Merge remote-tracking branch 'upstream/develop' into develop

obp-api/src/main/scala/bootstrap/liftweb/Boot.scala

@@ -760,6 +760,7 @@ class Boot extends MdcLoggable {
       val accountant = Views.views.vend.getOrCreateSystemView(SYSTEM_ACCOUNTANT_VIEW_ID).isDefined
       val standard = Views.views.vend.getOrCreateSystemView(SYSTEM_STANDARD_VIEW_ID).isDefined
       val stageOne = Views.views.vend.getOrCreateSystemView(SYSTEM_STAGE_ONE_VIEW_ID).isDefined
+      val manageCustomViews = Views.views.vend.getOrCreateSystemView(SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID).isDefined
       // Only create Firehose view if they are enabled at instance.
       val accountFirehose = if (ApiPropsWithAlias.allowAccountFirehose)
         Views.views.vend.getOrCreateSystemView(SYSTEM_FIREHOSE_VIEW_ID).isDefined
@@ -773,6 +774,7 @@ class Boot extends MdcLoggable {
            |System view ${SYSTEM_FIREHOSE_VIEW_ID} exists/created at the instance: ${accountFirehose}
            |System view ${SYSTEM_STANDARD_VIEW_ID} exists/created at the instance: ${standard}
            |System view ${SYSTEM_STAGE_ONE_VIEW_ID} exists/created at the instance: ${stageOne}
+           |System view ${SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID} exists/created at the instance: ${manageCustomViews}
            |""".stripMargin
       logger.info(comment)
 

obp-api/src/main/scala/code/api/OBPRestHelper.scala

@@ -145,8 +145,17 @@ case class APIFailureNewStyle(failMsg: String,
         locale,
       if(locale.toString.startsWith("en") || ?!(str, resourceBundleList)==str) //If can not find the value from props or the local is `en`, then return 
         errorBody 
-      else 
-        s": ${?!(str, resourceBundleList)}"
+      else {
+        val originalErrorMessageFromScalaCode = ErrorMessages.getValueMatches(_.startsWith(errorCode)).getOrElse("")
+        // we need to keep the extra message, 
+        // eg: OBP-20006: usuario le faltan uno o más roles':  CanGetUserInvitation for BankId(gh.29.uk). 
+        if(failMsg.contains(originalErrorMessageFromScalaCode)){ 
+          s": ${?!(str, resourceBundleList)}"+failMsg.replace(originalErrorMessageFromScalaCode,"")
+        } else{
+          s": ${?!(str, resourceBundleList)}"
+        }
+      }
+
       )
 
     val translatedErrorBody = ?(errorCode, locale)

obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala

@@ -189,95 +189,109 @@ object SwaggerDefinitionsJSON {
 
   val createSystemViewJsonV300 = createViewJsonV300.copy(name = "test", metadata_view = "test", is_public = false)
 
