Skip to content

Commit

Permalink
Merge pull request #2240 from hongwei1/refactor/removeHasOwnerViewAccess
Browse files Browse the repository at this point in the history
Refactor/remove has owner view access
  • Loading branch information
simonredfern authored Jul 13, 2023
2 parents dcfecfa + eeb91e6 commit 8291d72
Show file tree
Hide file tree
Showing 49 changed files with 1,056 additions and 808 deletions.
2 changes: 2 additions & 0 deletions obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
Original file line number Diff line number Diff line change
Expand Up @@ -760,6 +760,7 @@ class Boot extends MdcLoggable {
val accountant = Views.views.vend.getOrCreateSystemView(SYSTEM_ACCOUNTANT_VIEW_ID).isDefined
val standard = Views.views.vend.getOrCreateSystemView(SYSTEM_STANDARD_VIEW_ID).isDefined
val stageOne = Views.views.vend.getOrCreateSystemView(SYSTEM_STAGE_ONE_VIEW_ID).isDefined
val manageCustomViews = Views.views.vend.getOrCreateSystemView(SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID).isDefined
// Only create Firehose view if they are enabled at instance.
val accountFirehose = if (ApiPropsWithAlias.allowAccountFirehose)
Views.views.vend.getOrCreateSystemView(SYSTEM_FIREHOSE_VIEW_ID).isDefined
Expand All @@ -773,6 +774,7 @@ class Boot extends MdcLoggable {
|System view ${SYSTEM_FIREHOSE_VIEW_ID} exists/created at the instance: ${accountFirehose}
|System view ${SYSTEM_STANDARD_VIEW_ID} exists/created at the instance: ${standard}
|System view ${SYSTEM_STAGE_ONE_VIEW_ID} exists/created at the instance: ${stageOne}
|System view ${SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID} exists/created at the instance: ${manageCustomViews}
|""".stripMargin
logger.info(comment)

Expand Down
13 changes: 11 additions & 2 deletions obp-api/src/main/scala/code/api/OBPRestHelper.scala
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,17 @@ case class APIFailureNewStyle(failMsg: String,
locale,
if(locale.toString.startsWith("en") || ?!(str, resourceBundleList)==str) //If can not find the value from props or the local is `en`, then return
errorBody
else
s": ${?!(str, resourceBundleList)}"
else {
val originalErrorMessageFromScalaCode = ErrorMessages.getValueMatches(_.startsWith(errorCode)).getOrElse("")
// we need to keep the extra message,
// eg: OBP-20006: usuario le faltan uno o más roles': CanGetUserInvitation for BankId(gh.29.uk).
if(failMsg.contains(originalErrorMessageFromScalaCode)){
s": ${?!(str, resourceBundleList)}"+failMsg.replace(originalErrorMessageFromScalaCode,"")
} else{
s": ${?!(str, resourceBundleList)}"
}
}

)

val translatedErrorBody = ?(errorCode, locale)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -189,95 +189,109 @@ object SwaggerDefinitionsJSON {

val createSystemViewJsonV300 = createViewJsonV300.copy(name = "test", metadata_view = "test", is_public = false)

val allowedActionsV500 = List(
"can_see_transaction_this_bank_account",
"can_see_transaction_other_bank_account",
"can_see_transaction_metadata",
"can_see_transaction_label",
"can_see_transaction_amount",
"can_see_transaction_type",
"can_see_transaction_currency",
"can_see_transaction_start_date",
"can_see_transaction_finish_date",
"can_see_transaction_balance",
"can_see_comments",
"can_see_narrative", "can_see_tags",
"can_see_images",
"can_see_bank_account_owners",
"can_see_bank_account_type",
"can_see_bank_account_balance",
"can_see_bank_account_currency",
"can_see_bank_account_label",
"can_see_bank_account_national_identifier",
"can_see_bank_account_swift_bic",
"can_see_bank_account_iban",
"can_see_bank_account_number",
"can_see_bank_account_bank_name",
"can_see_other_account_national_identifier",
"can_see_other_account_swift_bic",
"can_see_other_account_iban",
"can_see_other_account_bank_name",
"can_see_other_account_number",
"can_see_other_account_metadata",
"can_see_other_account_kind",
"can_see_more_info",
"can_see_url",
"can_see_image_url",
"can_see_open_corporates_url",
"can_see_corporate_location",
"can_see_physical_location",
"can_see_public_alias",
"can_see_private_alias",
"can_add_more_info",
"can_add_url",
"can_add_image_url",
"can_add_open_corporates_url",
"can_add_corporate_location",
"can_add_physical_location",
"can_add_public_alias",
"can_add_private_alias",
"can_delete_corporate_location",
"can_delete_physical_location",
"can_edit_narrative",
"can_add_comment",
"can_delete_comment",
"can_add_tag",
"can_delete_tag",
"can_add_image",
"can_delete_image",
"can_add_where_tag",
"can_see_where_tag",
"can_delete_where_tag",
"can_create_counterparty",
//V300 New
"can_see_bank_routing_scheme",
"can_see_bank_routing_address",
"can_see_bank_account_routing_scheme",
"can_see_bank_account_routing_address",
"can_see_other_bank_routing_scheme",
"can_see_other_bank_routing_address",
"can_see_other_account_routing_scheme",
"can_see_other_account_routing_address",

