artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 15:27:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature/viewPermission remove the permissions in view

Browse Source
This commit is contained in:
hongwei 2025-07-12 15:43:30 +02:00
parent dc8e9e02e2
commit cd56a316f1
8 changed files with 475 additions and 1284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
obp-api/src/main/scala/code/api/constant/constant.scala
View File

@ -222,6 +222,191 @@ object Constant extends MdcLoggable {
final val CAN_GRANT_ACCESS_TO_VIEWS = "can_grant_access_to_views"
final val CAN_REVOKE_ACCESS_TO_VIEWS = "can_revoke_access_to_views"
final val SYSTEM_OWNER_VIEW_PERMISSION_ADMIN = List(
CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_REQUESTS,
CAN_SEE_TRANSACTION_REQUEST_TYPES,
CAN_UPDATE_BANK_ACCOUNT_LABEL,
CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER,
CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS,
CAN_SEE_TRANSACTION_DESCRIPTION,
CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT,
CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY,
CAN_GRANT_ACCESS_TO_VIEWS,
CAN_REVOKE_ACCESS_TO_VIEWS
)
final val SYSTEM_MANAGER_VIEW_PERMISSION = List(
CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS,
CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS,
CAN_CREATE_CUSTOM_VIEW,
CAN_DELETE_CUSTOM_VIEW,
CAN_UPDATE_CUSTOM_VIEW,
CAN_GET_CUSTOM_VIEW
)
final val SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION = List(
CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT,
CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY
)
final val SYSTEM_PUBLIC_VIEW_PERMISSION = List(
CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_METADATA,
CAN_SEE_TRANSACTION_AMOUNT,
CAN_SEE_TRANSACTION_TYPE,
CAN_SEE_TRANSACTION_CURRENCY,
CAN_SEE_TRANSACTION_START_DATE,
CAN_SEE_TRANSACTION_FINISH_DATE,
CAN_SEE_TRANSACTION_BALANCE,
CAN_SEE_COMMENTS,
CAN_SEE_OWNER_COMMENT,
CAN_SEE_TAGS,
CAN_SEE_IMAGES,
CAN_SEE_BANK_ACCOUNT_OWNERS,
CAN_SEE_BANK_ACCOUNT_TYPE,
CAN_SEE_BANK_ACCOUNT_BALANCE,
CAN_SEE_BANK_ACCOUNT_CURRENCY,
CAN_SEE_BANK_ACCOUNT_LABEL,
CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER,
CAN_SEE_BANK_ACCOUNT_IBAN,
CAN_SEE_BANK_ACCOUNT_NUMBER,
CAN_SEE_BANK_ACCOUNT_BANK_NAME,
CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK,
CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER,
CAN_SEE_OTHER_ACCOUNT_IBAN,
CAN_SEE_OTHER_ACCOUNT_BANK_NAME,
CAN_SEE_OTHER_ACCOUNT_NUMBER,
CAN_SEE_OTHER_ACCOUNT_METADATA,
CAN_SEE_OTHER_ACCOUNT_KIND,
CAN_SEE_MORE_INFO,
CAN_SEE_URL,
CAN_SEE_IMAGE_URL,
CAN_SEE_OPEN_CORPORATES_URL,
CAN_SEE_CORPORATE_LOCATION,
CAN_SEE_PHYSICAL_LOCATION,
CAN_SEE_PUBLIC_ALIAS,
CAN_SEE_PRIVATE_ALIAS,
CAN_ADD_MORE_INFO,
CAN_ADD_URL,
CAN_ADD_IMAGE_URL,
CAN_ADD_OPEN_CORPORATES_URL,
CAN_ADD_CORPORATE_LOCATION,
CAN_ADD_PHYSICAL_LOCATION,
CAN_ADD_PUBLIC_ALIAS,
CAN_ADD_PRIVATE_ALIAS,
CAN_ADD_COUNTERPARTY,
CAN_GET_COUNTERPARTY,
CAN_EDIT_OWNER_COMMENT,
CAN_ADD_COMMENT,
CAN_ADD_TAG,
CAN_ADD_IMAGE,
CAN_ADD_WHERE_TAG,
CAN_SEE_WHERE_TAG,
CAN_SEE_BANK_ROUTING_SCHEME,
CAN_SEE_BANK_ROUTING_ADDRESS,
CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME,
CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_OTHER_BANK_ROUTING_SCHEME,
CAN_SEE_OTHER_BANK_ROUTING_ADDRESS,
CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME,
CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_TRANSACTION_STATUS
)
final val SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION = List(
CAN_SEE_TRANSACTION_AMOUNT,
CAN_SEE_TRANSACTION_BALANCE,
CAN_SEE_TRANSACTION_CURRENCY,
CAN_SEE_TRANSACTION_DESCRIPTION,
CAN_SEE_TRANSACTION_FINISH_DATE,
CAN_SEE_TRANSACTION_START_DATE,
CAN_SEE_OTHER_ACCOUNT_IBAN,
CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_TYPE,
CAN_SEE_BANK_ACCOUNT_LABEL,
CAN_SEE_BANK_ACCOUNT_BALANCE,
CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_BANK_ACCOUNT_CURRENCY
)
final val SYSTEM_VIEW_PERMISSION_COMMON = List(
CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_METADATA,
CAN_SEE_TRANSACTION_AMOUNT,
CAN_SEE_TRANSACTION_TYPE,
CAN_SEE_TRANSACTION_CURRENCY,
CAN_SEE_TRANSACTION_START_DATE,
CAN_SEE_TRANSACTION_FINISH_DATE,
CAN_SEE_TRANSACTION_BALANCE,
CAN_SEE_COMMENTS,
CAN_SEE_OWNER_COMMENT,
CAN_SEE_TAGS,
CAN_SEE_IMAGES,
CAN_SEE_BANK_ACCOUNT_OWNERS,
CAN_SEE_BANK_ACCOUNT_TYPE,
CAN_SEE_BANK_ACCOUNT_BALANCE,
CAN_SEE_BANK_ACCOUNT_CURRENCY,
CAN_SEE_BANK_ACCOUNT_LABEL,
CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER,
CAN_SEE_BANK_ACCOUNT_SWIFT_BIC,
CAN_SEE_BANK_ACCOUNT_IBAN,
CAN_SEE_BANK_ACCOUNT_NUMBER,
CAN_SEE_BANK_ACCOUNT_BANK_NAME,
CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK,
CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER,
CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC,
CAN_SEE_OTHER_ACCOUNT_IBAN,
CAN_SEE_OTHER_ACCOUNT_BANK_NAME,
CAN_SEE_OTHER_ACCOUNT_NUMBER,
CAN_SEE_OTHER_ACCOUNT_METADATA,
CAN_SEE_OTHER_ACCOUNT_KIND,
CAN_SEE_MORE_INFO,
CAN_SEE_URL,
CAN_SEE_IMAGE_URL,
CAN_SEE_OPEN_CORPORATES_URL,
CAN_SEE_CORPORATE_LOCATION,
CAN_SEE_PHYSICAL_LOCATION,
CAN_SEE_PUBLIC_ALIAS,
CAN_SEE_PRIVATE_ALIAS,
CAN_ADD_MORE_INFO,
CAN_ADD_URL,
CAN_ADD_IMAGE_URL,
CAN_ADD_OPEN_CORPORATES_URL,
CAN_ADD_CORPORATE_LOCATION,
CAN_ADD_PHYSICAL_LOCATION,
CAN_ADD_PUBLIC_ALIAS,
CAN_ADD_PRIVATE_ALIAS,
CAN_ADD_COUNTERPARTY,
CAN_GET_COUNTERPARTY,
CAN_DELETE_COUNTERPARTY,
CAN_DELETE_CORPORATE_LOCATION,
CAN_DELETE_PHYSICAL_LOCATION,
CAN_EDIT_OWNER_COMMENT,
CAN_ADD_COMMENT,
CAN_DELETE_COMMENT,
CAN_ADD_TAG,
CAN_DELETE_TAG,
CAN_ADD_IMAGE,
CAN_DELETE_IMAGE,
CAN_ADD_WHERE_TAG,
CAN_SEE_WHERE_TAG,
CAN_DELETE_WHERE_TAG,
CAN_SEE_BANK_ROUTING_SCHEME,
CAN_SEE_BANK_ROUTING_ADDRESS,
CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME,
CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_OTHER_BANK_ROUTING_SCHEME,
CAN_SEE_OTHER_BANK_ROUTING_ADDRESS,
CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME,
CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_TRANSACTION_STATUS,
CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT
)
final val VIEW_PERMISSION_NAMES = List(
CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_METADATA,

