) : Boolean - def removeAllViews(bankId: BankId, accountId: AccountId) : Boolean + def removeAllAccountAccess(bankId: BankId, accountId: AccountId) : Boolean + def removeAllViewsAndVierPermissions(bankId: BankId, accountId: AccountId) : Boolean - def bulkDeleteAllPermissionsAndViews() : Boolean + def bulkDeleteAllViewsAndAccountAccessAndViewPermission() : Boolean } diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index fed312280..c2f424200 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -78,6 +78,10 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many } + def deleteViewPermissions = { + ViewPermission.findViewPermissions(this).map(_.delete_!) + } + def id: Long = id_.get diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 3d8b7ba85..ef5b760f2 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -6,6 +6,7 @@ import com.openbankproject.commons.model._ import net.liftweb.common.Box import net.liftweb.mapper._ + class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with CreatedUpdated { def getSingleton = ViewPermission object bank_id extends MappedString(this, 255) @@ -70,70 +71,46 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis findCustomViewPermission(view.bankId, view.accountId, view.viewId, permission) } + /** + * This method will first remove all the current permissons. + * and will create new ones accouding to the parameters. + * + * This is the logic from ViewDefinition before. because we can only update all the permissions before, + * we may support only update one permissioin later. + */ def createViewPermissions( viewDefinition: View, permissionNames: List[String], canGrantAccessToViews: List[String] = Nil, canRevokeAccessToViews: List[String] = Nil ): Unit = { - if (viewDefinition.isSystem) { - permissionNames.map( - permissionName => - if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) { - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(canGrantAccessToViews.mkString(",")) - .save - } else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) { - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(canRevokeAccessToViews.mkString(",")) - .save - } - else { - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(null) - .save - }) - } else { - permissionNames.map( - permissionName => - if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) { - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(canGrantAccessToViews.mkString(",")) - .save - } else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) { - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(canRevokeAccessToViews.mkString(",")) - .save - } - else { - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(null) - .save - }) + + // Delete all existing permissions for the view + viewDefinition.deleteViewPermissions + + // Determine bank_id and account_id for system or custom views + val (bankId, accountId) = + if (viewDefinition.isSystem) + (null, null) + else + (viewDefinition.bankId.value, viewDefinition.accountId.value) + + // Create fresh permission entries + permissionNames.foreach { permissionName => + val extraData = permissionName match { + case CAN_GRANT_ACCESS_TO_VIEWS => canGrantAccessToViews.mkString(",") + case CAN_REVOKE_ACCESS_TO_VIEWS => canRevokeAccessToViews.mkString(",") + case _ => null + } + + ViewPermission.create + .bank_id(bankId) + .account_id(accountId) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(extraData) + .save } } + } diff --git a/obp-api/src/test/scala/code/util/APIUtilHeavyTest.scala b/obp-api/src/test/scala/code/util/APIUtilHeavyTest.scala index cc8e373c4..09cdcd0b8 100644 --- a/obp-api/src/test/scala/code/util/APIUtilHeavyTest.scala +++ b/obp-api/src/test/scala/code/util/APIUtilHeavyTest.scala @@ -28,14 +28,11 @@ TESOBE (http://www.tesobe.com/) package code.util import code.api.Constant.SYSTEM_OWNER_VIEW_ID -import code.api.UKOpenBanking.v2_0_0.{APIMethods_UKOpenBanking_200, OBP_UKOpenBanking_200} -import code.api.UKOpenBanking.v3_1_0.{APIMethods_AccountAccessApi, OBP_UKOpenBanking_310} +import code.api.UKOpenBanking.v3_1_0.APIMethods_AccountAccessApi import code.api.berlin.group.ConstantsBG -import code.api.berlin.group.v1_3.OBP_BERLIN_GROUP_1_3 import code.api.builder.AccountInformationServiceAISApi.APIMethods_AccountInformationServiceAISApi import code.api.util.APIUtil.OBPEndpoint import code.api.util._ -import code.api.v3_1_0.OBPAPI3_1_0 import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0 import code.api.v4_0_0.{OBPAPI4_0_0, V400ServerSetup} import code.setup.PropsReset @@ -191,7 +188,7 @@ class APIUtilHeavyTest extends V400ServerSetup with PropsReset { "can_see_transaction_status" ).toSet val systemOwnerView = getOrCreateSystemView(SYSTEM_OWNER_VIEW_ID) - val permissions = APIUtil.getViewPermissions(systemOwnerView.asInstanceOf[ViewDefinition]) + val permissions = systemOwnerView.asInstanceOf[ViewDefinition].allowed_actions.toSet subList.subsetOf(permissions) } diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index 5ed322f92..cae038259 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -159,4 +159,6 @@ trait View { def canGrantAccessToViews : Option[List[String]] = None def canRevokeAccessToViews : Option[List[String]] = None + def createViewAndPermissions(viewSpecification : ViewSpecification) : Unit + def deleteViewPermissions :List[Boolean] } \ No newline at end of file From 3b4c3ceb0dd3f332a4f34e60f1764029a4e3835e Mon Sep 17 00:00:00 2001 From: hongwei Date: Sat, 12 Jul 2025 19:44:30 +0200 Subject: [PATCH 21/26] feature/viewPermission --fixed All Test --- .../scala/code/api/constant/constant.scala | 2 +- .../main/scala/code/views/MapperViews.scala | 28 +++++++++++-- .../code/views/system/ViewPermission.scala | 39 ++++++++++++------- 3 files changed, 50 insertions(+), 19 deletions(-) diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index 744bed921..f5ee35af3 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -407,7 +407,7 @@ object Constant extends MdcLoggable { CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT ) - final val VIEW_PERMISSION_NAMES = List( + final val ALL_VIEW_PERMISSION_NAMES = List( CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, CAN_SEE_TRANSACTION_METADATA, CAN_SEE_TRANSACTION_DESCRIPTION, diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index a954dec53..771798c97 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -718,15 +718,17 @@ object MapperViews extends Views with MdcLoggable { case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>{ ViewPermission.createViewPermissions( entity, - SYSTEM_OWNER_VIEW_PERMISSION_ADMIN, + SYSTEM_OWNER_VIEW_PERMISSION_ADMIN ++SYSTEM_VIEW_PERMISSION_COMMON, DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS ) - ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) entity } case SYSTEM_STAGE_ONE_VIEW_ID =>{ - ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON) + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON + ) entity } case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>{ @@ -737,7 +739,10 @@ object MapperViews extends Views with MdcLoggable { entity } case SYSTEM_FIREHOSE_VIEW_ID =>{ - ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON + ) entity // Make additional setup to the existing view .isFirehose_(true) } @@ -758,6 +763,21 @@ object MapperViews extends Views with MdcLoggable { ) entity } + case SYSTEM_ACCOUNTANT_VIEW_ID | + SYSTEM_AUDITOR_VIEW_ID | + SYSTEM_READ_ACCOUNTS_BASIC_VIEW_ID | + SYSTEM_READ_ACCOUNTS_DETAIL_VIEW_ID | + SYSTEM_READ_BALANCES_VIEW_ID | + SYSTEM_READ_TRANSACTIONS_BASIC_VIEW_ID | + SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID | + SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID => { + + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON + ) + entity + } case _ => entity } diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index ef5b760f2..3295395ec 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -6,7 +6,6 @@ import com.openbankproject.commons.model._ import net.liftweb.common.Box import net.liftweb.mapper._ - class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with CreatedUpdated { def getSingleton = ViewPermission object bank_id extends MappedString(this, 255) @@ -72,30 +71,30 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis } /** - * This method will first remove all the current permissons. - * and will create new ones accouding to the parameters. - * - * This is the logic from ViewDefinition before. because we can only update all the permissions before, - * we may support only update one permissioin later. + * This method first removes all existing permissions for the given view, + * then creates new ones based on the provided parameters. + * + * This follows the original logic from ViewDefinition, where permission updates + * were only supported in bulk (all at once). In the future, we may extend this + * to support updating individual permissions selectively. */ def createViewPermissions( - viewDefinition: View, + view: View, permissionNames: List[String], canGrantAccessToViews: List[String] = Nil, canRevokeAccessToViews: List[String] = Nil ): Unit = { - // Delete all existing permissions for the view - viewDefinition.deleteViewPermissions + // Delete all existing permissions for this view + ViewPermission.findViewPermissions(view).foreach(_.delete_!) - // Determine bank_id and account_id for system or custom views val (bankId, accountId) = - if (viewDefinition.isSystem) + if (view.isSystem) (null, null) else - (viewDefinition.bankId.value, viewDefinition.accountId.value) + (view.bankId.value, view.accountId.value) - // Create fresh permission entries + // Insert each new permission permissionNames.foreach { permissionName => val extraData = permissionName match { case CAN_GRANT_ACCESS_TO_VIEWS => canGrantAccessToViews.mkString(",") @@ -103,10 +102,22 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis case _ => null } + // Dynamically build correct query conditions with NullRef if needed + val conditions: Seq[QueryParam[ViewPermission]] = Seq( + if (bankId == null) NullRef(ViewPermission.bank_id) else By(ViewPermission.bank_id, bankId), + if (accountId == null) NullRef(ViewPermission.account_id) else By(ViewPermission.account_id, accountId), + By(ViewPermission.view_id, view.viewId.value), + By(ViewPermission.permission, permissionName) + ) + + // Remove existing conflicting record if any + ViewPermission.find(conditions: _*).foreach(_.delete_!) + + // Insert new permission ViewPermission.create .bank_id(bankId) .account_id(accountId) - .view_id(viewDefinition.viewId.value) + .view_id(view.viewId.value) .permission(permissionName) .extraData(extraData) .save From c0a77c3d3a794e2a562c08d1aa1d9988a46d157b Mon Sep 17 00:00:00 2001 From: hongwei Date: Mon, 14 Jul 2025 15:04:11 +0200 Subject: [PATCH 22/26] feature/viewPermission -- revert all permission fields back --- .../code/api/util/migration/Migration.scala | 24 +- .../MigrationOfViewPermissions.scala | 76 ++-- .../main/scala/code/views/MapperViews.scala | 81 +++++ .../code/views/system/ViewDefinition.scala | 325 +++++++++++++++++- 4 files changed, 453 insertions(+), 53 deletions(-) diff --git a/obp-api/src/main/scala/code/api/util/migration/Migration.scala b/obp-api/src/main/scala/code/api/util/migration/Migration.scala index 3cb356cbb..182f39a70 100644 --- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala +++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala @@ -99,7 +99,7 @@ object Migration extends MdcLoggable { // populateViewDefinitionCanAddTransactionRequestToBeneficiary() // populateViewDefinitionCanSeeTransactionStatus() alterCounterpartyLimitFieldType() -// populateMigrationOfViewPermissions(startedBeforeSchemifier) + populateMigrationOfViewPermissions(startedBeforeSchemifier) } private def dummyScript(): Boolean = { @@ -142,17 +142,17 @@ object Migration extends MdcLoggable { // } // } // -// private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { -// if (startedBeforeSchemifier == true) { -// logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") -// true -// } else { -// val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) -// runOnce(name) { -// MigrationOfViewPermissions.populate(name) -// } -// } -// } + private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { + if (startedBeforeSchemifier == true) { + logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") + true + } else { + val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) + runOnce(name) { + MigrationOfViewPermissions.populate(name) + } + } + } private def generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier: Boolean): Boolean = { if(startedBeforeSchemifier == true) { diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala index e3cbd23f4..13102f0e1 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala @@ -1,38 +1,38 @@ -//package code.api.util.migration -// -//import code.api.util.APIUtil -//import code.api.util.migration.Migration.{DbFunction, saveLog} -//import code.views.MapperViews -//import code.views.system.{ViewDefinition, ViewPermission} -// -//object MigrationOfViewPermissions { -// def populate(name: String): Boolean = { -// DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { -// case true => -// val startDate = System.currentTimeMillis() -// val commitId: String = APIUtil.gitCommit -// -// val allViewDefinitions = ViewDefinition.findAll() -// val viewPermissionRowNumberBefore = ViewPermission.count -// allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) -// val viewPermissionRowNumberAfter = ViewPermission.count -// -// val isSuccessful = true -// val endDate = System.currentTimeMillis() -// -// val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin -// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) -// isSuccessful -// -// case false => -// val startDate = System.currentTimeMillis() -// val commitId: String = APIUtil.gitCommit -// val isSuccessful = false -// val endDate = System.currentTimeMillis() -// val comment: String = -// s"""ViewDefinition or ViewPermission does not exist!""".stripMargin -// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) -// isSuccessful -// } -// } -//} +package code.api.util.migration + +import code.api.util.APIUtil +import code.api.util.migration.Migration.{DbFunction, saveLog} +import code.views.MapperViews +import code.views.system.