refactor/remove hasOwnerViewAccess replace with specific view permissions -- added canSeeTransactionRequestTypes_ permission

2026-02-06 13:26:51 +00:00 · 2023-06-22 22:14:59 +08:00 · 2023-06-22 22:14:59 +08:00 · b8fb0b012f
commit b8fb0b012f
parent abdeb61b7a
7 changed files with 26 additions and 6 deletions
--- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
+++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
@ -20,8 +20,9 @@ object MigrationOfViewDefinitionPermissions {
          By(ViewDefinition.isSystem_,true)
        ).map(view => 
          view
-//            .canSeeTransactionRequests_(true)
-//            .canSeeAvailableViewsForBankAccount_(true)
+            .canSeeTransactionRequestTypes_(true)
+            .canSeeTransactionRequests_(true)
+            .canSeeAvailableViewsForBankAccount_(true)
            .save
        ).head

@ -31,7 +32,9 @@ object MigrationOfViewDefinitionPermissions {

        val comment: String =
          s"""ViewDefinition system owner view, update the following rows to true:
-             |canSeeTransactionRequests_
+             |${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName}
+             |${ViewDefinition.canSeeTransactionRequests_.dbColumnName}
+             |${ViewDefinition.canSeeAvailableViewsForBankAccount_.dbColumnName}
             |Duration: ${endDate - startDate} ms;
             """.stripMargin
        saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
--- a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
+++ b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
@ -423,6 +423,12 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
            failMsg = ErrorMessages.InvalidISOCurrencyCode.concat("Please specify a valid value for CURRENCY of your Bank Account. ")
            _ <- NewStyle.function.isValidCurrencyISOCode(fromAccount.currency, failMsg, callContext)
            view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
+            _ <- Helper.booleanToFuture(
+              s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName}` permission on the View(${viewId.value} )",
+              cc = callContext
+            ) {
+              view.canSeeTransactionRequestTypes
+            }
            transactionRequestTypes <- Future(Connector.connector.vend.getTransactionRequestTypes(u, fromAccount, callContext)) map {
              connectorEmptyResponse(_, callContext)
            }
--- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
+++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
@ -5270,13 +5270,11 @@ object LocalMappedConnector extends Connector with MdcLoggable {

  override def getTransactionRequestTypes(initiator: User, fromAccount: BankAccount, callContext: Option[CallContext]): Box[List[TransactionRequestType]] = {
    for {
-      isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext), UserNoOwnerView)
      transactionRequestTypes <- getTransactionRequestTypesImpl(fromAccount)
    } yield transactionRequestTypes
  }

  override def getTransactionRequestTypesImpl(fromAccount: BankAccount): Box[List[TransactionRequestType]] = {
-    //TODO: write logic / data access
    // Get Transaction Request Types from Props "transactionRequests_supported_types". Default is empty string
    val validTransactionRequestTypes = APIUtil.getPropsValue("transactionRequests_supported_types", "").split(",").map(x => TransactionRequestType(x)).toList
    Full(validTransactionRequestTypes)
--- a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
@ -207,6 +207,10 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
  object canSeeTransactionRequests_ extends MappedBoolean(this){
    override def defaultValue = false
  }
+
+  object canSeeTransactionRequestTypes_ extends MappedBoolean(this){
+    override def defaultValue = false
+  }
  object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
    override def defaultValue = false
  }
@ -456,6 +460,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
  //transaction fields
  def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
  def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
+  def canSeeTransactionRequestTypes : Boolean = canSeeTransactionRequestTypes_.get
  def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
  def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
  def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
--- a/obp-api/src/main/scala/code/views/MapperViews.scala
+++ b/obp-api/src/main/scala/code/views/MapperViews.scala
@ -791,13 +791,15 @@ object MapperViews extends Views with MdcLoggable {
      .canAddTransactionRequestToOwnAccount_(true) //added following two for payments
      .canAddTransactionRequestToAnyAccount_(true)
      .canSeeAvailableViewsForBankAccount_(false)
-      .canSeeTransactionRequests_(false)
+      .canSeeTransactionRequests_(true)
+      .canSeeTransactionRequestTypes_(true)

    viewId match {
      case SYSTEM_OWNER_VIEW_ID =>
        entity
          .canSeeAvailableViewsForBankAccount_(true)
          .canSeeTransactionRequests_(true)
+          .canSeeTransactionRequestTypes_(true)
      case SYSTEM_STAGE_ONE_VIEW_ID =>
        entity
          .canSeeTransactionDescription_(false)
--- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
+++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
@ -63,6 +63,9 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
  object canSeeTransactionRequests_ extends MappedBoolean(this){
    override def defaultValue = false
  }
+  object canSeeTransactionRequestTypes_ extends MappedBoolean(this){
+    override def defaultValue = false
+  }
  object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
    override def defaultValue = false
  }
@ -443,6 +446,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
  //transaction fields
  def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
  def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
+  def canSeeTransactionRequestTypes: Boolean = canSeeTransactionRequestTypes_.get
  def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
  def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
  def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
--- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
+++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
@ -260,6 +260,8 @@ trait View {
  //transaction fields
  def canSeeTransactionRequests: Boolean
  
+  def canSeeTransactionRequestTypes: Boolean
+  
  def canSeeTransactionThisBankAccount: Boolean

  def canSeeTransactionOtherBankAccount: Boolean