RabbitMQ; resource_docs_requires_role

obp-api/src/main/resources/props/sample.props.template

@@ -1047,6 +1047,8 @@ featured_apis=elasticSearchWarehouseV300
 # rabbitmq_connector.username=obp
 # rabbitmq_connector.password=obp
 # rabbitmq_connector.virtual_host=/
+# rabbitmq_connector.request_queue=obp_rpc_queue
+# rabbitmq_connector.response_queue_prefix=obp_reply_queue
 # -- RabbitMQ Adapter --------------------------------------------
 #rabbitmq.adapter.enabled=false
 

obp-api/src/main/scala/code/api/ResourceDocs1_4_0/ResourceDocs140.scala

@@ -2,7 +2,7 @@ package code.api.ResourceDocs1_4_0
 
 import scala.language.reflectiveCalls
 import code.api.Constant.HostName
-import code.api.OBPRestHelper
+import code.api.{OBPRestHelper, ResponseHeader}
 import code.api.cache.Caching
 import code.api.util.APIUtil._
 import code.api.util.{APIUtil, ApiVersionUtils, YAMLUtils}
@@ -236,7 +236,7 @@ object ResourceDocs300 extends OBPRestHelper with ResourceDocsAPIMethods with Md
                 yamlResult
               }
 
-              val headers = List("Content-Type" -> YAMLUtils.getYAMLContentType)
+              val headers = List("Content-Type" -> YAMLUtils.getYAMLContentType, (ResponseHeader.`Correlation-Id` -> getCorrelationId()))
               val bytes = yamlString.getBytes("UTF-8")
               InMemoryResponse(bytes, headers, Nil, 200)
             }

obp-api/src/main/scala/code/api/ResourceDocs1_4_0/ResourceDocsAPIMethods.scala

@@ -677,6 +677,16 @@ trait ResourceDocsAPIMethods extends MdcLoggable with APIMethods220 with APIMeth
           implicit val ec = EndpointContext(Some(cc))
           val (resourceDocTags, partialFunctions, locale, contentParam,  apiCollectionIdParam) = ResourceDocsAPIMethodsUtil.getParams()
           for {
+            (u: Box[User], callContext: Option[CallContext]) <- if (resourceDocsRequireRole) {
+              authenticatedAccess(cc)
+            } else {
+              anonymousAccess(cc)
+            }
+            _ <- if (resourceDocsRequireRole) {
+              NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + canReadResourceDoc.toString)("", u.map(_.userId).getOrElse(""), ApiRole.canReadResourceDoc :: Nil, cc.callContext)
+            } else {
+              Future(())
+            }
             requestedApiVersion <- NewStyle.function.tryons(s"$InvalidApiVersionString Current Version is $requestedApiVersionString", 400, cc.callContext) {
               ApiVersionUtils.valueOf(requestedApiVersionString)
             }
@@ -871,6 +881,16 @@ trait ResourceDocsAPIMethods extends MdcLoggable with APIMethods220 with APIMeth
             } else {
               Future.successful(true)
             }
+            (u: Box[User], callContext: Option[CallContext]) <- if (resourceDocsRequireRole) {
+              authenticatedAccess(cc)
+            } else {
+              anonymousAccess(cc)
+            }
+            _ <- if (resourceDocsRequireRole) {
+              NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + canReadResourceDoc.toString)("", u.map(_.userId).getOrElse(""), ApiRole.canReadResourceDoc :: Nil, cc.callContext)
+            } else {
+              Future(())
+            }
             requestedApiVersion <- NewStyle.function.tryons(s"$InvalidApiVersionString Current Version is $requestedApiVersionString", 400, cc.callContext) {
               ApiVersionUtils.valueOf(requestedApiVersionString)
             }

obp-api/src/main/scala/code/api/util/ApiRole.scala

@@ -459,9 +459,15 @@ object ApiRole extends MdcLoggable{
   case class CanDeleteEntitlementRequestsAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canDeleteEntitlementRequestsAtAnyBank = CanDeleteEntitlementRequestsAtAnyBank()
 
+  case class CanDeleteEntitlementRequestsAtOneBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canDeleteEntitlementRequestsAtOneBank = CanDeleteEntitlementRequestsAtOneBank()
+
   case class CanGetEntitlementRequestsAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canGetEntitlementRequestsAtAnyBank = CanGetEntitlementRequestsAtAnyBank()
 
+  case class CanGetEntitlementRequestsAtOneBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canGetEntitlementRequestsAtOneBank = CanGetEntitlementRequestsAtOneBank()
+
   case class CanUseAccountFirehoseAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canUseAccountFirehoseAtAnyBank = CanUseAccountFirehoseAtAnyBank()
 