{ViewDefinition, ViewPermission} + +object MigrationOfViewPermissions { + def populate(name: String): Boolean = { + DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { + case true => + val startDate = System.currentTimeMillis() + val commitId: String = APIUtil.gitCommit + + val allViewDefinitions = ViewDefinition.findAll() + val viewPermissionRowNumberBefore = ViewPermission.count + allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) + val viewPermissionRowNumberAfter = ViewPermission.count + + val isSuccessful = true + val endDate = System.currentTimeMillis() + + val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin + saveLog(name, commitId, isSuccessful, startDate, endDate, comment) + isSuccessful + + case false => + val startDate = System.currentTimeMillis() + val commitId: String = APIUtil.gitCommit + val isSuccessful = false + val endDate = System.currentTimeMillis() + val comment: String = + s"""ViewDefinition or ViewPermission does not exist!""".stripMargin + saveLog(name, commitId, isSuccessful, startDate, endDate, comment) + isSuccessful + } + } +} diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 771798c97..ba2c5f417 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -622,6 +622,87 @@ object MapperViews extends Views with MdcLoggable { theView } + /** + * This migrates the current View permissions to the new ViewPermission model. + * this will not add any new permission, it will only migrate the existing permissions. + * @param viewDefinition + */ + def migrateViewPermissions(viewDefinition: View): Unit = { + + //first, we list all the current view permissions. + val permissionNames: List[String] = ALL_VIEW_PERMISSION_NAMES + + permissionNames.foreach { permissionName => + // CAN_REVOKE_ACCESS_TO_VIEWS and CAN_GRANT_ACCESS_TO_VIEWS are special cases, they have a list of view ids as metadata. + // For the rest of the permissions, they are just boolean values. + if (permissionName == CAN_REVOKE_ACCESS_TO_VIEWS || permissionName == CAN_GRANT_ACCESS_TO_VIEWS) { + + val permissionValueFromViewDefinition = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Option[List[String]]] + + ViewPermission.findViewPermission(viewDefinition, permissionName) match { + // If the permission already exists in ViewPermission, but permissionValueFromViewDefinition is empty, we delete it. + case Full(permission) if permissionValueFromViewDefinition.isEmpty => + permission.delete_! + // If the permission already exists and permissionValueFromViewDefinition is defined, we update the metadata. + case Full(permission) if permissionValueFromViewDefinition.isDefined => + permission.extraData(permissionValueFromViewDefinition.get.mkString(",")).save + //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView + case Empty if (viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(permissionValueFromViewDefinition.get.mkString(",")) + .save + //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView + case Empty if (!viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(permissionValueFromViewDefinition.get.mkString(",")) + .save + case _ => + // This case should not happen, but if it does, we add an error log + logger.error(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") + } + } else { + // For the rest of the permissions, they are just boolean values. + val permissionValue = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Boolean] + + ViewPermission.findViewPermission(viewDefinition, permissionName) match { + // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is false, we delete it. + case Full(permission) if !permissionValue => + permission.delete_! + // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we udpate it. + case Full(permission) if permissionValue => + permission.permission(permissionName).save + //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --systemView + case _ if (viewDefinition.isSystem && permissionValue) => + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .save + //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --customerView + case _ if (!viewDefinition.isSystem && permissionValue) => + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .save + case _ => + // This case should not happen, but if it does, we do nothing + logger.warn(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") + } + } + } + } + def getOrCreateSystemView(viewId: String) : Box[View] = { getExistingSystemView(viewId) match { case Empty => diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index c2f424200..ac3b1b127 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -5,10 +5,9 @@ import code.api.util.APIUtil.{isValidCustomViewId, isValidSystemViewId} import code.api.util.ErrorMessages.{CreateSystemViewError, InvalidCustomViewFormat, InvalidSystemViewFormat} import code.util.{AccountIdString, UUIDString} import com.openbankproject.commons.model._ -import net.liftweb.common.{Box, Full} +import net.liftweb.common.Box import net.liftweb.common.Box.tryo import net.liftweb.mapper._ -import code.api.Constant._ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with ManyToMany with CreatedUpdated{ def getSingleton = ViewDefinition @@ -50,8 +49,301 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many object hideOtherAccountMetadataIfAlias_ extends MappedBoolean(this){ override def defaultValue = false } + + //This is the system views list, custom views please check `canGrantAccessToCustomViews_` field + object canGrantAccessToViews_ extends MappedText(this){ + override def defaultValue = "" + } - def createViewAndPermissions(viewSpecification : ViewSpecification) = { + //This is the system views list.custom views please check `canRevokeAccessToCustomViews_` field + object canRevokeAccessToViews_ extends MappedText(this){ + override def defaultValue = "" + } + + object canRevokeAccessToCustomViews_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canGrantAccessToCustomViews_ extends MappedBoolean(this) { + override def defaultValue = false + } + object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionRequests_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionRequestTypes_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionMetadata_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionDescription_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionAmount_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionType_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionCurrency_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionStartDate_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionFinishDate_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionBalance_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeComments_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOwnerComment_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTags_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeImages_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountOwners_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){ + override def defaultValue = true + } + object canSeeBankAccountType_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountBalance_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canQueryAvailableFunds_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountCurrency_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountLabel_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canUpdateBankAccountLabel_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountSwift_bic_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountIban_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountNumber_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountBankName_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountBankPermalink_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankRoutingScheme_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankRoutingAddress_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountRoutingScheme_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountRoutingAddress_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountNationalIdentifier_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountSWIFT_BIC_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountIBAN_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountBankName_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountNumber_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountMetadata_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountKind_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherBankRoutingScheme_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherBankRoutingAddress_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountRoutingScheme_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOtherAccountRoutingAddress_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeMoreInfo_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeUrl_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeImageUrl_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeOpenCorporatesUrl_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeCorporateLocation_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeePhysicalLocation_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeePublicAlias_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeePrivateAlias_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddMoreInfo_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddURL_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddImageURL_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddOpenCorporatesUrl_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddCorporateLocation_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddPhysicalLocation_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddPublicAlias_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddPrivateAlias_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddCounterparty_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canGetCounterparty_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteCounterparty_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteCorporateLocation_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeletePhysicalLocation_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canEditOwnerComment_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddComment_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteComment_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddTag_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteTag_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddImage_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteImage_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canAddWhereTag_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeWhereTag_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteWhereTag_ extends MappedBoolean(this){ + override def defaultValue = false + } + + //internal transfer between my own accounts + + @deprecated("we added new field `canAddTransactionRequestToBeneficiary_`","25-07-2024") + object canAddTransactionRequestToOwnAccount_ extends MappedBoolean(this){ + override def defaultValue = false + } + + object canAddTransactionRequestToBeneficiary_ extends MappedBoolean(this){ + override def defaultValue = false + } + + // transfer to any account + object canAddTransactionRequestToAnyAccount_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeBankAccountCreditLimit_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canCreateDirectDebit_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canCreateStandingOrder_ extends MappedBoolean(this){ + override def defaultValue = false + } + + object canCreateCustomView_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canDeleteCustomView_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canUpdateCustomView_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canGetCustomView_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeViewsWithPermissionsForAllUsers_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeViewsWithPermissionsForOneUser_ extends MappedBoolean(this){ + override def defaultValue = false + } + object canSeeTransactionStatus_ extends MappedBoolean(this){ + override def defaultValue = false + } + + //Important! If you add a field, be sure to handle it here in this function + def setFromViewData(viewSpecification : ViewSpecification) = { if(viewSpecification.which_alias_to_use == "public"){ usePublicAliasIfOneExists_(true) usePrivateAliasIfOneExists_(false) @@ -78,6 +370,33 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many } + def createViewAndPermissions(viewSpecification : ViewSpecification) = { + if(viewSpecification.which_alias_to_use == "public"){ + usePublicAliasIfOneExists_(true) + usePrivateAliasIfOneExists_(false) + } else if(viewSpecification.which_alias_to_use == "private"){ + usePublicAliasIfOneExists_(false) + usePrivateAliasIfOneExists_(true) + } else { + usePublicAliasIfOneExists_(false) + usePrivateAliasIfOneExists_(false) + } + + hideOtherAccountMetadataIfAlias_(viewSpecification.hide_metadata_if_alias_used) + description_(viewSpecification.description) + isPublic_(viewSpecification.is_public) + isFirehose_(viewSpecification.is_firehose.getOrElse(false)) + metadataView_(viewSpecification.metadata_view) + + ViewPermission.createViewPermissions( + this, + viewSpecification.allowed_actions, + viewSpecification.can_grant_access_to_views.getOrElse(Nil), + viewSpecification.can_revoke_access_to_views.getOrElse(Nil) + ) + + } + def deleteViewPermissions = { ViewPermission.findViewPermissions(this).map(_.delete_!) } From 0e81b981b1f3d517dd35298c93eb513fec5eb9d6 Mon Sep 17 00:00:00 2001 From: hongwei Date: Tue, 15 Jul 2025 09:38:24 +0200 Subject: [PATCH 23/26] refactor/move view methods to ViewNewStyle --- .../SwaggerDefinitionsJSON.scala | 5 + .../scala/code/api/STET/v1_4/AISPApi.scala | 12 +- .../v2_0_0/APIMethods_UKOpenBanking_200.scala | 14 +- .../UKOpenBanking/v3_1_0/BalancesApi.scala | 8 +- .../v3_1_0/TransactionsApi.scala | 11 +- .../AccountInformationServiceAISApi.scala | 7 +- .../main/scala/code/api/util/APIUtil.scala | 4 +- .../main/scala/code/api/util/ApiRole.scala | 13 +- .../main/scala/code/api/util/NewStyle.scala | 184 +-------------- .../code/api/util/newstyle/ViewNewStyle.scala | 219 ++++++++++++++++++ .../scala/code/api/v1_2_1/APIMethods121.scala | 82 +++---- .../scala/code/api/v1_4_0/APIMethods140.scala | 5 +- .../scala/code/api/v2_2_0/APIMethods220.scala | 7 +- .../scala/code/api/v3_0_0/APIMethods300.scala | 26 +-- .../scala/code/api/v3_1_0/APIMethods310.scala | 28 +-- .../scala/code/api/v4_0_0/APIMethods400.scala | 24 +- .../code/api/v4_0_0/JSONFactory4.0.0.scala | 11 +- .../scala/code/api/v5_0_0/APIMethods500.scala | 19 +- .../scala/code/api/v5_1_0/APIMethods510.scala | 38 +-- .../code/api/v5_1_0/JSONFactory5.1.0.scala | 5 + .../LocalMappedConnectorInternal.scala | 3 +- .../code/obp/grpc/HelloWorldServer.scala | 9 +- .../main/scala/code/views/MapperViews.scala | 16 +- .../code/views/system/ViewDefinition.scala | 4 +- .../code/views/system/ViewPermission.scala | 2 +- ...onnectorSetupWithStandardPermissions.scala | 5 +- 26 files changed, 407 insertions(+), 354 deletions(-) create mode 100644 obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala diff --git a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala index 943b7d8c0..d3b9a18b6 100644 --- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala +++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala @@ -5690,6 +5690,11 @@ object SwaggerDefinitionsJSON { lazy val bankAccountBalancesJsonV510 = BankAccountBalancesJsonV510( balances = List(bankAccountBalanceResponseJsonV510) ) + + lazy val createViewPermissionJson = CreateViewPermissionJson( + permission_name = CAN_GRANT_ACCESS_TO_VIEWS, + extra_data = List(SYSTEM_ACCOUNTANT_VIEW_ID, SYSTEM_AUDITOR_VIEW_ID) + ) //The common error or success format. //Just some helper format to use in Json case class NotSupportedYet() diff --git a/obp-api/src/main/scala/code/api/STET/v1_4/AISPApi.scala b/obp-api/src/main/scala/code/api/STET/v1_4/AISPApi.scala index b6f624b27..a2175d0b9 100644 --- a/obp-api/src/main/scala/code/api/STET/v1_4/AISPApi.scala +++ b/obp-api/src/main/scala/code/api/STET/v1_4/AISPApi.scala @@ -6,22 +6,22 @@ import code.api.berlin.group.v1_3.JvalueCaseClass import code.api.util.APIUtil.{defaultBankId, _} import code.api.util.ApiTag._ import code.api.util.ErrorMessages._ -import code.api.util.{ApiTag, NewStyle} import code.api.util.NewStyle.HttpCode +import code.api.util.newstyle.ViewNewStyle +import code.api.util.{ApiTag, NewStyle} import code.bankconnectors.Connector import code.model._ import code.util.Helper import code.views.Views import com.github.dwickern.macros.NameOf.nameOf -import com.openbankproject.commons.model.{AccountId, BankId, BankIdAccountId, ViewId} +import com.openbankproject.commons.ExecutionContext.Implicits.global +import com.openbankproject.commons.model.{AccountId, BankId, BankIdAccountId} import net.liftweb.common.Full import net.liftweb.http.rest.RestHelper import net.liftweb.json import net.liftweb.json._ -import scala.collection.immutable.Nil import scala.collection.mutable.ArrayBuffer -import com.openbankproject.commons.ExecutionContext.Implicits.global import scala.concurrent.Future object APIMethods_AISPApi extends RestHelper { @@ -112,7 +112,7 @@ The ASPSP answers by providing a list of balances on this account. _ <- Helper.booleanToFuture(failMsg= DefaultBankIdNotSet, cc=callContext) { defaultBankId != "DEFAULT_BANK_ID_NOT_SET" } (_, callContext) <- NewStyle.function.getBank(BankId(defaultBankId), callContext) (bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(BankId(defaultBankId), AccountId(accountresourceid), callContext) - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) moderatedAccount <- Future {bankAccount.moderatedBankAccount(view, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), Full(u), callContext)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) } map { unboxFull(_) } @@ -299,7 +299,7 @@ The AISP requests the ASPSP on one of the PSU's accounts. It may specify some se (bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, AccountId(accountresourceid), callContext) - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) params <- Future { createQueriesByHttpParams(callContext.get.requestHeaders)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) diff --git a/obp-api/src/main/scala/code/api/UKOpenBanking/v2_0_0/APIMethods_UKOpenBanking_200.scala b/obp-api/src/main/scala/code/api/UKOpenBanking/v2_0_0/APIMethods_UKOpenBanking_200.scala index 37333138a..93439d2ed 100644 --- a/obp-api/src/main/scala/code/api/UKOpenBanking/v2_0_0/APIMethods_UKOpenBanking_200.scala +++ b/obp-api/src/main/scala/code/api/UKOpenBanking/v2_0_0/APIMethods_UKOpenBanking_200.scala @@ -5,19 +5,17 @@ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON import code.api.util.APIUtil._ import code.api.util.ApiTag._ import code.api.util.ErrorMessages.