mirror of
https://github.com/OpenBankProject/OBP-API.git
synced 2026-02-06 20:27:15 +00:00
Using CanCreateUserCustomerLinkAtAnyBank and CanCreateCustomerAtAnyBank and using the Roles required in the Resource Docs
This commit is contained in:
Simon Redfern
parent
474fe0fa49
commit
f114c3db4b
@ -1130,6 +1130,7 @@ Returns a string showed to the developer
|
||||
|
||||
// Function checks does a user specified by a parameter userId has all roles provided by a parameter roles at a bank specified by a parameter bankId
|
||||
// i.e. does user has assigned all roles from the list
|
||||
// TODO Should we accept Option[BankId] for bankId instead of String ?
|
||||
def hasAllEntitlements(bankId: String, userId: String, roles: List[ApiRole]): Boolean = {
|
||||
val list: List[Boolean] = for (role <- roles) yield {
|
||||
!Entitlement.entitlement.vend.getEntitlement(if (role.requiresBankId == true) bankId else "", userId, role.toString).isEmpty
|
||||
|
||||
@ -1808,17 +1808,24 @@ trait APIMethods200 {
|
||||
}
|
||||
|
||||
|
||||
|
||||
// createUserCustomerLinks
|
||||
val createUserCustomerLinksEntitlementsRequiredForSpecificBank = CanCreateUserCustomerLink :: Nil
|
||||
val createUserCustomerLinksEntitlementsRequiredForAnyBank = CanCreateUserCustomerLinkAtAnyBank :: Nil
|
||||
val createUserCustomerLinksrequiredEntitlementsText = createUserCustomerLinksEntitlementsRequiredForSpecificBank.mkString(" and ") + " OR " + createUserCustomerLinksEntitlementsRequiredForAnyBank.mkString(" and ") + " entitlements are required."
|
||||
|
||||
resourceDocs += ResourceDoc(
|
||||
createUserCustomerLinks,
|
||||
apiVersion,
|
||||
"createUserCustomerLinks",
|
||||
"POST",
|
||||
"/banks/BANK_ID/user_customer_links",
|
||||
"Create user customer link.",
|
||||
s"""Link a customer and a user
|
||||
|This call may require additional permissions/role in the future.
|
||||
|For now the authenticated user can create at most one linked customer at any one bank.
|
||||
"Create User Customer Link.",
|
||||
s"""Link a User to a Customer
|
||||
|
|
||||
|${authenticationRequiredMessage(true)}
|
||||
|
|
||||
|$createUserCustomerLinksrequiredEntitlementsText
|
||||
|""",
|
||||
createUserCustomerLinkJson,
|
||||
userCustomerLinkJson,
|
||||
@ -1851,9 +1858,11 @@ trait APIMethods200 {
|
||||
user <- User.findByUserId(postedData.user_id) ?~! ErrorMessages.UserNotFoundById
|
||||
customer_id <- booleanToBox(postedData.customer_id.nonEmpty) ?~! "Field customer_id is not defined in the posted json!"
|
||||
customer <- Customer.customerProvider.vend.getCustomerByCustomerId(postedData.customer_id) ?~! ErrorMessages.CustomerNotFoundByCustomerId
|
||||
canCreateUserCustomerLink <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, CanCreateUserCustomerLink), UserDoesNotHaveRole +CanCreateUserCustomerLink)
|
||||
isEqual <- booleanToBox(customer.bank == bank.bankId.value, "Bank of the customer specified by the CUSTOMER_ID has to matches BANK_ID")
|
||||
userCustomerLink <- booleanToBox(UserCustomerLink.userCustomerLink.vend.getUserCustomerLink(postedData.user_id, postedData.customer_id).isEmpty == true) ?~! CustomerAlreadyExistsForUser
|
||||
hasEntitlements <- booleanToBox(hasAllEntitlements(bankId.value, u.userId, createUserCustomerLinksEntitlementsRequiredForSpecificBank) ||
|
||||
hasAllEntitlements("", u.userId, createUserCustomerLinksEntitlementsRequiredForAnyBank),
|
||||
s"$createUserCustomerLinksrequiredEntitlementsText")
|
||||
_ <- booleanToBox(customer.bank == bank.bankId.value, "Bank of the customer specified by the CUSTOMER_ID has to matches BANK_ID")
|
||||
_ <- booleanToBox(UserCustomerLink.userCustomerLink.vend.getUserCustomerLink(postedData.user_id, postedData.customer_id).isEmpty == true) ?~! CustomerAlreadyExistsForUser
|
||||
userCustomerLink <- UserCustomerLink.userCustomerLink.vend.createUserCustomerLink(postedData.user_id, postedData.customer_id, new Date(), true) ?~! CreateUserCustomerLinksError
|
||||
} yield {
|
||||
val successJson = Extraction.decompose(code.api.v2_0_0.JSONFactory200.createUserCustomerLinkJSON(userCustomerLink))
|
||||
|
||||
@ -1326,6 +1326,16 @@ trait APIMethods210 {
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////
|
||||
// createCustomer
|
||||
val createCustomerEntitlementsRequiredForSpecificBank = CanCreateCustomer ::
|
||||
CanCreateUserCustomerLink ::
|
||||
Nil
|
||||
val createCustomerEntitlementsRequiredForAnyBank = CanCreateCustomerAtAnyBank ::
|
||||
CanCreateUserCustomerLinkAtAnyBank ::
|
||||
Nil
|
||||
val createCustomeEntitlementsRequiredText = createCustomerEntitlementsRequiredForSpecificBank.mkString(" and ") + " OR " + createCustomerEntitlementsRequiredForAnyBank.mkString(" and ") + " entitlements required."