26
obp-api/src/main/scala/code/api/util/migration/Migration.scala
View File

@ -99,7 +99,7 @@ object Migration extends MdcLoggable {
// populateViewDefinitionCanAddTransactionRequestToBeneficiary()
// populateViewDefinitionCanSeeTransactionStatus()
alterCounterpartyLimitFieldType()
populateMigrationOfViewPermissions(startedBeforeSchemifier)
// populateMigrationOfViewPermissions(startedBeforeSchemifier)
}
private def dummyScript(): Boolean = {
@ -141,18 +141,18 @@ object Migration extends MdcLoggable {
// }
// }
// }
private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = {
if (startedBeforeSchemifier == true) {
logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.")
true
} else {
val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier))
runOnce(name) {
MigrationOfViewPermissions.populate(name)
}
}
}
//
// private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = {
// if (startedBeforeSchemifier == true) {
// logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.")
// true
// } else {
// val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier))
// runOnce(name) {
// MigrationOfViewPermissions.populate(name)
// }
// }
// }
private def generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier: Boolean): Boolean = {
if(startedBeforeSchemifier == true) {

76
obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala
View File

@ -1,38 +1,38 @@
package code.api.util.migration
import code.api.util.APIUtil
import code.api.util.migration.Migration.{DbFunction, saveLog}
import code.views.MapperViews
import code.views.system.{ViewDefinition, ViewPermission}
object MigrationOfViewPermissions {
def populate(name: String): Boolean = {
DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match {
case true =>
val startDate = System.currentTimeMillis()
val commitId: String = APIUtil.gitCommit
val allViewDefinitions = ViewDefinition.findAll()
val viewPermissionRowNumberBefore = ViewPermission.count
allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v))
val viewPermissionRowNumberAfter = ViewPermission.count
val isSuccessful = true
val endDate = System.currentTimeMillis()
val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin
saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
isSuccessful
case false =>
val startDate = System.currentTimeMillis()
val commitId: String = APIUtil.gitCommit
val isSuccessful = false
val endDate = System.currentTimeMillis()
val comment: String =
s"""ViewDefinition or ViewPermission does not exist!""".stripMargin
saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
isSuccessful
}
}
}
//package code.api.util.migration
//
//import code.api.util.APIUtil
//import code.api.util.migration.Migration.{DbFunction, saveLog}
//import code.views.MapperViews
//import code.views.system.{ViewDefinition, ViewPermission}
//
//object MigrationOfViewPermissions {
// def populate(name: String): Boolean = {
// DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match {
// case true =>
// val startDate = System.currentTimeMillis()
// val commitId: String = APIUtil.gitCommit
//
// val allViewDefinitions = ViewDefinition.findAll()
// val viewPermissionRowNumberBefore = ViewPermission.count
// allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v))
// val viewPermissionRowNumberAfter = ViewPermission.count
//
// val isSuccessful = true
// val endDate = System.currentTimeMillis()
//
// val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin
// saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
// isSuccessful
//
// case false =>
// val startDate = System.currentTimeMillis()
// val commitId: String = APIUtil.gitCommit
// val isSuccessful = false
// val endDate = System.currentTimeMillis()
// val comment: String =
// s"""ViewDefinition or ViewPermission does not exist!""".stripMargin
// saveLog(name, commitId, isSuccessful, startDate, endDate, comment)
// isSuccessful
// }
// }
//}

