artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 13:07:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor/remove hasOwnerViewAccess replace with specific view permissions- added canSeeBankAccountAllViews

Browse Source
This commit is contained in:
hongwei 2023-06-13 19:10:45 +08:00
parent 855b50f176
commit c978e0cda4
8 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala
View File

@ -543,11 +543,11 @@ trait APIMethods121 {
cc =>
for {
u <- cc.user ?~ UserNotLoggedIn
account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
_ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), Some(cc)), UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId)
views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId)))
bankAccount <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound
ownerView <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId, bankAccount.accountId), None)
_ <- Helper.booleanToBox(ownerView.canSeeBankAccountAllViews, UserNoOwnerView + "userId : " + u.userId + ". account : " + accountId)
views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId)))
} yield {
// TODO Include system views as well
val viewsJSON = JSONFactory.createViewsJSON(views)
successJsonResponse(Extraction.decompose(viewsJSON))
}

6
obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala
View File

@ -1,5 +1,6 @@
package code.api.v2_2_0
import code.api.Constant.SYSTEM_OWNER_VIEW_ID
import java.util.Date
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
import code.api.util.APIUtil._
@ -99,8 +100,9 @@ trait APIMethods220 {
for {
(Full(u), callContext) <- authenticatedAccess(cc)
(account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext)
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId, cc=callContext) {
u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), callContext)
ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(cc.loggedInUser), cc.callContext)
_ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc = cc.callContext) {
ownerView.canSeeBankAccountAllViews
}
views <- Future(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId)))
} yield {

9
obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala
View File

@ -109,13 +109,14 @@ trait APIMethods300 {
val res =
for {
(Full(u), callContext) <- authenticatedAccess(cc)
(account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId, cc=callContext){
u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), callContext)
(bankAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext)
ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(code.api.Constant.SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(cc.loggedInUser), cc.callContext)
_ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc = cc.callContext) {
ownerView.canSeeBankAccountAllViews
}
} yield {
for {
views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId)))
views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId)))
} yield {
(createViewsJSON(views), HttpCode.`200`(callContext))
}

6
obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
View File

@ -43,6 +43,7 @@ import net.liftweb.util.{Helpers, Props}
import java.util.concurrent.ThreadLocalRandom
import code.accountattribute.AccountAttributeX
import code.api.Constant.SYSTEM_OWNER_VIEW_ID
import code.util.Helper.booleanToFuture
import code.views.system.AccountAccess
@ -1590,8 +1591,9 @@ trait APIMethods500 {
cc =>
val res =
for {
_ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + cc.userId + ". account : " + accountId, cc=cc.callContext){
cc.loggedInUser.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), Some(cc))
ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(cc.loggedInUser), cc.callContext)
_ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc=cc.callContext){
ownerView.canSeeBankAccountAllViews
}
} yield {
for {

6
obp-api/src/main/scala/code/model/dataAccess/MappedView.scala
View File

@ -54,7 +54,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
def getSingleton = ViewImpl
def primaryKeyField = id_
//This field used ManyToMany
object users_ extends MappedManyToMany(ViewPrivileges, ViewPrivileges.view, ViewPrivileges.user, ResourceUser)
@ -245,6 +245,9 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
object canSeeBankAccountOwners_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountAllViews_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountType_ extends MappedBoolean(this){
override def defaultValue = false
}
@ -465,6 +468,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with
def canSeeImages : Boolean = canSeeImages_.get
//Bank account fields
def canSeeBankAccountAllViews : Boolean = canSeeBankAccountAllViews_.get
def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get
def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get
def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get

4
obp-api/src/main/scala/code/views/MapperViews.scala
View File

@ -790,8 +790,12 @@ object MapperViews extends Views with MdcLoggable {
.canSeeOtherAccountRoutingAddress_(true)
.canAddTransactionRequestToOwnAccount_(true) //added following two for payments
.canAddTransactionRequestToAnyAccount_(true)
.canSeeBankAccountAllViews_(false)
viewId match {
case SYSTEM_OWNER_VIEW_ID =>
entity
.canSeeBankAccountAllViews_(true)
case SYSTEM_STAGE_ONE_VIEW_ID =>
entity
.canSeeTransactionDescription_(false)

4
obp-api/src/main/scala/code/views/system/ViewDefinition.scala
View File

@ -102,6 +102,9 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
object canSeeBankAccountOwners_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountAllViews_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountType_ extends MappedBoolean(this){
override def defaultValue = false
}
@ -453,6 +456,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
def canSeeImages : Boolean = canSeeImages_.get
//Bank account fields
def canSeeBankAccountAllViews : Boolean = canSeeBankAccountAllViews_.get
def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get
def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get
def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get

2
obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
View File

@ -288,6 +288,8 @@ trait View {
def canSeeImages: Boolean
//Bank account fields
def canSeeBankAccountAllViews: Boolean
def canSeeBankAccountOwners: Boolean
def canSeeBankAccountType: Boolean