diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index c47493fbe..744bed921 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -222,6 +222,191 @@ object Constant extends MdcLoggable { final val CAN_GRANT_ACCESS_TO_VIEWS = "can_grant_access_to_views" final val CAN_REVOKE_ACCESS_TO_VIEWS = "can_revoke_access_to_views" + final val SYSTEM_OWNER_VIEW_PERMISSION_ADMIN = List( + CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_REQUESTS, + CAN_SEE_TRANSACTION_REQUEST_TYPES, + CAN_UPDATE_BANK_ACCOUNT_LABEL, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER, + CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY, + CAN_GRANT_ACCESS_TO_VIEWS, + CAN_REVOKE_ACCESS_TO_VIEWS + ) + + final val SYSTEM_MANAGER_VIEW_PERMISSION = List( + CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS, + CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS, + CAN_CREATE_CUSTOM_VIEW, + CAN_DELETE_CUSTOM_VIEW, + CAN_UPDATE_CUSTOM_VIEW, + CAN_GET_CUSTOM_VIEW + ) + + final val SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION = List( + CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT, + CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY + ) + + final val SYSTEM_PUBLIC_VIEW_PERMISSION = List( + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_ADD_COUNTERPARTY, + CAN_GET_COUNTERPARTY, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_ADD_TAG, + CAN_ADD_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_TRANSACTION_STATUS + ) + + final val SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION = List( + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_CURRENCY + ) + + final val SYSTEM_VIEW_PERMISSION_COMMON = List( + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_ADD_COUNTERPARTY, + CAN_GET_COUNTERPARTY, + CAN_DELETE_COUNTERPARTY, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_TRANSACTION_STATUS, + CAN_ADD_TRANSACTION_REQUEST_TO_OWN_ACCOUNT + ) + final val VIEW_PERMISSION_NAMES = List( CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, CAN_SEE_TRANSACTION_METADATA, diff --git a/obp-api/src/main/scala/code/api/util/migration/Migration.scala b/obp-api/src/main/scala/code/api/util/migration/Migration.scala index ddc8966c4..3cb356cbb 100644 --- a/obp-api/src/main/scala/code/api/util/migration/Migration.scala +++ b/obp-api/src/main/scala/code/api/util/migration/Migration.scala @@ -99,7 +99,7 @@ object Migration extends MdcLoggable { // populateViewDefinitionCanAddTransactionRequestToBeneficiary() // populateViewDefinitionCanSeeTransactionStatus() alterCounterpartyLimitFieldType() - populateMigrationOfViewPermissions(startedBeforeSchemifier) +// populateMigrationOfViewPermissions(startedBeforeSchemifier) } private def dummyScript(): Boolean = { @@ -141,18 +141,18 @@ object Migration extends MdcLoggable { // } // } // } - - private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { - if (startedBeforeSchemifier == true) { - logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") - true - } else { - val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) - runOnce(name) { - MigrationOfViewPermissions.populate(name) - } - } - } +// +// private def populateMigrationOfViewPermissions(startedBeforeSchemifier: Boolean): Boolean = { +// if (startedBeforeSchemifier == true) { +// logger.warn(s"Migration.database.populateMigrationOfViewPermissions(true) cannot be run before Schemifier.") +// true +// } else { +// val name = nameOf(populateMigrationOfViewPermissions(startedBeforeSchemifier)) +// runOnce(name) { +// MigrationOfViewPermissions.populate(name) +// } +// } +// } private def generateAndPopulateMissingCustomerUUIDs(startedBeforeSchemifier: Boolean): Boolean = { if(startedBeforeSchemifier == true) { diff --git a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala index fdb872f0c..e3cbd23f4 100644 --- a/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala +++ b/obp-api/src/main/scala/code/api/util/migration/MigrationOfViewPermissions.scala @@ -1,38 +1,38 @@ -package code.api.util.migration - -import code.api.util.APIUtil -import code.api.util.migration.Migration.{DbFunction, saveLog} -import code.views.MapperViews -import code.views.system.{ViewDefinition, ViewPermission} - -object MigrationOfViewPermissions { - def populate(name: String): Boolean = { - DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { - case true => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - - val allViewDefinitions = ViewDefinition.findAll() - val viewPermissionRowNumberBefore = ViewPermission.count - allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) - val viewPermissionRowNumberAfter = ViewPermission.count - - val isSuccessful = true - val endDate = System.currentTimeMillis() - - val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - - case false => - val startDate = System.currentTimeMillis() - val commitId: String = APIUtil.gitCommit - val isSuccessful = false - val endDate = System.currentTimeMillis() - val comment: String = - s"""ViewDefinition or ViewPermission does not exist!""".stripMargin - saveLog(name, commitId, isSuccessful, startDate, endDate, comment) - isSuccessful - } - } -} +//package code.api.util.migration +// +//import code.api.util.APIUtil +//import code.api.util.migration.Migration.{DbFunction, saveLog} +//import code.views.MapperViews +//import code.views.system.{ViewDefinition, ViewPermission} +// +//object MigrationOfViewPermissions { +// def populate(name: String): Boolean = { +// DbFunction.tableExists(ViewDefinition) && DbFunction.tableExists(ViewPermission)match { +// case true => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// +// val allViewDefinitions = ViewDefinition.findAll() +// val viewPermissionRowNumberBefore = ViewPermission.count +// allViewDefinitions.map(v => MapperViews.migrateViewPermissions(v)) +// val viewPermissionRowNumberAfter = ViewPermission.count +// +// val isSuccessful = true +// val endDate = System.currentTimeMillis() +// +// val comment: String = s"""migrate all permissions from ViewDefinition (${allViewDefinitions.length} rows) to ViewPermission (${viewPermissionRowNumberAfter-viewPermissionRowNumberBefore} added) .""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// +// case false => +// val startDate = System.currentTimeMillis() +// val commitId: String = APIUtil.gitCommit +// val isSuccessful = false +// val endDate = System.currentTimeMillis() +// val comment: String = +// s"""ViewDefinition or ViewPermission does not exist!""".stripMargin +// saveLog(name, commitId, isSuccessful, startDate, endDate, comment) +// isSuccessful +// } +// } +//} diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index 6f01d4edd..489a2ebbd 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -392,12 +392,10 @@ object MapperViews extends Views with MdcLoggable { Failure(s"$SystemViewAlreadyExistsError Current VIEW_ID($viewId)") case false => val createdView = ViewDefinition.create.name_(view.name).view_id(viewId) - createdView.setFromViewData(view) + createdView.createViewAndPermissions(view) createdView.isSystem_(true) createdView.isPublic_(false) - val viewSaved = Full(createdView.saveMe) - viewSaved.map(v => MapperViews.migrateViewPermissions(v)) - viewSaved + Full(createdView.saveMe) } } } @@ -436,28 +434,20 @@ object MapperViews extends Views with MdcLoggable { bank_id(bankAccountId.bankId.value). account_id(bankAccountId.accountId.value) - createdView.setFromViewData(view) - - val viewSaved = Full(createdView.saveMe) - - viewSaved.map(v => MapperViews.migrateViewPermissions(v)) - - viewSaved + createdView.createViewAndPermissions(view) + Full(createdView.saveMe) } } /* Update the specification of the view (what data/actions are allowed) */ def updateCustomView(bankAccountId : BankIdAccountId, viewId: ViewId, viewUpdateJson : UpdateViewJSON) : Box[View] = { - for { view <- ViewDefinition.findCustomView(bankAccountId.bankId.value, bankAccountId.accountId.value, viewId.value) } yield { - view.setFromViewData(viewUpdateJson) + view.createViewAndPermissions(viewUpdateJson) view.saveMe - MapperViews.migrateViewPermissions(view) - view } } /* Update the specification of the system view (what data/actions are allowed) */ @@ -465,10 +455,8 @@ object MapperViews extends Views with MdcLoggable { for { view <- ViewDefinition.findSystemView(viewId.value) } yield { - view.setFromViewData(viewUpdateJson) + view.createViewAndPermissions(viewUpdateJson) view.saveMe - MapperViews.migrateViewPermissions(view) - view } } @@ -632,96 +620,11 @@ object MapperViews extends Views with MdcLoggable { theView } - /** - * This migrates the current View permissions to the new ViewPermission model. - * this will not add any new