392
obp-api/src/main/scala/code/views/MapperViews.scala
View File

@ -392,12 +392,10 @@ object MapperViews extends Views with MdcLoggable {
Failure(s"$SystemViewAlreadyExistsError Current VIEW_ID($viewId)")
case false =>
val createdView = ViewDefinition.create.name_(view.name).view_id(viewId)
createdView.setFromViewData(view)
createdView.createViewAndPermissions(view)
createdView.isSystem_(true)
createdView.isPublic_(false)
val viewSaved = Full(createdView.saveMe)
viewSaved.map(v => MapperViews.migrateViewPermissions(v))
viewSaved
Full(createdView.saveMe)
}
}
}
@ -436,28 +434,20 @@ object MapperViews extends Views with MdcLoggable {
bank_id(bankAccountId.bankId.value).
account_id(bankAccountId.accountId.value)
createdView.setFromViewData(view)
val viewSaved = Full(createdView.saveMe)
viewSaved.map(v => MapperViews.migrateViewPermissions(v))
viewSaved
createdView.createViewAndPermissions(view)
Full(createdView.saveMe)
}
}
/* Update the specification of the view (what data/actions are allowed) */
def updateCustomView(bankAccountId : BankIdAccountId, viewId: ViewId, viewUpdateJson : UpdateViewJSON) : Box[View] = {
for {
view <- ViewDefinition.findCustomView(bankAccountId.bankId.value, bankAccountId.accountId.value, viewId.value)
} yield {
view.setFromViewData(viewUpdateJson)
view.createViewAndPermissions(viewUpdateJson)
view.saveMe
MapperViews.migrateViewPermissions(view)
view
}
}
/* Update the specification of the system view (what data/actions are allowed) */
@ -465,10 +455,8 @@ object MapperViews extends Views with MdcLoggable {
for {
view <- ViewDefinition.findSystemView(viewId.value)
} yield {
view.setFromViewData(viewUpdateJson)
view.createViewAndPermissions(viewUpdateJson)
view.saveMe
MapperViews.migrateViewPermissions(view)
view
}
}
@ -632,96 +620,11 @@ object MapperViews extends Views with MdcLoggable {
theView
}
/**
* This migrates the current View permissions to the new ViewPermission model.
* this will not add any new permission, it will only migrate the existing permissions.
* @param viewDefinition
*/
def migrateViewPermissions(viewDefinition: View): Unit = {
//first, we list all the current view permissions.
val permissionNames: List[String] = code.api.Constant.VIEW_PERMISSION_NAMES
permissionNames.foreach { permissionName =>
// CAN_REVOKE_ACCESS_TO_VIEWS and CAN_GRANT_ACCESS_TO_VIEWS are special cases, they have a list of view ids as metadata.
// For the rest of the permissions, they are just boolean values.
if (permissionName == CAN_REVOKE_ACCESS_TO_VIEWS || permissionName == CAN_GRANT_ACCESS_TO_VIEWS) {
val permissionValueFromViewDefinition = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Option[List[String]]]
ViewPermission.findViewPermission(viewDefinition, permissionName) match {
// If the permission already exists in ViewPermission, but permissionValueFromViewDefinition is empty, we delete it.
case Full(permission) if permissionValueFromViewDefinition.isEmpty =>
permission.delete_!
// If the permission already exists and permissionValueFromViewDefinition is defined, we update the metadata.
case Full(permission) if permissionValueFromViewDefinition.isDefined =>
permission.extraData(permissionValueFromViewDefinition.get.mkString(",")).save
//if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView
case Empty if (viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) =>
ViewPermission.create
.bank_id(null)
.account_id(null)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(permissionValueFromViewDefinition.get.mkString(","))
.save
//if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView
case Empty if (!viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) =>
ViewPermission.create
.bank_id(viewDefinition.bankId.value)
.account_id(viewDefinition.accountId.value)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(permissionValueFromViewDefinition.get.mkString(","))
.save
case _ =>
// This case should not happen, but if it does, we add an error log
logger.error(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.")
}
} else {
// For the rest of the permissions, they are just boolean values.
val permissionValue = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Boolean]
ViewPermission.findViewPermission(viewDefinition, permissionName) match {
// If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is false, we delete it.
case Full(permission) if !permissionValue =>
permission.delete_!
// If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we udpate it.
case Full(permission) if permissionValue =>
permission.permission(permissionName).save
//if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --systemView
case _ if (viewDefinition.isSystem && permissionValue) =>
ViewPermission.create
.bank_id(null)
.account_id(null)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.save
//if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --customerView
case _ if (!viewDefinition.isSystem && permissionValue) =>
ViewPermission.create
.bank_id(viewDefinition.bankId.value)
.account_id(viewDefinition.accountId.value)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.save
case _ =>
// This case should not happen, but if it does, we do nothing
logger.warn(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.")
}
}
}
}
def getOrCreateSystemView(viewId: String) : Box[View] = {
getExistingSystemView(viewId) match {
case Empty =>
val view = createDefaultSystemView(viewId)
view.map(v => migrateViewPermissions(v))
view
case Full(v) =>
migrateViewPermissions(v)
Full(v)
createDefaultSystemView(viewId)
case Full(v) => Full(v)
case Failure(msg, t, c) => Failure(msg, t, c)
case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q)
}
@ -742,11 +645,8 @@ object MapperViews extends Views with MdcLoggable {
def getOrCreateCustomPublicView(bankId: BankId, accountId: AccountId, description: String = "Public View") : Box[View] = {
getExistingCustomView(bankId, accountId, CUSTOM_PUBLIC_VIEW_ID) match {
case Empty=>
val view = createDefaultCustomPublicView(bankId, accountId, description)
view.map(v => migrateViewPermissions(v))
view
createDefaultCustomPublicView(bankId, accountId, description)
case Full(v)=>
migrateViewPermissions(v)
Full(v)
case Failure(msg, t, c) => Failure(msg, t, c)
case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q)
@ -793,6 +693,7 @@ object MapperViews extends Views with MdcLoggable {
def bulkDeleteAllPermissionsAndViews() : Boolean = {
ViewDefinition.bulkDelete_!!()
AccountAccess.bulkDelete_!!()
ViewPermission.bulkDelete_!!()
true
}
@ -809,156 +710,51 @@ object MapperViews extends Views with MdcLoggable {
.usePrivateAliasIfOneExists_(false) //(default is false anyways)
.usePublicAliasIfOneExists_(false) //(default is false anyways)
.hideOtherAccountMetadataIfAlias_(false) //(default is false anyways)
.canSeeTransactionThisBankAccount_(true)
.canSeeTransactionOtherBankAccount_(true)
.canSeeTransactionMetadata_(true)
.canSeeTransactionDescription_(true)
.canSeeTransactionAmount_(true)
.canSeeTransactionType_(true)
.canSeeTransactionCurrency_(true)
.canSeeTransactionStartDate_(true)
.canSeeTransactionFinishDate_(true)
.canSeeTransactionBalance_(true)
.canSeeComments_(true)
.canSeeOwnerComment_(true)
.canSeeTags_(true)
.canSeeImages_(true)
.canSeeBankAccountOwners_(true)
.canSeeBankAccountType_(true)
.canSeeBankAccountBalance_(true)
.canSeeBankAccountCurrency_(true)
.canSeeBankAccountLabel_(true)
.canSeeBankAccountNationalIdentifier_(true)
.canSeeBankAccountSwift_bic_(true)
.canSeeBankAccountIban_(true)
.canSeeBankAccountNumber_(true)
.canSeeBankAccountBankName_(true)
.canSeeBankAccountBankPermalink_(true)
.canSeeOtherAccountNationalIdentifier_(true)
.canSeeOtherAccountSWIFT_BIC_(true)
.canSeeOtherAccountIBAN_(true)
.canSeeOtherAccountBankName_(true)
.canSeeOtherAccountNumber_(true)
.canSeeOtherAccountMetadata_(true)
.canSeeOtherAccountKind_(true)
.canSeeMoreInfo_(true)
.canSeeUrl_(true)
.canSeeImageUrl_(true)
.canSeeOpenCorporatesUrl_(true)
.canSeeCorporateLocation_(true)
.canSeePhysicalLocation_(true)
.canSeePublicAlias_(true)
.canSeePrivateAlias_(true)
.canAddMoreInfo_(true)
.canAddURL_(true)
.canAddImageURL_(true)
.canAddOpenCorporatesUrl_(true)
.canAddCorporateLocation_(true)
.canAddPhysicalLocation_(true)
.canAddPublicAlias_(true)
.canAddPrivateAlias_(true)
.canAddCounterparty_(true)
.canGetCounterparty_(true)
.canDeleteCounterparty_(true)
.canDeleteCorporateLocation_(true)
.canDeletePhysicalLocation_(true)
.canEditOwnerComment_(true)
.canAddComment_(true)
.canDeleteComment_(true)
.canAddTag_(true)
.canDeleteTag_(true)
.canAddImage_(true)
.canDeleteImage_(true)
.canAddWhereTag_(true)
.canSeeWhereTag_(true)
.canDeleteWhereTag_(true)
.canSeeBankRoutingScheme_(true) //added following in V300
.canSeeBankRoutingAddress_(true)
.canSeeBankAccountRoutingScheme_(true)
.canSeeBankAccountRoutingAddress_(true)
.canSeeOtherBankRoutingScheme_(true)
.canSeeOtherBankRoutingAddress_(true)
.canSeeOtherAccountRoutingScheme_(true)
.canSeeOtherAccountRoutingAddress_(true)
.canSeeTransactionStatus_(true)
// TODO Allow use only for certain cases
.canAddTransactionRequestToOwnAccount_(true) //added following two for payments
.canAddTransactionRequestToAnyAccount_(true)
.canAddTransactionRequestToBeneficiary_(true)
.canSeeAvailableViewsForBankAccount_(false)
.canSeeTransactionRequests_(false)
.canSeeTransactionRequestTypes_(false)
.canUpdateBankAccountLabel_(false)
.canSeeViewsWithPermissionsForOneUser_(false)
.canSeeViewsWithPermissionsForAllUsers_(false)
.canRevokeAccessToCustomViews_(false)
.canGrantAccessToCustomViews_(false)
.canCreateCustomView_(false)
.canDeleteCustomView_(false)
.canUpdateCustomView_(false)
.canGetCustomView_(false)
viewId match {
case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>
entity // Make additional setup to the existing view
.canSeeAvailableViewsForBankAccount_(true)
.canSeeTransactionRequests_(true)
.canSeeTransactionRequestTypes_(true)
.canUpdateBankAccountLabel_(true)
.canSeeViewsWithPermissionsForOneUser_(true)
.canSeeViewsWithPermissionsForAllUsers_(true)
.canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(","))
.canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(","))
case SYSTEM_STAGE_ONE_VIEW_ID =>
entity // Make additional setup to the existing view
.canSeeTransactionDescription_(false)
.canAddTransactionRequestToAnyAccount_(false)
.canAddTransactionRequestToBeneficiary_(false)
case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>
entity // Make additional setup to the existing view
.canRevokeAccessToCustomViews_(true)
.canGrantAccessToCustomViews_(true)
.canCreateCustomView_(true)
.canDeleteCustomView_(true)
.canUpdateCustomView_(true)
.canGetCustomView_(true)
case SYSTEM_FIREHOSE_VIEW_ID =>
case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>{
ViewPermission.createViewPermissions(
entity,
SYSTEM_OWNER_VIEW_PERMISSION_ADMIN,
DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS,
DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS
)
ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON)
entity
}
case SYSTEM_STAGE_ONE_VIEW_ID =>{
ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON)
entity
}
case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>{
ViewPermission.createViewPermissions(
entity,
SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_MANAGER_VIEW_PERMISSION
)
entity
}
case SYSTEM_FIREHOSE_VIEW_ID =>{
ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON)
entity // Make additional setup to the existing view
.isFirehose_(true)
}
case SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID |
SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID =>
create // A new one
.isSystem_(true)
.isFirehose_(false)
.name_(StringHelpers.capify(viewId))
.view_id(viewId)
.description_(viewId)
case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID =>
create // A new one
.isSystem_(true)
.isFirehose_(false)
.name_(StringHelpers.capify(viewId))
.view_id(viewId)
.description_(viewId)
.canSeeTransactionThisBankAccount_(true)
.canSeeTransactionOtherBankAccount_(true)
.canSeeTransactionAmount_(true)
.canSeeTransactionCurrency_(true)
.canSeeTransactionBalance_(true)
.canSeeTransactionStartDate_(true)
.canSeeTransactionFinishDate_(true)
.canSeeTransactionDescription_(true)
case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID =>
create // A new one
.isSystem_(true)
.isFirehose_(false)
.name_(StringHelpers.capify(viewId))
.view_id(viewId)
.description_(viewId)
.canAddTransactionRequestToAnyAccount_(true)
.canAddTransactionRequestToBeneficiary_(true)
entity
case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID =>{
ViewPermission.createViewPermissions(
entity,
SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION
)
entity
}
case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID =>{
ViewPermission.createViewPermissions(
entity,
SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION
)
entity
}
case _ =>
entity
}
@ -983,87 +779,13 @@ object MapperViews extends Views with MdcLoggable {
account_id(accountId.value).
usePrivateAliasIfOneExists_(false).
usePublicAliasIfOneExists_(true).
hideOtherAccountMetadataIfAlias_(true).
canSeeTransactionThisBankAccount_(true).
canSeeTransactionOtherBankAccount_(true).
canSeeTransactionMetadata_(true).
canSeeTransactionDescription_(false).
canSeeTransactionAmount_(true).
canSeeTransactionType_(true).
canSeeTransactionCurrency_(true).
canSeeTransactionStartDate_(true).
canSeeTransactionFinishDate_(true).
canSeeTransactionBalance_(true).
canSeeComments_(true).
canSeeOwnerComment_(true).
canSeeTags_(true).
canSeeImages_(true).
canSeeBankAccountOwners_(true).
canSeeBankAccountType_(true).
canSeeBankAccountBalance_(true).
canSeeBankAccountCurrency_(true).
canSeeBankAccountLabel_(true).
canSeeBankAccountNationalIdentifier_(true).
canSeeBankAccountIban_(true).
canSeeBankAccountNumber_(true).
canSeeBankAccountBankName_(true).
canSeeBankAccountBankPermalink_(true).
canSeeOtherAccountNationalIdentifier_(true).
canSeeOtherAccountIBAN_(true).
canSeeOtherAccountBankName_(true).
canSeeOtherAccountNumber_(true).
canSeeOtherAccountMetadata_(true).
canSeeOtherAccountKind_(true)
entity.
canSeeMoreInfo_(true).
canSeeUrl_(true).
canSeeImageUrl_(true).
canSeeOpenCorporatesUrl_(true).
canSeeCorporateLocation_(true).
canSeePhysicalLocation_(true).
canSeePublicAlias_(true).
canSeePrivateAlias_(true).
canAddMoreInfo_(true).
canAddURL_(true).
canAddImageURL_(true).
canAddOpenCorporatesUrl_(true).
canAddCorporateLocation_(true).
canAddPhysicalLocation_(true).
canAddPublicAlias_(true).
canAddPrivateAlias_(true).
canAddCounterparty_(true).
canGetCounterparty_(true).
canDeleteCounterparty_(false).
canDeleteCorporateLocation_(false).
canDeletePhysicalLocation_(false).
canEditOwnerComment_(true).
canAddComment_(true).
canDeleteComment_(false).
canAddTag_(true).
canDeleteTag_(false).
canAddImage_(true).
canDeleteImage_(false).
canAddWhereTag_(true).
canSeeWhereTag_(true).
canSeeBankRoutingScheme_(true). //added following in V300
canSeeBankRoutingAddress_(true).
canSeeBankAccountRoutingScheme_(true).
canSeeBankAccountRoutingAddress_(true).
canSeeOtherBankRoutingScheme_(true).
canSeeOtherBankRoutingAddress_(true).
canSeeOtherAccountRoutingScheme_(true).
canSeeOtherAccountRoutingAddress_(true).
canAddTransactionRequestToOwnAccount_(false). //added following two for payments
canAddTransactionRequestToAnyAccount_(false).
canAddTransactionRequestToBeneficiary_(false).
canSeeTransactionRequests_(false).
canSeeTransactionRequestTypes_(false).
canUpdateBankAccountLabel_(false).
canCreateCustomView_(false).
canDeleteCustomView_(false).
canUpdateCustomView_(false).
canGetCustomView_(false).
canSeeTransactionStatus_(true)
hideOtherAccountMetadataIfAlias_(true)
ViewPermission.createViewPermissions(
entity,
SYSTEM_PUBLIC_VIEW_PERMISSION
)
entity
}
def createAndSaveDefaultPublicCustomView(bankId : BankId, accountId: AccountId, description: String) : Box[View] = {