{InvalidConnectorResponseForGetTransactionRequests210, UnknownError, UserNotLoggedIn, _} -import com.openbankproject.commons.util.ApiVersion -import code.api.util.{ ErrorMessages, NewStyle} +import code.api.util.newstyle.ViewNewStyle +import code.api.util.{ErrorMessages, NewStyle} import code.bankconnectors.Connector import code.model._ -import code.util.Helper import code.views.Views -import com.openbankproject.commons.model.{AccountId, BankId, BankIdAccountId, ViewId} +import com.openbankproject.commons.ExecutionContext.Implicits.global +import com.openbankproject.commons.model.{AccountId, BankId, BankIdAccountId} import net.liftweb.common.Full import net.liftweb.http.rest.RestHelper -import scala.collection.immutable.Nil import scala.collection.mutable.ArrayBuffer -import com.openbankproject.commons.ExecutionContext.Implicits.global import scala.concurrent.Future object APIMethods_UKOpenBanking_200 extends RestHelper{ @@ -92,7 +90,7 @@ object APIMethods_UKOpenBanking_200 extends RestHelper{ (bankAccount, callContext) <- Future { BankAccountX(BankId(defaultBankId), accountId, callContext) } map { x => fullBoxOrException(x ~> APIFailureNewStyle(DefaultBankIdNotSet, 400, callContext.map(_.toLight))) } map { unboxFull(_) } - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) params <- Future { createQueriesByHttpParams(callContext.get.requestHeaders)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) } map { unboxFull(_) } @@ -181,7 +179,7 @@ object APIMethods_UKOpenBanking_200 extends RestHelper{ x => fullBoxOrException(x ~> APIFailureNewStyle(DefaultBankIdNotSet, 400, callContext.map(_.toLight))) } map { unboxFull(_) } - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) moderatedAccount <- Future {account.moderatedBankAccount(view, BankIdAccountId(account.bankId, account.accountId), Full(u), callContext)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) diff --git a/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/BalancesApi.scala b/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/BalancesApi.scala index 7ce9f571c..afa47da0d 100644 --- a/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/BalancesApi.scala +++ b/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/BalancesApi.scala @@ -3,21 +3,19 @@ package code.api.UKOpenBanking.v3_1_0 import code.api.Constant import code.api.berlin.group.v1_3.JvalueCaseClass import code.api.util.APIUtil._ -import code.api.util.ApiTag._ import code.api.util.ErrorMessages._ +import code.api.util.newstyle.ViewNewStyle import code.api.util.{ApiTag, NewStyle} - import code.views.Views import com.github.dwickern.macros.NameOf.nameOf +import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.model.{AccountId, BankIdAccountId, View, ViewId} import net.liftweb.common.Full import net.liftweb.http.rest.RestHelper import net.liftweb.json import net.liftweb.json._ -import scala.collection.immutable.Nil import scala.collection.mutable.ArrayBuffer -import com.openbankproject.commons.ExecutionContext.Implicits.global object APIMethods_BalancesApi extends RestHelper { val apiVersion = OBP_UKOpenBanking_310.apiVersion @@ -117,7 +115,7 @@ object APIMethods_BalancesApi extends RestHelper { _ <- NewStyle.function.checkUKConsent(user, callContext) _ <- passesPsd2Aisp(callContext) (account, callContext) <- NewStyle.function.getBankAccountByAccountId(accountId, callContext) - view: View <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, accountId), Full(user), callContext) + view: View <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, accountId), Full(user), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, Full(user), callContext) } yield { (JSONFactory_UKOpenBanking_310.createAccountBalanceJSON(moderatedAccount), callContext) diff --git a/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/TransactionsApi.scala b/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/TransactionsApi.scala index 838e4aac2..5a5718106 100644 --- a/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/TransactionsApi.scala +++ b/obp-api/src/main/scala/code/api/UKOpenBanking/v3_1_0/TransactionsApi.scala @@ -1,25 +1,24 @@ package code.api.UKOpenBanking.v3_1_0 -import code.api.{APIFailureNewStyle, Constant} import code.api.berlin.group.v1_3.JvalueCaseClass import code.api.util.APIUtil.{defaultBankId, _} import code.api.util.ApiTag._ import code.api.util.ErrorMessages._ +import code.api.util.newstyle.ViewNewStyle import code.api.util.{ApiTag, NewStyle} +import code.api.{APIFailureNewStyle, Constant} import code.bankconnectors.Connector import code.model._ import code.views.Views import com.github.dwickern.macros.NameOf.nameOf -import com.openbankproject.commons.model.{AccountId, BankId, BankIdAccountId, TransactionAttribute, ViewId} +import com.openbankproject.commons.ExecutionContext.Implicits.global +import com.openbankproject.commons.model._ import net.liftweb.common.Full import net.liftweb.http.rest.RestHelper import net.liftweb.json import net.liftweb.json._ -import scala.collection.immutable.Nil import scala.collection.mutable.ArrayBuffer -import com.openbankproject.commons.ExecutionContext.Implicits.global - import scala.concurrent.Future object APIMethods_TransactionsApi extends RestHelper { @@ -758,7 +757,7 @@ object APIMethods_TransactionsApi extends RestHelper { _ <- passesPsd2Aisp(callContext) (account, callContext) <- NewStyle.function.getBankAccountByAccountId(accountId, callContext) (bank, callContext) <- NewStyle.function.getBank(account.bankId, callContext) - view <- NewStyle.function.checkViewsAccessAndReturnView(detailViewId, basicViewId, BankIdAccountId(account.bankId, accountId), Full(u), callContext) + view <- ViewNewStyle.checkViewsAccessAndReturnView(detailViewId, basicViewId, BankIdAccountId(account.bankId, accountId), Full(u), callContext) params <- Future { createQueriesByHttpParams(callContext.get.requestHeaders)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) } map { unboxFull(_) } diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala index 99b8d8c26..148a33d99 100644 --- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala +++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala @@ -11,6 +11,7 @@ import code.api.util.ApiTag._ import code.api.util.ErrorMessages._ import code.api.util.NewStyle.HttpCode import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.consent.{ConsentStatus, Consents} import code.context.{ConsentAuthContextProvider, UserAuthContextProvider} import code.model @@ -641,7 +642,7 @@ Reads account data from a given card account addressed by "account-id". (bank, callContext) <- NewStyle.function.getBank(bankAccount.bankId, callContext) viewId = ViewId(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID) bankIdAccountId = BankIdAccountId(bankAccount.bankId, bankAccount.accountId) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(u), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(u), callContext) params <- Future { createQueriesByHttpParams(callContext.get.requestHeaders)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) } map { unboxFull(_) } @@ -875,7 +876,7 @@ of the "Read Transaction List" call within the _links subfield. (account: BankAccount, callContext) <- NewStyle.function.getBankAccountByAccountId(AccountId(accountId), callContext) viewId = ViewId(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID) bankIdAccountId = BankIdAccountId(account.bankId, account.accountId) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(user), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(user), callContext) (moderatedTransaction, callContext) <- account.moderatedTransactionFuture(TransactionId(transactionId), view, Some(user), callContext) map { unboxFullOrFail(_, callContext, GetTransactionsException) } @@ -969,7 +970,7 @@ The ASPSP might add balance information, if transaction lists without balances a (bank, callContext) <- NewStyle.function.getBank(bankAccount.bankId, callContext) viewId = ViewId(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID) bankIdAccountId = BankIdAccountId(bankAccount.bankId, bankAccount.accountId) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(u), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(u), callContext) params <- Future { createQueriesByHttpParams(callContext.get.requestHeaders)} map { x => fullBoxOrException(x ~> APIFailureNewStyle(UnknownError, 400, callContext.map(_.toLight))) } map { unboxFull(_) } diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index 27c7c0d46..83c448027 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -26,7 +26,6 @@ TESOBE (http://www.tesobe.com/) */ package code.api.util - import bootstrap.liftweb.CustomDBVendor import code.accountholders.AccountHolders import code.api.Constant._ @@ -49,6 +48,7 @@ import code.api.util.ApiTag.{ResourceDocTag, apiTagBank} import code.api.util.BerlinGroupSigning.getCertificateFromTppSignatureCertificate import code.api.util.FutureUtil.{EndpointContext, EndpointTimeout} import code.api.util.Glossary.GlossaryItem +import code.api.util.newstyle.ViewNewStyle import code.api.v1_2.ErrorMessage import code.api.v2_0_0.CreateEntitlementJSON import code.api.v2_2_0.OBPAPI2_2_0.Implementations2_2_0 @@ -4326,7 +4326,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ case x => NewStyle.function.getBankAccount(x, _, _) } private val checkViewFun: PartialFunction[ViewId, (BankIdAccountId, Option[User], Option[CallContext]) => Future[View]] = { - case x => NewStyle.function.checkViewAccessAndReturnView(x, _, _, _) + case x => ViewNewStyle.checkViewAccessAndReturnView(x, _, _, _) } private val checkCounterpartyFun: PartialFunction[CounterpartyId, Option[CallContext] => OBPReturnType[CounterpartyTrait]] = { case x => NewStyle.function.getCounterpartyByCounterpartyId(x, _) diff --git a/obp-api/src/main/scala/code/api/util/ApiRole.scala b/obp-api/src/main/scala/code/api/util/ApiRole.scala index 07862ae15..1a783caf0 100644 --- a/obp-api/src/main/scala/code/api/util/ApiRole.scala +++ b/obp-api/src/main/scala/code/api/util/ApiRole.scala @@ -1,14 +1,13 @@ package code.api.util -import code.api.dynamic.endpoint.helper.DynamicEndpointHelper - -import java.util.concurrent.ConcurrentHashMap import code.api.dynamic.endpoint.helper.DynamicEndpointHelper import code.api.dynamic.entity.helper.DynamicEntityHelper import code.util.Helper.MdcLoggable import com.openbankproject.commons.util.{JsonAble, ReflectUtils} -import net.liftweb.json.{Formats, JsonAST} import net.liftweb.json.JsonDSL._ +import net.liftweb.json.{Formats, JsonAST} + +import java.util.concurrent.ConcurrentHashMap sealed trait ApiRole extends JsonAble { val requiresBankId: Boolean @@ -210,6 +209,12 @@ object ApiRole extends MdcLoggable{ case class CanCreateEntitlementAtOneBank(requiresBankId: Boolean = true) extends ApiRole lazy val canCreateEntitlementAtOneBank = CanCreateEntitlementAtOneBank() + + case class CanCreateSystemViewPermission(requiresBankId: Boolean = false) extends ApiRole + lazy val canCreateSystemViewPermission = CanCreateSystemViewPermission() + + case class CanDeleteSystemViewPermission(requiresBankId: Boolean = false) extends ApiRole + lazy val canDeleteSystemViewPermission = CanDeleteSystemViewPermission() case class CanDeleteEntitlementAtOneBank(requiresBankId: Boolean = true) extends ApiRole lazy val canDeleteEntitlementAtOneBank = CanDeleteEntitlementAtOneBank() diff --git a/obp-api/src/main/scala/code/api/util/NewStyle.scala b/obp-api/src/main/scala/code/api/util/NewStyle.scala index edfc7ddcf..41797fa88 100644 --- a/obp-api/src/main/scala/code/api/util/NewStyle.scala +++ b/obp-api/src/main/scala/code/api/util/NewStyle.scala @@ -467,42 +467,7 @@ object NewStyle extends MdcLoggable{ } map { fullBoxOrException(_) } map { unboxFull(_) } - def grantAccessToView(account: BankAccount, u: User, bankIdAccountIdViewId : BankIdAccountIdViewId, provider : String, providerId: String, callContext: Option[CallContext]) = Future { - account.grantAccessToView(u, bankIdAccountIdViewId, provider, providerId, callContext: Option[CallContext]) - } map { - x => (unboxFullOrFail( - x, - callContext, - UserLacksPermissionCanGrantAccessToViewForTargetAccount + s"Current ViewId(${bankIdAccountIdViewId.viewId.value}) and current UserId(${u.userId})", - 403), - callContext - ) - } - - def grantAccessToMultipleViews(account: BankAccount, u: User, bankIdAccountIdViewIds : List[BankIdAccountIdViewId], provider : String, providerId: String, callContext: Option[CallContext]) = Future { - account.grantAccessToMultipleViews(u, bankIdAccountIdViewIds, provider, providerId, callContext: Option[CallContext]) - } map { - x => - (unboxFullOrFail( - x, - callContext, - UserLacksPermissionCanGrantAccessToViewForTargetAccount + s"Current ViewIds(${bankIdAccountIdViewIds}) and current UserId(${u.userId})", - 403), - callContext - ) - } - def revokeAccessToView(account: BankAccount, u: User, bankIdAccountIdViewId : BankIdAccountIdViewId, provider : String, providerId: String, callContext: Option[CallContext]) = Future { - account.revokeAccessToView(u, bankIdAccountIdViewId, provider, providerId, callContext: Option[CallContext]) - } map { - x => - (unboxFullOrFail( - x, - callContext, - UserLacksPermissionCanRevokeAccessToViewForTargetAccount + s"Current ViewId(${bankIdAccountIdViewId.viewId.value}) and current UserId(${u.userId})", - 403), - callContext - ) - } + def revokeAllAccountAccess(account: BankAccount, u: User, provider : String, providerId: String, callContext: Option[CallContext]) = Future { account.revokeAllAccountAccess(u, provider, providerId, callContext) } map { @@ -545,53 +510,7 @@ object NewStyle extends MdcLoggable{ Connector.connector.vend.getTransactionsCore(bankId: BankId, accountId: AccountId, queryParams: List[OBPQueryParam], callContext: Option[CallContext]) map { i => (unboxFullOrFail(i._1, callContext,s"$InvalidConnectorResponseForGetTransactions", 400 ), i._2) } - def checkOwnerViewAccessAndReturnOwnerView(user: User, bankAccountId: BankIdAccountId, callContext: Option[CallContext]) : Future[View] = { - Future {user.checkOwnerViewAccessAndReturnOwnerView(bankAccountId, callContext)} map { - unboxFullOrFail(_, callContext, s"$UserNoOwnerView" +"userId : " + user.userId + ". bankId : " + s"${bankAccountId.bankId}" + ". accountId : " + s"${bankAccountId.accountId}") - } - } - - def checkViewAccessAndReturnView(viewId : ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Future[View] = { - Future{ - APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user, callContext) - } map { - unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${viewId.value}") - } - } - def checkAccountAccessAndGetView(viewId : ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Future[View] = { - Future{ - APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user, callContext) - } map { - unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${viewId.value}", 403) - } - } - def checkViewsAccessAndReturnView(firstView : ViewId, secondView : ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]) : Future[View] = { - Future{ - APIUtil.checkViewAccessAndReturnView(firstView, bankAccountId, user, callContext).or( - APIUtil.checkViewAccessAndReturnView(secondView, bankAccountId, user, callContext) - ) - } map { - unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${firstView.value} or ${secondView.value}") - } - } - def checkBalancingTransactionAccountAccessAndReturnView(doubleEntryTransaction: DoubleEntryTransaction, user: Option[User], callContext: Option[CallContext]) : Future[View] = { - val debitBankAccountId = BankIdAccountId( - doubleEntryTransaction.debitTransactionBankId, - doubleEntryTransaction.debitTransactionAccountId - ) - val creditBankAccountId = BankIdAccountId( - doubleEntryTransaction.creditTransactionBankId, - doubleEntryTransaction.creditTransactionAccountId - ) - val ownerViewId = ViewId(Constant.SYSTEM_OWNER_VIEW_ID) - Future{ - APIUtil.checkViewAccessAndReturnView(ownerViewId, debitBankAccountId, user, callContext).or( - APIUtil.checkViewAccessAndReturnView(ownerViewId, creditBankAccountId, user, callContext) - ) - } map { - unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${ownerViewId.value}") - } - } + def checkAuthorisationToCreateTransactionRequest(viewId : ViewId, bankAccountId: BankIdAccountId, user: User, callContext: Option[CallContext]) : Future[Boolean] = { Future{ @@ -604,84 +523,6 @@ object NewStyle extends MdcLoggable{ ) } } - - def customView(viewId : ViewId, bankAccountId: BankIdAccountId, callContext: Option[CallContext]) : Future[View] = { - Views.views.vend.customViewFuture(viewId, bankAccountId) map { - unboxFullOrFail(_, callContext, s"$ViewNotFound. Current ViewId is $viewId") - } - } - - def systemView(viewId : ViewId, callContext: Option[CallContext]) : Future[View] = { - Views.views.vend.systemViewFuture(viewId) map { - unboxFullOrFail(_, callContext, s"$SystemViewNotFound. Current ViewId is $viewId") - } - } - def systemViews(): Future[List[View]] = { - Views.views.vend.getSystemViews() - } - def grantAccessToCustomView(view : View, user: User, callContext: Option[CallContext]) : Future[View] = { - view.isSystem match { - case false => - Future(Views.views.vend.grantAccessToCustomView(BankIdAccountIdViewId(view.bankId, view.accountId, view.viewId), user)) map { - unboxFullOrFail(_, callContext, s"$CannotGrantAccountAccess Current ViewId is ${view.viewId.value}") - } - case true => - Future(Empty) map { - unboxFullOrFail(_, callContext, s"This function cannot be used for system views.") - } - } - } - def revokeAccessToCustomView(view : View, user: User, callContext: Option[CallContext]) : Future[Boolean] = { - view.isSystem match { - case false => - Future(Views.views.vend.revokeAccess(BankIdAccountIdViewId(view.bankId, view.accountId, view.viewId), user)) map { - unboxFullOrFail(_, callContext, s"$CannotRevokeAccountAccess Current ViewId is ${view.viewId.value}") - } - case true => - Future(Empty) map { - unboxFullOrFail(_, callContext, s"This function cannot be used for system views.") - } - } - } - def grantAccessToSystemView(bankId: BankId, accountId: AccountId, view : View, user: User, callContext: Option[CallContext]) : Future[View] = { - view.isSystem match { - case true => - Future(Views.views.vend.grantAccessToSystemView(bankId, accountId, view, user)) map { - unboxFullOrFail(_, callContext, s"$CannotGrantAccountAccess Current ViewId is ${view.viewId.value}") - } - case false => - Future(Empty) map { - unboxFullOrFail(_, callContext, s"This function cannot be used for custom views.") - } - } - } - def revokeAccessToSystemView(bankId: BankId, accountId: AccountId, view : View, user: User, callContext: Option[CallContext]) : Future[Boolean] = { - view.isSystem match { - case true => - Future(Views.views.vend.revokeAccessToSystemView(bankId, accountId, view, user)) map { - unboxFullOrFail(_, callContext, s"$CannotRevokeAccountAccess Current ViewId is ${view.viewId.value}") - } - case false => - Future(Empty) map { - unboxFullOrFail(_, callContext, s"This function cannot be used for custom views.") - } - } - } - def createSystemView(view: CreateViewJson, callContext: Option[CallContext]) : Future[View] = { - Views.views.vend.createSystemView(view) map { - unboxFullOrFail(_, callContext, s"$CreateSystemViewError") - } - } - def updateSystemView(viewId: ViewId, view: UpdateViewJSON, callContext: Option[CallContext]) : Future[View] = { - Views.views.vend.updateSystemView(viewId, view) map { - unboxFullOrFail(_, callContext, s"$UpdateSystemViewError") - } - } - def deleteSystemView(viewId : ViewId, callContext: Option[CallContext]) : Future[Boolean] = { - Views.views.vend.removeSystemView(viewId) map { - unboxFullOrFail(_, callContext, s"$DeleteSystemViewError") - } - } def getConsumerByConsumerId(consumerId: String, callContext: Option[CallContext]): Future[Consumer] = { Consumers.consumers.vend.getConsumerByConsumerIdFuture(consumerId) map { @@ -4238,27 +4079,6 @@ object NewStyle extends MdcLoggable{ , callContext) } - def createCustomView(bankAccountId: BankIdAccountId, createViewJson: CreateViewJson, callContext: Option[CallContext]): OBPReturnType[View] = - Future { - Views.views.vend.createCustomView(bankAccountId, createViewJson) - } map { i => - (unboxFullOrFail(i, callContext, s"$CreateCustomViewError"), callContext) - } - - def updateCustomView(bankAccountId : BankIdAccountId, viewId : ViewId, viewUpdateJson : UpdateViewJSON, callContext: Option[CallContext]): OBPReturnType[View] = - Future { - Views.views.vend.updateCustomView(bankAccountId, viewId, viewUpdateJson) - } map { i => - (unboxFullOrFail(i, callContext, s"$UpdateCustomViewError"), callContext) - } - - def removeCustomView(viewId: ViewId, bankAccountId: BankIdAccountId, callContext: Option[CallContext]) = - Future { - Views.views.vend.removeCustomView(viewId, bankAccountId) - } map { i => - (unboxFullOrFail(i, callContext, s"$DeleteCustomViewError"), callContext) - } - def createOrUpdateCounterpartyLimit( bankId: String, accountId: String, diff --git a/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala b/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala new file mode 100644 index 000000000..fb270f22d --- /dev/null +++ b/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala @@ -0,0 +1,219 @@ +package code.api.util.newstyle + +import code.api.Constant +import code.api.util.APIUtil.{OBPReturnType, unboxFullOrFail} +import code.api.util.ErrorMessages._ +import code.api.util.{APIUtil, CallContext} +import code.model._ +import code.views.Views +import com.openbankproject.commons.model._ +import net.liftweb.common._ + +import scala.concurrent.Future + +object ViewNewStyle { + + import com.openbankproject.commons.ExecutionContext.Implicits.global + + def customView(viewId: ViewId, bankAccountId: BankIdAccountId, callContext: Option[CallContext]): Future[View] = { + Views.views.vend.customViewFuture(viewId, bankAccountId) map { + unboxFullOrFail(_, callContext, s"$ViewNotFound. Current ViewId is $viewId") + } + } + + def systemView(viewId: ViewId, callContext: Option[CallContext]): Future[View] = { + Views.views.vend.systemViewFuture(viewId) map { + unboxFullOrFail(_, callContext, s"$SystemViewNotFound. Current ViewId is $viewId") + } + } + + def systemViews(): Future[List[View]] = { + Views.views.vend.getSystemViews() + } + + + def grantAccessToCustomView(view: View, user: User, callContext: Option[CallContext]): Future[View] = { + view.isSystem match { + case false => + Future(Views.views.vend.grantAccessToCustomView(BankIdAccountIdViewId(view.bankId, view.accountId, view.viewId), user)) map { + unboxFullOrFail(_, callContext, s"$CannotGrantAccountAccess Current ViewId is ${view.viewId.value}") + } + case true => + Future(Empty) map { + unboxFullOrFail(_, callContext, s"This function cannot be used for system views.") + } + } + } + + def revokeAccessToCustomView(view: View, user: User, callContext: Option[CallContext]): Future[Boolean] = { + view.isSystem match { + case false => + Future(Views.views.vend.revokeAccess(BankIdAccountIdViewId(view.bankId, view.accountId, view.viewId), user)) map { + unboxFullOrFail(_, callContext, s"$CannotRevokeAccountAccess Current ViewId is ${view.viewId.value}") + } + case true => + Future(Empty) map { + unboxFullOrFail(_, callContext, s"This function cannot be used for system views.") + } + } + } + + def grantAccessToSystemView(bankId: BankId, accountId: AccountId, view: View, user: User, callContext: Option[CallContext]): Future[View] = { + view.isSystem match { + case true => + Future(Views.views.vend.grantAccessToSystemView(bankId, accountId, view, user)) map { + unboxFullOrFail(_, callContext, s"$CannotGrantAccountAccess Current ViewId is ${view.viewId.value}") + } + case false => + Future(Empty) map { + unboxFullOrFail(_, callContext, s"This function cannot be used for custom views.") + } + } + } + + def revokeAccessToSystemView(bankId: BankId, accountId: AccountId, view: View, user: User, callContext: Option[CallContext]): Future[Boolean] = { + view.isSystem match { + case true => + Future(Views.views.vend.revokeAccessToSystemView(bankId, accountId, view, user)) map { + unboxFullOrFail(_, callContext, s"$CannotRevokeAccountAccess Current ViewId is ${view.viewId.value}") + } + case false => + Future(Empty) map { + unboxFullOrFail(_, callContext, s"This function cannot be used for custom views.") + } + } + } + + def createSystemView(view: CreateViewJson, callContext: Option[CallContext]): Future[View] = { + Views.views.vend.createSystemView(view) map { + unboxFullOrFail(_, callContext, s"$CreateSystemViewError") + } + } + + def updateSystemView(viewId: ViewId, view: UpdateViewJSON, callContext: Option[CallContext]): Future[View] = { + Views.views.vend.updateSystemView(viewId, view) map { + unboxFullOrFail(_, callContext, s"$UpdateSystemViewError") + } + } + + def deleteSystemView(viewId: ViewId, callContext: Option[CallContext]): Future[Boolean] = { + Views.views.vend.removeSystemView(viewId) map { + unboxFullOrFail(_, callContext, s"$DeleteSystemViewError") + } + } + + def checkOwnerViewAccessAndReturnOwnerView(user: User, bankAccountId: BankIdAccountId, callContext: Option[CallContext]): Future[View] = { + Future { + user.checkOwnerViewAccessAndReturnOwnerView(bankAccountId, callContext) + } map { + unboxFullOrFail(_, callContext, s"$UserNoOwnerView" + "userId : " + user.userId + ". bankId : " + s"${bankAccountId.bankId}" + ". accountId : " + s"${bankAccountId.accountId}") + } + } + + def checkViewAccessAndReturnView(viewId: ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]): Future[View] = { + Future { + APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user, callContext) + } map { + unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${viewId.value}") + } + } + + def checkAccountAccessAndGetView(viewId: ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]): Future[View] = { + Future { + APIUtil.checkViewAccessAndReturnView(viewId, bankAccountId, user, callContext) + } map { + unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${viewId.value}", 403) + } + } + + def checkViewsAccessAndReturnView(firstView: ViewId, secondView: ViewId, bankAccountId: BankIdAccountId, user: Option[User], callContext: Option[CallContext]): Future[View] = { + Future { + APIUtil.checkViewAccessAndReturnView(firstView, bankAccountId, user, callContext).or( + APIUtil.checkViewAccessAndReturnView(secondView, bankAccountId, user, callContext) + ) + } map { + unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${firstView.value} or ${secondView.value}") + } + } + + def checkBalancingTransactionAccountAccessAndReturnView(doubleEntryTransaction: DoubleEntryTransaction, user: Option[User], callContext: Option[CallContext]): Future[View] = { + val debitBankAccountId = BankIdAccountId( + doubleEntryTransaction.debitTransactionBankId, + doubleEntryTransaction.debitTransactionAccountId + ) + val creditBankAccountId = BankIdAccountId( + doubleEntryTransaction.creditTransactionBankId, + doubleEntryTransaction.creditTransactionAccountId + ) + val ownerViewId = ViewId(Constant.SYSTEM_OWNER_VIEW_ID) + Future { + APIUtil.checkViewAccessAndReturnView(ownerViewId, debitBankAccountId, user, callContext).or( + APIUtil.checkViewAccessAndReturnView(ownerViewId, creditBankAccountId, user, callContext) + ) + } map { + unboxFullOrFail(_, callContext, s"$UserNoPermissionAccessView Current ViewId is ${ownerViewId.value}") + } + } + + + def createCustomView(bankAccountId: BankIdAccountId, createViewJson: CreateViewJson, callContext: Option[CallContext]): OBPReturnType[View] = + Future { + Views.views.vend.createCustomView(bankAccountId, createViewJson) + } map { i => + (unboxFullOrFail(i, callContext, s"$CreateCustomViewError"), callContext) + } + + def updateCustomView(bankAccountId: BankIdAccountId, viewId: ViewId, viewUpdateJson: UpdateViewJSON, callContext: Option[CallContext]): OBPReturnType[View] = + Future { + Views.views.vend.updateCustomView(bankAccountId, viewId, viewUpdateJson) + } map { i => + (unboxFullOrFail(i, callContext, s"$UpdateCustomViewError"), callContext) + } + + def removeCustomView(viewId: ViewId, bankAccountId: BankIdAccountId, callContext: Option[CallContext]) = + Future { + Views.views.vend.removeCustomView(viewId, bankAccountId) + } map { i => + (unboxFullOrFail(i, callContext, s"$DeleteCustomViewError"), callContext) + } + + def grantAccessToView(account: BankAccount, u: User, bankIdAccountIdViewId: BankIdAccountIdViewId, provider: String, providerId: String, callContext: Option[CallContext]) = Future { + account.grantAccessToView(u, bankIdAccountIdViewId, provider, providerId, callContext: Option[CallContext]) + } map { + x => + (unboxFullOrFail( + x, + callContext, + UserLacksPermissionCanGrantAccessToViewForTargetAccount + s"Current ViewId(${bankIdAccountIdViewId.viewId.value}) and current UserId(${u.userId})", + 403), + callContext + ) + } + + def grantAccessToMultipleViews(account: BankAccount, u: User, bankIdAccountIdViewIds: List[BankIdAccountIdViewId], provider: String, providerId: String, callContext: Option[CallContext]) = Future { + account.grantAccessToMultipleViews(u, bankIdAccountIdViewIds, provider, providerId, callContext: Option[CallContext]) + } map { + x => + (unboxFullOrFail( + x, + callContext, + UserLacksPermissionCanGrantAccessToViewForTargetAccount + s"Current ViewIds(${bankIdAccountIdViewIds}) and current UserId(${u.userId})", + 403), + callContext + ) + } + + def revokeAccessToView(account: BankAccount, u: User, bankIdAccountIdViewId: BankIdAccountIdViewId, provider: String, providerId: String, callContext: Option[CallContext]) = Future { + account.revokeAccessToView(u, bankIdAccountIdViewId, provider, providerId, callContext: Option[CallContext]) + } map { + x => + (unboxFullOrFail( + x, + callContext, + UserLacksPermissionCanRevokeAccessToViewForTargetAccount + s"Current ViewId(${bankIdAccountIdViewId.viewId.value}) and current UserId(${u.userId})", + 403), + callContext + ) + } + +} diff --git a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala index 2dc61c52b..f55e488a2 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala @@ -9,6 +9,7 @@ import code.api.util.ErrorMessages._ import code.api.util.FutureUtil.EndpointContext import code.api.util.NewStyle.HttpCode import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.bankconnectors._ import code.metadata.counterparties.Counterparties import code.model.{BankAccountX, BankX, ModeratedTransactionMetadata, UserX, toBankAccountExtended, toBankExtended} @@ -25,7 +26,6 @@ import net.liftweb.http.rest.RestHelper import net.liftweb.json.Extraction import net.liftweb.json.JsonAST.JValue import net.liftweb.util.Helpers._ -import net.liftweb.util.StringHelpers import java.net.URL import java.util.UUID.randomUUID @@ -92,7 +92,7 @@ trait APIMethods121 { private def moderatedTransactionMetadataFuture(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionID : TransactionId, user : Box[User], callContext: Option[CallContext]): Future[ModeratedTransactionMetadata] = { for { (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view: View <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext) + view: View <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext) (moderatedTransaction, callContext) <- account.moderatedTransactionFuture(transactionID, view, user, callContext) map { unboxFullOrFail(_, callContext, GetTransactionsException) } @@ -710,7 +710,7 @@ trait APIMethods121 { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) // custom views start with `_` eg _play, _work, and System views start with a letter, eg: owner _ <- Helper.booleanToFuture(InvalidCustomViewFormat+s"Current view_name (${viewId.value})", cc=callContext) { viewId.value.startsWith("_") } - _ <- NewStyle.function.customView(viewId, BankIdAccountId(bankId, accountId), callContext) + _ <- ViewNewStyle.customView(viewId, BankIdAccountId(bankId, accountId), callContext) anyViewContainsCanDeleteCustomViewPermission = Views.views.vend.permission(BankIdAccountId(account.bankId, account.accountId), u) .map(_.views.map(_.allowed_actions.exists(_ == CAN_DELETE_CUSTOM_VIEW))).getOrElse(Nil).find(_.==(true)).getOrElse(false) @@ -721,7 +721,7 @@ trait APIMethods121 { anyViewContainsCanDeleteCustomViewPermission } - deleted <- NewStyle.function.removeCustomView(viewId, BankIdAccountId(bankId, accountId),callContext) + deleted <- ViewNewStyle.removeCustomView(viewId, BankIdAccountId(bankId, accountId),callContext) } yield { (Full(deleted), HttpCode.