permission, it will only migrate the existing permissions. - * @param viewDefinition - */ - def migrateViewPermissions(viewDefinition: View): Unit = { - - //first, we list all the current view permissions. - val permissionNames: List[String] = code.api.Constant.VIEW_PERMISSION_NAMES - - permissionNames.foreach { permissionName => - // CAN_REVOKE_ACCESS_TO_VIEWS and CAN_GRANT_ACCESS_TO_VIEWS are special cases, they have a list of view ids as metadata. - // For the rest of the permissions, they are just boolean values. - if (permissionName == CAN_REVOKE_ACCESS_TO_VIEWS || permissionName == CAN_GRANT_ACCESS_TO_VIEWS) { - - val permissionValueFromViewDefinition = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Option[List[String]]] - - ViewPermission.findViewPermission(viewDefinition, permissionName) match { - // If the permission already exists in ViewPermission, but permissionValueFromViewDefinition is empty, we delete it. - case Full(permission) if permissionValueFromViewDefinition.isEmpty => - permission.delete_! - // If the permission already exists and permissionValueFromViewDefinition is defined, we update the metadata. - case Full(permission) if permissionValueFromViewDefinition.isDefined => - permission.extraData(permissionValueFromViewDefinition.get.mkString(",")).save - //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --systemView - case Empty if (viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(permissionValueFromViewDefinition.get.mkString(",")) - .save - //if the permission is not existing in ViewPermission,but it is defined in the viewDefinition, we create it. --customView - case Empty if (!viewDefinition.isSystem && permissionValueFromViewDefinition.isDefined) => - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .extraData(permissionValueFromViewDefinition.get.mkString(",")) - .save - case _ => - // This case should not happen, but if it does, we add an error log - logger.error(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") - } - } else { - // For the rest of the permissions, they are just boolean values. - val permissionValue = viewDefinition.getClass.getMethod(StringHelpers.camelifyMethod(permissionName)).invoke(viewDefinition).asInstanceOf[Boolean] - - ViewPermission.findViewPermission(viewDefinition, permissionName) match { - // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is false, we delete it. - case Full(permission) if !permissionValue => - permission.delete_! - // If the permission already exists in ViewPermission, but permissionValueFromViewdefinition is empty, we udpate it. - case Full(permission) if permissionValue => - permission.permission(permissionName).save - //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --systemView - case _ if (viewDefinition.isSystem && permissionValue) => - ViewPermission.create - .bank_id(null) - .account_id(null) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .save - //if the permission is not existing in ViewPermission, but it is defined in the viewDefinition, we create it. --customerView - case _ if (!viewDefinition.isSystem && permissionValue) => - ViewPermission.create - .bank_id(viewDefinition.bankId.value) - .account_id(viewDefinition.accountId.value) - .view_id(viewDefinition.viewId.value) - .permission(permissionName) - .save - case _ => - // This case should not happen, but if it does, we do nothing - logger.warn(s"Unexpected case for permission $permissionName for view ${viewDefinition.viewId.value}. No action taken.") - } - } - } - } - def getOrCreateSystemView(viewId: String) : Box[View] = { getExistingSystemView(viewId) match { case Empty => - val view = createDefaultSystemView(viewId) - view.map(v => migrateViewPermissions(v)) - view - case Full(v) => - migrateViewPermissions(v) - Full(v) + createDefaultSystemView(viewId) + case Full(v) => Full(v) case Failure(msg, t, c) => Failure(msg, t, c) case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q) } @@ -742,11 +645,8 @@ object MapperViews extends Views with MdcLoggable { def getOrCreateCustomPublicView(bankId: BankId, accountId: AccountId, description: String = "Public View") : Box[View] = { getExistingCustomView(bankId, accountId, CUSTOM_PUBLIC_VIEW_ID) match { case Empty=> - val view = createDefaultCustomPublicView(bankId, accountId, description) - view.map(v => migrateViewPermissions(v)) - view + createDefaultCustomPublicView(bankId, accountId, description) case Full(v)=> - migrateViewPermissions(v) Full(v) case Failure(msg, t, c) => Failure(msg, t, c) case ParamFailure(x,y,z,q) => ParamFailure(x,y,z,q) @@ -793,6 +693,7 @@ object MapperViews extends Views with MdcLoggable { def bulkDeleteAllPermissionsAndViews() : Boolean = { ViewDefinition.bulkDelete_!!() AccountAccess.bulkDelete_!!() + ViewPermission.bulkDelete_!!() true } @@ -809,156 +710,51 @@ object MapperViews extends Views with MdcLoggable { .usePrivateAliasIfOneExists_(false) //(default is false anyways) .usePublicAliasIfOneExists_(false) //(default is false anyways) .hideOtherAccountMetadataIfAlias_(false) //(default is false anyways) - .canSeeTransactionThisBankAccount_(true) - .canSeeTransactionOtherBankAccount_(true) - .canSeeTransactionMetadata_(true) - .canSeeTransactionDescription_(true) - .canSeeTransactionAmount_(true) - .canSeeTransactionType_(true) - .canSeeTransactionCurrency_(true) - .canSeeTransactionStartDate_(true) - .canSeeTransactionFinishDate_(true) - .canSeeTransactionBalance_(true) - .canSeeComments_(true) - .canSeeOwnerComment_(true) - .canSeeTags_(true) - .canSeeImages_(true) - .canSeeBankAccountOwners_(true) - .canSeeBankAccountType_(true) - .canSeeBankAccountBalance_(true) - .canSeeBankAccountCurrency_(true) - .canSeeBankAccountLabel_(true) - .canSeeBankAccountNationalIdentifier_(true) - .canSeeBankAccountSwift_bic_(true) - .canSeeBankAccountIban_(true) - .canSeeBankAccountNumber_(true) - .canSeeBankAccountBankName_(true) - .canSeeBankAccountBankPermalink_(true) - .canSeeOtherAccountNationalIdentifier_(true) - .canSeeOtherAccountSWIFT_BIC_(true) - .canSeeOtherAccountIBAN_(true) - .canSeeOtherAccountBankName_(true) - .canSeeOtherAccountNumber_(true) - .canSeeOtherAccountMetadata_(true) - .canSeeOtherAccountKind_(true) - .canSeeMoreInfo_(true) - .canSeeUrl_(true) - .canSeeImageUrl_(true) - .canSeeOpenCorporatesUrl_(true) - .canSeeCorporateLocation_(true) - .canSeePhysicalLocation_(true) - .canSeePublicAlias_(true) - .canSeePrivateAlias_(true) - .canAddMoreInfo_(true) - .canAddURL_(true) - .canAddImageURL_(true) - .canAddOpenCorporatesUrl_(true) - .canAddCorporateLocation_(true) - .canAddPhysicalLocation_(true) - .canAddPublicAlias_(true) - .canAddPrivateAlias_(true) - .canAddCounterparty_(true) - .canGetCounterparty_(true) - .canDeleteCounterparty_(true) - .canDeleteCorporateLocation_(true) - .canDeletePhysicalLocation_(true) - .canEditOwnerComment_(true) - .canAddComment_(true) - .canDeleteComment_(true) - .canAddTag_(true) - .canDeleteTag_(true) - .canAddImage_(true) - .canDeleteImage_(true) - .canAddWhereTag_(true) - .canSeeWhereTag_(true) - .canDeleteWhereTag_(true) - .canSeeBankRoutingScheme_(true) //added following in V300 - .canSeeBankRoutingAddress_(true) - .canSeeBankAccountRoutingScheme_(true) - .canSeeBankAccountRoutingAddress_(true) - .canSeeOtherBankRoutingScheme_(true) - .canSeeOtherBankRoutingAddress_(true) - .canSeeOtherAccountRoutingScheme_(true) - .canSeeOtherAccountRoutingAddress_(true) - .canSeeTransactionStatus_(true) - - // TODO Allow use only for certain cases - .canAddTransactionRequestToOwnAccount_(true) //added following two for payments - .canAddTransactionRequestToAnyAccount_(true) - .canAddTransactionRequestToBeneficiary_(true) - - .canSeeAvailableViewsForBankAccount_(false) - .canSeeTransactionRequests_(false) - .canSeeTransactionRequestTypes_(false) - .canUpdateBankAccountLabel_(false) - .canSeeViewsWithPermissionsForOneUser_(false) - .canSeeViewsWithPermissionsForAllUsers_(false) - .canRevokeAccessToCustomViews_(false) - .canGrantAccessToCustomViews_(false) - .canCreateCustomView_(false) - .canDeleteCustomView_(false) - .canUpdateCustomView_(false) - .canGetCustomView_(false) - + viewId match { - case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID => - entity // Make additional setup to the existing view - .canSeeAvailableViewsForBankAccount_(true) - .canSeeTransactionRequests_(true) - .canSeeTransactionRequestTypes_(true) - .canUpdateBankAccountLabel_(true) - .canSeeViewsWithPermissionsForOneUser_(true) - .canSeeViewsWithPermissionsForAllUsers_(true) - .