//v310
"can_query_available_funds",
"can_add_transaction_request_to_own_account",
"can_add_transaction_request_to_any_account",
"can_see_bank_account_credit_limit",
//v400
"can_create_direct_debit",
"can_create_standing_order",

//payments
"can_add_transaction_request_to_any_account",

"can_see_transaction_request_types",
"can_see_transaction_requests",
"can_see_available_views_for_bank_account",
"can_update_bank_account_label",
"can_create_custom_view",
"can_delete_custom_view",
"can_update_custom_view",
"can_see_views_with_permissions_for_one_user",
"can_see_views_with_permissions_for_all_users",
"can_grant_access_to_custom_views",
"can_revoke_access_to_custom_views"
)

val createSystemViewJsonV500 = CreateViewJsonV500(
name = "_test",
description = "This view is for family",
metadata_view ="_test",
is_public = false,
which_alias_to_use = "family",
hide_metadata_if_alias_used = false,
allowed_actions = List(
"can_see_transaction_this_bank_account",
"can_see_transaction_other_bank_account",
"can_see_transaction_metadata",
"can_see_transaction_label",
"can_see_transaction_amount",
"can_see_transaction_type",
"can_see_transaction_currency",
"can_see_transaction_start_date",
"can_see_transaction_finish_date",
"can_see_transaction_balance",
"can_see_comments",
"can_see_narrative",
"can_see_tags",
"can_see_images",
"can_see_bank_account_owners",
"can_see_bank_account_type",
"can_see_bank_account_balance",
"can_see_bank_account_currency",
"can_see_bank_account_label",
"can_see_bank_account_national_identifier",
"can_see_bank_account_swift_bic",
"can_see_bank_account_iban",
"can_see_bank_account_number",
"can_see_bank_account_bank_name",
"can_see_other_account_national_identifier",
"can_see_other_account_swift_bic",
"can_see_other_account_iban",
"can_see_other_account_bank_name",
"can_see_other_account_number",
"can_see_other_account_metadata",
"can_see_other_account_kind",
"can_see_more_info",
"can_see_url",
"can_see_image_url",
"can_see_open_corporates_url",
"can_see_corporate_location",
"can_see_physical_location",
"can_see_public_alias",
"can_see_private_alias",
"can_add_more_info",
"can_add_url",
"can_add_image_url",
"can_add_open_corporates_url",
"can_add_corporate_location",
"can_add_physical_location",
"can_add_public_alias",
"can_add_private_alias",
"can_delete_corporate_location",
"can_delete_physical_location",
"can_edit_narrative",
"can_add_comment",
"can_delete_comment",
"can_add_tag",
"can_delete_tag",
"can_add_image",
"can_delete_image",
"can_add_where_tag",
"can_see_where_tag",
"can_delete_where_tag",
"can_create_counterparty",
//V300 New
"can_see_bank_routing_scheme",
"can_see_bank_routing_address",
"can_see_bank_account_routing_scheme",
"can_see_bank_account_routing_address",
"can_see_other_bank_routing_scheme",
"can_see_other_bank_routing_address",
"can_see_other_account_routing_scheme",
"can_see_other_account_routing_address",
//v310
"can_query_available_funds",
"can_add_transaction_request_to_own_account",
"can_add_transaction_request_to_any_account",
"can_see_bank_account_credit_limit",
//v400
"can_create_direct_debit",
"can_create_standing_order",

