diff --git a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala index 7419e4b13..6cfbaf752 100644 --- a/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala +++ b/obp-api/src/main/scala/code/api/v1_2_1/APIMethods121.scala @@ -543,11 +543,11 @@ trait APIMethods121 { cc => for { u <- cc.user ?~ UserNotLoggedIn - account <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound - _ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), Some(cc)), UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId) - views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId))) + bankAccount <- BankAccountX(bankId, accountId) ?~! BankAccountNotFound + ownerView <- u.checkOwnerViewAccessAndReturnOwnerView(BankIdAccountId(bankAccount.bankId, bankAccount.accountId), None) + _ <- Helper.booleanToBox(ownerView.canSeeBankAccountAllViews, UserNoOwnerView + "userId : " + u.userId + ". account : " + accountId) + views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId))) } yield { - // TODO Include system views as well val viewsJSON = JSONFactory.createViewsJSON(views) successJsonResponse(Extraction.decompose(viewsJSON)) } diff --git a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala index 485f57932..11cfa5b97 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala @@ -1,5 +1,6 @@ package code.api.v2_2_0 +import code.api.Constant.SYSTEM_OWNER_VIEW_ID import java.util.Date import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.util.APIUtil._ @@ -99,8 +100,9 @@ trait APIMethods220 { for { (Full(u), callContext) <- authenticatedAccess(cc) (account, callContext) <- NewStyle.function.checkBankAccountExists(bankId, accountId, callContext) - _ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId, cc=callContext) { - u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), callContext) + ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(cc.loggedInUser), cc.callContext) + _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc = cc.callContext) { + ownerView.canSeeBankAccountAllViews } views <- Future(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId))) } yield { diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index ae6f076f9..45680007b 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -109,13 +109,14 @@ trait APIMethods300 { val res = for { (Full(u), callContext) <- authenticatedAccess(cc) - (account, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) - _ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + u.userId + ". account : " + accountId, cc=callContext){ - u.hasOwnerViewAccess(BankIdAccountId(account.bankId, account.accountId), callContext) + (bankAccount, callContext) <- NewStyle.function.getBankAccount(bankId, accountId, callContext) + ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(code.api.Constant.SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(cc.loggedInUser), cc.callContext) + _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc = cc.callContext) { + ownerView.canSeeBankAccountAllViews } } yield { for { - views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(account.bankId, account.accountId))) + views <- Full(Views.views.vend.availableViewsForAccount(BankIdAccountId(bankAccount.bankId, bankAccount.accountId))) } yield { (createViewsJSON(views), HttpCode.`200`(callContext)) } diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 2649a2018..72bde98e0 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -43,6 +43,7 @@ import net.liftweb.util.{Helpers, Props} import java.util.concurrent.ThreadLocalRandom import code.accountattribute.AccountAttributeX +import code.api.Constant.SYSTEM_OWNER_VIEW_ID import code.util.Helper.booleanToFuture import code.views.system.AccountAccess @@ -1590,8 +1591,9 @@ trait APIMethods500 { cc => val res = for { - _ <- Helper.booleanToFuture(failMsg = UserNoOwnerView +"userId : " + cc.userId + ". account : " + accountId, cc=cc.callContext){ - cc.loggedInUser.hasOwnerViewAccess(BankIdAccountId(bankId, accountId), Some(cc)) + ownerView <- NewStyle.function.checkViewAccessAndReturnView(ViewId(SYSTEM_OWNER_VIEW_ID), BankIdAccountId(bankId, accountId), Some(cc.loggedInUser), cc.callContext) + _ <- Helper.booleanToFuture(failMsg = s"${ErrorMessages.ViewDoesNotPermitAccess} You need the `canSeeBankAccountAllViews` access for the Owner View", cc=cc.callContext){ + ownerView.canSeeBankAccountAllViews } } yield { for { diff --git a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala index 768caceb8..c8beba0d5 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/MappedView.scala @@ -54,7 +54,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with def getSingleton = ViewImpl def primaryKeyField = id_ - + //This field used ManyToMany object users_ extends MappedManyToMany(ViewPrivileges, ViewPrivileges.view, ViewPrivileges.user, ResourceUser) @@ -245,6 +245,9 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with object canSeeBankAccountOwners_ extends MappedBoolean(this){ override def defaultValue = false } + object canSeeBankAccountAllViews_ extends MappedBoolean(this){ + override def defaultValue = false + } object canSeeBankAccountType_ extends MappedBoolean(this){ override def defaultValue = false } @@ -465,6 +468,7 @@ class ViewImpl extends View with LongKeyedMapper[ViewImpl] with ManyToMany with def canSeeImages : Boolean = canSeeImages_.get //Bank account fields + def canSeeBankAccountAllViews : Boolean = canSeeBankAccountAllViews_.get def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 06f209507..1d571560e 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -790,8 +790,12 @@ object MapperViews extends Views with MdcLoggable { .canSeeOtherAccountRoutingAddress_(true) .canAddTransactionRequestToOwnAccount_(true) //added following two for payments .canAddTransactionRequestToAnyAccount_(true) + .canSeeBankAccountAllViews_(false) viewId match { + case SYSTEM_OWNER_VIEW_ID => + entity + .canSeeBankAccountAllViews_(true) case SYSTEM_STAGE_ONE_VIEW_ID => entity .canSeeTransactionDescription_(false) diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index ff3a035b1..2dc96c539 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -102,6 +102,9 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many object canSeeBankAccountOwners_ extends MappedBoolean(this){ override def defaultValue = false } + object canSeeBankAccountAllViews_ extends MappedBoolean(this){ + override def defaultValue = false + } object canSeeBankAccountType_ extends MappedBoolean(this){ override def defaultValue = false } @@ -453,6 +456,7 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many def canSeeImages : Boolean = canSeeImages_.get //Bank account fields + def canSeeBankAccountAllViews : Boolean = canSeeBankAccountAllViews_.get def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index 057b97bb5..4597c5f36 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -288,6 +288,8 @@ trait View { def canSeeImages: Boolean //Bank account fields + def canSeeBankAccountAllViews: Boolean + def canSeeBankAccountOwners: Boolean def canSeeBankAccountType: Boolean