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) - case SYSTEM_STAGE_ONE_VIEW_ID => - entity // Make additional setup to the existing view - .canSeeTransactionDescription_(false) - .canAddTransactionRequestToAnyAccount_(false) - .canAddTransactionRequestToBeneficiary_(false) - case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID => - entity // Make additional setup to the existing view - .canRevokeAccessToCustomViews_(true) - .canGrantAccessToCustomViews_(true) - .canCreateCustomView_(true) - .canDeleteCustomView_(true) - .canUpdateCustomView_(true) - .canGetCustomView_(true) - case SYSTEM_FIREHOSE_VIEW_ID => + case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_OWNER_VIEW_PERMISSION_ADMIN, + DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS, + DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS + ) + ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) + entity + } + case SYSTEM_STAGE_ONE_VIEW_ID =>{ + ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_VIEW_PERMISSION_COMMON) + entity + } + case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_VIEW_PERMISSION_COMMON++SYSTEM_MANAGER_VIEW_PERMISSION + ) + entity + } + case SYSTEM_FIREHOSE_VIEW_ID =>{ + ViewPermission.createViewPermissions(entity,SYSTEM_VIEW_PERMISSION_COMMON) entity // Make additional setup to the existing view .isFirehose_(true) + } case SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID | SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID => - create // A new one - .isSystem_(true) - .isFirehose_(false) - .name_(StringHelpers.capify(viewId)) - .view_id(viewId) - .description_(viewId) - case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID => - create // A new one - .isSystem_(true) - .isFirehose_(false) - .name_(StringHelpers.capify(viewId)) - .view_id(viewId) - .description_(viewId) - .canSeeTransactionThisBankAccount_(true) - .canSeeTransactionOtherBankAccount_(true) - .canSeeTransactionAmount_(true) - .canSeeTransactionCurrency_(true) - .canSeeTransactionBalance_(true) - .canSeeTransactionStartDate_(true) - .canSeeTransactionFinishDate_(true) - .canSeeTransactionDescription_(true) - case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID => - create // A new one - .isSystem_(true) - .isFirehose_(false) - .name_(StringHelpers.capify(viewId)) - .view_id(viewId) - .description_(viewId) - .canAddTransactionRequestToAnyAccount_(true) - .canAddTransactionRequestToBeneficiary_(true) + entity + case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_PERMISSION + ) + entity + } + case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID =>{ + ViewPermission.createViewPermissions( + entity, + SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_PERMISSION + ) + entity + } case _ => entity } @@ -983,87 +779,13 @@ object MapperViews extends Views with MdcLoggable { account_id(accountId.value). usePrivateAliasIfOneExists_(false). usePublicAliasIfOneExists_(true). - hideOtherAccountMetadataIfAlias_(true). - canSeeTransactionThisBankAccount_(true). - canSeeTransactionOtherBankAccount_(true). - canSeeTransactionMetadata_(true). - canSeeTransactionDescription_(false). - canSeeTransactionAmount_(true). - canSeeTransactionType_(true). - canSeeTransactionCurrency_(true). - canSeeTransactionStartDate_(true). - canSeeTransactionFinishDate_(true). - canSeeTransactionBalance_(true). - canSeeComments_(true). - canSeeOwnerComment_(true). - canSeeTags_(true). - canSeeImages_(true). - canSeeBankAccountOwners_(true). - canSeeBankAccountType_(true). - canSeeBankAccountBalance_(true). - canSeeBankAccountCurrency_(true). - canSeeBankAccountLabel_(true). - canSeeBankAccountNationalIdentifier_(true). - canSeeBankAccountIban_(true). - canSeeBankAccountNumber_(true). - canSeeBankAccountBankName_(true). - canSeeBankAccountBankPermalink_(true). - canSeeOtherAccountNationalIdentifier_(true). - canSeeOtherAccountIBAN_(true). - canSeeOtherAccountBankName_(true). - canSeeOtherAccountNumber_(true). - canSeeOtherAccountMetadata_(true). - canSeeOtherAccountKind_(true) - entity. - canSeeMoreInfo_(true). - canSeeUrl_(true). - canSeeImageUrl_(true). - canSeeOpenCorporatesUrl_(true). - canSeeCorporateLocation_(true). - canSeePhysicalLocation_(true). - canSeePublicAlias_(true). - canSeePrivateAlias_(true). - canAddMoreInfo_(true). - canAddURL_(true). - canAddImageURL_(true). - canAddOpenCorporatesUrl_(true). - canAddCorporateLocation_(true). - canAddPhysicalLocation_(true). - canAddPublicAlias_(true). - canAddPrivateAlias_(true). - canAddCounterparty_(true). - canGetCounterparty_(true). - canDeleteCounterparty_(false). - canDeleteCorporateLocation_(false). - canDeletePhysicalLocation_(false). - canEditOwnerComment_(true). - canAddComment_(true). - canDeleteComment_(false). - canAddTag_(true). - canDeleteTag_(false). - canAddImage_(true). - canDeleteImage_(false). - canAddWhereTag_(true). - canSeeWhereTag_(true). - canSeeBankRoutingScheme_(true). //added following in V300 - canSeeBankRoutingAddress_(true). - canSeeBankAccountRoutingScheme_(true). - canSeeBankAccountRoutingAddress_(true). - canSeeOtherBankRoutingScheme_(true). - canSeeOtherBankRoutingAddress_(true). - canSeeOtherAccountRoutingScheme_(true). - canSeeOtherAccountRoutingAddress_(true). - canAddTransactionRequestToOwnAccount_(false). //added following two for payments - canAddTransactionRequestToAnyAccount_(false). - canAddTransactionRequestToBeneficiary_(false). - canSeeTransactionRequests_(false). - canSeeTransactionRequestTypes_(false). - canUpdateBankAccountLabel_(false). - canCreateCustomView_(false). - canDeleteCustomView_(false). - canUpdateCustomView_(false). - canGetCustomView_(false). - canSeeTransactionStatus_(true) + hideOtherAccountMetadataIfAlias_(true) + + ViewPermission.createViewPermissions( + entity, + SYSTEM_PUBLIC_VIEW_PERMISSION + ) + entity } def createAndSaveDefaultPublicCustomView(bankId : BankId, accountId: AccountId, description: String) : Box[View] = { diff --git a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala index 43c0c627a..fed312280 100644 --- a/obp-api/src/main/scala/code/views/system/ViewDefinition.scala +++ b/obp-api/src/main/scala/code/views/system/ViewDefinition.scala @@ -5,10 +5,10 @@ import code.api.util.APIUtil.{isValidCustomViewId, isValidSystemViewId} import code.api.util.ErrorMessages.{CreateSystemViewError, InvalidCustomViewFormat, InvalidSystemViewFormat} import code.util.{AccountIdString, UUIDString} import com.openbankproject.commons.model._ -import net.liftweb.common.Box +import net.liftweb.common.{Box, Full} import net.liftweb.common.Box.tryo import net.liftweb.mapper._ - +import code.api.Constant._ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with ManyToMany with CreatedUpdated{ def getSingleton = ViewDefinition @@ -50,305 +50,12 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many object hideOtherAccountMetadataIfAlias_ extends MappedBoolean(this){ override def defaultValue = false } - - //This is the system views list, custom views please check `canGrantAccessToCustomViews_` field - object canGrantAccessToViews_ extends MappedText(this){ - override def defaultValue = "" - } - //This is the system views list.custom views please check `canRevokeAccessToCustomViews_` field - object canRevokeAccessToViews_ extends MappedText(this){ - override def defaultValue = "" - } - - object canRevokeAccessToCustomViews_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGrantAccessToCustomViews_ extends MappedBoolean(this) { - override def defaultValue = false - } - object canSeeTransactionThisBankAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionRequests_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionRequestTypes_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionOtherBankAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionMetadata_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionDescription_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionAmount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionType_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionCurrency_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionStartDate_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionFinishDate_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionBalance_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeComments_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOwnerComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTags_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeImages_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountOwners_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeAvailableViewsForBankAccount_ extends MappedBoolean(this){ - override def defaultValue = true - } - object