571
obp-api/src/main/scala/code/views/system/ViewDefinition.scala
View File

@ -5,10 +5,10 @@ import code.api.util.APIUtil.{isValidCustomViewId, isValidSystemViewId}
import code.api.util.ErrorMessages.{CreateSystemViewError, InvalidCustomViewFormat, InvalidSystemViewFormat}
import code.util.{AccountIdString, UUIDString}
import com.openbankproject.commons.model._
import net.liftweb.common.Box
import net.liftweb.common.{Box, Full}
import net.liftweb.common.Box.tryo
import net.liftweb.mapper._
import code.api.Constant._
class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with ManyToMany with CreatedUpdated{
def getSingleton = ViewDefinition
@ -50,305 +50,12 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
object hideOtherAccountMetadataIfAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
//This is the system views list, custom views please check `canGrantAccessToCustomViews_` field
object canGrantAccessToViews_ extends MappedText(this){
override def defaultValue = ""
}
//This is the system views list.custom views please check `canRevokeAccessToCustomViews_` field
object canRevokeAccessToViews_ extends MappedText(this){
override def defaultValue = ""
}
object canRevokeAccessToCustomViews_ extends MappedBoolean(this){
override def defaultValue = false
}
object canGrantAccessToCustomViews_ extends MappedBoolean(this) {
override def defaultValue = false
}
object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionRequests_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionRequestTypes_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionMetadata_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionDescription_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionAmount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionType_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionCurrency_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionStartDate_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionFinishDate_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionBalance_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeComments_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOwnerComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTags_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeImages_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountOwners_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){
override def defaultValue = true
}
object canSeeBankAccountType_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountBalance_ extends MappedBoolean(this){
override def defaultValue = false
}
object canQueryAvailableFunds_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountCurrency_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountLabel_ extends MappedBoolean(this){
override def defaultValue = false
}
object canUpdateBankAccountLabel_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountSwift_bic_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountIban_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountNumber_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountBankName_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountBankPermalink_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankRoutingScheme_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankRoutingAddress_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountRoutingScheme_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountRoutingAddress_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountNationalIdentifier_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountSWIFT_BIC_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountIBAN_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountBankName_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountNumber_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountMetadata_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountKind_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherBankRoutingScheme_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherBankRoutingAddress_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountRoutingScheme_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOtherAccountRoutingAddress_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeMoreInfo_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeImageUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeOpenCorporatesUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeCorporateLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeePhysicalLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeePublicAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeePrivateAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddMoreInfo_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddURL_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddImageURL_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddOpenCorporatesUrl_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddCorporateLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddPhysicalLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddPublicAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddPrivateAlias_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddCounterparty_ extends MappedBoolean(this){
override def defaultValue = false
}
object canGetCounterparty_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteCounterparty_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteCorporateLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeletePhysicalLocation_ extends MappedBoolean(this){
override def defaultValue = false
}
object canEditOwnerComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteComment_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddImage_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteImage_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddWhereTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeWhereTag_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteWhereTag_ extends MappedBoolean(this){
override def defaultValue = false
}
//internal transfer between my own accounts
@deprecated("we added new field `canAddTransactionRequestToBeneficiary_`","25-07-2024")
object canAddTransactionRequestToOwnAccount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canAddTransactionRequestToBeneficiary_ extends MappedBoolean(this){
override def defaultValue = false
}
// transfer to any account
object canAddTransactionRequestToAnyAccount_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeBankAccountCreditLimit_ extends MappedBoolean(this){
override def defaultValue = false
}
object canCreateDirectDebit_ extends MappedBoolean(this){
override def defaultValue = false
}
object canCreateStandingOrder_ extends MappedBoolean(this){
override def defaultValue = false
}
object canCreateCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canDeleteCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canUpdateCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canGetCustomView_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeViewsWithPermissionsForAllUsers_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeViewsWithPermissionsForOneUser_ extends MappedBoolean(this){
override def defaultValue = false
}
object canSeeTransactionStatus_ extends MappedBoolean(this){
override def defaultValue = false
}
//Important! If you add a field, be sure to handle it here in this function
def setFromViewData(viewData : ViewSpecification) = {
if(viewData.which_alias_to_use == "public"){
def createViewAndPermissions(viewSpecification : ViewSpecification) = {
if(viewSpecification.which_alias_to_use == "public"){
usePublicAliasIfOneExists_(true)
usePrivateAliasIfOneExists_(false)
} else if(viewData.which_alias_to_use == "private"){
} else if(viewSpecification.which_alias_to_use == "private"){
usePublicAliasIfOneExists_(false)
usePrivateAliasIfOneExists_(true)
} else {
@ -356,108 +63,19 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
usePrivateAliasIfOneExists_(false)
}
hideOtherAccountMetadataIfAlias_(viewData.hide_metadata_if_alias_used)
description_(viewData.description)
isPublic_(viewData.is_public)
isFirehose_(viewData.is_firehose.getOrElse(false))
metadataView_(viewData.metadata_view)
hideOtherAccountMetadataIfAlias_(viewSpecification.hide_metadata_if_alias_used)
description_(viewSpecification.description)
isPublic_(viewSpecification.is_public)
isFirehose_(viewSpecification.is_firehose.getOrElse(false))
metadataView_(viewSpecification.metadata_view)
ViewPermission.createViewPermissions(
this,
viewSpecification.allowed_actions,
viewSpecification.can_grant_access_to_views.getOrElse(Nil),
viewSpecification.can_revoke_access_to_views.getOrElse(Nil)
)
val actions = viewData.allowed_actions
if (isSystem) { //The following are admin permissions, only system views are allowed to use them.
canGrantAccessToCustomViews_(actions.exists(_ == CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS))
canRevokeAccessToCustomViews_(actions.exists(_ == CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS))
canGrantAccessToViews_(viewData.can_grant_access_to_views.getOrElse(Nil).mkString(","))
canRevokeAccessToViews_(viewData.can_revoke_access_to_views.getOrElse(Nil).mkString(","))
canCreateCustomView_(actions.exists(_ == CAN_CREATE_CUSTOM_VIEW))
canDeleteCustomView_(actions.exists(_ == CAN_DELETE_CUSTOM_VIEW))
canUpdateCustomView_(actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW))
}
canSeeTransactionThisBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT))
canSeeTransactionOtherBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT))
canSeeTransactionMetadata_(actions.exists(_ == CAN_SEE_TRANSACTION_METADATA))
canSeeTransactionDescription_(actions.exists(_ ==CAN_SEE_TRANSACTION_DESCRIPTION))
canSeeTransactionAmount_(actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT))
canSeeTransactionType_(actions.exists(_ == CAN_SEE_TRANSACTION_TYPE))
canSeeTransactionCurrency_(actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY))
canSeeTransactionStartDate_(actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE))
canSeeTransactionFinishDate_(actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE))
canSeeTransactionBalance_(actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE))
canSeeComments_(actions.exists(_ == CAN_SEE_COMMENTS))
canSeeOwnerComment_(actions.exists(_ == CAN_SEE_OWNER_COMMENT))
canSeeTags_(actions.exists(_ == CAN_SEE_TAGS))
canSeeImages_(actions.exists(_ == CAN_SEE_IMAGES))
canSeeBankAccountOwners_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS))
canSeeBankAccountType_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE))
canSeeBankAccountBalance_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE))
canQueryAvailableFunds_(actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS))
canSeeBankAccountCurrency_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY))
canSeeBankAccountLabel_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL))
canSeeBankAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER))
canSeeBankAccountSwift_bic_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC))
canSeeBankAccountIban_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN))
canSeeBankAccountNumber_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER))
canSeeBankAccountBankName_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME))
canSeeBankAccountBankPermalink_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK))
canSeeBankRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME))
canSeeBankRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS))
canSeeBankAccountRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME))
canSeeBankAccountRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS))
canSeeOtherAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER))