//payments
"can_add_transaction_request_to_any_account"
),
allowed_actions = allowedActionsV500,
// Version 5.0.0
can_grant_access_to_views = Some(List("owner")),
can_revoke_access_to_views = Some(List("owner"))
Expand Down Expand Up @@ -370,78 +384,7 @@ object SwaggerDefinitionsJSON {
metadata_view = SYSTEM_OWNER_VIEW_ID,
which_alias_to_use = "family",
hide_metadata_if_alias_used = true,
allowed_actions = List(
"can_see_transaction_this_bank_account",
"can_see_transaction_other_bank_account",
"can_see_transaction_metadata",
"can_see_transaction_label",
"can_see_transaction_amount",
"can_see_transaction_type",
"can_see_transaction_currency",
"can_see_transaction_start_date",
"can_see_transaction_finish_date",
"can_see_transaction_balance",
"can_see_comments",
"can_see_narrative", "can_see_tags",
"can_see_images",
"can_see_bank_account_owners",
"can_see_bank_account_type",
"can_see_bank_account_balance",
"can_see_bank_account_currency",
"can_see_bank_account_label",
"can_see_bank_account_national_identifier",
"can_see_bank_account_swift_bic",
"can_see_bank_account_iban",
"can_see_bank_account_number",
"can_see_bank_account_bank_name",
"can_see_other_account_national_identifier",
"can_see_other_account_swift_bic",
"can_see_other_account_iban",
"can_see_other_account_bank_name",
"can_see_other_account_number",
"can_see_other_account_metadata",
"can_see_other_account_kind",
"can_see_more_info",
"can_see_url",
"can_see_image_url",
"can_see_open_corporates_url",
"can_see_corporate_location",
"can_see_physical_location",
"can_see_public_alias",
"can_see_private_alias",
"can_add_more_info",
"can_add_url",
"can_add_image_url",
"can_add_open_corporates_url",
"can_add_corporate_location",
"can_add_physical_location",
"can_add_public_alias",
"can_add_private_alias",
"can_delete_corporate_location",
"can_delete_physical_location",
"can_edit_narrative",
"can_add_comment",
"can_delete_comment",
"can_add_tag",
"can_delete_tag",
"can_add_image",
"can_delete_image",
"can_add_where_tag",
"can_see_where_tag",
"can_delete_where_tag",
"can_create_counterparty",
//V300 New
"can_see_bank_routing_scheme",
"can_see_bank_routing_address",
"can_see_bank_account_routing_scheme",
"can_see_bank_account_routing_address",
"can_see_other_bank_routing_scheme",
"can_see_other_bank_routing_address",
"can_see_other_account_routing_scheme",
"can_see_other_account_routing_address",
//v310
"can_query_available_funds"
),
allowed_actions = allowedActionsV500,
// Version 5.0.0
can_grant_access_to_views = Some(List("owner")),
can_revoke_access_to_views = Some(List("owner"))
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import code.model._
import code.transactionrequests.TransactionRequests.TransactionRequestTypes.SEPA_CREDIT_TRANSFERS
import code.transactionrequests.TransactionRequests.{PaymentServiceTypes, TransactionRequestTypes}
import code.util.Helper
import code.views.Views
import com.github.dwickern.macros.NameOf.nameOf
import com.openbankproject.commons.ExecutionContext.Implicits.global
import com.openbankproject.commons.model._
Expand Down Expand Up @@ -565,10 +566,16 @@ $additionalInstructions
_ <- Helper.booleanToFuture(invalidIban, cc=callContext) { ibanChecker.isValid == true }
(toAccount, callContext) <- NewStyle.function.getToBankAccountByIban(toAccountIban, callContext)

_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext)) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)
//no accountAccess and no canAddTransactionRequestToOwnAccount ==> this will not throw exception,only return false!
anyViewContainsCanAddTransactionRequestToAnyAccountPermission = Views.views.vend.permission(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), u)
.map(_.views.map(_.canAddTransactionRequestToAnyAccount).find(_.==(true)).getOrElse(false)).getOrElse(false)

// Prevent default value for transaction request type (at least).
_ <- if (anyViewContainsCanAddTransactionRequestToAnyAccountPermission)
Future.successful(Full(Unit))
else
NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)

// Prevent default value for transaction request type (at least).
_ <- Helper.booleanToFuture(s"From Account Currency is ${fromAccount.currency}, but Requested Transaction Currency is: ${transDetailsJson.instructedAmount.currency}", cc=callContext) {
transDetailsJson.instructedAmount.currency == fromAccount.currency
}
Expand Down
Loading

0 comments on commit 8291d72

Please sign in to comment.