`204`(callContext)) } @@ -847,7 +847,7 @@ trait APIMethods121 { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) failMsg = "wrong format JSON" viewIds <- NewStyle.function.tryons(failMsg, 400, callContext) { json.extract[ViewIdsJson] } - (addedViews, callContext) <- NewStyle.function.grantAccessToMultipleViews( + (addedViews, callContext) <- ViewNewStyle.grantAccessToMultipleViews( account, u, viewIds.views.map(viewIdString => BankIdAccountIdViewId(bankId, accountId,ViewId(viewIdString))), provider, @@ -894,7 +894,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) - (addedView, callContext) <- NewStyle.function.grantAccessToView(account, u, BankIdAccountIdViewId(bankId, accountId, viewId), provider, providerId, callContext) + (addedView, callContext) <- ViewNewStyle.grantAccessToView(account, u, BankIdAccountIdViewId(bankId, accountId, viewId), provider, providerId, callContext) } yield { val viewJson = JSONFactory.createViewJSON(addedView) (viewJson, HttpCode.`201`(callContext)) @@ -954,7 +954,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) - _ <- NewStyle.function.revokeAccessToView(account, u, BankIdAccountIdViewId(bankId, accountId, viewId), provider, providerId, callContext) + _ <- ViewNewStyle.revokeAccessToView(account, u, BankIdAccountIdViewId(bankId, accountId, viewId), provider, providerId, callContext) } yield { (Full(""), HttpCode.`204`(callContext)) } @@ -1022,7 +1022,7 @@ trait APIMethods121 { cc => implicit val ec = EndpointContext(Some(cc)) for { (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, Some(cc)) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), cc.user, callContext) (otherBankAccounts, callContext) <- NewStyle.function.moderatedOtherBankAccounts(account, view, cc.user, callContext) } yield { (JSONFactory.createOtherBankAccountsJSON(otherBankAccounts), HttpCode.`200`(callContext)) @@ -1052,7 +1052,7 @@ trait APIMethods121 { for { (u, callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), u, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), u, callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, u, callContext) } yield { val otherBankAccountJson = JSONFactory.createOtherBankAccount(otherBankAccount) @@ -1084,7 +1084,7 @@ trait APIMethods121 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1123,7 +1123,7 @@ trait APIMethods121 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1175,7 +1175,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1228,7 +1228,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1279,7 +1279,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1326,7 +1326,7 @@ trait APIMethods121 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1372,7 +1372,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1424,7 +1424,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1475,7 +1475,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1524,7 +1524,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1573,7 +1573,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1621,7 +1621,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1670,7 +1670,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1719,7 +1719,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1767,7 +1767,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1815,7 +1815,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1863,7 +1863,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1905,7 +1905,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -1952,7 +1952,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2001,7 +2001,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2049,7 +2049,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2097,7 +2097,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2152,7 +2152,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2203,7 +2203,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2254,7 +2254,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2309,7 +2309,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2360,7 +2360,7 @@ trait APIMethods121 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (otherBankAccount, callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, Full(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$NoViewPermission can_see_other_account_metadata. Current ViewId($viewId)", cc=callContext) { otherBankAccount.metadata.isDefined @@ -2745,7 +2745,7 @@ trait APIMethods121 { for { (Full(user), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(user), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(user), callContext) metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, Full(user), callContext) delete <- Future(metadata.deleteComment(commentId, Full(user), account, view, callContext)) map { unboxFullOrFail(_, callContext, "") @@ -2864,7 +2864,7 @@ trait APIMethods121 { cc => implicit val ec = EndpointContext(Some(cc)) for { (Full(user), callContext) <- authenticatedAccess(cc) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(user), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(user), callContext) metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, Full(user), callContext) (bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) delete <- Future(metadata.deleteTag(tagId, Full(user), bankAccount, view, callContext)) map { @@ -2989,7 +2989,7 @@ trait APIMethods121 { for { (Full(user), callContext) <- authenticatedAccess(cc) metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, Full(user), callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(user), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(user), callContext) (account, _) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) delete <- Future(metadata.deleteImage(imageId, Full(user), account, view, callContext)) map { unboxFullOrFail(_, callContext, "") @@ -3162,7 +3162,7 @@ trait APIMethods121 { for { (user, callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext) metadata <- moderatedTransactionMetadataFuture(bankId, accountId, viewId, transactionId, user, callContext) delete <- Future(metadata.deleteWhereTag(viewId, user, account, view, callContext)) map { unboxFullOrFail(_, callContext, "Delete not completed") @@ -3196,7 +3196,7 @@ trait APIMethods121 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (moderatedTransaction, callContext) <- account.moderatedTransactionFuture(transactionId, view, Full(u), callContext) map { unboxFullOrFail(_, callContext, GetTransactionsException) } diff --git a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala index c07d4ebd0..a8ac7072c 100644 --- a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala +++ b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala @@ -6,6 +6,7 @@ import code.api.util.ApiTag._ import code.api.util.FutureUtil.EndpointContext import code.api.util.NewStyle.HttpCode import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.api.v1_2_1.JSONFactory import code.api.v1_4_0.JSONFactory1_4_0._ import code.api.v2_0_0.CreateCustomerJson @@ -24,7 +25,7 @@ import net.liftweb.http.rest.RestHelper import net.liftweb.json.Extraction import net.liftweb.json.JsonAST.JValue import net.liftweb.util.Helpers.tryo -import net.liftweb.util.{Props, StringHelpers} +import net.liftweb.util.Props import scala.collection.immutable.{List, Nil} import scala.concurrent.Future @@ -451,7 +452,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{ (fromAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) failMsg = ErrorMessages.InvalidISOCurrencyCode.concat("Please specify a valid value for CURRENCY of your Bank Account. ") _ <- NewStyle.function.isValidCurrencyISOCode(fromAccount.currency, failMsg, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUEST_TYPES)}` permission on the View(${viewId.value} )", cc = callContext diff --git a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala index 86bc14586..e6af9eba3 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala @@ -9,6 +9,7 @@ import code.api.util.ErrorMessages.{BankAccountNotFound, _} import code.api.util.FutureUtil.EndpointContext import code.api.util.NewStyle.HttpCode import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.api.v1_2_1.{CreateViewJsonV121, JSONFactory, UpdateViewJsonV121} import code.api.v2_1_0._ import code.api.v2_2_0.JSONFactory220.transformV220ToBranch @@ -368,7 +369,7 @@ trait APIMethods220 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.NoViewPermission} You need the `${(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", cc = callContext @@ -421,7 +422,7 @@ trait APIMethods220 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), Some(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.NoViewPermission} You need the `${(CAN_GET_COUNTERPARTY)}` permission on the View(${viewId.value} )", @@ -1200,7 +1201,7 @@ trait APIMethods220 { postJson <- NewStyle.function.tryons(s"$InvalidJsonFormat The Json body should be the $PostCounterpartyJSON", 400, cc.callContext) { json.extract[PostCounterpartyJSON] } - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.NoViewPermission} You need the `${(CAN_ADD_COUNTERPARTY)}` permission on the View(${viewId.value} )", cc = callContext diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index 869fe6de4..1aa7d43c4 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -11,6 +11,7 @@ import code.api.util.ErrorMessages._ import code.api.util.FutureUtil.EndpointContext import code.api.util.NewStyle.HttpCode import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.api.v1_2_1.JSONFactory import code.api.v2_0_0.AccountsHelper._ import code.api.v2_0_0.JSONFactory200 @@ -40,7 +41,6 @@ import net.liftweb.http.rest.RestHelper import net.liftweb.json.JsonAST.JField import net.liftweb.json.compactRender import net.liftweb.util.Helpers.tryo -import net.liftweb.util.StringHelpers import java.util.regex.Pattern import scala.collection.immutable.{List, Nil} @@ -216,7 +216,7 @@ trait APIMethods300 { s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_CREATE_CUSTOM_VIEW)}` permission on any your views", cc = callContext ) {anyViewContainsCanCreateCustomViewPermission} - (view, callContext) <- NewStyle.function.createCustomView(BankIdAccountId(bankId, accountId), createViewJson, callContext) + (view, callContext) <- ViewNewStyle.createCustomView(BankIdAccountId(bankId, accountId), createViewJson, callContext) } yield { (JSONFactory300.createViewJSON(view), HttpCode.`201`(callContext)) } @@ -309,7 +309,7 @@ trait APIMethods300 { x => fullBoxOrException( x ~> APIFailureNewStyle(s"$ViewNotFound. Check your post json body, metadata_view = ${updateJson.metadata_view}. It should be an existing VIEW_ID, eg: owner", 400, callContext.map(_.toLight))) } map { unboxFull(_) } - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId),Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId),Some(u), callContext) _ <- Helper.booleanToFuture(failMsg = SystemViewsCanNotBeModified, cc=callContext) { !view.isSystem } @@ -324,7 +324,7 @@ trait APIMethods300 { ) { anyViewContainsCancanUpdateCustomViewPermission } - (view, callContext) <- NewStyle.function.updateCustomView(BankIdAccountId(bankId, accountId), viewId, updateJson.toUpdateViewJson, callContext) + (view, callContext) <- ViewNewStyle.updateCustomView(BankIdAccountId(bankId, accountId), viewId, updateJson.toUpdateViewJson, callContext) } yield { (JSONFactory300.createViewJSON(view), HttpCode.`200`(callContext)) } @@ -364,7 +364,7 @@ trait APIMethods300 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId),Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId),Some(u), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, Full(u), callContext) } yield { (createCoreBankAccountJSON(moderatedAccount), HttpCode.`200`(callContext)) @@ -407,7 +407,7 @@ trait APIMethods300 { cc => implicit val ec = EndpointContext(Some(cc)) for { (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, Some(cc)) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId),cc.user, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId),cc.user, callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, Empty, callContext) } yield { (createCoreBankAccountJSON(moderatedAccount), HttpCode.`200`(callContext)) @@ -451,7 +451,7 @@ trait APIMethods300 { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) // Assume owner view was requested - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, Full(u), callContext) } yield { val availableViews: List[View] = Views.views.vend.privateViewsUserCanAccessForAccount(u, BankIdAccountId(account.bankId, account.accountId)) @@ -549,7 +549,7 @@ trait APIMethods300 { } _ <- NewStyle.function.hasAtLeastOneEntitlement(bankId.value, u.userId, ApiRole.canUseAccountFirehose :: canUseAccountFirehoseAtAnyBank :: Nil, callContext) (bank, callContext) <- NewStyle.function.getBank(bankId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, AccountId("")), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, AccountId("")), Some(u), callContext) availableBankIdAccountIdList <- Future { Views.views.vend.getAllFirehoseAccounts(bank.bankId).map(a => BankIdAccountId(a.bankId,a.accountId)) } @@ -641,7 +641,7 @@ trait APIMethods300 { _ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)(bankId.value, u.userId, allowedEntitlements, callContext) (bank, callContext) <- NewStyle.function.getBank(bankId, callContext) (bankAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId),Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId),Some(u), callContext) allowedParams = List("sort_direction", "limit", "offset", "from_date", "to_date") httpParams <- NewStyle.function.extractHttpParamsFromUrl(cc.url) (obpQueryParams, callContext) <- NewStyle.function.createObpParams(httpParams, allowedParams, callContext) @@ -708,7 +708,7 @@ trait APIMethods300 { (bank, callContext) <- NewStyle.function.getBank(bankId, callContext) (bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) // Assume owner view was requested - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(user, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(user, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) httpParams <- NewStyle.function.extractHttpParamsFromUrl(cc.url) (params, callContext) <- createQueriesByHttpParamsFuture(httpParams, callContext) (transactionsCore, callContext) <- bankAccount.getModeratedTransactionsCore(bank, Some(user), view, BankIdAccountId(bankId, accountId), params, callContext) map { @@ -765,7 +765,7 @@ trait APIMethods300 { (user, callContext) <- authenticatedAccess(cc) (bank, callContext) <- NewStyle.function.getBank(bankId, callContext) (bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), user, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), user, callContext) (params, callContext) <- createQueriesByHttpParamsFuture(callContext.get.requestHeaders, callContext) //Note: error handling and messages for getTransactionParams are in the sub method (transactions, callContext) <- bankAccount.getModeratedTransactionsFuture(bank, user, view, callContext, params) map { @@ -1788,7 +1788,7 @@ trait APIMethods300 { for { (u, callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), u, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), u, callContext) (otherBankAccounts, callContext) <- NewStyle.function.moderatedOtherBankAccounts(account, view, u, callContext) } yield { val otherBankAccountsJson = createOtherBankAccountsJson(otherBankAccounts) @@ -1824,7 +1824,7 @@ trait APIMethods300 { for { (u, callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), u, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(account.bankId, account.accountId), u, callContext) (otherBankAccount,callContext) <- NewStyle.function.moderatedOtherBankAccount(account, other_account_id, view, u, callContext) } yield { val otherBankAccountJson = createOtherBankAccount(otherBankAccount) diff --git a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala index dd46757b0..2e0288c46 100644 --- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala +++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala @@ -13,7 +13,7 @@ import code.api.util.ExampleValue._ import code.api.util.FutureUtil.EndpointContext import code.api.util.NewStyle.HttpCode import code.api.util._ -import code.api.util.newstyle.BalanceNewStyle +import code.api.util.newstyle.{BalanceNewStyle, ViewNewStyle} import code.api.v1_2_1.{JSONFactory, RateLimiting} import code.api.v1_4_0.JSONFactory1_4_0 import code.api.v2_0_0.CreateMeetingJson @@ -52,7 +52,7 @@ import net.liftweb.json import net.liftweb.json._ import net.liftweb.mapper.By import net.liftweb.util.Helpers.tryo -import net.liftweb.util.{Helpers, Props, StringHelpers} +import net.liftweb.util.{Helpers, Props} import org.apache.commons.lang3.