canSeeOtherAccountSWIFT_BIC_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC))
canSeeOtherAccountIBAN_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN))
canSeeOtherAccountBankName_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME))
canSeeOtherAccountNumber_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER))
canSeeOtherAccountMetadata_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA))
canSeeOtherAccountKind_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND))
canSeeOtherBankRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME))
canSeeOtherBankRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS))
canSeeOtherAccountRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME))
canSeeOtherAccountRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS))
canSeeMoreInfo_(actions.exists(_ == CAN_SEE_MORE_INFO))
canSeeUrl_(actions.exists(_ == CAN_SEE_URL))
canSeeImageUrl_(actions.exists(_ == CAN_SEE_IMAGE_URL))
canSeeOpenCorporatesUrl_(actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL))
canSeeCorporateLocation_(actions.exists(_ == CAN_SEE_CORPORATE_LOCATION))
canSeePhysicalLocation_(actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION))
canSeePublicAlias_(actions.exists(_ == CAN_SEE_PUBLIC_ALIAS))
canSeePrivateAlias_(actions.exists(_ == CAN_SEE_PRIVATE_ALIAS))
canAddMoreInfo_(actions.exists(_ == CAN_ADD_MORE_INFO))
canAddURL_(actions.exists(_ == CAN_ADD_URL))
canAddImageURL_(actions.exists(_ == CAN_ADD_IMAGE_URL))
canAddOpenCorporatesUrl_(actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL))
canAddCorporateLocation_(actions.exists(_ == CAN_ADD_CORPORATE_LOCATION))
canAddPhysicalLocation_(actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION))
canAddPublicAlias_(actions.exists(_ == CAN_ADD_PUBLIC_ALIAS))
canAddPrivateAlias_(actions.exists(_ == CAN_ADD_PRIVATE_ALIAS))
canAddCounterparty_(actions.exists(_ == CAN_ADD_COUNTERPARTY))
canDeleteCounterparty_(actions.exists(_ == CAN_DELETE_COUNTERPARTY))
canGetCounterparty_(actions.exists(_ == CAN_GET_COUNTERPARTY))
canDeleteCorporateLocation_(actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION))
canDeletePhysicalLocation_(actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION))
canEditOwnerComment_(actions.exists(_ == CAN_EDIT_OWNER_COMMENT))
canAddComment_(actions.exists(_ == CAN_ADD_COMMENT))
canDeleteComment_(actions.exists(_ == CAN_DELETE_COMMENT))
canAddTag_(actions.exists(_ == CAN_ADD_TAG))
canDeleteTag_(actions.exists(_ == CAN_DELETE_TAG))
canAddImage_(actions.exists(_ == CAN_ADD_IMAGE))
canDeleteImage_(actions.exists(_ == CAN_DELETE_IMAGE))
canAddWhereTag_(actions.exists(_ == CAN_ADD_WHERE_TAG))
canSeeWhereTag_(actions.exists(_ == CAN_SEE_WHERE_TAG))
canDeleteWhereTag_(actions.exists(_ == CAN_DELETE_WHERE_TAG))
canAddTransactionRequestToBeneficiary_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY))
canAddTransactionRequestToAnyAccount_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT))
canSeeBankAccountCreditLimit_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT))
canCreateDirectDebit_(actions.exists(_ == CAN_CREATE_DIRECT_DEBIT))
canCreateStandingOrder_(actions.exists(_ == CAN_CREATE_STANDING_ORDER))
canSeeTransactionRequests_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUESTS))
canSeeTransactionRequestTypes_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUEST_TYPES))
canUpdateBankAccountLabel_(actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL))
canSeeAvailableViewsForBankAccount_(actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT))
canSeeViewsWithPermissionsForAllUsers_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS))
canSeeViewsWithPermissionsForOneUser_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER))
canSeeTransactionStatus_(actions.exists(_ == CAN_SEE_TRANSACTION_STATUS))
}
@ -485,152 +103,25 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many
override def allowed_actions : List[String] = ViewPermission.findViewPermissions(this).map(_.permission.get).distinct
// override def canGrantAccessToViews : Option[List[String]] = {
// ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp =>
// {
// vp.metaData.get match {
// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim))
// case _ => None
// }
// })
// }
//
// override def canRevokeAccessToViews : Option[List[String]] = {
// ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp =>
// {
// vp.metaData.get match {
// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim))
// case _ => None
// }
// })
// }
//This current view can grant access to other views.
override def canGrantAccessToViews : Option[List[String]] = {
canGrantAccessToViews_.get == null || canGrantAccessToViews_.get.isEmpty() match {
case true => None
case _ => Some(canGrantAccessToViews_.get.split(",").toList.map(_.trim))
}
ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp =>
{
vp.extraData.get match {
case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim))
case _ => None
}
})
}
def canGrantAccessToCustomViews : Boolean = canGrantAccessToCustomViews_.get
//the current view can revoke access to other views.
override def canRevokeAccessToViews : Option[List[String]] = {
canRevokeAccessToViews_.get == null || canRevokeAccessToViews_.get.isEmpty() match {
case true => None
case _ => Some(canRevokeAccessToViews_.get.split(",").toList.map(_.trim))
}
ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp =>
{
vp.extraData.get match {
case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim))
case _ => None
}
})
}
override def canRevokeAccessToCustomViews : Boolean = canRevokeAccessToCustomViews_.get
//reading access
//transaction fields
def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get
def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get
def canSeeTransactionRequestTypes: Boolean = canSeeTransactionRequestTypes_.get
def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get
def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get
def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get
def canSeeTransactionAmount: Boolean = canSeeTransactionAmount_.get
def canSeeTransactionType: Boolean = canSeeTransactionType_.get
def canSeeTransactionCurrency: Boolean = canSeeTransactionCurrency_.get
def canSeeTransactionStartDate: Boolean = canSeeTransactionStartDate_.get
def canSeeTransactionFinishDate: Boolean = canSeeTransactionFinishDate_.get
def canSeeTransactionBalance: Boolean = canSeeTransactionBalance_.get
def canSeeTransactionStatus: Boolean = canSeeTransactionStatus_.get
//transaction metadata
def canSeeComments: Boolean = canSeeComments_.get
def canSeeOwnerComment: Boolean = canSeeOwnerComment_.get
def canSeeTags : Boolean = canSeeTags_.get
def canSeeImages : Boolean = canSeeImages_.get
//Bank account fields
def canSeeAvailableViewsForBankAccount : Boolean = canSeeAvailableViewsForBankAccount_.get
def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get
def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get
def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get
def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get
def canQueryAvailableFunds : Boolean = canQueryAvailableFunds_.get
def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get
def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get
def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get
def canSeeBankAccountSwiftBic : Boolean = canSeeBankAccountSwift_bic_.get
def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get
def canSeeBankAccountNumber : Boolean = canSeeBankAccountNumber_.get
def canSeeBankAccountBankName : Boolean = canSeeBankAccountBankName_.get
def canSeeBankAccountBankPermalink : Boolean = canSeeBankAccountBankPermalink_.get
def canSeeBankRoutingScheme : Boolean = canSeeBankRoutingScheme_.get
def canSeeBankRoutingAddress : Boolean = canSeeBankRoutingAddress_.get
def canSeeBankAccountRoutingScheme : Boolean = canSeeBankAccountRoutingScheme_.get
def canSeeBankAccountRoutingAddress : Boolean = canSeeBankAccountRoutingAddress_.get
def canSeeViewsWithPermissionsForOneUser: Boolean = canSeeViewsWithPermissionsForOneUser_.get
def canSeeViewsWithPermissionsForAllUsers : Boolean = canSeeViewsWithPermissionsForAllUsers_.get
//other bank account fields
def canSeeOtherAccountNationalIdentifier : Boolean = canSeeOtherAccountNationalIdentifier_.get
def canSeeOtherAccountSwiftBic : Boolean = canSeeOtherAccountSWIFT_BIC_.get
def canSeeOtherAccountIban : Boolean = canSeeOtherAccountIBAN_.get
def canSeeOtherAccountBankName : Boolean = canSeeOtherAccountBankName_.get
def canSeeOtherAccountNumber : Boolean = canSeeOtherAccountNumber_.get
def canSeeOtherAccountMetadata : Boolean = canSeeOtherAccountMetadata_.get
def canSeeOtherAccountKind : Boolean = canSeeOtherAccountKind_.get
def canSeeOtherBankRoutingScheme : Boolean = canSeeOtherBankRoutingScheme_.get
def canSeeOtherBankRoutingAddress : Boolean = canSeeOtherBankRoutingAddress_.get
def canSeeOtherAccountRoutingScheme : Boolean = canSeeOtherAccountRoutingScheme_.get
def canSeeOtherAccountRoutingAddress : Boolean = canSeeOtherAccountRoutingAddress_.get
//other bank account meta data
def canSeeMoreInfo: Boolean = canSeeMoreInfo_.get
def canSeeUrl: Boolean = canSeeUrl_.get
def canSeeImageUrl: Boolean = canSeeImageUrl_.get
def canSeeOpenCorporatesUrl: Boolean = canSeeOpenCorporatesUrl_.get
def canSeeCorporateLocation : Boolean = canSeeCorporateLocation_.get
def canSeePhysicalLocation : Boolean = canSeePhysicalLocation_.get
def canSeePublicAlias : Boolean = canSeePublicAlias_.get
def canSeePrivateAlias : Boolean = canSeePrivateAlias_.get
def canAddMoreInfo : Boolean = canAddMoreInfo_.get
def canAddUrl : Boolean = canAddURL_.get
def canAddImageUrl : Boolean = canAddImageURL_.get
def canAddOpenCorporatesUrl : Boolean = canAddOpenCorporatesUrl_.get
def canAddCorporateLocation : Boolean = canAddCorporateLocation_.get
def canAddPhysicalLocation : Boolean = canAddPhysicalLocation_.get
def canAddPublicAlias : Boolean = canAddPublicAlias_.get
def canAddPrivateAlias : Boolean = canAddPrivateAlias_.get
def canAddCounterparty : Boolean = canAddCounterparty_.get
def canGetCounterparty : Boolean = canGetCounterparty_.get
def canDeleteCounterparty : Boolean = canDeleteCounterparty_.get
def canDeleteCorporateLocation : Boolean = canDeleteCorporateLocation_.get
def canDeletePhysicalLocation : Boolean = canDeletePhysicalLocation_.get
//writing access
def canEditOwnerComment: Boolean = canEditOwnerComment_.get
def canAddComment : Boolean = canAddComment_.get
def canDeleteComment: Boolean = canDeleteComment_.get
def canAddTag : Boolean = canAddTag_.get
def canDeleteTag : Boolean = canDeleteTag_.get
def canAddImage : Boolean = canAddImage_.get
def canDeleteImage : Boolean = canDeleteImage_.get
def canAddWhereTag : Boolean = canAddWhereTag_.get
def canSeeWhereTag : Boolean = canSeeWhereTag_.get
def canDeleteWhereTag : Boolean = canDeleteWhereTag_.get
def canAddTransactionRequestToOwnAccount: Boolean = false //we do not need this field, set this to false.
def canAddTransactionRequestToAnyAccount: Boolean = canAddTransactionRequestToAnyAccount_.get
def canAddTransactionRequestToBeneficiary: Boolean = canAddTransactionRequestToBeneficiary_.get
def canSeeBankAccountCreditLimit: Boolean = canSeeBankAccountCreditLimit_.get
def canCreateDirectDebit: Boolean = canCreateDirectDebit_.get
def canCreateStandingOrder: Boolean = canCreateStandingOrder_.get
def canCreateCustomView: Boolean = canCreateCustomView_.get
def canDeleteCustomView: Boolean = canDeleteCustomView_.get
def canUpdateCustomView: Boolean = canUpdateCustomView_.get
def canGetCustomView: Boolean = canGetCustomView_.get
//TODO: if you add new permissions here, remember to set them wherever views are created
// (e.g. BankAccountCreationDispatcher)
}
object ViewDefinition extends ViewDefinition with LongKeyedMetaMapper[ViewDefinition] {

