From b8fb0b012f330452c51a1586f7e00f3732cb3a90 Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Thu, 22 Jun 2023 22:14:59 +0800
Subject: [PATCH] refactor/remove `hasOwnerViewAccess` replace with specific
 view permissions -- added canSeeTransactionRequestTypes_ permission

---
 .../migration/MigrationOfViewDefinitionPermissions.scala | 9 ++++++---
 .../src/main/scala/code/api/v1_4_0/APIMethods140.scala   | 6 ++++++
 .../scala/code/bankconnectors/LocalMappedConnector.scala | 2 --
 .../main/scala/code/model/dataAccess/MappedView.scala    | 5 +++++
 obp-api/src/main/scala/code/views/MapperViews.scala      | 4 +++-
 .../main/scala/code/views/system/ViewDefinition.scala    | 4 ++++
 .../com/openbankproject/commons/model/ViewModel.scala    | 2 ++
 7 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
index 2477ba0a0..75271380f 100644
--- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
+++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewDefinitionPermissions.scala
@@ -20,8 +20,9 @@ object MigrationOfViewDefinitionPermissions {
           By(ViewDefinition.isSystem_,true)
         ).map(view => 
           view
-//            .canSeeTransactionRequests_(true)
-//            .canSeeAvailableViewsForBankAccount_(true)
+            .canSeeTransactionRequestTypes_(true)
+            .canSeeTransactionRequests_(true)
+            .canSeeAvailableViewsForBankAccount_(true)
             .save
         ).head
 
@@ -31,7 +32,9 @@ object MigrationOfViewDefinitionPermissions {
 
         val comment: String =
           s"""ViewDefinition system owner view, update the following rows to true:
-             |canSeeTransactionRequests_
+             |${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName}
+             |${ViewDefinition.canSeeTransactionRequests_.dbColumnName}
+             |${ViewDefinition.canSeeAvailableViewsForBankAccount_.dbColumnName}
              |Duration: ${endDate - startDate} ms;
              """.stripMargin
         saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
diff --git a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
index 6dd366441..651387a85 100644
--- a/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
+++ b/obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
@@ -423,6 +423,12 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
             failMsg = ErrorMessages.InvalidISOCurrencyCode.concat("Please specify a valid value for CURRENCY of your Bank Account. ")
             _ <- NewStyle.function.isValidCurrencyISOCode(fromAccount.currency, failMsg, callContext)
             view <- NewStyle.function.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u), callContext)
+            _ <- Helper.booleanToFuture(
+              s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `${ViewDefinition.canSeeTransactionRequestTypes_.dbColumnName}` permission on the View(${viewId.value} )",
+              cc = callContext
+            ) {
+              view.canSeeTransactionRequestTypes
+            }
             transactionRequestTypes <- Future(Connector.connector.vend.getTransactionRequestTypes(u, fromAccount, callContext)) map {
               connectorEmptyResponse(_, callContext)
             }
diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
index da9ab1f57..8e9275b78 100644
--- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
+++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala
@@ -5270,13 +5270,11 @@ object LocalMappedConnector extends Connector with MdcLoggable {
 
   override def getTransactionRequestTypes(initiator: User, fromAccount: BankAccount, callContext: Option[CallContext]): Box[List[TransactionRequestType]] = {
     for {
-      isOwner <- booleanToBox(initiator.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), callContext), UserNoOwnerView)
       transactionRequestTypes <- getTransactionRequestTypesImpl(fromAccount)
     } yield transactionRequestTypes
   }
 
   override def getTransactionRequestTypesImpl(fromAccount: BankAccount): Box[List[TransactionRequestType]] = {
-    //TODO: write logic / data access
     // Get Transaction Request Types from Props "transactionRequests_supported_types". Default is empty string
     val validTransactionRequestTypes = APIUtil.getPropsValue("transactionRequests_supported_types", "").split(",").map(x => TransactionRequestType(x)).toList
     Full(validTransactionRequestTypes)
diff --git a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
index 8a7387db5..b043ff974 100644
--- a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
@@ -207,6 +207,10 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
   object canSeeTransactionRequests_ extends MappedBoolean(this){
     override def defaultValue = false
   }
+
+  object canSeeTransactionRequestTypes_ extends MappedBoolean(this){
+    override def defaultValue = false
+  }
   object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
     override def defaultValue = false
   }
@@ -456,6 +460,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
   //transaction fields
   def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
   def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
+  def canSeeTransactionRequestTypes : Boolean = canSeeTransactionRequestTypes_.get
   def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
   def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
   def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala
index 236b1e2b3..e0b94a62a 100644
--- a/obp-api/src/main/scala/code/views/MapperViews.scala
+++ b/obp-api/src/main/scala/code/views/MapperViews.scala
@@ -791,13 +791,15 @@ object MapperViews extends Views with MdcLoggable {
       .canAddTransactionRequestToOwnAccount_(true) //added following two for payments
       .canAddTransactionRequestToAnyAccount_(true)
       .canSeeAvailableViewsForBankAccount_(false)
-      .canSeeTransactionRequests_(false)
+      .canSeeTransactionRequests_(true)
+      .canSeeTransactionRequestTypes_(true)
 
     viewId match {
       case SYSTEM_OWNER_VIEW_ID =>
         entity
           .canSeeAvailableViewsForBankAccount_(true)
           .canSeeTransactionRequests_(true)
+          .canSeeTransactionRequestTypes_(true)
       case SYSTEM_STAGE_ONE_VIEW_ID =>
         entity
           .canSeeTransactionDescription_(false)
diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
index 48809e213..83ad820e7 100644
--- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
+++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala
@@ -63,6 +63,9 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
   object canSeeTransactionRequests_ extends MappedBoolean(this){
     override def defaultValue = false
   }
+  object canSeeTransactionRequestTypes_ extends MappedBoolean(this){
+    override def defaultValue = false
+  }
   object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
     override def defaultValue = false
   }
@@ -443,6 +446,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
   //transaction fields
   def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
   def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
+  def canSeeTransactionRequestTypes: Boolean = canSeeTransactionRequestTypes_.get
   def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
   def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
   def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
index c83a2cd15..0ee0f5a32 100644
--- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
+++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
@@ -260,6 +260,8 @@ trait View {
   //transaction fields
   def canSeeTransactionRequests: Boolean
   
+  def canSeeTransactionRequestTypes: Boolean
+  
   def canSeeTransactionThisBankAccount: Boolean
 
   def canSeeTransactionOtherBankAccount: Boolean