@@ -471,6 +477,9 @@ object ApiRole extends MdcLoggable{
   case class CanUseCustomerFirehoseAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canUseCustomerFirehoseAtAnyBank = CanUseCustomerFirehoseAtAnyBank()
 
+  case class CanUseCustomerFirehose(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canUseCustomerFirehose = CanUseCustomerFirehose()
+
   case class CanReadAggregateMetrics (requiresBankId: Boolean = false) extends ApiRole
   lazy val canReadAggregateMetrics = CanReadAggregateMetrics()
 
@@ -483,6 +492,9 @@ object ApiRole extends MdcLoggable{
   case class CanDeleteScopeAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canDeleteScopeAtAnyBank = CanDeleteScopeAtAnyBank()
 
+  case class CanDeleteScopeAtOneBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canDeleteScopeAtOneBank = CanDeleteScopeAtOneBank()
+
   case class CanUnlockUser (requiresBankId: Boolean = false) extends ApiRole
   lazy val canUnlockUser = CanUnlockUser()
 
@@ -889,9 +901,15 @@ object ApiRole extends MdcLoggable{
   case class CanGetTransactionRequestAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canGetTransactionRequestAtAnyBank = CanGetTransactionRequestAtAnyBank()
 
+  case class CanGetTransactionRequestAtOneBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canGetTransactionRequestAtOneBank = CanGetTransactionRequestAtOneBank()
+
   case class CanUpdateTransactionRequestStatusAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canUpdateTransactionRequestStatusAtAnyBank = CanUpdateTransactionRequestStatusAtAnyBank()
 
+  case class CanUpdateTransactionRequestStatusAtOneBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canUpdateTransactionRequestStatusAtOneBank = CanUpdateTransactionRequestStatusAtOneBank()
+
   case class CanGetDoubleEntryTransactionAtOneBank(requiresBankId: Boolean = true) extends ApiRole
   lazy val canGetDoubleEntryTransactionAtOneBank = CanGetDoubleEntryTransactionAtOneBank()
 
@@ -1159,6 +1177,9 @@ object ApiRole extends MdcLoggable{
   case class CanGetAccountsMinimalForCustomerAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
   lazy val canGetAccountsMinimalForCustomerAtAnyBank = CanGetAccountsMinimalForCustomerAtAnyBank()
 
+  case class CanGetAccountsMinimalForCustomerAtOneBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canGetAccountsMinimalForCustomerAtOneBank = CanGetAccountsMinimalForCustomerAtOneBank()
+
   case class CanUpdateConsentStatusAtOneBank(requiresBankId: Boolean = true) extends ApiRole
   lazy val canUpdateConsentStatusAtOneBank = CanUpdateConsentStatusAtOneBank()
   case class CanUpdateConsentStatusAtAnyBank(requiresBankId: Boolean = false) extends ApiRole

obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala

@@ -1922,7 +1922,7 @@ trait APIMethods300 {
         UnknownError
       ),
       List(apiTagRole, apiTagEntitlement, apiTagUser),
-      Some(List(canGetEntitlementRequestsAtAnyBank)))
+      Some(List(canGetEntitlementRequestsAtOneBank, canGetEntitlementRequestsAtAnyBank)))
 
     lazy val getAllEntitlementRequests : OBPEndpoint = {
       case "entitlement-requests" :: Nil JsonGet _ => {
@@ -1961,7 +1961,7 @@ trait APIMethods300 {
         UnknownError
       ),
       List(apiTagRole, apiTagEntitlement, apiTagUser),
-      Some(List(canGetEntitlementRequestsAtAnyBank)))
+      Some(List(canGetEntitlementRequestsAtOneBank, canGetEntitlementRequestsAtAnyBank)))
 
     lazy val getEntitlementRequests : OBPEndpoint = {
       case "users" :: userId :: "entitlement-requests" :: Nil JsonGet _ => {
@@ -2035,16 +2035,19 @@ trait APIMethods300 {
         UnknownError
       ),
       List(apiTagRole, apiTagEntitlement, apiTagUser),
-      Some(List(canDeleteEntitlementRequestsAtAnyBank)))
+      Some(List(canDeleteEntitlementRequestsAtOneBank, canDeleteEntitlementRequestsAtAnyBank)))
 