{StringUtils, Validate} import java.text.SimpleDateFormat @@ -136,7 +136,7 @@ trait APIMethods310 { (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) (checkbookOrders, callContext)<- Connector.connector.vend.getCheckbookOrders(bankId.value,accountId.value, callContext) map { unboxFullOrFail(_, callContext, InvalidConnectorResponseForGetCheckbookOrdersFuture) @@ -177,7 +177,7 @@ trait APIMethods310 { (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) //TODO need error handling here (checkbookOrders,callContext) <- Connector.connector.vend.getStatusOfCreditCardOrder(bankId.value,accountId.value, callContext) map { @@ -652,7 +652,7 @@ trait APIMethods310 { (Full(u), callContext) <- authenticatedAccess(cc) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) _ <- Helper.booleanToFuture(failMsg = s"$ViewDoesNotPermitAccess + You need the `${(CAN_QUERY_AVAILABLE_FUNDS)}` permission on any your views", cc=callContext) { view.allowed_actions.exists(_ ==CAN_QUERY_AVAILABLE_FUNDS) } @@ -1057,7 +1057,7 @@ trait APIMethods310 { _ <- passesPsd2Pisp(callContext) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), user, callContext) (moderatedTransaction, callContext) <- account.moderatedTransactionFuture(transactionId, view, user, callContext) map { unboxFullOrFail(_, callContext, GetTransactionsException) } @@ -1122,7 +1122,7 @@ trait APIMethods310 { _ <- NewStyle.function.isEnabledTransactionRequests(callContext) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc=callContext){ @@ -3943,7 +3943,7 @@ trait APIMethods310 { for { (Full(user), callContext) <- authenticatedAccess(cc) _ <- NewStyle.function.hasEntitlement("", user.userId, canGetSystemView, callContext) - view <- NewStyle.function.systemView(ViewId(viewId), callContext) + view <- ViewNewStyle.systemView(ViewId(viewId), callContext) } yield { (JSONFactory310.createViewJSON(view), HttpCode.`200`(callContext)) } @@ -4003,7 +4003,7 @@ trait APIMethods310 { _ <- Helper.booleanToFuture(SystemViewCannotBePublicError, failCode=400, cc=callContext) { createViewJson.is_public == false } - view <- NewStyle.function.createSystemView(createViewJson.toCreateViewJson, callContext) + view <- ViewNewStyle.createSystemView(createViewJson.toCreateViewJson, callContext) } yield { (JSONFactory310.createViewJSON(view), HttpCode.`201`(callContext)) } @@ -4037,8 +4037,8 @@ trait APIMethods310 { for { (Full(user), callContext) <- authenticatedAccess(cc) _ <- NewStyle.function.hasEntitlement("", user.userId, canDeleteSystemView, callContext) - _ <- NewStyle.function.systemView(ViewId(viewId), callContext) - view <- NewStyle.function.deleteSystemView(ViewId(viewId), callContext) + _ <- ViewNewStyle.systemView(ViewId(viewId), callContext) + view <- ViewNewStyle.deleteSystemView(ViewId(viewId), callContext) } yield { (Full(view), HttpCode.`200`(callContext)) } @@ -4085,8 +4085,8 @@ trait APIMethods310 { _ <- Helper.booleanToFuture(SystemViewCannotBePublicError, failCode=400, cc=callContext) { updateJson.is_public == false } - _ <- NewStyle.function.systemView(ViewId(viewId), callContext) - updatedView <- NewStyle.function.updateSystemView(ViewId(viewId), updateJson, callContext) + _ <- ViewNewStyle.systemView(ViewId(viewId), callContext) + updatedView <- ViewNewStyle.updateSystemView(ViewId(viewId), updateJson, callContext) } yield { (JSONFactory310.createViewJSON(updatedView), HttpCode.`200`(callContext)) } @@ -5530,7 +5530,7 @@ trait APIMethods310 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, accountId), Some(u), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, Full(u), callContext) (accountAttributes, callContext) <- NewStyle.function.getAccountAttributesByAccount( bankId, diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index 3c6090467..c29a08189 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -18,13 +18,13 @@ import code.api.util.ExampleValue._ import code.api.util.FutureUtil.EndpointContext import code.api.util.Glossary.getGlossaryItem import code.api.util.NewStyle.HttpCode -import code.api.util.NewStyle.function.{isValidCurrencyISOCode => isValidCurrencyISOCodeNS, _} +import code.api.util.NewStyle.function._ import code.api.util._ import code.api.util.migration.Migration import code.api.util.newstyle.AttributeDefinition._ import code.api.util.newstyle.Consumer._ import code.api.util.newstyle.UserCustomerLinkNewStyle.getUserCustomerLinks -import code.api.util.newstyle.{BalanceNewStyle, UserCustomerLinkNewStyle} +import code.api.util.newstyle.{BalanceNewStyle, UserCustomerLinkNewStyle, ViewNewStyle} import code.api.v1_2_1.{JSONFactory, PostTransactionTagJSON} import code.api.v1_4_0.JSONFactory1_4_0 import code.api.v1_4_0.JSONFactory1_4_0.TransactionRequestAccountJsonV140 @@ -412,7 +412,7 @@ trait APIMethods400 extends MdcLoggable { cc => implicit val ec = EndpointContext(Some(cc)) for { (doubleEntryTransaction, callContext) <- NewStyle.function.getBalancingTransaction(transactionId, cc.callContext) - _ <- NewStyle.function.checkBalancingTransactionAccountAccessAndReturnView(doubleEntryTransaction, cc.user, cc.callContext) + _ <- ViewNewStyle.checkBalancingTransactionAccountAccessAndReturnView(doubleEntryTransaction, cc.user, cc.callContext) } yield { (JSONFactory400.createDoubleEntryTransactionJson(doubleEntryTransaction), HttpCode.`200`(callContext)) } @@ -2681,7 +2681,7 @@ trait APIMethods400 extends MdcLoggable { cc => implicit val ec = EndpointContext(Some(cc)) for { (user @Full(u), account, callContext) <- SS.userAccount - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, user, callContext) } yield { val availableViews: List[View] = Views.views.vend.privateViewsUserCanAccessForAccount(u, BankIdAccountId(account.bankId, account.accountId)) @@ -2782,7 +2782,7 @@ trait APIMethods400 extends MdcLoggable { postJson.account_routing.scheme, postJson.account_routing.address, cc.callContext) user @Full(u) = cc.user - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, user, callContext) (accountAttributes, callContext) <- NewStyle.function.getAccountAttributesByAccount( @@ -2861,7 +2861,7 @@ trait APIMethods400 extends MdcLoggable { accountsJson <- Future.sequence(filteredAccountRoutings.map(accountRouting => for { (account, callContext) <- NewStyle.function.getBankAccount(accountRouting.bankId, accountRouting.accountId, callContext) - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(u, BankIdAccountId(account.bankId, account.accountId), callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, user, callContext) (accountAttributes, callContext) <- NewStyle.function.getAccountAttributesByAccount( account.bankId, @@ -2984,7 +2984,7 @@ trait APIMethods400 extends MdcLoggable { allowAccountFirehose } // here must be a system view, not accountIds in the URL - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, AccountId("")), Some(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, BankIdAccountId(bankId, AccountId("")), Some(u), callContext) availableBankIdAccountIdList <- Future { Views.views.vend.getAllFirehoseAccounts(bank.bankId).map(a => BankIdAccountId(a.bankId,a.accountId)) } @@ -4059,12 +4059,12 @@ trait APIMethods400 extends MdcLoggable { } (user, callContext) <- NewStyle.function.findByUserId(postJson.user_id, cc.callContext) view <- postJson.view.is_system match { - case true => NewStyle.function.systemView(viewId, callContext) - case false => NewStyle.function.customView(viewId, BankIdAccountId(bankId, accountId), callContext) + case true => ViewNewStyle.systemView(viewId, callContext) + case false => ViewNewStyle.customView(viewId, BankIdAccountId(bankId, accountId), callContext) } revoked <- postJson.view.is_system match { - case true => NewStyle.function.revokeAccessToSystemView(bankId, accountId, view, user, callContext) - case false => NewStyle.function.revokeAccessToCustomView(view, user, callContext) + case true => ViewNewStyle.revokeAccessToSystemView(bankId, accountId, view, user, callContext) + case false => ViewNewStyle.revokeAccessToCustomView(view, user, callContext) } } yield { (RevokedJsonV400(revoked), HttpCode.`201`(callContext)) @@ -4721,7 +4721,7 @@ trait APIMethods400 extends MdcLoggable { for { (user @Full(u), _, account, view, callContext) <- SS.userBankAccountView _ <- NewStyle.function.isEnabledTransactionRequests(callContext) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc = callContext) { diff --git a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala index 0edb4f2fe..75aa0bd5f 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala @@ -30,7 +30,8 @@ import code.api.Constant import code.api.attributedefinition.AttributeDefinition import code.api.util.APIUtil.{DateWithDay, DateWithSeconds, gitCommit, stringOptionOrNull, stringOrNull} import code.api.util.ErrorMessages.MandatoryPropertyIsNotSet -import code.api.util.{APIUtil, CallContext, NewStyle} +import code.api.util.newstyle.ViewNewStyle +import code.api.util.{APIUtil, CallContext} import code.api.v1_2_1.JSONFactory.{createAmountOfMoneyJSON, createOwnersJSON} import code.api.v1_2_1.{BankRoutingJsonV121, JSONFactory, UserJSONV121, ViewJSONV121} import code.api.v1_4_0.JSONFactory1_4_0.{LocationJsonV140, MetaJsonV140, TransactionRequestAccountJsonV140, transformToLocationFromV140, transformToMetaFromV140} @@ -2059,15 +2060,15 @@ object JSONFactory400 { def getView(bankId: BankId, accountId: AccountId, postView: PostViewJsonV400, callContext: Option[CallContext]) = { postView.is_system match { - case true => NewStyle.function.systemView(ViewId(postView.view_id), callContext) - case false => NewStyle.function.customView(ViewId(postView.view_id), BankIdAccountId(bankId, accountId), callContext) + case true => ViewNewStyle.systemView(ViewId(postView.view_id), callContext) + case false => ViewNewStyle.customView(ViewId(postView.view_id), BankIdAccountId(bankId, accountId), callContext) } } def grantAccountAccessToUser(bankId: BankId, accountId: AccountId, user: User, view: View, callContext: Option[CallContext]) = { view.isSystem match { - case true => NewStyle.function.grantAccessToSystemView(bankId, accountId, view, user, callContext) - case false => NewStyle.function.grantAccessToCustomView(view, user, callContext) + case true => ViewNewStyle.grantAccessToSystemView(bankId, accountId, view, user, callContext) + case false => ViewNewStyle.grantAccessToCustomView(view, user, callContext) } } } diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 76dd5ad40..97553a25e 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -11,6 +11,7 @@ import code.api.util.FutureUtil.EndpointContext import code.api.util.NewStyle.HttpCode import code.api.util.NewStyle.function.extractQueryParams import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.api.v2_1_0.JSONFactory210 import code.api.v3_0_0.JSONFactory300 import code.api.v3_1_0._ @@ -1025,9 +1026,9 @@ trait APIMethods500 { _ <- Helper.booleanToFuture(failMsg, cc = callContext) { userMissingPermissions.isEmpty } - (vrpView, callContext) <- NewStyle.function.createCustomView(fromBankIdAccountId, targetCreateCustomViewJson.toCreateViewJson, callContext) + (vrpView, callContext) <- ViewNewStyle.createCustomView(fromBankIdAccountId, targetCreateCustomViewJson.toCreateViewJson, callContext) - _ <-NewStyle.function.grantAccessToCustomView(vrpView, user, callContext) + _ <-ViewNewStyle.grantAccessToCustomView(vrpView, user, callContext) //3rd: Create a new counterparty on that view (_VRP-9d429899-24f5-42c8-8565-943ffa6a7945) postJson = PostCounterpartyJson400( @@ -1926,8 +1927,8 @@ trait APIMethods500 { case "system-views" :: viewId :: Nil JsonDelete req => { cc => implicit val ec = EndpointContext(Some(cc)) for { - _ <- NewStyle.function.systemView(ViewId(viewId), cc.callContext) - view <- NewStyle.function.deleteSystemView(ViewId(viewId), cc.callContext) + _ <- ViewNewStyle.systemView(ViewId(viewId), cc.callContext) + view <- ViewNewStyle.deleteSystemView(ViewId(viewId), cc.callContext) } yield { (Full(view), HttpCode.`200`(cc.callContext)) } @@ -2050,7 +2051,7 @@ trait APIMethods500 { case "system-views" :: viewId :: Nil JsonGet _ => { cc => implicit val ec = EndpointContext(Some(cc)) for { - view <- NewStyle.function.systemView(ViewId(viewId), cc.callContext) + view <- ViewNewStyle.systemView(ViewId(viewId), cc.callContext) } yield { (createViewJsonV500(view), HttpCode.`200`(cc.callContext)) } @@ -2084,7 +2085,7 @@ trait APIMethods500 { case "system-views-ids" :: Nil JsonGet _ => { cc => implicit val ec = EndpointContext(Some(cc)) for { - views <- NewStyle.function.systemViews() + views <- ViewNewStyle.systemViews() } yield { (createViewsIdsJsonV500(views), HttpCode.`200`(cc.callContext)) } @@ -2142,7 +2143,7 @@ trait APIMethods500 { _ <- Helper.booleanToFuture(failMsg = InvalidSystemViewFormat +s"Current view_name (${createViewJson.name})", cc = cc.callContext) { isValidSystemViewName(createViewJson.name) } - view <- NewStyle.function.createSystemView(createViewJson.toCreateViewJson, cc.callContext) + view <- ViewNewStyle.createSystemView(createViewJson.toCreateViewJson, cc.callContext) } yield { (createViewJsonV500(view), HttpCode.`201`(cc.callContext)) } @@ -2187,8 +2188,8 @@ trait APIMethods500 { _ <- Helper.booleanToFuture(SystemViewCannotBePublicError, failCode=400, cc=cc.callContext) { updateJson.is_public == false } - _ <- NewStyle.function.systemView(ViewId(viewId), cc.callContext) - updatedView <- NewStyle.function.updateSystemView(ViewId(viewId), updateJson.toUpdateViewJson, cc.callContext) + _ <- ViewNewStyle.systemView(ViewId(viewId), cc.callContext) + updatedView <- ViewNewStyle.updateSystemView(ViewId(viewId), updateJson.toUpdateViewJson, cc.callContext) } yield { (createViewJsonV500(updatedView), HttpCode.`200`(cc.callContext)) } diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index b8e18caa9..17d6bb42a 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -18,7 +18,7 @@ import code.api.util.X509.{getCommonName, getEmailAddress, getOrganization} import code.api.util._ import code.api.util.newstyle.Consumer.createConsumerNewStyle import code.api.util.newstyle.RegulatedEntityNewStyle.{createRegulatedEntityNewStyle, deleteRegulatedEntityNewStyle, getRegulatedEntitiesNewStyle, getRegulatedEntityByEntityIdNewStyle} -import code.api.util.newstyle.{BalanceNewStyle, RegulatedEntityAttributeNewStyle} +import code.api.util.newstyle.{BalanceNewStyle, RegulatedEntityAttributeNewStyle, ViewNewStyle} import code.api.v2_0_0.AccountsHelper.{accountTypeFilterText, getFilteredCoreAccounts} import code.api.v2_1_0.{ConsumerRedirectUrlJSON, JSONFactory210} import code.api.v3_0_0.JSONFactory300 @@ -3535,8 +3535,8 @@ trait APIMethods510 { } (user, callContext) <- NewStyle.function.findByUserId(postJson.user_id, callContext) view <- isValidSystemViewId(targetViewId.value) match { - case true => NewStyle.function.systemView(targetViewId, callContext) - case false => NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) + case true => ViewNewStyle.systemView(targetViewId, callContext) + case false => ViewNewStyle.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) } addedView <- JSONFactory400.grantAccountAccessToUser(bankId, accountId, user, view, callContext) @@ -3599,12 +3599,12 @@ trait APIMethods510 { } (user, callContext) <- NewStyle.function.findByUserId(postJson.user_id, cc.callContext) view <- isValidSystemViewId(targetViewId.value) match { - case true => NewStyle.function.systemView(targetViewId, callContext) - case false => NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) + case true => ViewNewStyle.systemView(targetViewId, callContext) + case false => ViewNewStyle.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) } revoked <- isValidSystemViewId(targetViewId.value) match { - case true => NewStyle.function.revokeAccessToSystemView(bankId, accountId, view, user, callContext) - case false => NewStyle.function.revokeAccessToCustomView(view, user, callContext) + case true => ViewNewStyle.revokeAccessToSystemView(bankId, accountId, view, user, callContext) + case false => ViewNewStyle.revokeAccessToCustomView(view, user, callContext) } } yield { (RevokedJsonV400(revoked), HttpCode.`201`(callContext)) @@ -3673,12 +3673,12 @@ trait APIMethods510 { } (targetUser, callContext) <- NewStyle.function.getOrCreateResourceUser(postJson.provider, postJson.username, cc.callContext) view <- isValidSystemViewId(targetViewId.value) match { - case true => NewStyle.function.systemView(targetViewId, callContext) - case false => NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) + case true => ViewNewStyle.systemView(targetViewId, callContext) + case false => ViewNewStyle.