diff --git a/src/main/scala/code/api/1_2_1/OBPAPI1.2.1.scala b/src/main/scala/code/api/1_2_1/OBPAPI1.2.1.scala index 27ee526e5..465ce561e 100644 --- a/src/main/scala/code/api/1_2_1/OBPAPI1.2.1.scala +++ b/src/main/scala/code/api/1_2_1/OBPAPI1.2.1.scala @@ -220,8 +220,7 @@ object OBPAPI1_2_1 extends OBPRestHelper with Loggable { u <- user ?~ "user not found" json <- tryo{json.extract[ViewCreationJSON]} ?~ "wrong JSON format" account <- BankAccount(bankId, accountId) - canAddViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.idGivenByProvider + " at provider " + u.provider + " does not have owner access"}) - view <- account createView json + view <- account createView (u, json) } yield { val viewJSON = JSONFactory.createViewJSON(view) successJsonResponse(Extraction.decompose(viewJSON), 201) @@ -236,9 +235,8 @@ object OBPAPI1_2_1 extends OBPRestHelper with Loggable { for { account <- BankAccount(bankId, accountId) u <- user ?~ "user not found" - canAddViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.idGivenByProvider + " at provider " + u.provider + " does not have owner access"}) updateJson <- tryo{json.extract[ViewUpdateData]} ?~ "wrong JSON format" - updatedView <- account.updateView(viewId, updateJson) + updatedView <- account.updateView(u, viewId, updateJson) } yield { val viewJSON = JSONFactory.createViewJSON(updatedView) successJsonResponse(Extraction.decompose(viewJSON), 200) @@ -253,8 +251,7 @@ object OBPAPI1_2_1 extends OBPRestHelper with Loggable { for { u <- user ?~ "user not found" account <- BankAccount(bankId, accountId) - canRemoveViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.idGivenByProvider + " at provider " + u.provider + " does not have owner access"}) - view <- account removeView viewId + view <- account removeView (u, viewId) } yield noContentJsonResponse } }) diff --git a/src/main/scala/code/api/v1_2/OBPAPI1.2.scala b/src/main/scala/code/api/v1_2/OBPAPI1.2.scala index c5568538a..d1dea630a 100644 --- a/src/main/scala/code/api/v1_2/OBPAPI1.2.scala +++ b/src/main/scala/code/api/v1_2/OBPAPI1.2.scala @@ -221,8 +221,7 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable { json <- tryo{json.extract[ViewCreationJSON]} ?~ "wrong JSON format" u <- user ?~ "user not found" account <- BankAccount(bankId, accountId) - canAddViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.idGivenByProvider + " at provider " + u.provider + " does not have owner access"}) - view <- account createView json + view <- account createView (u, json) } yield { val viewJSON = JSONFactory.createViewJSON(view) successJsonResponse(Extraction.decompose(viewJSON), 201) @@ -237,9 +236,8 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable { for { account <- BankAccount(bankId, accountId) u <- user ?~ "user not found" - canAddViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.idGivenByProvider + " at provider " + u.provider + " does not have owner access"}) updateJson <- tryo{json.extract[ViewUpdateData]} ?~ "wrong JSON format" - updatedView <- account.updateView(viewId, updateJson) + updatedView <- account.updateView(u, viewId, updateJson) } yield { val viewJSON = JSONFactory.createViewJSON(updatedView) successJsonResponse(Extraction.decompose(viewJSON), 200) @@ -254,8 +252,7 @@ object OBPAPI1_2 extends OBPRestHelper with Loggable { for { u <- user ?~ "user not found" account <- BankAccount(bankId, accountId) - canRemoveViews <- booleanToBox(u.ownerAccess(account), {"user: " + u.idGivenByProvider + " at provider " + u.provider + " does not have owner access"}) - view <- account removeView viewId + view <- account removeView (u, viewId) } yield noContentJsonResponse } }) diff --git a/src/main/scala/code/model/BankingData.scala b/src/main/scala/code/model/BankingData.scala index 09a95e064..796cee5ae 100644 --- a/src/main/scala/code/model/BankingData.scala +++ b/src/main/scala/code/model/BankingData.scala @@ -283,14 +283,52 @@ class BankAccount( Failure("user : " + user.emailAddress + " don't have access to owner view on account " + id, Empty, Empty) } - def createView(v: ViewCreationJSON): Box[View] = - LocalStorage.createView(this, v) + def createView(userDoingTheCreate : User,v: ViewCreationJSON): Box[View] = { + if(!userDoingTheCreate.ownerAccess(this)) { + Failure({"user: " + userDoingTheCreate.idGivenByProvider + " at provider " + userDoingTheCreate.provider + " does not have owner access"}) + } else { + val view = LocalStorage.createView(this, v) + + if(view.isDefined) { + logger.info("user: " + userDoingTheCreate.idGivenByProvider + " at provider " + userDoingTheCreate.provider + " created view: " + view.get + + " for account " + permalink + "at bank " + bankPermalink) + } + + view + } + } - def updateView(viewId : String, v: ViewUpdateData) : Box[View] = - LocalStorage.updateView(this, viewId, v) + def updateView(userDoingTheUpdate : User, viewId : String, v: ViewUpdateData) : Box[View] = { + if(!userDoingTheUpdate.ownerAccess(this)) { + Failure({"user: " + userDoingTheUpdate.idGivenByProvider + " at provider " + userDoingTheUpdate.provider + " does not have owner access"}) + } else { + val view = LocalStorage.updateView(this, viewId, v) + + if(view.isDefined) { + logger.info("user: " + userDoingTheUpdate.idGivenByProvider + " at provider " + userDoingTheUpdate.provider + " updated view: " + view.get + + " for account " + permalink + "at bank " + bankPermalink) + } + + view + } + } + - def removeView(viewId: String) : Box[Unit] = - LocalStorage.removeView(viewId, this) + def removeView(userDoingTheRemove : User,viewId: String) : Box[Unit] = { + if(!userDoingTheRemove.ownerAccess(this)) { + Failure({"user: " + userDoingTheRemove.idGivenByProvider + " at provider " + userDoingTheRemove.provider + " does not have owner access"}) + } else { + val deleted = LocalStorage.removeView(viewId, this) + + if(deleted.isDefined) { + logger.info("user: " + userDoingTheRemove.idGivenByProvider + " at provider " + userDoingTheRemove.provider + " deleted view: " + viewId + + " for account " + permalink + "at bank " + bankPermalink) + } + + deleted + } + } + def publicViews : List[View] = LocalStorage.publicViews(this).getOrElse(Nil)