     lazy val deleteEntitlementRequest : OBPEndpoint = {
       case "entitlement-requests" :: entitlementRequestId :: Nil JsonDelete _ => {
         cc => implicit val ec = EndpointContext(Some(cc))
-          val allowedEntitlements = canDeleteEntitlementRequestsAtAnyBank :: Nil
+          val allowedEntitlements = canDeleteEntitlementRequestsAtOneBank :: canDeleteEntitlementRequestsAtAnyBank :: Nil
           val allowedEntitlementsTxt = UserHasMissingRoles + allowedEntitlements.mkString(" or ")
           for {
             (Full(u), callContext) <- authenticatedAccess(cc)
-            _ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)("", u.userId, allowedEntitlements, callContext)
+            entitlementRequest <- EntitlementRequest.entitlementRequest.vend.getEntitlementRequestFuture(entitlementRequestId) map {
+              connectorEmptyResponse(_, callContext)
+            }
+            _ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)(entitlementRequest.bankId, u.userId, allowedEntitlements, callContext)
             deleteEntitlementRequest <- EntitlementRequest.entitlementRequest.vend.deleteEntitlementRequestFuture(entitlementRequestId) map {
               connectorEmptyResponse(_, callContext)
             }
@@ -2349,7 +2352,8 @@ trait APIMethods300 {
       EmptyBody,
       EmptyBody,
       List(AuthenticatedUserIsRequired, EntitlementNotFound, UnknownError),
-      List(apiTagScope, apiTagConsumer))
+      List(apiTagScope, apiTagConsumer),
+      Some(List(canDeleteScopeAtOneBank, canDeleteScopeAtAnyBank)))
 
     lazy val deleteScope: OBPEndpoint = {
       case "consumers" :: consumerId :: "scope" :: scopeId :: Nil JsonDelete _ => {
@@ -2359,13 +2363,15 @@ trait APIMethods300 {
             consumer <- Future{callContext.get.consumer} map {
               x => unboxFullOrFail(x, callContext, InvalidConsumerCredentials)
             }
-            _ <- Future {NewStyle.function.hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canDeleteScopeAtAnyBank, callContext)}  map ( fullBoxOrException(_))
             scope <- Future{ Scope.scope.vend.getScopeById(scopeId) ?~! ScopeNotFound } map {
               val msg = s"$ScopeNotFound Current Value is $scopeId"
               x => unboxFullOrFail(x, callContext, msg)
             }
+            _ <- Future {NewStyle.function.hasEntitlementAndScope(scope.bankId, u.userId, consumer.id.get.toString, canDeleteScopeAtOneBank, callContext)} map (fullBoxOrException(_)) recoverWith {
+              case _ => Future {NewStyle.function.hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canDeleteScopeAtAnyBank, callContext)} map (fullBoxOrException(_))
+            }
             _ <- Helper.booleanToFuture(failMsg = ConsumerDoesNotHaveScope, cc=callContext) { scope.scopeId ==scopeId }
-            _ <- Future {Scope.scope.vend.deleteScope(Full(scope))} 
+            _ <- Future {Scope.scope.vend.deleteScope(Full(scope))}
           } yield
             (JsRaw(""), HttpCode.`200`(callContext))
       }

obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala

@@ -394,7 +394,7 @@ trait APIMethods310 {
       customerJSONs,
       List(AuthenticatedUserIsRequired, CustomerFirehoseNotAllowedOnThisInstance, UserHasMissingRoles, UnknownError),
       List(apiTagCustomer, apiTagFirehoseData),
-      Some(List(canUseCustomerFirehoseAtAnyBank)))
+      Some(List(ApiRole.canUseCustomerFirehose, canUseCustomerFirehoseAtAnyBank)))
 
     lazy val getFirehoseCustomers : OBPEndpoint = {
       //get private accounts for all banks
@@ -405,7 +405,7 @@ trait APIMethods310 {
             _ <- Helper.booleanToFuture(failMsg = AccountFirehoseNotAllowedOnThisInstance , cc=callContext) {
               allowCustomerFirehose
             }
-            _ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canUseCustomerFirehoseAtAnyBank, callContext)
+            _ <- NewStyle.function.hasAtLeastOneEntitlement(bankId.value, u.userId, ApiRole.canUseCustomerFirehose :: canUseCustomerFirehoseAtAnyBank :: Nil, callContext)
             (_, callContext) <- NewStyle.function.getBank(bankId, callContext)
             allowedParams = List("sort_direction", "limit", "offset", "from_date", "to_date")
             httpParams <- NewStyle.function.extractHttpParamsFromUrl(cc.url)

obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala

@@ -10063,18 +10063,20 @@ trait APIMethods400 extends MdcLoggable {
         UnknownError
       ),
       List(apiTagAccount),
-      Some(List(canGetAccountsMinimalForCustomerAtAnyBank))
+      Some(List(canGetAccountsMinimalForCustomerAtOneBank, canGetAccountsMinimalForCustomerAtAnyBank))
     )
 
     lazy val getAccountsMinimalByCustomerId: OBPEndpoint = {
       case "customers" :: customerId :: "accounts-minimal" :: Nil JsonGet _ => {
         cc =>
           implicit val ec = EndpointContext(Some(cc))
           for {
-            (_, callContext) <- getCustomerByCustomerId(
+            (Full(u), callContext) <- authenticatedAccess(cc)
+            (customer, callContext) <- getCustomerByCustomerId(
               customerId,
-              cc.callContext
+              callContext
             )
+            _ <- NewStyle.function.hasAtLeastOneEntitlement(customer.bankId, u.userId, canGetAccountsMinimalForCustomerAtOneBank :: canGetAccountsMinimalForCustomerAtAnyBank :: Nil, callContext)
             (userCustomerLinks, callContext) <- getUserCustomerLinks(
               customerId,
               callContext

obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala

@@ -4259,15 +4259,17 @@ trait APIMethods510 {
         UnknownError
       ),
       List(apiTagTransactionRequest, apiTagPSD2PIS, apiTagPsd2),
-      Some(List(canGetTransactionRequestAtAnyBank))
+      Some(List(canGetTransactionRequestAtOneBank, canGetTransactionRequestAtAnyBank))
     )
 
     lazy val getTransactionRequestById: OBPEndpoint = {
       case "management" :: "transaction-requests" :: TransactionRequestId(requestId) :: Nil JsonGet _ => {
         cc =>
           implicit val ec = EndpointContext(Some(cc))
           for {
-            (transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(requestId, cc.callContext)
+            (Full(u), callContext) <- authenticatedAccess(cc)
+            (transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(requestId, callContext)
+            _ <- NewStyle.function.hasAtLeastOneEntitlement(transactionRequest.from.bank_id, u.userId, canGetTransactionRequestAtOneBank :: canGetTransactionRequestAtAnyBank :: Nil, callContext)
           } yield {
             val json = JSONFactory210.createTransactionRequestWithChargeJSON(transactionRequest)
             (json, HttpCode.`200`(callContext))
@@ -4377,7 +4379,7 @@ trait APIMethods510 {
         UnknownError
       ),
       List(apiTagTransactionRequest),
-      Some(List(canUpdateTransactionRequestStatusAtAnyBank))
+      Some(List(canUpdateTransactionRequestStatusAtOneBank, canUpdateTransactionRequestStatusAtAnyBank))
     )
 
     lazy val updateTransactionRequestStatus : OBPEndpoint = {
@@ -4386,11 +4388,14 @@ trait APIMethods510 {
           implicit val ec = EndpointContext(Some(cc))
           val failMsg = s"$InvalidJsonFormat The Json body should be the $PostTransactionRequestStatusJsonV510"
           for {
-            postedData <- NewStyle.function.tryons(failMsg, 400, cc.callContext) {
+            (Full(u), callContext) <- authenticatedAccess(cc)
+            postedData <- NewStyle.function.tryons(failMsg, 400, callContext) {
               json.extract[PostTransactionRequestStatusJsonV510]
             }
-            _ <- NewStyle.function.saveTransactionRequestStatusImpl(transactionRequestId, postedData.status, cc.callContext)
-            (transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(transactionRequestId, cc.callContext)
+            (existingTransactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(transactionRequestId, callContext)
+            _ <- NewStyle.function.hasAtLeastOneEntitlement(existingTransactionRequest.from.bank_id, u.userId, canUpdateTransactionRequestStatusAtOneBank :: canUpdateTransactionRequestStatusAtAnyBank :: Nil, callContext)
+            _ <- NewStyle.function.saveTransactionRequestStatusImpl(transactionRequestId, postedData.status, callContext)
+            (transactionRequest, callContext) <- NewStyle.function.getTransactionRequestImpl(transactionRequestId, callContext)
           } yield {
             (TransactionRequestStatusJsonV510(transactionRequest.id.value, transactionRequest.status), HttpCode.`200`(callContext))
           }

obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala

@@ -3457,6 +3457,7 @@ trait APIMethods600 {
         cc => implicit val ec = EndpointContext(Some(cc))
           for {
             (Full(u), callContext) <- authenticatedAccess(cc)
+            _ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canGetRolesWithEntitlementCountsAtAllBanks, callContext)
 
             // Get all available roles
             allRoles = ApiRole.availableRoles.sorted