canSeeBankAccountType_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBalance_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canQueryAvailableFunds_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountCurrency_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountLabel_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canUpdateBankAccountLabel_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountNationalIdentifier_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountSwift_bic_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountIban_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountNumber_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBankName_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountBankPermalink_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountNationalIdentifier_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountSWIFT_BIC_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountIBAN_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountBankName_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountNumber_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountMetadata_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountKind_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherBankRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherBankRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountRoutingScheme_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOtherAccountRoutingAddress_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeMoreInfo_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeImageUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeOpenCorporatesUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePublicAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeePrivateAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddMoreInfo_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddURL_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddImageURL_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddOpenCorporatesUrl_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPublicAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddPrivateAlias_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGetCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCounterparty_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCorporateLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeletePhysicalLocation_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canEditOwnerComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteComment_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddImage_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteImage_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canAddWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteWhereTag_ extends MappedBoolean(this){ - override def defaultValue = false - } - - //internal transfer between my own accounts - - @deprecated("we added new field `canAddTransactionRequestToBeneficiary_`","25-07-2024") - object canAddTransactionRequestToOwnAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canAddTransactionRequestToBeneficiary_ extends MappedBoolean(this){ - override def defaultValue = false - } - - // transfer to any account - object canAddTransactionRequestToAnyAccount_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeBankAccountCreditLimit_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canCreateDirectDebit_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canCreateStandingOrder_ extends MappedBoolean(this){ - override def defaultValue = false - } - - object canCreateCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canDeleteCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canUpdateCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canGetCustomView_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeViewsWithPermissionsForAllUsers_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeViewsWithPermissionsForOneUser_ extends MappedBoolean(this){ - override def defaultValue = false - } - object canSeeTransactionStatus_ extends MappedBoolean(this){ - override def defaultValue = false - } - - //Important! If you add a field, be sure to handle it here in this function - def setFromViewData(viewData : ViewSpecification) = { - if(viewData.which_alias_to_use == "public"){ + def createViewAndPermissions(viewSpecification : ViewSpecification) = { + if(viewSpecification.which_alias_to_use == "public"){ usePublicAliasIfOneExists_(true) usePrivateAliasIfOneExists_(false) - } else if(viewData.which_alias_to_use == "private"){ + } else if(viewSpecification.which_alias_to_use == "private"){ usePublicAliasIfOneExists_(false) usePrivateAliasIfOneExists_(true) } else { @@ -356,108 +63,19 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many usePrivateAliasIfOneExists_(false) } - hideOtherAccountMetadataIfAlias_(viewData.hide_metadata_if_alias_used) - description_(viewData.description) - isPublic_(viewData.is_public) - isFirehose_(viewData.is_firehose.getOrElse(false)) - metadataView_(viewData.metadata_view) + hideOtherAccountMetadataIfAlias_(viewSpecification.hide_metadata_if_alias_used) + description_(viewSpecification.description) + isPublic_(viewSpecification.is_public) + isFirehose_(viewSpecification.is_firehose.getOrElse(false)) + metadataView_(viewSpecification.metadata_view) + + ViewPermission.createViewPermissions( + this, + viewSpecification.allowed_actions, + viewSpecification.can_grant_access_to_views.getOrElse(Nil), + viewSpecification.can_revoke_access_to_views.getOrElse(Nil) + ) - val actions = viewData.allowed_actions - - if (isSystem) { //The following are admin permissions, only system views are allowed to use them. - canGrantAccessToCustomViews_(actions.exists(_ == CAN_GRANT_ACCESS_TO_CUSTOM_VIEWS)) - canRevokeAccessToCustomViews_(actions.exists(_ == CAN_REVOKE_ACCESS_TO_CUSTOM_VIEWS)) - canGrantAccessToViews_(viewData.can_grant_access_to_views.getOrElse(Nil).mkString(",")) - canRevokeAccessToViews_(viewData.can_revoke_access_to_views.getOrElse(Nil).mkString(",")) - canCreateCustomView_(actions.exists(_ == CAN_CREATE_CUSTOM_VIEW)) - canDeleteCustomView_(actions.exists(_ == CAN_DELETE_CUSTOM_VIEW)) - canUpdateCustomView_(actions.exists(_ == CAN_UPDATE_CUSTOM_VIEW)) - } - - canSeeTransactionThisBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT)) - canSeeTransactionOtherBankAccount_(actions.exists(_ == CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT)) - canSeeTransactionMetadata_(actions.exists(_ == CAN_SEE_TRANSACTION_METADATA)) - canSeeTransactionDescription_(actions.exists(_ ==CAN_SEE_TRANSACTION_DESCRIPTION)) - canSeeTransactionAmount_(actions.exists(_ == CAN_SEE_TRANSACTION_AMOUNT)) - canSeeTransactionType_(actions.exists(_ == CAN_SEE_TRANSACTION_TYPE)) - canSeeTransactionCurrency_(actions.exists(_ == CAN_SEE_TRANSACTION_CURRENCY)) - canSeeTransactionStartDate_(actions.exists(_ == CAN_SEE_TRANSACTION_START_DATE)) - canSeeTransactionFinishDate_(actions.exists(_ == CAN_SEE_TRANSACTION_FINISH_DATE)) - canSeeTransactionBalance_(actions.exists(_ == CAN_SEE_TRANSACTION_BALANCE)) - canSeeComments_(actions.exists(_ == CAN_SEE_COMMENTS)) - canSeeOwnerComment_(actions.exists(_ == CAN_SEE_OWNER_COMMENT)) - canSeeTags_(actions.exists(_ == CAN_SEE_TAGS)) - canSeeImages_(actions.exists(_ == CAN_SEE_IMAGES)) - canSeeBankAccountOwners_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_OWNERS)) - canSeeBankAccountType_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_TYPE)) - canSeeBankAccountBalance_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BALANCE)) - canQueryAvailableFunds_(actions.exists(_ == CAN_QUERY_AVAILABLE_FUNDS)) - canSeeBankAccountCurrency_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CURRENCY)) - canSeeBankAccountLabel_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_LABEL)) - canSeeBankAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER)) - canSeeBankAccountSwift_bic_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_SWIFT_BIC)) - canSeeBankAccountIban_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_IBAN)) - canSeeBankAccountNumber_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_NUMBER)) - canSeeBankAccountBankName_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_NAME)) - canSeeBankAccountBankPermalink_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK)) - canSeeBankRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ROUTING_SCHEME)) - canSeeBankRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ROUTING_ADDRESS)) - canSeeBankAccountRoutingScheme_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME)) - canSeeBankAccountRoutingAddress_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS)) - canSeeOtherAccountNationalIdentifier_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER)) - canSeeOtherAccountSWIFT_BIC_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC)) - canSeeOtherAccountIBAN_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_IBAN)) - canSeeOtherAccountBankName_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_BANK_NAME)) - canSeeOtherAccountNumber_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_NUMBER)) - canSeeOtherAccountMetadata_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_METADATA)) - canSeeOtherAccountKind_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_KIND)) - canSeeOtherBankRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_SCHEME)) - canSeeOtherBankRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_BANK_ROUTING_ADDRESS)) - canSeeOtherAccountRoutingScheme_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME)) - canSeeOtherAccountRoutingAddress_(actions.exists(_ == CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS)) - canSeeMoreInfo_(actions.exists(_ == CAN_SEE_MORE_INFO)) - canSeeUrl_(actions.exists(_ == CAN_SEE_URL)) - canSeeImageUrl_(actions.exists(_ == CAN_SEE_IMAGE_URL)) - canSeeOpenCorporatesUrl_(actions.exists(_ == CAN_SEE_OPEN_CORPORATES_URL)) - canSeeCorporateLocation_(actions.exists(_ == CAN_SEE_CORPORATE_LOCATION)) - canSeePhysicalLocation_(actions.exists(_ == CAN_SEE_PHYSICAL_LOCATION)) - canSeePublicAlias_(actions.exists(_ == CAN_SEE_PUBLIC_ALIAS)) - canSeePrivateAlias_(actions.exists(_ == CAN_SEE_PRIVATE_ALIAS)) - canAddMoreInfo_(actions.exists(_ == CAN_ADD_MORE_INFO)) - canAddURL_(actions.exists(_ == CAN_ADD_URL)) - canAddImageURL_(actions.exists(_ == CAN_ADD_IMAGE_URL)) - canAddOpenCorporatesUrl_(actions.exists(_ == CAN_ADD_OPEN_CORPORATES_URL)) - canAddCorporateLocation_(actions.exists(_ == CAN_ADD_CORPORATE_LOCATION)) - canAddPhysicalLocation_(actions.exists(_ == CAN_ADD_PHYSICAL_LOCATION)) - canAddPublicAlias_(actions.exists(_ == CAN_ADD_PUBLIC_ALIAS)) - canAddPrivateAlias_(actions.exists(_ == CAN_ADD_PRIVATE_ALIAS)) - canAddCounterparty_(actions.exists(_ == CAN_ADD_COUNTERPARTY)) - canDeleteCounterparty_(actions.exists(_ == CAN_DELETE_COUNTERPARTY)) - canGetCounterparty_(actions.exists(_ == CAN_GET_COUNTERPARTY)) - canDeleteCorporateLocation_(actions.exists(_ == CAN_DELETE_CORPORATE_LOCATION)) - canDeletePhysicalLocation_(actions.exists(_ == CAN_DELETE_PHYSICAL_LOCATION)) - canEditOwnerComment_(actions.exists(_ == CAN_EDIT_OWNER_COMMENT)) - canAddComment_(actions.exists(_ == CAN_ADD_COMMENT)) - canDeleteComment_(actions.exists(_ == CAN_DELETE_COMMENT)) - canAddTag_(actions.exists(_ == CAN_ADD_TAG)) - canDeleteTag_(actions.exists(_ == CAN_DELETE_TAG)) - canAddImage_(actions.exists(_ == CAN_ADD_IMAGE)) - canDeleteImage_(actions.exists(_ == CAN_DELETE_IMAGE)) - canAddWhereTag_(actions.exists(_ == CAN_ADD_WHERE_TAG)) - canSeeWhereTag_(actions.exists(_ == CAN_SEE_WHERE_TAG)) - canDeleteWhereTag_(actions.exists(_ == CAN_DELETE_WHERE_TAG)) - canAddTransactionRequestToBeneficiary_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_BENEFICIARY)) - canAddTransactionRequestToAnyAccount_(actions.exists(_ == CAN_ADD_TRANSACTION_REQUEST_TO_ANY_ACCOUNT)) - canSeeBankAccountCreditLimit_(actions.exists(_ == CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT)) - canCreateDirectDebit_(actions.exists(_ == CAN_CREATE_DIRECT_DEBIT)) - canCreateStandingOrder_(actions.exists(_ == CAN_CREATE_STANDING_ORDER)) - canSeeTransactionRequests_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUESTS)) - canSeeTransactionRequestTypes_(actions.exists(_ == CAN_SEE_TRANSACTION_REQUEST_TYPES)) - canUpdateBankAccountLabel_(actions.exists(_ == CAN_UPDATE_BANK_ACCOUNT_LABEL)) - canSeeAvailableViewsForBankAccount_(actions.exists(_ == CAN_SEE_AVAILABLE_VIEWS_FOR_BANK_ACCOUNT)) - canSeeViewsWithPermissionsForAllUsers_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ALL_USERS)) - canSeeViewsWithPermissionsForOneUser_(actions.exists(_ == CAN_SEE_VIEWS_WITH_PERMISSIONS_FOR_ONE_USER)) - canSeeTransactionStatus_(actions.exists(_ == CAN_SEE_TRANSACTION_STATUS)) } @@ -485,152 +103,25 @@ class ViewDefinition extends View with LongKeyedMapper[ViewDefinition] with Many override def allowed_actions : List[String] = ViewPermission.findViewPermissions(this).map(_.permission.get).distinct -// override def canGrantAccessToViews : Option[List[String]] = { -// ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp => -// { -// vp.metaData.get match { -// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) -// case _ => None -// } -// }) -// } -// -// override def canRevokeAccessToViews : Option[List[String]] = { -// ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp => -// { -// vp.metaData.get match { -// case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) -// case _ => None -// } -// }) -// } - - - //This current view can grant access to other views. override def canGrantAccessToViews : Option[List[String]] = { - canGrantAccessToViews_.get == null || canGrantAccessToViews_.get.isEmpty() match { - case true => None - case _ => Some(canGrantAccessToViews_.get.split(",").toList.map(_.trim)) - } + ViewPermission.findViewPermission(this, CAN_GRANT_ACCESS_TO_VIEWS).flatMap(vp => + { + vp.extraData.get match { + case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) + case _ => None + } + }) } - - def canGrantAccessToCustomViews : Boolean = canGrantAccessToCustomViews_.get - //the current view can revoke access to other views. override def canRevokeAccessToViews : Option[List[String]] = { - canRevokeAccessToViews_.get == null || canRevokeAccessToViews_.get.isEmpty() match { - case true => None - case _ => Some(canRevokeAccessToViews_.get.split(",").toList.map(_.trim)) - } + ViewPermission.findViewPermission(this, CAN_REVOKE_ACCESS_TO_VIEWS).flatMap(vp => + { + vp.extraData.get match { + case value if(value != null && !value.isEmpty) => Some(value.split(",").toList.map(_.trim)) + case _ => None + } + }) } - override def canRevokeAccessToCustomViews : Boolean = canRevokeAccessToCustomViews_.get - - //reading access - - //transaction fields - def canSeeTransactionThisBankAccount : Boolean = canSeeTransactionThisBankAccount_.get - def canSeeTransactionRequests : Boolean = canSeeTransactionRequests_.get - def canSeeTransactionRequestTypes: Boolean = canSeeTransactionRequestTypes_.get - def canSeeTransactionOtherBankAccount : Boolean = canSeeTransactionOtherBankAccount_.get - def canSeeTransactionMetadata : Boolean = canSeeTransactionMetadata_.get - def canSeeTransactionDescription: Boolean = canSeeTransactionDescription_.get - def canSeeTransactionAmount: Boolean = canSeeTransactionAmount_.get - def canSeeTransactionType: Boolean = canSeeTransactionType_.get - def canSeeTransactionCurrency: Boolean = canSeeTransactionCurrency_.get - def canSeeTransactionStartDate: Boolean = canSeeTransactionStartDate_.get - def canSeeTransactionFinishDate: Boolean = canSeeTransactionFinishDate_.get - def canSeeTransactionBalance: Boolean = canSeeTransactionBalance_.get - def canSeeTransactionStatus: Boolean = canSeeTransactionStatus_.get - - //transaction metadata - def canSeeComments: Boolean = canSeeComments_.get - def canSeeOwnerComment: Boolean = canSeeOwnerComment_.get - def canSeeTags : Boolean = canSeeTags_.get - def canSeeImages : Boolean = canSeeImages_.get - - //Bank account fields - def canSeeAvailableViewsForBankAccount : Boolean = canSeeAvailableViewsForBankAccount_.get - def canSeeBankAccountOwners : Boolean = canSeeBankAccountOwners_.get - def canSeeBankAccountType : Boolean = canSeeBankAccountType_.get - def canSeeBankAccountBalance : Boolean = canSeeBankAccountBalance_.get - def canSeeBankAccountCurrency : Boolean = canSeeBankAccountCurrency_.get - def canQueryAvailableFunds : Boolean = canQueryAvailableFunds_.get - def canSeeBankAccountLabel : Boolean = canSeeBankAccountLabel_.get - def canUpdateBankAccountLabel : Boolean = canUpdateBankAccountLabel_.get - def canSeeBankAccountNationalIdentifier : Boolean = canSeeBankAccountNationalIdentifier_.get - def canSeeBankAccountSwiftBic : Boolean = canSeeBankAccountSwift_bic_.get - def canSeeBankAccountIban : Boolean = canSeeBankAccountIban_.get - def canSeeBankAccountNumber : Boolean = canSeeBankAccountNumber_.get - def canSeeBankAccountBankName : Boolean = canSeeBankAccountBankName_.get - def canSeeBankAccountBankPermalink : Boolean = canSeeBankAccountBankPermalink_.get - def canSeeBankRoutingScheme : Boolean = canSeeBankRoutingScheme_.get - def canSeeBankRoutingAddress : Boolean = canSeeBankRoutingAddress_.get - def canSeeBankAccountRoutingScheme : Boolean = canSeeBankAccountRoutingScheme_.get - def canSeeBankAccountRoutingAddress : Boolean = canSeeBankAccountRoutingAddress_.get - def canSeeViewsWithPermissionsForOneUser: Boolean = canSeeViewsWithPermissionsForOneUser_.get - def canSeeViewsWithPermissionsForAllUsers : Boolean = canSeeViewsWithPermissionsForAllUsers_.get - - //other bank account fields - def canSeeOtherAccountNationalIdentifier : Boolean = canSeeOtherAccountNationalIdentifier_.get - def canSeeOtherAccountSwiftBic : Boolean = canSeeOtherAccountSWIFT_BIC_.get - def canSeeOtherAccountIban : Boolean = canSeeOtherAccountIBAN_.get - def canSeeOtherAccountBankName : Boolean = canSeeOtherAccountBankName_.get - def canSeeOtherAccountNumber : Boolean = canSeeOtherAccountNumber_.get - def canSeeOtherAccountMetadata : Boolean = canSeeOtherAccountMetadata_.get - def canSeeOtherAccountKind : Boolean = canSeeOtherAccountKind_.get - def canSeeOtherBankRoutingScheme : Boolean = canSeeOtherBankRoutingScheme_.get - def canSeeOtherBankRoutingAddress : Boolean = canSeeOtherBankRoutingAddress_.get - def canSeeOtherAccountRoutingScheme : Boolean = canSeeOtherAccountRoutingScheme_.get - def canSeeOtherAccountRoutingAddress : Boolean = canSeeOtherAccountRoutingAddress_.get - - //other bank account meta data - def canSeeMoreInfo: Boolean = canSeeMoreInfo_.get - def canSeeUrl: Boolean = canSeeUrl_.get - def canSeeImageUrl: Boolean = canSeeImageUrl_.get - def canSeeOpenCorporatesUrl: Boolean = canSeeOpenCorporatesUrl_.get - def canSeeCorporateLocation : Boolean = canSeeCorporateLocation_.get - def canSeePhysicalLocation : Boolean = canSeePhysicalLocation_.get - def canSeePublicAlias : Boolean = canSeePublicAlias_.get - def canSeePrivateAlias : Boolean = canSeePrivateAlias_.get - def canAddMoreInfo : Boolean = canAddMoreInfo_.get - def canAddUrl : Boolean = canAddURL_.get - def canAddImageUrl : Boolean = canAddImageURL_.get - def canAddOpenCorporatesUrl : Boolean = canAddOpenCorporatesUrl_.get - def canAddCorporateLocation : Boolean = canAddCorporateLocation_.get - def canAddPhysicalLocation : Boolean = canAddPhysicalLocation_.get - def canAddPublicAlias : Boolean = canAddPublicAlias_.get - def canAddPrivateAlias : Boolean = canAddPrivateAlias_.get - def canAddCounterparty : Boolean = canAddCounterparty_.get - def canGetCounterparty : Boolean = canGetCounterparty_.get - def canDeleteCounterparty : Boolean = canDeleteCounterparty_.get - def canDeleteCorporateLocation : Boolean = canDeleteCorporateLocation_.get - def canDeletePhysicalLocation : Boolean = canDeletePhysicalLocation_.get - - //writing access - def canEditOwnerComment: Boolean = canEditOwnerComment_.get - def canAddComment : Boolean = canAddComment_.get - def canDeleteComment: Boolean = canDeleteComment_.get - def canAddTag : Boolean = canAddTag_.get - def canDeleteTag : Boolean = canDeleteTag_.get - def canAddImage : Boolean = canAddImage_.get - def canDeleteImage : Boolean = canDeleteImage_.get - def canAddWhereTag : Boolean = canAddWhereTag_.get - def canSeeWhereTag : Boolean = canSeeWhereTag_.get - def canDeleteWhereTag : Boolean = canDeleteWhereTag_.get - - def canAddTransactionRequestToOwnAccount: Boolean = false //we do not need this field, set this to false. - def canAddTransactionRequestToAnyAccount: Boolean = canAddTransactionRequestToAnyAccount_.get - def canAddTransactionRequestToBeneficiary: Boolean = canAddTransactionRequestToBeneficiary_.get - def canSeeBankAccountCreditLimit: Boolean = canSeeBankAccountCreditLimit_.get - - def canCreateDirectDebit: Boolean = canCreateDirectDebit_.get - def canCreateStandingOrder: Boolean = canCreateStandingOrder_.get - def canCreateCustomView: Boolean = canCreateCustomView_.get - def canDeleteCustomView: Boolean = canDeleteCustomView_.get - def canUpdateCustomView: Boolean = canUpdateCustomView_.get - def canGetCustomView: Boolean = canGetCustomView_.get - //TODO: if you add new permissions here, remember to set them wherever views are created - // (e.g. BankAccountCreationDispatcher) } object ViewDefinition extends ViewDefinition with LongKeyedMetaMapper[ViewDefinition] { diff --git a/obp-api/src/main/scala/code/views/system/ViewPermission.scala b/obp-api/src/main/scala/code/views/system/ViewPermission.scala index 3de76e629..3d8b7ba85 100644 --- a/obp-api/src/main/scala/code/views/system/ViewPermission.scala +++ b/obp-api/src/main/scala/code/views/system/ViewPermission.scala @@ -1,5 +1,6 @@ package code.views.system +import code.api.Constant.{CAN_GRANT_ACCESS_TO_VIEWS, CAN_REVOKE_ACCESS_TO_VIEWS} import code.util.UUIDString import com.openbankproject.commons.model._ import net.liftweb.common.Box @@ -68,4 +69,71 @@ object ViewPermission extends ViewPermission with LongKeyedMetaMapper[ViewPermis } else { findCustomViewPermission(view.bankId, view.accountId, view.viewId, permission) } + + def createViewPermissions( + viewDefinition: View, + permissionNames: List[String], + canGrantAccessToViews: List[String] = Nil, + canRevokeAccessToViews: List[String] = Nil + ): Unit = { + if (viewDefinition.isSystem) { + permissionNames.map( + permissionName => + if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canGrantAccessToViews.mkString(",")) + .save + } else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canRevokeAccessToViews.mkString(",")) + .save + } + else { + ViewPermission.create + .bank_id(null) + .account_id(null) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(null) + .save + }) + } else { + permissionNames.map( + permissionName => + if (permissionName.equals(CAN_GRANT_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canGrantAccessToViews.mkString(",")) + .save + } else if (permissionName.equals(CAN_REVOKE_ACCESS_TO_VIEWS)) { + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(canRevokeAccessToViews.mkString(",")) + .save + } + else { + ViewPermission.create + .bank_id(viewDefinition.bankId.value) + .account_id(viewDefinition.accountId.value) + .view_id(viewDefinition.viewId.value) + .permission(permissionName) + .extraData(null) + .save + }) + } + } } diff --git a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala index b95122594..38c7b0273 100644 --- a/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala +++ b/obp-api/src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala @@ -8,16 +8,91 @@ import code.api.util.ErrorMessages._ import code.model._ import code.model.dataAccess._ import code.views.MapperViews.getExistingCustomView -import code.views.system.ViewDefinition +import code.views.system.{ViewDefinition, ViewPermission} import code.views.{MapperViews, Views} import com.openbankproject.commons.model._ import net.liftweb.common.{Failure, Full, ParamFailure} import net.liftweb.mapper.MetaMapper import net.liftweb.util.Helpers._ +import code.api.Constant._ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { + final val SYSTEM_CUSTOM_VIEW_PERMISSION_TEST = List( + CAN_SEE_TRANSACTION_THIS_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_OTHER_BANK_ACCOUNT, + CAN_SEE_TRANSACTION_METADATA, + CAN_SEE_TRANSACTION_DESCRIPTION, + CAN_SEE_TRANSACTION_AMOUNT, + CAN_SEE_TRANSACTION_TYPE, + CAN_SEE_TRANSACTION_CURRENCY, + CAN_SEE_TRANSACTION_START_DATE, + CAN_SEE_TRANSACTION_FINISH_DATE, + CAN_SEE_TRANSACTION_BALANCE, + CAN_SEE_COMMENTS, + CAN_SEE_OWNER_COMMENT, + CAN_SEE_TAGS, + CAN_SEE_IMAGES, + CAN_SEE_BANK_ACCOUNT_OWNERS, + CAN_SEE_BANK_ACCOUNT_TYPE, + CAN_SEE_BANK_ACCOUNT_BALANCE, + CAN_SEE_BANK_ACCOUNT_CURRENCY, + CAN_SEE_BANK_ACCOUNT_LABEL, + CAN_SEE_BANK_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_BANK_ACCOUNT_SWIFT_BIC, + CAN_SEE_BANK_ACCOUNT_IBAN, + CAN_SEE_BANK_ACCOUNT_NUMBER, + CAN_SEE_BANK_ACCOUNT_BANK_NAME, + CAN_SEE_BANK_ACCOUNT_BANK_PERMALINK, + CAN_SEE_OTHER_ACCOUNT_NATIONAL_IDENTIFIER, + CAN_SEE_OTHER_ACCOUNT_SWIFT_BIC, + CAN_SEE_OTHER_ACCOUNT_IBAN, + CAN_SEE_OTHER_ACCOUNT_BANK_NAME, + CAN_SEE_OTHER_ACCOUNT_NUMBER, + CAN_SEE_OTHER_ACCOUNT_METADATA, + CAN_SEE_OTHER_ACCOUNT_KIND, + CAN_SEE_MORE_INFO, + CAN_SEE_URL, + CAN_SEE_IMAGE_URL, + CAN_SEE_OPEN_CORPORATES_URL, + CAN_SEE_CORPORATE_LOCATION, + CAN_SEE_PHYSICAL_LOCATION, + CAN_SEE_PUBLIC_ALIAS, + CAN_SEE_PRIVATE_ALIAS, + CAN_ADD_MORE_INFO, + CAN_ADD_URL, + CAN_ADD_IMAGE_URL, + CAN_ADD_OPEN_CORPORATES_URL, + CAN_ADD_CORPORATE_LOCATION, + CAN_ADD_PHYSICAL_LOCATION, + CAN_ADD_PUBLIC_ALIAS, + CAN_ADD_PRIVATE_ALIAS, + CAN_DELETE_CORPORATE_LOCATION, + CAN_DELETE_PHYSICAL_LOCATION, + CAN_EDIT_OWNER_COMMENT, + CAN_ADD_COMMENT, + CAN_DELETE_COMMENT, + CAN_ADD_TAG, + CAN_DELETE_TAG, + CAN_ADD_IMAGE, + CAN_DELETE_IMAGE, + CAN_ADD_WHERE_TAG, + CAN_SEE_WHERE_TAG, + CAN_DELETE_WHERE_TAG, + CAN_SEE_BANK_ROUTING_SCHEME, + CAN_SEE_BANK_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_BANK_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_OTHER_BANK_ROUTING_SCHEME, + CAN_SEE_OTHER_BANK_ROUTING_ADDRESS, + CAN_SEE_OTHER_ACCOUNT_ROUTING_SCHEME, + CAN_SEE_OTHER_ACCOUNT_ROUTING_ADDRESS, + CAN_SEE_BANK_ACCOUNT_CREDIT_LIMIT, + CAN_SEE_TRANSACTION_STATUS + ) + + override protected def setAccountHolder(user: User, bankId : BankId, accountId : AccountId) = { AccountHolders.accountHolders.vend.getOrCreateAccountHolder(user, BankIdAccountId(bankId, accountId)) } @@ -57,82 +132,13 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup { usePrivateAliasIfOneExists_(false). usePublicAliasIfOneExists_(false). hideOtherAccountMetadataIfAlias_(false). - canSeeTransactionThisBankAccount_(true). - canSeeTransactionOtherBankAccount_(true). - canSeeTransactionMetadata_(true). - canSeeTransactionDescription_(true). - canSeeTransactionAmount_(true). - canSeeTransactionType_(true). - canSeeTransactionCurrency_(true). - canSeeTransactionStartDate_(true). - canSeeTransactionFinishDate_(true). - canSeeTransactionBalance_(true). - canSeeComments_(true). - canSeeOwnerComment_(true). - canSeeTags_(true). - canSeeImages_(true). - canSeeBankAccountOwners_(true). - canSeeBankAccountType_(true). - canSeeBankAccountBalance_(true). - canSeeBankAccountCurrency_(true). - canSeeBankAccountLabel_(true). - canSeeBankAccountNationalIdentifier_(true). - canSeeBankAccountSwift_bic_(true). - canSeeBankAccountIban_(true). - canSeeBankAccountNumber_(true). - canSeeBankAccountBankName_(true). - canSeeBankAccountBankPermalink_(true). - canSeeOtherAccountNationalIdentifier_(true). - canSeeOtherAccountSWIFT_BIC_(true). - canSeeOtherAccountIBAN_(true). - canSeeOtherAccountBankName_(true). - canSeeOtherAccountNumber_(true). - canSeeOtherAccountMetadata_(true). - canSeeOtherAccountKind_(true). - canSeeMoreInfo_(true). - canSeeUrl_(true). - canSeeImageUrl_(true). - canSeeOpenCorporatesUrl_(true). - canSeeCorporateLocation_(true). - canSeePhysicalLocation_(true). - canSeePublicAlias_(true). - canSeePrivateAlias_(true). - canAddMoreInfo_(true). - canAddURL_(true). - canAddImageURL_(true). - canAddOpenCorporatesUrl_(true). - canAddCorporateLocation_(true). - canAddPhysicalLocation_(true). - canAddPublicAlias_(true). - canAddPrivateAlias_(true). - canDeleteCorporateLocation_(true). - canDeletePhysicalLocation_(true). - canEditOwnerComment_(true). - canAddComment_(true). - canDeleteComment_(true). - canAddTag_(true). - canDeleteTag_(true). - canAddImage_(true). - canDeleteImage_(true). - canAddWhereTag_(true). - canSeeWhereTag_(true). - canDeleteWhereTag_(true). - canSeeBankRoutingScheme_(true). //added following in V300 - canSeeBankRoutingAddress_(true). - canSeeBankAccountRoutingScheme_(true). - canSeeBankAccountRoutingAddress_(true). - canSeeOtherBankRoutingScheme_(true). - canSeeOtherBankRoutingAddress_(true). - canSeeOtherAccountRoutingScheme_(true). - canSeeOtherAccountRoutingAddress_(true). - canAddTransactionRequestToOwnAccount_(false). //added following two for payments - canAddTransactionRequestToAnyAccount_(false). - canAddTransactionRequestToBeneficiary_(false). - canSeeBankAccountCreditLimit_(true). - canSeeTransactionStatus_(true). saveMe } - view.map(v => MapperViews.migrateViewPermissions(v)) + view.map(ViewPermission.createViewPermissions( + _, + SYSTEM_CUSTOM_VIEW_PERMISSION_TEST + )) + view } case Full(v) => Full(v) diff --git a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala index 0cb5ad0e7..5ed322f92 100644 --- a/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala +++ b/obp-commons/src/main/scala/com/openbankproject/commons/model/ViewModel.scala @@ -87,103 +87,6 @@ case class UpdateViewJSON( override val can_revoke_access_to_views : Option[List[String]] = None) extends ViewSpecification - -/** Views moderate access to an Account. That is, they are used to: - * 1) Show/hide fields on the account, its transactions and related counterparties - * 2) Store/partition meta data - e.g. comments posted on a "team" view are not visible via a "public" view and visa versa. - * - * Users can be granted access to one or more Views - * Each View has a set of entitlements aka permissions which hide / show data fields and enable / disable operations on the account - * - * @define viewId A short url friendly, (singular) human readable name for the view. e.g. "team", "auditor" or "public". Note: "owner" is a default and reserved name. Other reserved names should include "public", "accountant" and "auditor" - * @define accountId The account that the view moderates - * @define bankId The bank where the account is held - * @define name The name of the view - * @define description A description of the view - * @define isPublic Set to True if the view should be open to the public (no authorisation required!) Set to False to require authorisation - * @define users A list of users that can use this view - * @define usePublicAliasIfOneExists If true and the counterparty in a transaction has a public alias set, use it. Else use the raw counterparty name (if both usePublicAliasIfOneExists and usePrivateAliasIfOneExists are true, public alias will be used) - * @define usePrivateAliasIfOneExists If true and the counterparty in a transaction has a private alias set, use it. Else use the raw counterparty name (if both usePublicAliasIfOneExists and usePrivateAliasIfOneExists are true, public alias will be used) - * @define hideOtherAccountMetadataIfAlias If true, the view will hide counterparty metadata if the counterparty has an alias. This is to preserve anonymity if required. - * - * @define canSeeTransactionThisBankAccount If true, the view will show information about the Transaction account (this account) - * @define canSeeTransactionOtherBankAccount If true, the view will show information about the Transaction counterparty - * @define canSeeTransactionMetadata If true, the view will show any Transaction metadata - * @define canSeeTransactionDescription If true, the view will show the Transaction description - * @define canSeeTransactionAmount If true, the view will show the Transaction amount (value, not currency) - * @define canSeeTransactionType If true, the view will show the Transaction type - * @define canSeeTransactionCurrency If true, the view will show the Transaction currency (not value) - * @define canSeeTransactionStartDate If true, the view will show the Transaction start date - * @define canSeeTransactionFinishDate If true, the view will show the Transaction finish date - * @define canSeeTransactionBalance If true, the view will show the Transaction balance (after each transaction) - * - * @define canSeeComments If true, the view will show the Transaction Metadata comments - * @define canSeeOwnerComment If true, the view will show the Transaction Metadata owner comment - * @define canSeeTags If true, the view will show the Transaction Metadata tags - * @define canSeeImages If true, the view will show the Transaction Metadata images - - * @define canSeeBankAccountOwners If true, the view will show the Account owners - * @define canSeeBankAccountType If true, the view will show the Account type. The account type is a human friendly financial product name - * @define canSeeBankAccountBalance If true, the view will show the Account balance - * @define canSeeBankAccountCurrency If true, the view will show the Account currency - * @define canSeeBankAccountLabel If true, the view will show the Account label. The label can be edited via the API. It does not come from the core banking system. - * @define canSeeBankAccountNationalIdentifier If true, the view will show the national identifier of the bank - * @define canSeeBankAccountSwift_bic If true, the view will show the Swift / Bic code of the bank - * @define canSeeBankAccountIban If true, the view will show the IBAN - * @define canSeeBankAccountNumber If true, the view will show the account number - * @define canSeeBankAccountBankName If true, the view will show the bank name - * @define canSeeBankRoutingScheme If true, the view will show the BankRoutingScheme - * @define canSeeBankRoutingAddress If true, the view will show the BankRoutingAddress - * @define canSeeBankAccountRoutingScheme If true, the view will show the BankAccountRoutingScheme - * @define canSeeBankAccountRoutingAddress If true, the view will show the BankAccountRoutingAddress - - * @define canSeeOtherAccountNationalIdentifier If true, the view will show the Counterparty bank national identifier - * @define canSeeOtherAccountSWIFT_BIC If true, the view will show the Counterparty SWIFT BIC - * @define canSeeOtherAccountIBAN If true, the view will show the Counterparty IBAN - * @define canSeeOtherAccountBankName