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) } addedView <- isValidSystemViewId(targetViewId.value) match { - case true => NewStyle.function.grantAccessToSystemView(bankId, accountId, view, targetUser, callContext) - case false => NewStyle.function.grantAccessToCustomView(view, targetUser, callContext) + case true => ViewNewStyle.grantAccessToSystemView(bankId, accountId, view, targetUser, callContext) + case false => ViewNewStyle.grantAccessToCustomView(view, targetUser, callContext) } } yield { val viewsJson = JSONFactory300.createViewJSON(addedView) @@ -3776,7 +3776,7 @@ trait APIMethods510 { _ <- NewStyle.function.isEnabledTransactionRequests(callContext) (_, callContext) <- NewStyle.function.getBank(bankId, callContext) (fromAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, BankIdAccountId(bankId, accountId), Full(u), callContext) _ <- Helper.booleanToFuture( s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${(CAN_SEE_TRANSACTION_REQUESTS)}` permission on the View(${viewId.value})", cc=callContext){ @@ -3930,7 +3930,7 @@ trait APIMethods510 { for { (user @Full(u), account, callContext) <- SS.userAccount bankIdAccountId = BankIdAccountId(account.bankId, account.accountId) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId , bankIdAccountId, user, callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId , bankIdAccountId, user, callContext) moderatedAccount <- NewStyle.function.moderatedBankAccountCore(account, view, user, callContext) } yield { val availableViews: List[View] = Views.views.vend.privateViewsUserCanAccessForAccount(u, BankIdAccountId(account.bankId, account.accountId)) @@ -3965,7 +3965,7 @@ trait APIMethods510 { for { (Full(u), callContext) <- SS.user bankIdAccountId = BankIdAccountId(bankId, accountId) - view <- NewStyle.function.checkViewAccessAndReturnView(viewId, bankIdAccountId, Full(u), callContext) + view <- ViewNewStyle.checkViewAccessAndReturnView(viewId, bankIdAccountId, Full(u), callContext) // Note we do one explicit check here rather than use moderated account because this provides an explicit message failMsg = ViewDoesNotPermitAccess + s" You need the `${(CAN_SEE_BANK_ACCOUNT_BALANCE)}` permission on VIEW_ID(${viewId.value})" _ <- Helper.booleanToFuture(failMsg, 403, cc = callContext) { @@ -4471,7 +4471,7 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW) } - (view, callContext) <- NewStyle.function.createCustomView(BankIdAccountId(bankId, accountId), createCustomViewJson.toCreateViewJson, callContext) + (view, callContext) <- ViewNewStyle.createCustomView(BankIdAccountId(bankId, accountId), createCustomViewJson.toCreateViewJson, callContext) } yield { (JSONFactory510.createViewJson(view), HttpCode.`201`(callContext)) } @@ -4529,7 +4529,7 @@ trait APIMethods510 { view.allowed_actions.exists(_ ==CAN_CREATE_CUSTOM_VIEW) } - (view, callContext) <- NewStyle.function.updateCustomView(BankIdAccountId(bankId, accountId), targetViewId, targetCreateCustomViewJson.toUpdateViewJson, callContext) + (view, callContext) <- ViewNewStyle.updateCustomView(BankIdAccountId(bankId, accountId), targetViewId, targetCreateCustomViewJson.toUpdateViewJson, callContext) } yield { (JSONFactory510.createViewJson(view), HttpCode.`200`(callContext)) } @@ -4593,7 +4593,7 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failmsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_GET_CUSTOM_VIEW) } - targetView <- NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) + targetView <- ViewNewStyle.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) } yield { (JSONFactory510.createViewJson(targetView), HttpCode.`200`(callContext)) } @@ -4635,8 +4635,8 @@ trait APIMethods510 { _ <- Helper.booleanToFuture(failMsg, cc = callContext) { view.allowed_actions.exists(_ ==CAN_DELETE_CUSTOM_VIEW) } - _ <- NewStyle.function.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) - deleted <- NewStyle.function.removeCustomView(targetViewId, BankIdAccountId(bankId, accountId), callContext) + _ <- ViewNewStyle.customView(targetViewId, BankIdAccountId(bankId, accountId), callContext) + deleted <- ViewNewStyle.removeCustomView(targetViewId, BankIdAccountId(bankId, accountId), callContext) } yield { (Full(deleted), HttpCode.`204`(callContext)) } diff --git a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala index fb2af9db7..b613104f5 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala @@ -578,6 +578,11 @@ case class ConsentRequestToAccountJson( limit: PostCounterpartyLimitV510 ) +case class CreateViewPermissionJson( + permission_name: String, + extra_data: List[String] +) + case class PostVRPConsentRequestJsonInternalV510( consent_type: String, from_account: ConsentRequestFromAccountJson, diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala index 6fefe90b9..56e5c4ac3 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnectorInternal.scala @@ -7,6 +7,7 @@ import code.api.cache.Caching import code.api.util.APIUtil._ import code.api.util.ErrorMessages._ import code.api.util._ +import code.api.util.newstyle.ViewNewStyle import code.branches.MappedBranch import code.fx.fx.TTL import code.management.ImporterAPI.ImporterTransaction @@ -69,7 +70,7 @@ object LocalMappedConnectorInternal extends MdcLoggable { // Removed view SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID viewId = ViewId(SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID) fromBankIdAccountId = BankIdAccountId(fromAccount.bankId, fromAccount.accountId) - view <- NewStyle.function.checkAccountAccessAndGetView(viewId, fromBankIdAccountId, Full(user), callContext) + view <- ViewNewStyle.checkAccountAccessAndGetView(viewId, fromBankIdAccountId, Full(user), callContext) _ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest, cc = callContext) { val allowed_actions = view.allowed_actions allowed_actions.exists(_ ==CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT) diff --git a/obp-api/src/main/scala/code/obp/grpc/HelloWorldServer.scala b/obp-api/src/main/scala/code/obp/grpc/HelloWorldServer.scala index f7c5a51dd..7d9f3e25a 100644 --- a/obp-api/src/main/scala/code/obp/grpc/HelloWorldServer.scala +++ b/obp-api/src/main/scala/code/obp/grpc/HelloWorldServer.scala @@ -1,7 +1,6 @@ package code.obp.grpc -import java.util.logging.Logger - +import code.api.util.newstyle.ViewNewStyle import code.api.util.{APIUtil, CallContext, NewStyle} import code.api.v3_0_0.{CoreTransactionsJsonV300, ModeratedTransactionCoreWithAttributes} import code.api.v4_0_0.{BankJson400, BanksJson400, JSONFactory400, OBPAPI4_0_0} @@ -10,6 +9,7 @@ import code.obp.grpc.api._ import code.util.Helper import code.views.Views import com.google.protobuf.empty.Empty +import com.openbankproject.commons.ExecutionContext.Implicits.global import com.openbankproject.commons.model._ import io.grpc.{Server, ServerBuilder} import net.liftweb.common.Full @@ -17,8 +17,7 @@ import net.liftweb.json.JsonAST.{JField, JObject} import net.liftweb.json.JsonDSL._ import net.liftweb.json.{Extraction, JArray} -import scala.collection.immutable.List -import com.openbankproject.commons.ExecutionContext.Implicits.global +import java.util.logging.Logger import scala.concurrent.{ExecutionContext, Future} /** @@ -129,7 +128,7 @@ class HelloWorldServer(executionContext: ExecutionContext) { self => (user, _) <- NewStyle.function.findByUserId(request.userId, callContext) (bankAccount, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) (bank, callContext) <- NewStyle.function.getBank(bankId, callContext) - view <- NewStyle.function.checkOwnerViewAccessAndReturnOwnerView(user, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) + view <- ViewNewStyle.checkOwnerViewAccessAndReturnOwnerView(user, BankIdAccountId(bankAccount.bankId, bankAccount.accountId), callContext) (Full(transactionsCore), callContext) <- bankAccount.getModeratedTransactionsCore(bank, Full(user), view, BankIdAccountId(bankId, accountId), Nil, callContext) obpCoreTransactions: CoreTransactionsJsonV300 = code.api.v3_0_0.JSONFactory300.createCoreTransactionsJSON(transactionsCore.map(ModeratedTransactionCoreWithAttributes(_))) } yield { diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index ba2c5f417..19e7d1c4e 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -797,7 +797,7 @@ object MapperViews extends Views with MdcLoggable { viewId match { case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>{ - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_OWNER_VIEW_PERMISSION_ADMIN ++SYSTEM_VIEW_PERMISSION_COMMON, DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, @@ -806,21 +806,21 @@ object MapperViews extends Views with MdcLoggable { entity } case SYSTEM_STAGE_ONE_VIEW_ID =>{ - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON ) entity } case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>{ - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_MANAGER_VIEW_PERMISSION ) entity } case SYSTEM_FIREHOSE_VIEW_ID =>{ - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_VIEW_PERMISSION_COMMON ) @@ -831,14 +831,14 @@ object MapperViews extends Views with MdcLoggable { SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID => entity case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID =>{ - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION ) entity } case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID =>{ - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION ) @@ -853,7 +853,7 @@ object MapperViews extends Views with MdcLoggable { SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID | SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID => { - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_VIEW_PERMISSION_COMMON ) @@ -885,7 +885,7 @@ object MapperViews extends Views with MdcLoggable { usePublicAliasIfOneExists_(true). hideOtherAccountMetadataIfAlias_(true) - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( entity, SYSTEM_PUBLIC_VIEW_PERMISSION ) diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index ac3b1b127..32f646481 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -361,7 +361,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many isFirehose_(viewSpecification.is_firehose.getOrElse(false)) metadataView_(viewSpecification.metadata_view) - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( this, viewSpecification.allowed_actions, viewSpecification.can_grant_access_to_views.getOrElse(Nil), @@ -388,7 +388,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many isFirehose_(viewSpecification.is_firehose.getOrElse(false)) metadataView_(viewSpecification.metadata_view) - ViewPermission.createViewPermissions( + ViewPermission.resetViewPermissions( this, viewSpecification.allowed_actions, viewSpecification.can_grant_access_to_views.getOrElse(Nil), diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 3295395ec..8369c3a58 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -78,7 +78,7 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis * were only supported in bulk (all at once). In the future, we may extend this * to support updating individual permissions selectively. */ - def createViewPermissions( + def resetViewPermissions( view: View, permissionNames: List[String], canGrantAccessToViews: List[String] = Nil, diff --git a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala index 38c7b0273..948ade40d 100644 --- a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala +++ b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala @@ -2,7 +2,7 @@ package code.setup import bootstrap.liftweb.ToSchemify import code.accountholders.AccountHolders -import code.api.Constant.{CUSTOM_PUBLIC_VIEW_ID, SYSTEM_OWNER_VIEW_ID} +import code.api.Constant._ import code.api.util.APIUtil.isValidCustomViewName import code.api.util.ErrorMessages._ import code.model._ @@ -14,7 +14,6 @@ import com.openbankproject.commons.model._ import net.liftweb.common.{Failure, Full, ParamFailure} import net.liftweb.mapper.MetaMapper import net.liftweb.util.Helpers._ -import code.api.Constant._ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { @@ -134,7 +133,7 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { hideOtherAccountMetadataIfAlias_(false). saveMe } - view.map(ViewPermission.createViewPermissions( + view.map(ViewPermission.resetViewPermissions( _, SYSTEM_CUSTOM_VIEW_PERMISSION_TEST )) From 2de5dcb932de1be30664b25d806579d8c93ed333 Mon Sep 17 00:00:00 2001 From: hongwei Date: Tue, 15 Jul 2025 13:17:42 +0200 Subject: [PATCH 24/26] refactor/OBPv5.1.0 add deleteSystemViewPermission and addSystemViewPermission endpoints --- .../SwaggerDefinitionsJSON.scala | 2 +- .../scala/code/api/util/ErrorMessages.scala | 5 ++ .../code/api/util/newstyle/ViewNewStyle.scala | 29 +++++++ .../scala/code/api/v4_0_0/APIMethods400.scala | 16 ++-- .../scala/code/api/v5_1_0/APIMethods510.scala | 75 ++++++++++++++++++- .../code/api/v5_1_0/JSONFactory5.1.0.scala | 19 ++++- .../code/views/system/ViewPermission.scala | 14 ++++ 7 files changed, 148 insertions(+), 12 deletions(-) diff --git a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala index d3b9a18b6..8c3cf3710 100644 --- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala +++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala @@ -5693,7 +5693,7 @@ object SwaggerDefinitionsJSON { lazy val createViewPermissionJson = CreateViewPermissionJson( permission_name = CAN_GRANT_ACCESS_TO_VIEWS, - extra_data = List(SYSTEM_ACCOUNTANT_VIEW_ID, SYSTEM_AUDITOR_VIEW_ID) + extra_data = Some(List(SYSTEM_ACCOUNTANT_VIEW_ID, SYSTEM_AUDITOR_VIEW_ID)) ) //The common error or success format. //Just some helper format to use in Json diff --git a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala index af993b5b6..c2a49fa27 100644 --- a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala +++ b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala @@ -557,6 +557,11 @@ object ErrorMessages { val CannotAddEntitlement = "OBP-30332: Failed to add entitlement. Please check the provided details and try again." val CannotGetEntitlements = "OBP-30333: Cannot get entitlements for user id." + val ViewPermissionNameExists = "OBP-30334: View Permission name already exists. Please specify a different value." + val CreateViewPermissionError = "OBP-30335: Could not create the View Permission." + val ViewPermissionNotFound = "OBP-30336: View Permission not found by name. " + val InvalidViewPermissionName = "OBP-30337: The view permission name does not exist in OBP." + val DeleteViewPermissionError = "OBP-30338: Could not delete the View Permission." // Branch related messages val BranchesNotFoundLicense = "OBP-32001: No branches available. License may not be set." diff --git a/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala b/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala index fb270f22d..4156e0192 100644 --- a/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala +++ b/obp-api/src/main/scala/code/api/util/newstyle/ViewNewStyle.scala @@ -6,6 +6,7 @@ import code.api.util.ErrorMessages._ import code.api.util.