+  val allowedActionsV500 = List(
+    "can_see_transaction_this_bank_account",
+    "can_see_transaction_other_bank_account",
+    "can_see_transaction_metadata",
+    "can_see_transaction_label",
+    "can_see_transaction_amount",
+    "can_see_transaction_type",
+    "can_see_transaction_currency",
+    "can_see_transaction_start_date",
+    "can_see_transaction_finish_date",
+    "can_see_transaction_balance",
+    "can_see_comments",
+    "can_see_narrative", "can_see_tags",
+    "can_see_images",
+    "can_see_bank_account_owners",
+    "can_see_bank_account_type",
+    "can_see_bank_account_balance",
+    "can_see_bank_account_currency",
+    "can_see_bank_account_label",
+    "can_see_bank_account_national_identifier",
+    "can_see_bank_account_swift_bic",
+    "can_see_bank_account_iban",
+    "can_see_bank_account_number",
+    "can_see_bank_account_bank_name",
+    "can_see_other_account_national_identifier",
+    "can_see_other_account_swift_bic",
+    "can_see_other_account_iban",
+    "can_see_other_account_bank_name",
+    "can_see_other_account_number",
+    "can_see_other_account_metadata",
+    "can_see_other_account_kind",
+    "can_see_more_info",
+    "can_see_url",
+    "can_see_image_url",
+    "can_see_open_corporates_url",
+    "can_see_corporate_location",
+    "can_see_physical_location",
+    "can_see_public_alias",
+    "can_see_private_alias",
+    "can_add_more_info",
+    "can_add_url",
+    "can_add_image_url",
+    "can_add_open_corporates_url",
+    "can_add_corporate_location",
+    "can_add_physical_location",
+    "can_add_public_alias",
+    "can_add_private_alias",
+    "can_delete_corporate_location",
+    "can_delete_physical_location",
+    "can_edit_narrative",
+    "can_add_comment",
+    "can_delete_comment",
+    "can_add_tag",
+    "can_delete_tag",
+    "can_add_image",
+    "can_delete_image",
+    "can_add_where_tag",
+    "can_see_where_tag",
+    "can_delete_where_tag",
+    "can_create_counterparty",
+    //V300 New
+    "can_see_bank_routing_scheme",
+    "can_see_bank_routing_address",
+    "can_see_bank_account_routing_scheme",
+    "can_see_bank_account_routing_address",
+    "can_see_other_bank_routing_scheme",
+    "can_see_other_bank_routing_address",
+    "can_see_other_account_routing_scheme",
+    "can_see_other_account_routing_address",
+
+    //v310
+    "can_query_available_funds",
+    "can_add_transaction_request_to_own_account",
+    "can_add_transaction_request_to_any_account",
+    "can_see_bank_account_credit_limit",
+    //v400
+    "can_create_direct_debit",
+    "can_create_standing_order",
+
+    //payments
+    "can_add_transaction_request_to_any_account",
+
+    "can_see_transaction_request_types",
+    "can_see_transaction_requests",
+    "can_see_available_views_for_bank_account",
+    "can_update_bank_account_label",
+    "can_create_custom_view",
+    "can_delete_custom_view",
+    "can_update_custom_view",
+    "can_see_views_with_permissions_for_one_user",
+    "can_see_views_with_permissions_for_all_users",
+    "can_grant_access_to_custom_views",
+    "can_revoke_access_to_custom_views"
+  )
+
   val createSystemViewJsonV500 = CreateViewJsonV500(
     name = "_test",
     description = "This view is for family",
     metadata_view ="_test",
     is_public = false,
     which_alias_to_use = "family",
     hide_metadata_if_alias_used = false,
-    allowed_actions = List(
-      "can_see_transaction_this_bank_account",
-      "can_see_transaction_other_bank_account",
-      "can_see_transaction_metadata",
-      "can_see_transaction_label",
-      "can_see_transaction_amount",
-      "can_see_transaction_type",
-      "can_see_transaction_currency",
-      "can_see_transaction_start_date",
-      "can_see_transaction_finish_date",
-      "can_see_transaction_balance",
-      "can_see_comments",
-      "can_see_narrative",
-      "can_see_tags",
-      "can_see_images",
-      "can_see_bank_account_owners",
-      "can_see_bank_account_type",
-      "can_see_bank_account_balance",
-      "can_see_bank_account_currency",
-      "can_see_bank_account_label",
-      "can_see_bank_account_national_identifier",
-      "can_see_bank_account_swift_bic",
-      "can_see_bank_account_iban",
-      "can_see_bank_account_number",
-      "can_see_bank_account_bank_name",
-      "can_see_other_account_national_identifier",
-      "can_see_other_account_swift_bic",
-      "can_see_other_account_iban",
-      "can_see_other_account_bank_name",
-      "can_see_other_account_number",
-      "can_see_other_account_metadata",
-      "can_see_other_account_kind",
-      "can_see_more_info",
-      "can_see_url",
-      "can_see_image_url",
-      "can_see_open_corporates_url",
-      "can_see_corporate_location",
-      "can_see_physical_location",
-      "can_see_public_alias",
-      "can_see_private_alias",
-      "can_add_more_info",
-      "can_add_url",
-      "can_add_image_url",
-      "can_add_open_corporates_url",
-      "can_add_corporate_location",
-      "can_add_physical_location",
-      "can_add_public_alias",
-      "can_add_private_alias",
-      "can_delete_corporate_location",
-      "can_delete_physical_location",
-      "can_edit_narrative",
-      "can_add_comment",
-      "can_delete_comment",
-      "can_add_tag",
-      "can_delete_tag",
-      "can_add_image",
-      "can_delete_image",
-      "can_add_where_tag",
-      "can_see_where_tag",
-      "can_delete_where_tag",
-      "can_create_counterparty",
-      //V300 New
-      "can_see_bank_routing_scheme",
-      "can_see_bank_routing_address",
-      "can_see_bank_account_routing_scheme",
-      "can_see_bank_account_routing_address",
-      "can_see_other_bank_routing_scheme",
-      "can_see_other_bank_routing_address",
-      "can_see_other_account_routing_scheme",
-      "can_see_other_account_routing_address",
-      //v310
-      "can_query_available_funds",
-      "can_add_transaction_request_to_own_account",
-      "can_add_transaction_request_to_any_account",
-      "can_see_bank_account_credit_limit",
-      //v400
-      "can_create_direct_debit",
-      "can_create_standing_order",
-
-      //payments
-      "can_add_transaction_request_to_any_account"
-    ),
+    allowed_actions = allowedActionsV500,
     // Version 5.0.0
     can_grant_access_to_views = Some(List("owner")),
     can_revoke_access_to_views = Some(List("owner"))
@@ -370,78 +384,7 @@ object SwaggerDefinitionsJSON {
     metadata_view = SYSTEM_OWNER_VIEW_ID,
     which_alias_to_use = "family",
     hide_metadata_if_alias_used = true,
-    allowed_actions = List(
-      "can_see_transaction_this_bank_account",
-      "can_see_transaction_other_bank_account",
-      "can_see_transaction_metadata",
-      "can_see_transaction_label",
-      "can_see_transaction_amount",
-      "can_see_transaction_type",
-      "can_see_transaction_currency",
-      "can_see_transaction_start_date",
-      "can_see_transaction_finish_date",
-      "can_see_transaction_balance",
-      "can_see_comments",
-      "can_see_narrative", "can_see_tags",
-      "can_see_images",
-      "can_see_bank_account_owners",
-      "can_see_bank_account_type",
-      "can_see_bank_account_balance",
-      "can_see_bank_account_currency",
-      "can_see_bank_account_label",
-      "can_see_bank_account_national_identifier",
-      "can_see_bank_account_swift_bic",
-      "can_see_bank_account_iban",
-      "can_see_bank_account_number",
-      "can_see_bank_account_bank_name",
-      "can_see_other_account_national_identifier",
-      "can_see_other_account_swift_bic",
-      "can_see_other_account_iban",
-      "can_see_other_account_bank_name",
-      "can_see_other_account_number",
-      "can_see_other_account_metadata",
-      "can_see_other_account_kind",
-      "can_see_more_info",
-      "can_see_url",
-      "can_see_image_url",
-      "can_see_open_corporates_url",
-      "can_see_corporate_location",
-      "can_see_physical_location",
-      "can_see_public_alias",
-      "can_see_private_alias",
-      "can_add_more_info",
-      "can_add_url",
-      "can_add_image_url",
-      "can_add_open_corporates_url",
-      "can_add_corporate_location",
-      "can_add_physical_location",
-      "can_add_public_alias",
-      "can_add_private_alias",
-      "can_delete_corporate_location",
-      "can_delete_physical_location",
-      "can_edit_narrative",
-      "can_add_comment",
-      "can_delete_comment",
-      "can_add_tag",
-      "can_delete_tag",
-      "can_add_image",
-      "can_delete_image",
-      "can_add_where_tag",
-      "can_see_where_tag",
-      "can_delete_where_tag",
-      "can_create_counterparty",
-      //V300 New
-      "can_see_bank_routing_scheme",
-      "can_see_bank_routing_address",
-      "can_see_bank_account_routing_scheme",
-      "can_see_bank_account_routing_address",
-      "can_see_other_bank_routing_scheme",
-      "can_see_other_bank_routing_address",
-      "can_see_other_account_routing_scheme",
-      "can_see_other_account_routing_address",
-      //v310
-      "can_query_available_funds"
-    ),
+    allowed_actions = allowedActionsV500,
     // Version 5.0.0
     can_grant_access_to_views = Some(List("owner")),
     can_revoke_access_to_views = Some(List("owner"))

obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala

@@ -14,6 +14,7 @@ import code.model._
 import code.transactionrequests.TransactionRequests.TransactionRequestTypes.SEPA_CREDIT_TRANSFERS
 import code.transactionrequests.TransactionRequests.{PaymentServiceTypes, TransactionRequestTypes}
 import code.util.Helper
+import code.views.Views
 import com.github.dwickern.macros.NameOf.nameOf
 import com.openbankproject.commons.ExecutionContext.Implicits.global
 import com.openbankproject.commons.model._
@@ -565,10 +566,16 @@ $additionalInstructions
              _ <- Helper.booleanToFuture(invalidIban, cc=callContext) { ibanChecker.isValid == true }
              (toAccount, callContext) <- NewStyle.function.getToBankAccountByIban(toAccountIban, callContext)
 
-             _ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId), callContext)) Future.successful(Full(Unit))
-                  else NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)
+             //no accountAccess and no canAddTransactionRequestToOwnAccount ==> this will not throw exception,only return false! 
+             anyViewContainsCanAddTransactionRequestToAnyAccountPermission = Views.views.vend.permission(BankIdAccountId(fromAccount.bankId, fromAccount.accountId), u)
+               .map(_.views.map(_.canAddTransactionRequestToAnyAccount).find(_.==(true)).getOrElse(false)).getOrElse(false)
 
-               // Prevent default value for transaction request type (at least).
+             _ <- if (anyViewContainsCanAddTransactionRequestToAnyAccountPermission) 
+               Future.successful(Full(Unit))
+             else 
+               NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)
+
+             // Prevent default value for transaction request type (at least).
              _ <- Helper.booleanToFuture(s"From Account Currency is ${fromAccount.currency}, but Requested Transaction Currency is: ${transDetailsJson.instructedAmount.currency}", cc=callContext) {
                transDetailsJson.instructedAmount.currency == fromAccount.currency
              }