68
obp-api/src/main/scala/code/views/system/ViewPermission.scala
View File

@ -1,5 +1,6 @@
package code.views.system
import code.api.Constant.{CAN_GRANT_ACCESS_TO_VIEWS, CAN_REVOKE_ACCESS_TO_VIEWS}
import code.util.UUIDString
import com.openbankproject.commons.model._
import net.liftweb.common.Box
@ -68,4 +69,71 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis
} else {
findCustomViewPermission(view.bankId, view.accountId, view.viewId, permission)
}
def createViewPermissions(
viewDefinition: View,
permissionNames: List[String],
canGrantAccessToViews: List[String] = Nil,
canRevokeAccessToViews: List[String] = Nil
): Unit = {
if (viewDefinition.isSystem) {
permissionNames.map(
permissionName =>
if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) {
ViewPermission.create
.bank_id(null)
.account_id(null)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(canGrantAccessToViews.mkString(","))
.save
} else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) {
ViewPermission.create
.bank_id(null)
.account_id(null)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(canRevokeAccessToViews.mkString(","))
.save
}
else {
ViewPermission.create
.bank_id(null)
.account_id(null)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(null)
.save
})
} else {
permissionNames.map(
permissionName =>
if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) {
ViewPermission.create
.bank_id(viewDefinition.bankId.value)
.account_id(viewDefinition.accountId.value)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(canGrantAccessToViews.mkString(","))
.save
} else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) {
ViewPermission.create
.bank_id(viewDefinition.bankId.value)
.account_id(viewDefinition.accountId.value)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(canRevokeAccessToViews.mkString(","))
.save
}
else {
ViewPermission.create
.bank_id(viewDefinition.bankId.value)
.account_id(viewDefinition.accountId.value)
.view_id(viewDefinition.viewId.value)
.permission(permissionName)
.extraData(null)
.save
})
}
}
}