{APIUtil, CallContext} import code.model._ import code.views.Views +import code.views.system.ViewPermission import com.openbankproject.commons.model._ import net.liftweb.common._ @@ -215,5 +216,33 @@ object ViewNewStyle { callContext ) } + + + def findSystemViewPermission(viewId: ViewId, permissionName: String, callContext: Option[CallContext]) = Future { + ViewPermission.findSystemViewPermission(viewId: ViewId, permissionName: String) + } map { + x => + (unboxFullOrFail( + x, + callContext, + ViewPermissionNotFound + s"Current System ViewId(${viewId.value}) and PermissionName (${permissionName})", + 403), + callContext + ) + } + + + def createSystemViewPermission(viewId: ViewId, permissionName: String, extraData: Option[List[String]], callContext: Option[CallContext]) = Future { + ViewPermission.createSystemViewPermission(viewId: ViewId, permissionName: String, extraData: Option[List[String]]) + } map { + x => + (unboxFullOrFail( + x, + callContext, + CreateViewPermissionError + s"Current System ViewId(${viewId.value}) and Permission (${permissionName})", + 403), + callContext + ) + } } diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index c29a08189..8643d84b3 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -486,7 +486,7 @@ trait APIMethods400 extends MdcLoggable { } _ <- Helper.booleanToFuture(InitialBalanceMustBeZero, cc=callContext){0 == initialBalanceAsNumber} currency = createAccountJson.balance.currency - _ <- Helper.booleanToFuture(InvalidISOCurrencyCode, cc=callContext){isValidCurrencyISOCode(currency)} + _ <- Helper.booleanToFuture(InvalidISOCurrencyCode, cc=callContext){APIUtil.isValidCurrencyISOCode(currency)} (_, callContext ) <- NewStyle.function.getBank(bankId, callContext) _ <- Helper.booleanToFuture(s"$InvalidAccountRoutings Duplication detected in account routings, please specify only one value per routing scheme", cc=callContext) { @@ -2135,7 +2135,7 @@ trait APIMethods400 extends MdcLoggable { BigDecimal(initialBalanceAsString) } _ <- Helper.booleanToFuture(InitialBalanceMustBeZero, cc=callContext){0 == initialBalanceAsNumber} - _ <- Helper.booleanToFuture(InvalidISOCurrencyCode, cc=callContext){isValidCurrencyISOCode(createAccountJson.balance.currency)} + _ <- Helper.booleanToFuture(InvalidISOCurrencyCode, cc=callContext){APIUtil.isValidCurrencyISOCode(createAccountJson.balance.currency)} currency = createAccountJson.balance.currency (_, callContext ) <- NewStyle.function.getBank(bankId, callContext) _ <- Helper.booleanToFuture(s"$InvalidAccountRoutings Duplication detected in account routings, please specify only one value per routing scheme", cc=callContext) { @@ -3802,7 +3802,7 @@ trait APIMethods400 extends MdcLoggable { BigDecimal(postJson.amount.amount) } _ <- Helper.booleanToFuture(s"${InvalidISOCurrencyCode} Current input is: '${postJson.amount.currency}'", cc=callContext) { - code.api.util.APIUtil.isValidCurrencyISOCode(postJson.amount.currency) + APIUtil.isValidCurrencyISOCode(postJson.amount.currency) } (_, callContext) <- NewStyle.function.getCustomerByCustomerId(postJson.customer_id, callContext) _ <- Users.users.vend.getUserByUserIdFuture(postJson.user_id) map { @@ -3873,7 +3873,7 @@ trait APIMethods400 extends MdcLoggable { BigDecimal(postJson.amount.amount) } _ <- Helper.booleanToFuture(s"${InvalidISOCurrencyCode} Current input is: '${postJson.amount.currency}'", cc=cc.callContext) { - isValidCurrencyISOCode(postJson.amount.currency) + APIUtil.isValidCurrencyISOCode(postJson.amount.currency) } (_, callContext) <- NewStyle.function.getCustomerByCustomerId(postJson.customer_id, cc.callContext) _ <- Users.users.vend.getUserByUserIdFuture(postJson.user_id) map { @@ -4640,7 +4640,7 @@ trait APIMethods400 extends MdcLoggable { } // Prevent default value for transaction request type (at least). _ <- Helper.booleanToFuture(s"${InvalidISOCurrencyCode} Current input is: '${transDetailsJson.value.currency}'", cc=callContext) { - isValidCurrencyISOCode(transDetailsJson.value.currency) + APIUtil.isValidCurrencyISOCode(transDetailsJson.value.currency) } amountOfMoneyJson = AmountOfMoneyJsonV121(transDetailsJson.value.currency, transDetailsJson.value.amount) chargePolicy = transDetailsJson.charge_policy @@ -7498,7 +7498,7 @@ trait APIMethods400 extends MdcLoggable { postJson.description.length <= 36 } _ <- Helper.booleanToFuture(s"$InvalidISOCurrencyCode Current input is: '${postJson.currency}'", cc=callContext) { - isValidCurrencyISOCode(postJson.currency) + APIUtil.isValidCurrencyISOCode(postJson.currency) } //If other_account_routing_scheme=="OBP" or other_account_secondary_routing_address=="OBP" we will check if it is a real obp bank account. @@ -7714,7 +7714,7 @@ trait APIMethods400 extends MdcLoggable { } _ <- Helper.booleanToFuture(s"$InvalidISOCurrencyCode Current input is: '${postJson.currency}'", cc=callContext) { - isValidCurrencyISOCode(postJson.currency) + APIUtil.isValidCurrencyISOCode(postJson.currency) } //If other_account_routing_scheme=="OBP" or other_account_secondary_routing_address=="OBP" we will check if it is a real obp bank account. @@ -12292,7 +12292,7 @@ object APIMethods400 extends RestHelper with APIMethods400 { } _ <- Helper.booleanToFuture(s"${InvalidISOCurrencyCode} Current input is: '${transDetailsJson.value.currency}'", cc=callContext) { - isValidCurrencyISOCode(transDetailsJson.value.currency) + APIUtil.isValidCurrencyISOCode(transDetailsJson.value.currency) } (createdTransactionRequest, callContext) <- transactionRequestTypeValue match { diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 17d6bb42a..32f8ce6c2 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -44,7 +44,7 @@ import code.users.Users import code.util.Helper import code.util.Helper.ObpS import code.views.Views -import code.views.system.{AccountAccess, ViewDefinition} +import code.views.system.{AccountAccess, ViewDefinition, ViewPermission} import code.webuiprops.{MappedWebUiPropsProvider, WebUiPropsCommons} import com.github.dwickern.macros.NameOf.nameOf import com.openbankproject.commons.ExecutionContext.Implicits.global @@ -5241,6 +5241,79 @@ trait APIMethods510 { } } + + resourceDocs += ResourceDoc( + addSystemViewPermission, + implementedInApiVersion, + nameOf(addSystemViewPermission), + "POST", + "/system-views/VIEW_ID/permissions", + "Add Permission to a System View", + """Add Permission to a System View.""", + createViewPermissionJson, + entitlementJSON, + List( + $UserNotLoggedIn, + InvalidJsonFormat, + IncorrectRoleName, + EntitlementAlreadyExists, + UnknownError + ), + List(apiTagSystemView), + Some(List(canCreateSystemViewPermission)) + ) + + lazy val addSystemViewPermission : OBPEndpoint = { + case "system-views" :: ViewId(viewId) :: "permissions" :: Nil JsonPost json -> _ => { + cc => implicit val ec = EndpointContext(Some(cc)) + for { + failMsg <- Future.successful(s"$InvalidJsonFormat The Json body should be the $CreateViewPermissionJson ") + createViewPermissionJson <- NewStyle.function.tryons(failMsg, 400, cc.callContext) { + json.extract[CreateViewPermissionJson] + } + _ <- Helper.booleanToFuture(s"$InvalidViewPermissionName The current value is ${createViewPermissionJson.permission_name}", 400, cc.callContext) { + ALL_VIEW_PERMISSION_NAMES.exists( _ == createViewPermissionJson.permission_name) + } + _ <- ViewNewStyle.systemView(viewId, cc.callContext) + _ <- Helper.booleanToFuture(s"$ViewPermissionNameExists The current value is ${createViewPermissionJson.permission_name}", 400, cc.callContext) { + ViewPermission.findSystemViewPermission(viewId, createViewPermissionJson.permission_name).isEmpty + } + (viewPermission,callContext) <- ViewNewStyle.createSystemViewPermission(viewId, createViewPermissionJson.permission_name, createViewPermissionJson.extra_data, cc.callContext) + } yield { + (JSONFactory510.createViewPermissionJson(viewPermission), HttpCode.`201`(callContext)) + } + } + } + + + resourceDocs += ResourceDoc( + deleteSystemViewPermission, + implementedInApiVersion, + nameOf(deleteSystemViewPermission), + "DELETE", + "/system-views/VIEW_ID/permissions/PERMISSION_NAME", + "Delete Permission to a System View", + """Delete Permission to a System View + """.stripMargin, + EmptyBody, + EmptyBody, + List(UserNotLoggedIn, UserHasMissingRoles, UnknownError), + List(apiTagSystemView), + Some(List(canDeleteSystemViewPermission)) + ) + lazy val deleteSystemViewPermission: OBPEndpoint = { + case "system-views" :: ViewId(viewId) :: "permissions" :: permissionName :: Nil JsonDelete _ => { + cc => implicit val ec = EndpointContext(Some(cc)) + for { + (viewPermission, callContext) <- ViewNewStyle.findSystemViewPermission(viewId, permissionName, cc.callContext) + _ <- Helper.booleanToFuture(s"$DeleteViewPermissionError The current value is ${createViewPermissionJson.permission_name}", 400, cc.callContext) { + viewPermission.delete_! + } + } yield (true, HttpCode.`204`(cc.callContext)) + } + } + + } } diff --git a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala index b613104f5..7d965f83a 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala @@ -46,7 +46,7 @@ import code.consent.MappedConsent import code.metrics.APIMetric import code.model.Consumer import code.users.{UserAttribute, Users} -import code.views.system.{AccountAccess, ViewDefinition} +import code.views.system.{AccountAccess, ViewDefinition, ViewPermission} import com.openbankproject.commons.model._ import com.openbankproject.commons.util.ApiVersion import net.liftweb.common.{Box, Full} @@ -580,7 +580,7 @@ case class ConsentRequestToAccountJson( case class CreateViewPermissionJson( permission_name: String, - extra_data: List[String] + extra_data: Option[List[String]] ) case class PostVRPConsentRequestJsonInternalV510( @@ -669,6 +669,11 @@ case class BankAccountBalanceResponseJsonV510( case class BankAccountBalancesJsonV510( balances: List[BankAccountBalanceResponseJsonV510] ) +case class ViewPermissionJson( + view_id: String, + permission_name:String, + extra_data: Option[List[String]] +) object JSONFactory510 extends CustomJsonFormats { @@ -1212,6 +1217,16 @@ object JSONFactory510 extends CustomJsonFormats { is_pending_agent = agent.isPendingAgent ) } + + def createViewPermissionJson(viewPermission: ViewPermission): ViewPermissionJson = { + val value = viewPermission.extraData.get + ViewPermissionJson( + viewPermission.view_id.get, + viewPermission.permission.get, + if(value == null || value.isEmpty) None else Some(value.split(",").toList) + ) + } + def createMinimalAgentsJson(agents: List[Agent]): MinimalAgentsJsonV510 = { MinimalAgentsJsonV510( agents diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 8369c3a58..d40440edb 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -4,8 +4,10 @@ import code.api.Constant.{CAN_GRANT_ACCESS_TO_VIEWS, CAN_REVOKE_ACCESS_TO_VIEWS} import code.util.UUIDString import com.openbankproject.commons.model._ import net.liftweb.common.Box +import net.liftweb.common.Box.tryo import net.liftweb.mapper._ + class ViewPermission extends LongKeyedMapper[ViewPermission] with IdPK with CreatedUpdated { def getSingleton = ViewPermission object bank_id extends MappedString(this, 255) @@ -50,6 +52,18 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis By(ViewPermission.permission,permission), ) + def createSystemViewPermission(viewId: ViewId, permissionName: String, extraData: Option[List[String]]): Box[ViewPermission] = { + tryo { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewId.value) + .permission(permissionName) + .extraData(extraData.map(_.mkString(",")).getOrElse(null)) + .saveMe + } + } + /** * Finds the permissions for a given view, if it is sytem view, * it will search in system view permission, otherwise it will search in custom view permissions. From 204b5e3b5765f5c624b986acee00d35629a64cf1 Mon Sep 17 00:00:00 2001 From: hongwei Date: Tue, 15 Jul 2025 14:23:44 +0200 Subject: [PATCH 25/26] refactor/OBPv5.1.0 add deleteSystemViewPermission and addSystemViewPermission endpoints - addd Test --- .../v5_1_0/SystemViewPermissionTests.scala | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala diff --git a/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala b/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala new file mode 100644 index 000000000..54fa383ab --- /dev/null +++ b/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala @@ -0,0 +1,90 @@ +package code.api.v5_1_0 + +import _root_.net.liftweb.json.Serialization.write +import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ +import code.api.util.APIUtil +import code.api.util.APIUtil.OAuth._ +import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNotLoggedIn} +import code.entitlement.Entitlement +import code.setup.APIResponse +import com.openbankproject.commons.model.ErrorMessage +import com.openbankproject.commons.util.ApiVersion +import org.scalatest.Tag + +class SystemViewsPermissionsTests extends V510ServerSetup { + object VersionOfApi extends Tag(ApiVersion.v5_1_0.toString) + object ApiEndpoint1 extends Tag("addSystemViewPermission") + object ApiEndpoint2 extends Tag("deleteSystemViewPermission") + + def postSystemViewPermission(viewId: String, body: CreateViewPermissionJson, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { + val request = (v5_1_0_Request / "system-views" / viewId / "permissions").POST <@(consumerAndToken) + makePostRequest(request, write(body)) + } + + def deleteSystemViewPermission(viewId: String, permissionName: String, consumerAndToken: Option[(Consumer, Token)]): APIResponse = { + val request = (v5_1_0_Request / "system-views" / viewId / "permissions" / permissionName).DELETE <@(consumerAndToken) + makeDeleteRequest(request) + } + + def createSystemView(viewId: String): Boolean = { + Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, "CanCreateSystemView") + val postBody = createSystemViewJsonV500.copy(name = viewId).copy(metadata_view = viewId).toCreateViewJson + val response = { + val request = (v5_1_0_Request / "system-views").POST <@(user1) + makePostRequest(request, write(postBody)) + } + response.code == 201 + } + + feature(s"test $ApiEndpoint1 version $VersionOfApi - Add Permission to a System View") { + scenario("Unauthorized access", ApiEndpoint1, VersionOfApi) { + val response = postSystemViewPermission("some-id", CreateViewPermissionJson("can_grant_access_to_views", None), None) + response.code should equal(401) + response.body.extract[ErrorMessage].message should equal(UserNotLoggedIn) + } + + scenario("Authorized without role", ApiEndpoint1, VersionOfApi) { + val response = postSystemViewPermission("some-id", CreateViewPermissionJson("can_grant_access_to_views", None), user1) + response.code should equal(403) + response.body.extract[ErrorMessage].message contains(UserHasMissingRoles + "CanCreateSystemViewPermission") shouldBe (true) + } + + scenario("Authorized with proper Role", ApiEndpoint1, VersionOfApi) { + val viewId = APIUtil.generateUUID() + createSystemView(viewId) + Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, "CanCreateSystemViewPermission") + val permissionJson = CreateViewPermissionJson("can_grant_access_to_views", None) + val response = postSystemViewPermission(viewId, permissionJson, user1) + response.code should equal(201) + response.body.extract[ViewPermissionJson] + } + } + + feature(s"test $ApiEndpoint2 version $VersionOfApi - Delete Permission from a System View") { + scenario("Unauthorized access", ApiEndpoint2, VersionOfApi) { + val response = deleteSystemViewPermission("some-id", "can_grant_access_to_views", None) + response.code should equal(401) + response.body.extract[ErrorMessage].message contains(UserNotLoggedIn) shouldBe (true) + } + + scenario("Authorized without role", ApiEndpoint2, VersionOfApi) { + val response = deleteSystemViewPermission("some-id", "can_grant_access_to_views", user1) + response.code should equal(403) + response.body.extract[ErrorMessage].message contains(UserHasMissingRoles + "CanDeleteSystemViewPermission") shouldBe (true) + } + + scenario("Authorized with proper Role", ApiEndpoint2, VersionOfApi) { + val viewId = APIUtil.generateUUID() + createSystemView(viewId) + Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, "CanCreateSystemViewPermission") + Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, "CanDeleteSystemViewPermission") + + val permissionJson = CreateViewPermissionJson("can_grant_access_to_views", None) + val createResp = postSystemViewPermission(viewId, permissionJson, user1) + createResp.code should equal(201) + + val deleteResp = deleteSystemViewPermission(viewId, "can_grant_access_to_views", user1) + deleteResp.code should equal(204) + } + } +} From 19ecc809a3722a02ed90e796a3d92d4bb5155202 Mon Sep 17 00:00:00 2001 From: hongwei Date: Tue, 15 Jul 2025 14:32:17 +0200 Subject: [PATCH 26/26] refactor/OBPv5.1.0 add deleteSystemViewPermission and addSystemViewPermission endpoints - addd Test2 --- .../api/v5_1_0/SystemViewPermissionTests.scala | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala b/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala index 54fa383ab..8bb392b78 100644 --- a/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala +++ b/obp-api/src/test/scala/code/api/v5_1_0/SystemViewPermissionTests.scala @@ -83,6 +83,21 @@ class SystemViewsPermissionsTests extends V510ServerSetup { val createResp = postSystemViewPermission(viewId, permissionJson, user1) createResp.code should equal(201) + val deleteResp = deleteSystemViewPermission(viewId, "can_grant_access_to_views", user1) + deleteResp.code should equal(204) + } + scenario("Authorized with proper Role with extra_data", ApiEndpoint2, VersionOfApi) { + val viewId = APIUtil.generateUUID() + createSystemView(viewId) + Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, "CanCreateSystemViewPermission") + Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, "CanDeleteSystemViewPermission") + + val permissionJson = CreateViewPermissionJson("can_grant_access_to_views", Some(List("owner"))) + val createResp = postSystemViewPermission(viewId, permissionJson, user1) + createResp.code should equal(201) + createResp.body.extract[CreateViewPermissionJson].permission_name should equal("can_grant_access_to_views") + createResp.body.extract[CreateViewPermissionJson].extra_data should equal (Some(List("owner"))) + val deleteResp = deleteSystemViewPermission(viewId, "can_grant_access_to_views", user1) deleteResp.code should equal(204) }