This is an automated email from the ASF dual-hosted git repository.
avikg pushed a commit to branch develop
in repository
https://gitbox.apache.org/repos/asf/fineract-cn-deposit-account-management.git
The following commit(s) were added to refs/heads/develop by this push:
new 768ac6a [FINCN-347] Account level access validator (#27)
768ac6a is described below
commit 768ac6a42231fcb6455e8d3f2f9c1bdcdce71ca5
Author: Manoj <[email protected]>
AuthorDate: Mon Aug 9 17:50:36 2021 +0530
[FINCN-347] Account level access validator (#27)
* validate-account-level-access
---
.../service/internal/service/TransactionService.java | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git
a/service/src/main/java/org/apache/fineract/cn/deposit/service/internal/service/TransactionService.java
b/service/src/main/java/org/apache/fineract/cn/deposit/service/internal/service/TransactionService.java
index 7c6753c..e739159 100644
---
a/service/src/main/java/org/apache/fineract/cn/deposit/service/internal/service/TransactionService.java
+++
b/service/src/main/java/org/apache/fineract/cn/deposit/service/internal/service/TransactionService.java
@@ -24,12 +24,12 @@ import
org.apache.fineract.cn.accounting.api.v1.domain.Account;
import org.apache.fineract.cn.accounting.api.v1.domain.Creditor;
import org.apache.fineract.cn.accounting.api.v1.domain.Debtor;
import org.apache.fineract.cn.accounting.api.v1.domain.JournalEntry;
+import org.apache.fineract.cn.anubis.security.AccountLevelAccessVerifierCustom;
import org.apache.fineract.cn.api.util.UserContextHolder;
import org.apache.fineract.cn.deposit.api.v1.definition.domain.Action;
import org.apache.fineract.cn.deposit.api.v1.definition.domain.Charge;
import org.apache.fineract.cn.deposit.api.v1.definition.domain.Currency;
import
org.apache.fineract.cn.deposit.api.v1.definition.domain.ProductDefinition;
-import org.apache.fineract.cn.deposit.api.v1.instance.domain.ProductInstance;
import
org.apache.fineract.cn.deposit.api.v1.instance.domain.SubTransactionType;
import org.apache.fineract.cn.deposit.api.v1.transaction.domain.data.*;
import org.apache.fineract.cn.deposit.api.v1.transaction.utils.MathUtil;
@@ -44,8 +44,6 @@ import org.apache.fineract.cn.lang.ServiceException;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.Pageable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -59,6 +57,9 @@ import java.util.stream.Collectors;
@Service
public class TransactionService {
+ private static final String ACCT_DEPOSIT_OPERATION = "ADD";
+ private static final String ACCT_WITHDRAWAL_OPERATION = "SUBTRACT";
+ private static final String ACCT_READ_OPERATION = "READ";
private final Logger logger;
private final LedgerManager ledgerManager;
private final ProductDefinitionService productDefinitionService;
@@ -66,6 +67,7 @@ public class TransactionService {
private final SubTxnTypesService subTxnTypesService;
private final TransactionRepository transactionRepository;
private final ProductInstanceRepository productInstanceRepository;
+ private final AccountLevelAccessVerifierCustom accountAccessValidator;
public static final String DEBIT = "DEBIT";
public static final String CREDIT = "CREDIT";
@@ -73,7 +75,9 @@ public class TransactionService {
@Autowired
public TransactionService(@Qualifier(ServiceConstants.LOGGER_NAME) Logger
logger, LedgerManager ledgerManager,
ProductDefinitionService
productDefinitionService, ActionService actionService,
- SubTxnTypesService subTxnTypesService,
TransactionRepository transactionRepository, ProductInstanceRepository
productInstanceRepository) {
+ SubTxnTypesService subTxnTypesService,
TransactionRepository transactionRepository,
+ ProductInstanceRepository
productInstanceRepository,
+ AccountLevelAccessVerifierCustom
accountAccessValidator) {
this.logger = logger;
this.ledgerManager = ledgerManager;
this.productDefinitionService = productDefinitionService;
@@ -81,11 +85,13 @@ public class TransactionService {
this.subTxnTypesService = subTxnTypesService;
this.transactionRepository = transactionRepository;
this.productInstanceRepository = productInstanceRepository;
+ this.accountAccessValidator = accountAccessValidator;
}
@Transactional
public TransactionResponseData withdraw(TransactionCommand command) {
TransactionRequestData request = command.getTransactionRequest();
+ accountAccessValidator.validate(request.getAccountId(),
ACCT_WITHDRAWAL_OPERATION);
AccountWrapper accountWrapper = validateAndGetAccount(request,
request.getAccountId(), TransactionTypeEnum.WITHDRAWAL);
LocalDateTime transactionDate = getNow();
//get txntype charges
@@ -103,7 +109,9 @@ public class TransactionService {
@Transactional
public TransactionResponseData deposit(TransactionCommand command) {
TransactionRequestData request = command.getTransactionRequest();
+ accountAccessValidator.validate(request.getAccountId(),
ACCT_DEPOSIT_OPERATION);
AccountWrapper accountWrapper = validateAndGetAccount(request,
request.getAccountId(), TransactionTypeEnum.DEPOSIT);
+
LocalDateTime transactionDate = getNow();
//get txntype charges
List<Charge> charges = getCharges(accountWrapper.productDefinition,
TransactionTypeEnum.DEPOSIT);
@@ -429,6 +437,7 @@ public class TransactionService {
public List<StatementResponse> fetchStatement(String accountId,
LocalDateTime fromDateTime,
LocalDateTime toDateTime) {
+ accountAccessValidator.validate(accountId, ACCT_READ_OPERATION);
return
transactionRepository.findByAccountIdAndTransactionDateBetween(accountId,
fromDateTime, toDateTime)
.stream().map(txn -> {
StatementResponse statementObj = new StatementResponse();
@@ -444,6 +453,7 @@ public class TransactionService {
}
public BalanceResponse fetchBalance(String identifier) {
+ accountAccessValidator.validate(identifier, ACCT_READ_OPERATION);
Account account = ledgerManager.findAccount(identifier);
BalanceResponse balance = new BalanceResponse();
balance.setBalance(new BigDecimal(account.getBalance()));