|
||||
|
||||
resourceDocs += ResourceDoc(
|
||||
createCustomer,
|
||||
apiVersion,
|
||||
@ -1335,10 +1345,11 @@ trait APIMethods210 {
|
||||
"Create Customer.",
|
||||
s"""Add a customer linked to the user specified by user_id
|
||||
|The Customer resource stores the customer number, legal name, email, phone number, their date of birth, relationship status, education attained, a url for a profile image, KYC status etc.
|
||||
|This call may require additional permissions/role in the future.
|
||||
|For now the authenticated user can create at most one linked customer.
|
||||
|Dates need to be in the format 2013-01-21T23:08:00Z
|
||||
|
|
||||
|${authenticationRequiredMessage(true)}
|
||||
|
|
||||
|$createCustomeEntitlementsRequiredText
|
||||
|""",
|
||||
postCustomerJsonV210,
|
||||
customerJsonV210,
|
||||
@ -1355,11 +1366,12 @@ trait APIMethods210 {
|
||||
Catalogs(notCore, notPSD2, notOBWG),
|
||||
List(apiTagPerson, apiTagCustomer))
|
||||
|
||||
// TODO
|
||||
// TODO in next version?
|
||||
// Separate customer creation (keep here) from customer linking (remove from here)
|
||||
// Remove user_id from CreateCustomerJson
|
||||
// Logged in user must have CanCreateCustomer (should no longer be able create customer for own user)
|
||||
// Add ApiLink to createUserCustomerLink
|
||||
|
||||
// Note: Logged in user can no longer create a customer for himself
|
||||
|
||||
|
||||
lazy val createCustomer : PartialFunction[Req, Box[User] => Box[JsonResponse]] = {
|
||||
case "banks" :: BankId(bankId) :: "customers" :: Nil JsonPost json -> _ => {
|
||||
@ -1369,11 +1381,10 @@ trait APIMethods210 {
|
||||
isValidBankIdFormat <- tryo(assert(isValidID(bankId.value)))?~! InvalidBankIdFormat
|
||||
bank <- Bank(bankId) ?~! {BankNotFound}
|
||||
postedData <- tryo{json.extract[PostCustomerJsonV210]} ?~! InvalidJsonFormat
|
||||
requiredEntitlements = CanCreateCustomer ::
|
||||
CanCreateUserCustomerLink ::
|
||||
Nil
|
||||
requiredEntitlementsTxt = requiredEntitlements.mkString(" and ")
|
||||
hasEntitlements <- booleanToBox(hasAllEntitlements(bankId.value, u.userId, requiredEntitlements), s"$requiredEntitlementsTxt entitlements required")
|
||||
hasEntitlements <- booleanToBox(hasAllEntitlements(bankId.value, u.userId, createCustomerEntitlementsRequiredForSpecificBank)
|
||||
||
|
||||
hasAllEntitlements("", u.userId, createCustomerEntitlementsRequiredForAnyBank),
|
||||
s"$createCustomeEntitlementsRequiredText")
|
||||
checkAvailable <- tryo(assert(Customer.customerProvider.vend.checkCustomerNumberAvailable(bankId, postedData.customer_number) == true)) ?~! CustomerNumberAlreadyExists
|
||||
user_id <- tryo (if (postedData.user_id.nonEmpty) postedData.user_id else u.userId) ?~! s"Problem getting user_id"
|
||||
customer_user <- User.findByUserId(user_id) ?~! UserNotFoundById
|
||||
|
||||
@ -36,6 +36,8 @@ class CustomerTest extends V200ServerSetup with DefaultUsers {
|
||||
|
||||
feature("Assuring that create customer, v2.0.0, feedback and get customer, v1.4.0, feedback are the same") {
|
||||
|
||||
// TODO Add test for AnyBank entitlements
|
||||
|
||||
scenario("There is a user, and the bank in questions has customer info for that user - v2.0.0") {
|
||||
Given("The bank in question has customer info")
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user