If true, the view will show the Counterparty Bank Name - * @define canSeeOtherAccountNumber If true, the view will show the Counterparty Account Number - * @define canSeeOtherAccountMetadata If true, the view will show the Counterparty Metadata - * @define canSeeOtherAccountKind If true, the view will show the Counterparty Account Type. This is unlikely to be a full financial product name. - * @define canSeeOtherBankRoutingScheme If true, the view will show the OtherBankRoutingScheme - * @define canSeeOtherBankRoutingAddress If true, the view will show the OtherBankRoutingScheme - * @define canSeeOtherAccountRoutingScheme If true, the view will show the OtherBankRoutingScheme - * @define canSeeOtherAccountRoutingAddress If true, the view will show the OtherBankRoutingScheme - - * @define canSeeMoreInfo If true, the view will show the Counterparty More Info text - * @define canSeeUrl If true, the view will show the Counterparty Url - * @define canSeeImageUrl If true, the view will show the Counterparty Image Url - * @define canSeeOpenCorporatesUrl If true, the view will show the Counterparty OpenCorporatesUrl - * @define canSeeCorporateLocation If true, the view will show the Counterparty CorporateLocation - * @define canSeePhysicalLocation If true, the view will show the Counterparty PhysicalLocation - * @define canSeePublicAlias If true, the view will show the Counterparty PublicAlias - * @define canSeePrivateAlias If true, the view will show the Counterparty PrivateAlias - * - * @define canAddMoreInfo If true, the view can add the Counterparty MoreInfo - * @define canAddURL If true, the view can add the Counterparty Url - * @define canAddImageURL If true, the view can add the Counterparty Image Url - * @define canAddOpenCorporatesUrl If true, the view can add the Counterparty OpenCorporatesUrl - * @define canAddCorporateLocation If true, the view can add the Counterparty CorporateLocation - * @define canAddPhysicalLocation If true, the view can add the Counterparty PhysicalLocation - * @define canAddPublicAlias If true, the view can add the Counterparty PublicAlias - * @define canAddPrivateAlias If true, the view can add the Counterparty PrivateAlias - * @define canDeleteCorporateLocation If true, the can add show the Counterparty CorporateLocation - * @define canDeletePhysicalLocation If true, the can add show the Counterparty PhysicalLocation - * - * @define canEditOwnerComment If true, the view can edit the Transaction Owner Comment - * @define canAddComment If true, the view can add a Transaction Comment - * @define canDeleteComment If true, the view can delete a Transaction Comment - * @define canAddTag If true, the view can add a Transaction/Account Tag - * @define canDeleteTag If true, the view can delete a Transaction/Account Tag - * @define canAddImage If true, the view can add a Transaction Image - * @define canDeleteImage If true, the view can delete a Transaction Image - * @define canAddWhereTag If true, the view can add a Transaction Where Tag - * @define canSeeWhereTag If true, the view can show the Transaction Where Tag - * @define canDeleteWhereTag If true, the view can delete the Transaction Where Tag - - * @define canAddCounterparty If true, view can add counterparty / create counterparty. - - - */ trait View { def id: Long @@ -229,9 +132,9 @@ trait View { //the Value from developer, can be any string value. def description: String - /** This users is tricky, this use ManyToMany relationship, + /** These users are tricky, this use ManyToMany relationship, * 1st: when create view, we need carefully map this view to the owner user. - * 2rd: the view can grant the access to any other (not owner) users. eg: Simon's accountant view can grant access to Carola, then Carola can see Simon's accountant data + * 2nd: the view can grant the access to any other (not owner) users. eg: Simon's accountant view can grant access to Carola, then Carola can see Simon's accountant data * also look into some createView methods in code, you can understand more: * create1: code.bankconnectors.Connector.createViews * after createViews method, always need call addPermission(v.uid, user). This will create this field @@ -253,191 +156,7 @@ trait View { * These three will get the allowed actions from viewPermission table */ def allowed_actions : List[String] - - def canGrantAccessToViews : Option[List[String]] = None def canRevokeAccessToViews : Option[List[String]] = None - def canGrantAccessToCustomViews : Boolean // if this true, we can grant custom views, if it is false, no one can grant custom views. - def canRevokeAccessToCustomViews : Boolean // if this true, we can revoke custom views,if it is false, no one can revoke custom views. - - //reading access - - //transaction fields - def canSeeTransactionRequests: Boolean - - def canSeeTransactionRequestTypes: Boolean - - def canSeeTransactionThisBankAccount: Boolean - - def canSeeTransactionOtherBankAccount: Boolean - - def canSeeTransactionMetadata: Boolean - - def canSeeTransactionDescription: Boolean - - def canSeeTransactionAmount: Boolean - - def canSeeTransactionType: Boolean - - def canSeeTransactionCurrency: Boolean - - def canSeeTransactionStartDate: Boolean - - def canSeeTransactionFinishDate: Boolean - - def canSeeTransactionBalance: Boolean - - def canSeeTransactionStatus: Boolean - - //transaction metadata - def canSeeComments: Boolean - - def canSeeOwnerComment: Boolean - - def canSeeTags: Boolean - - def canSeeImages: Boolean - - //Bank account fields - def canSeeAvailableViewsForBankAccount: Boolean - - def canSeeBankAccountOwners: Boolean - - def canSeeBankAccountType: Boolean - def canUpdateBankAccountLabel: Boolean - - def canSeeBankAccountBalance: Boolean - - def canQueryAvailableFunds: Boolean - - def canSeeBankAccountCurrency: Boolean - - def canSeeBankAccountLabel: Boolean - - def canSeeBankAccountNationalIdentifier: Boolean - - def canSeeBankAccountSwiftBic: Boolean - - def canSeeBankAccountIban: Boolean - - def canSeeBankAccountNumber: Boolean - - def canSeeBankAccountBankName: Boolean - - def canSeeBankRoutingScheme: Boolean - - def canSeeBankRoutingAddress: Boolean - - def canSeeBankAccountRoutingScheme: Boolean - - def canSeeBankAccountRoutingAddress: Boolean - - def canSeeViewsWithPermissionsForOneUser: Boolean - - def canSeeViewsWithPermissionsForAllUsers: Boolean - - //other bank account (counterparty) fields - def canSeeOtherAccountNationalIdentifier: Boolean - - def canSeeOtherAccountSwiftBic: Boolean - - def canSeeOtherAccountIban: Boolean - - def canSeeOtherAccountBankName: Boolean - - def canSeeOtherAccountNumber: Boolean - - def canSeeOtherAccountMetadata: Boolean - - def canSeeOtherAccountKind: Boolean - - def canSeeOtherBankRoutingScheme: Boolean - - def canSeeOtherBankRoutingAddress: Boolean - - def canSeeOtherAccountRoutingScheme: Boolean - - def canSeeOtherAccountRoutingAddress: Boolean - - //other bank account meta data - read - def canSeeMoreInfo: Boolean - - def canSeeUrl: Boolean - - def canSeeImageUrl: Boolean - - def canSeeOpenCorporatesUrl: Boolean - - def canSeeCorporateLocation: Boolean - - def canSeePhysicalLocation: Boolean - - def canSeePublicAlias: Boolean - - def canSeePrivateAlias: Boolean - - //other bank account (Counterparty) meta data - write - def canAddMoreInfo: Boolean - - def canAddUrl: Boolean - - def canAddImageUrl: Boolean - - def canAddOpenCorporatesUrl: Boolean - - def canAddCorporateLocation: Boolean - - def canAddPhysicalLocation: Boolean - - def canAddPublicAlias: Boolean - - def canAddPrivateAlias: Boolean - - def canAddCounterparty: Boolean - - def canGetCounterparty: Boolean - - def canDeleteCounterparty: Boolean - - def canDeleteCorporateLocation: Boolean - - def canDeletePhysicalLocation: Boolean - - //writing access - def canEditOwnerComment: Boolean - - def canAddComment: Boolean - - def canDeleteComment: Boolean - - def canAddTag: Boolean - - def canDeleteTag: Boolean - - def canAddImage: Boolean - - def canDeleteImage: Boolean - - def canAddWhereTag: Boolean - - def canSeeWhereTag: Boolean - - def canDeleteWhereTag: Boolean - - def canAddTransactionRequestToOwnAccount: Boolean //added following two for payments - def canAddTransactionRequestToAnyAccount: Boolean - def canAddTransactionRequestToBeneficiary: Boolean - - def canSeeBankAccountCreditLimit: Boolean - - def canCreateDirectDebit: Boolean - - def canCreateStandingOrder: Boolean - - //If any view set these to true, you can create/delete/update the custom view - def canCreateCustomView: Boolean - def canDeleteCustomView: Boolean - def canUpdateCustomView: Boolean - def canGetCustomView: Boolean } \ No newline at end of file