156
obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala
View File

@ -8,16 +8,91 @@ import code.api.util.ErrorMessages._
import code.model._
import code.model.dataAccess._
import code.views.MapperViews.getExistingCustomView
import code.views.system.ViewDefinition
import code.views.system.{ViewDefinition, ViewPermission}
import code.views.{MapperViews, Views}
import com.openbankproject.commons.model._
import net.liftweb.common.{Failure, Full, ParamFailure}
import net.liftweb.mapper.MetaMapper
import net.liftweb.util.Helpers._
import code.api.Constant._
trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup {
final val SYSTEM_CUSTOM_VIEW_PERMISSION_TEST = List(
CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT,
CAN_SEE_TRANSACTION_METADATA,
CAN_SEE_TRANSACTION_DESCRIPTION,
CAN_SEE_TRANSACTION_AMOUNT,
CAN_SEE_TRANSACTION_TYPE,
CAN_SEE_TRANSACTION_CURRENCY,
CAN_SEE_TRANSACTION_START_DATE,
CAN_SEE_TRANSACTION_FINISH_DATE,
CAN_SEE_TRANSACTION_BALANCE,
CAN_SEE_COMMENTS,
CAN_SEE_OWNER_COMMENT,
CAN_SEE_TAGS,
CAN_SEE_IMAGES,
CAN_SEE_BANK_ACCOUNT_OWNERS,
CAN_SEE_BANK_ACCOUNT_TYPE,
CAN_SEE_BANK_ACCOUNT_BALANCE,
CAN_SEE_BANK_ACCOUNT_CURRENCY,
CAN_SEE_BANK_ACCOUNT_LABEL,
CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER,
CAN_SEE_BANK_ACCOUNT_SWIFT_BIC,
CAN_SEE_BANK_ACCOUNT_IBAN,
CAN_SEE_BANK_ACCOUNT_NUMBER,
CAN_SEE_BANK_ACCOUNT_BANK_NAME,
CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK,
CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER,
CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC,
CAN_SEE_OTHER_ACCOUNT_IBAN,
CAN_SEE_OTHER_ACCOUNT_BANK_NAME,
CAN_SEE_OTHER_ACCOUNT_NUMBER,
CAN_SEE_OTHER_ACCOUNT_METADATA,
CAN_SEE_OTHER_ACCOUNT_KIND,
CAN_SEE_MORE_INFO,
CAN_SEE_URL,
CAN_SEE_IMAGE_URL,
CAN_SEE_OPEN_CORPORATES_URL,
CAN_SEE_CORPORATE_LOCATION,
CAN_SEE_PHYSICAL_LOCATION,
CAN_SEE_PUBLIC_ALIAS,
CAN_SEE_PRIVATE_ALIAS,
CAN_ADD_MORE_INFO,
CAN_ADD_URL,
CAN_ADD_IMAGE_URL,
CAN_ADD_OPEN_CORPORATES_URL,
CAN_ADD_CORPORATE_LOCATION,
CAN_ADD_PHYSICAL_LOCATION,
CAN_ADD_PUBLIC_ALIAS,
CAN_ADD_PRIVATE_ALIAS,
CAN_DELETE_CORPORATE_LOCATION,
CAN_DELETE_PHYSICAL_LOCATION,
CAN_EDIT_OWNER_COMMENT,
CAN_ADD_COMMENT,
CAN_DELETE_COMMENT,
CAN_ADD_TAG,
CAN_DELETE_TAG,
CAN_ADD_IMAGE,
CAN_DELETE_IMAGE,
CAN_ADD_WHERE_TAG,
CAN_SEE_WHERE_TAG,
CAN_DELETE_WHERE_TAG,
CAN_SEE_BANK_ROUTING_SCHEME,
CAN_SEE_BANK_ROUTING_ADDRESS,
CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME,
CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_OTHER_BANK_ROUTING_SCHEME,
CAN_SEE_OTHER_BANK_ROUTING_ADDRESS,
CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME,
CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS,
CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT,
CAN_SEE_TRANSACTION_STATUS
)
override protected def setAccountHolder(user: User, bankId : BankId, accountId : AccountId) = {
AccountHolders.accountHolders.vend.getOrCreateAccountHolder(user, BankIdAccountId(bankId, accountId))
}
@ -57,82 +132,13 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup {
usePrivateAliasIfOneExists_(false).
usePublicAliasIfOneExists_(false).
hideOtherAccountMetadataIfAlias_(false).
canSeeTransactionThisBankAccount_(true).
canSeeTransactionOtherBankAccount_(true).
canSeeTransactionMetadata_(true).
canSeeTransactionDescription_(true).
canSeeTransactionAmount_(true).
canSeeTransactionType_(true).
canSeeTransactionCurrency_(true).
canSeeTransactionStartDate_(true).
canSeeTransactionFinishDate_(true).
canSeeTransactionBalance_(true).
canSeeComments_(true).
canSeeOwnerComment_(true).
canSeeTags_(true).
canSeeImages_(true).
canSeeBankAccountOwners_(true).
canSeeBankAccountType_(true).
canSeeBankAccountBalance_(true).
canSeeBankAccountCurrency_(true).
canSeeBankAccountLabel_(true).
canSeeBankAccountNationalIdentifier_(true).
canSeeBankAccountSwift_bic_(true).
canSeeBankAccountIban_(true).
canSeeBankAccountNumber_(true).
canSeeBankAccountBankName_(true).
canSeeBankAccountBankPermalink_(true).
canSeeOtherAccountNationalIdentifier_(true).
canSeeOtherAccountSWIFT_BIC_(true).
canSeeOtherAccountIBAN_(true).
canSeeOtherAccountBankName_(true).
canSeeOtherAccountNumber_(true).
canSeeOtherAccountMetadata_(true).
canSeeOtherAccountKind_(true).
canSeeMoreInfo_(true).
canSeeUrl_(true).
canSeeImageUrl_(true).
canSeeOpenCorporatesUrl_(true).
canSeeCorporateLocation_(true).
canSeePhysicalLocation_(true).
canSeePublicAlias_(true).
canSeePrivateAlias_(true).
canAddMoreInfo_(true).
canAddURL_(true).
canAddImageURL_(true).
canAddOpenCorporatesUrl_(true).
canAddCorporateLocation_(true).
canAddPhysicalLocation_(true).
canAddPublicAlias_(true).
canAddPrivateAlias_(true).
canDeleteCorporateLocation_(true).
canDeletePhysicalLocation_(true).
canEditOwnerComment_(true).
canAddComment_(true).
canDeleteComment_(true).
canAddTag_(true).
canDeleteTag_(true).
canAddImage_(true).
canDeleteImage_(true).
canAddWhereTag_(true).
canSeeWhereTag_(true).
canDeleteWhereTag_(true).
canSeeBankRoutingScheme_(true). //added following in V300
canSeeBankRoutingAddress_(true).
canSeeBankAccountRoutingScheme_(true).
canSeeBankAccountRoutingAddress_(true).
canSeeOtherBankRoutingScheme_(true).
canSeeOtherBankRoutingAddress_(true).
canSeeOtherAccountRoutingScheme_(true).
canSeeOtherAccountRoutingAddress_(true).
canAddTransactionRequestToOwnAccount_(false). //added following two for payments
canAddTransactionRequestToAnyAccount_(false).
canAddTransactionRequestToBeneficiary_(false).
canSeeBankAccountCreditLimit_(true).
canSeeTransactionStatus_(true).
saveMe
}
view.map(v => MapperViews.migrateViewPermissions(v))
view.map(ViewPermission.createViewPermissions(
_,
SYSTEM_CUSTOM_VIEW_PERMISSION_TEST
))
view
}
case Full(v) => Full(v)

285
obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala
View File

@ -87,103 +87,6 @@ case class UpdateViewJSON(
override val can_revoke_access_to_views : Option[List[String]] = None) extends ViewSpecification
/** Views moderate access to an Account. That is, they are used to:
* 1) Show/hide fields on the account, its transactions and related counterparties
* 2) Store/partition meta data - e.g. comments posted on a "team" view are not visible via a "public" view and visa versa.
*
* Users can be granted access to one or more Views
* Each View has a set of entitlements aka permissions which hide / show data fields and enable / disable operations on the account
*
* @define viewId A short url friendly, (singular) human readable name for the view. e.g. "team", "auditor" or "public". Note: "owner" is a default and reserved name. Other reserved names should include "public", "accountant" and "auditor"
* @define accountId The account that the view moderates
* @define bankId The bank where the account is held
* @define name The name of the view
* @define description A description of the view
* @define isPublic Set to True if the view should be open to the public (no authorisation required!) Set to False to require authorisation
* @define users A list of users that can use this view
* @define usePublicAliasIfOneExists If true and the counterparty in a transaction has a public alias set, use it. Else use the raw counterparty name (if both usePublicAliasIfOneExists and usePrivateAliasIfOneExists are true, public alias will be used)
* @define usePrivateAliasIfOneExists If true and the counterparty in a transaction has a private alias set, use it. Else use the raw counterparty name (if both usePublicAliasIfOneExists and usePrivateAliasIfOneExists are true, public alias will be used)
* @define hideOtherAccountMetadataIfAlias If true, the view will hide counterparty metadata if the counterparty has an alias. This is to preserve anonymity if required.
*
* @define canSeeTransactionThisBankAccount If true, the view will show information about the Transaction account (this account)
* @define canSeeTransactionOtherBankAccount If true, the view will show information about the Transaction counterparty
* @define canSeeTransactionMetadata If true, the view will show any Transaction metadata
* @define canSeeTransactionDescription If true, the view will show the Transaction description
* @define canSeeTransactionAmount If true, the view will show the Transaction amount (value, not currency)
* @define canSeeTransactionType If true, the view will show the Transaction type
* @define canSeeTransactionCurrency If true, the view will show the Transaction currency (not value)
* @define canSeeTransactionStartDate If true, the view will show the Transaction start date
* @define canSeeTransactionFinishDate If true, the view will show the Transaction finish date
* @define canSeeTransactionBalance If true, the view will show the Transaction balance (after each transaction)
*
* @define canSeeComments If true, the view will show the Transaction Metadata comments
* @define canSeeOwnerComment If true, the view will show the Transaction Metadata owner comment
* @define canSeeTags If true, the view will show the Transaction Metadata tags
* @define canSeeImages If true, the view will show the Transaction Metadata images
* @define canSeeBankAccountOwners If true, the view will show the Account owners
* @define canSeeBankAccountType If true, the view will show the Account type. The account type is a human friendly financial product name
* @define canSeeBankAccountBalance If true, the view will show the Account balance
* @define canSeeBankAccountCurrency If true, the view will show the Account currency
* @define canSeeBankAccountLabel If true, the view will show the Account label. The label can be edited via the API. It does not come from the core banking system.
* @define canSeeBankAccountNationalIdentifier If true, the view will show the national identifier of the bank
* @define canSeeBankAccountSwift_bic If true, the view will show the Swift / Bic code of the bank
* @define canSeeBankAccountIban If true, the view will show the IBAN
* @define canSeeBankAccountNumber If true, the view will show the account number
* @define canSeeBankAccountBankName If true, the view will show the bank name
* @define canSeeBankRoutingScheme If true, the view will show the BankRoutingScheme
* @define canSeeBankRoutingAddress If true, the view will show the BankRoutingAddress
* @define canSeeBankAccountRoutingScheme If true, the view will show the BankAccountRoutingScheme
* @define canSeeBankAccountRoutingAddress If true, the view will show the BankAccountRoutingAddress
* @define canSeeOtherAccountNationalIdentifier If true, the view will show the Counterparty bank national identifier
* @define canSeeOtherAccountSWIFT_BIC If true, the view will show the Counterparty SWIFT BIC
* @define canSeeOtherAccountIBAN If true, the view will show the Counterparty IBAN
* @define canSeeOtherAccountBankName If true, the view will show the Counterparty Bank Name
* @define canSeeOtherAccountNumber If true, the view will show the Counterparty Account Number
* @define canSeeOtherAccountMetadata If true, the view will show the Counterparty Metadata
* @define canSeeOtherAccountKind If true, the view will show the Counterparty Account Type. This is unlikely to be a full financial product name.
* @define canSeeOtherBankRoutingScheme If true, the view will show the OtherBankRoutingScheme
* @define canSeeOtherBankRoutingAddress If true, the view will show the OtherBankRoutingScheme
* @define canSeeOtherAccountRoutingScheme If true, the view will show the OtherBankRoutingScheme
* @define canSeeOtherAccountRoutingAddress If true, the view will show the OtherBankRoutingScheme
* @define canSeeMoreInfo If true, the view will show the Counterparty More Info text
* @define canSeeUrl If true, the view will show the Counterparty Url
* @define canSeeImageUrl If true, the view will show the Counterparty Image Url
* @define canSeeOpenCorporatesUrl If true, the view will show the Counterparty OpenCorporatesUrl
* @define canSeeCorporateLocation If true, the view will show the Counterparty CorporateLocation
* @define canSeePhysicalLocation If true, the view will show the Counterparty PhysicalLocation
* @define canSeePublicAlias If true, the view will show the Counterparty PublicAlias
* @define canSeePrivateAlias If true, the view will show the Counterparty PrivateAlias
*
* @define canAddMoreInfo If true, the view can add the Counterparty MoreInfo
* @define canAddURL If true, the view can add the Counterparty Url
* @define canAddImageURL If true, the view can add the Counterparty Image Url
* @define canAddOpenCorporatesUrl If true, the view can add the Counterparty OpenCorporatesUrl
* @define canAddCorporateLocation If true, the view can add the Counterparty CorporateLocation
* @define canAddPhysicalLocation If true, the view can add the Counterparty PhysicalLocation
* @define canAddPublicAlias If true, the view can add the Counterparty PublicAlias
* @define canAddPrivateAlias If true, the view can add the Counterparty PrivateAlias
* @define canDeleteCorporateLocation If true, the can add show the Counterparty CorporateLocation
* @define canDeletePhysicalLocation If true, the can add show the Counterparty PhysicalLocation
*
* @define canEditOwnerComment If true, the view can edit the Transaction Owner Comment
* @define canAddComment If true, the view can add a Transaction Comment
* @define canDeleteComment If true, the view can delete a Transaction Comment
* @define canAddTag If true, the view can add a Transaction/Account Tag
* @define canDeleteTag If true, the view can delete a Transaction/Account Tag
* @define canAddImage If true, the view can add a Transaction Image
* @define canDeleteImage If true, the view can delete a Transaction Image
* @define canAddWhereTag If true, the view can add a Transaction Where Tag
* @define canSeeWhereTag If true, the view can show the Transaction Where Tag
* @define canDeleteWhereTag If true, the view can delete the Transaction Where Tag
* @define canAddCounterparty If true, view can add counterparty / create counterparty.
*/
trait View {
def id: Long
@ -229,9 +132,9 @@ trait View {
//the Value from developer, can be any string value.
def description: String
/** This users is tricky, this use ManyToMany relationship,
/** These users are tricky, this use ManyToMany relationship,
* 1st: when create view, we need carefully map this view to the owner user.
* 2rd: the view can grant the access to any other (not owner) users. eg: Simon's accountant view can grant access to Carola, then Carola can see Simon's accountant data
* 2nd: the view can grant the access to any other (not owner) users. eg: Simon's accountant view can grant access to Carola, then Carola can see Simon's accountant data
* also look into some createView methods in code, you can understand more:
* create1: code.bankconnectors.Connector.createViews
* after createViews method, always need call addPermission(v.uid, user). This will create this field
@ -253,191 +156,7 @@ trait View {
* These three will get the allowed actions from viewPermission table
*/
def allowed_actions : List[String]
def canGrantAccessToViews : Option[List[String]] = None
def canRevokeAccessToViews : Option[List[String]] = None
def canGrantAccessToCustomViews : Boolean // if this true, we can grant custom views, if it is false, no one can grant custom views.
def canRevokeAccessToCustomViews : Boolean // if this true, we can revoke custom views,if it is false, no one can revoke custom views.
//reading access
//transaction fields
def canSeeTransactionRequests: Boolean
def canSeeTransactionRequestTypes: Boolean
def canSeeTransactionThisBankAccount: Boolean
def canSeeTransactionOtherBankAccount: Boolean
def canSeeTransactionMetadata: Boolean
def canSeeTransactionDescription: Boolean
def canSeeTransactionAmount: Boolean
def canSeeTransactionType: Boolean
def canSeeTransactionCurrency: Boolean
def canSeeTransactionStartDate: Boolean
def canSeeTransactionFinishDate: Boolean
def canSeeTransactionBalance: Boolean
def canSeeTransactionStatus: Boolean
//transaction metadata
def canSeeComments: Boolean
def canSeeOwnerComment: Boolean
def canSeeTags: Boolean
def canSeeImages: Boolean
//Bank account fields
def canSeeAvailableViewsForBankAccount: Boolean
def canSeeBankAccountOwners: Boolean
def canSeeBankAccountType: Boolean
def canUpdateBankAccountLabel: Boolean
def canSeeBankAccountBalance: Boolean
def canQueryAvailableFunds: Boolean
def canSeeBankAccountCurrency: Boolean
def canSeeBankAccountLabel: Boolean
def canSeeBankAccountNationalIdentifier: Boolean
def canSeeBankAccountSwiftBic: Boolean
def canSeeBankAccountIban: Boolean
def canSeeBankAccountNumber: Boolean
def canSeeBankAccountBankName: Boolean
def canSeeBankRoutingScheme: Boolean
def canSeeBankRoutingAddress: Boolean
def canSeeBankAccountRoutingScheme: Boolean
def canSeeBankAccountRoutingAddress: Boolean
def canSeeViewsWithPermissionsForOneUser: Boolean
def canSeeViewsWithPermissionsForAllUsers: Boolean
//other bank account (counterparty) fields
def canSeeOtherAccountNationalIdentifier: Boolean
def canSeeOtherAccountSwiftBic: Boolean
def canSeeOtherAccountIban: Boolean
def canSeeOtherAccountBankName: Boolean
def canSeeOtherAccountNumber: Boolean
def canSeeOtherAccountMetadata: Boolean
def canSeeOtherAccountKind: Boolean
def canSeeOtherBankRoutingScheme: Boolean
def canSeeOtherBankRoutingAddress: Boolean
def canSeeOtherAccountRoutingScheme: Boolean
def canSeeOtherAccountRoutingAddress: Boolean
//other bank account meta data - read
def canSeeMoreInfo: Boolean
def canSeeUrl: Boolean
def canSeeImageUrl: Boolean
def canSeeOpenCorporatesUrl: Boolean
def canSeeCorporateLocation: Boolean
def canSeePhysicalLocation: Boolean
def canSeePublicAlias: Boolean
def canSeePrivateAlias: Boolean
//other bank account (Counterparty) meta data - write
def canAddMoreInfo: Boolean
def canAddUrl: Boolean
def canAddImageUrl: Boolean
def canAddOpenCorporatesUrl: Boolean
def canAddCorporateLocation: Boolean
def canAddPhysicalLocation: Boolean
def canAddPublicAlias: Boolean
def canAddPrivateAlias: Boolean
def canAddCounterparty: Boolean
def canGetCounterparty: Boolean
def canDeleteCounterparty: Boolean
def canDeleteCorporateLocation: Boolean
def canDeletePhysicalLocation: Boolean
//writing access
def canEditOwnerComment: Boolean
def canAddComment: Boolean
def canDeleteComment: Boolean
def canAddTag: Boolean
def canDeleteTag: Boolean
def canAddImage: Boolean
def canDeleteImage: Boolean
def canAddWhereTag: Boolean
def canSeeWhereTag: Boolean
def canDeleteWhereTag: Boolean
def canAddTransactionRequestToOwnAccount: Boolean //added following two for payments
def canAddTransactionRequestToAnyAccount: Boolean
def canAddTransactionRequestToBeneficiary: Boolean
def canSeeBankAccountCreditLimit: Boolean
def canCreateDirectDebit: Boolean
def canCreateStandingOrder: Boolean
//If any view set these to true, you can create/delete/update the custom view
def canCreateCustomView: Boolean
def canDeleteCustomView: Boolean
def canUpdateCustomView: Boolean
def canGetCustomView: Boolean
}