commit 9c84f3cd056d83df4a961b185af5bba731cd3062
parent 3c7524c6a876ab3254b45a445d533161258374ea
Author: Florian Dold <florian@dold.me>
Date: Sat, 7 Aug 2021 12:39:40 +0200
normalize permissions to lower-case
Diffstat:
4 files changed, 54 insertions(+), 12 deletions(-)
diff --git a/.idea/dictionaries/dold.xml b/.idea/dictionaries/dold.xml
@@ -18,6 +18,7 @@
<w>servicer</w>
<w>sqlite</w>
<w>taler</w>
+ <w>talerwiregateway</w>
<w>wtid</w>
</words>
</dictionary>
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Auth.kt
@@ -76,7 +76,7 @@ fun findPermission(p: Permission): NexusPermissionEntity? {
and (NexusPermissionsTable.subjectId eq p.subjectId)
and (NexusPermissionsTable.resourceType eq p.resourceType)
and (NexusPermissionsTable.resourceId eq p.resourceId)
- and (NexusPermissionsTable.permissionName eq p.permissionName))
+ and (NexusPermissionsTable.permissionName eq p.permissionName.lowercase()))
}.firstOrNull()
}
@@ -97,7 +97,7 @@ fun ApplicationRequest.requirePermission(vararg perms: PermissionQuery) {
}
var foundPermission = false
for (pr in perms) {
- val p = Permission("user", user.username, pr.resourceType, pr.resourceId, pr.permissionName)
+ val p = Permission("user", user.username, pr.resourceType, pr.resourceId, pr.permissionName.lowercase())
val existingPerm = findPermission(p)
if (existingPerm != null) {
foundPermission = true
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
@@ -279,7 +279,14 @@ fun serverMain(dbName: String, host: String, port: Int) {
post("/permissions") {
val req = call.receive<ChangePermissionsRequest>()
- val knownPermissions = listOf()
+ val knownPermissions = listOf("facade.talerwiregateway.history", "facade.talerwiregateway.transfer")
+ val permName = req.permission.permissionName.lowercase()
+ if (!knownPermissions.contains(permName)) {
+ throw NexusError(
+ HttpStatusCode.BadRequest,
+ "Permission $permName not known"
+ )
+ }
transaction {
requireSuperuser(call.request)
val existingPerm = findPermission(req.permission)
@@ -291,7 +298,7 @@ fun serverMain(dbName: String, host: String, port: Int) {
subjectId = req.permission.subjectId
resourceType = req.permission.resourceType
resourceId = req.permission.resourceId
- permissionName = req.permission.permissionName
+ permissionName = permName
}
}
@@ -360,9 +367,11 @@ fun serverMain(dbName: String, host: String, port: Int) {
superuser = false
}
}
- call.respond(NexusMessage(
- message = "New user '${body.username}' registered"
- ))
+ call.respond(
+ NexusMessage(
+ message = "New user '${body.username}' registered"
+ )
+ )
return@post
}
@@ -934,11 +943,11 @@ fun serverMain(dbName: String, host: String, port: Int) {
}
}
} catch (e: ExposedSQLException) {
- logger.error("Could not persist facade name/type/creator: $e")
- throw NexusError(
- HttpStatusCode.BadRequest,
- "Server could not persist data, possibly due to unavailable facade name"
- )
+ logger.error("Could not persist facade name/type/creator: $e")
+ throw NexusError(
+ HttpStatusCode.BadRequest,
+ "Server could not persist data, possibly due to unavailable facade name"
+ )
}
transaction {
TalerFacadeStateEntity.new {
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
@@ -457,6 +457,38 @@ fun serverMain(dbName: String, port: Int) {
}
call.respond(object {})
}
+
+ /**
+ * Adds a new payment to the book.
+ *
+ * FIXME: This API is deprecated, but still used
+ * in some test cases. It should be removed entirely.
+ */
+ post("/admin/payments") {
+ val body = call.receiveJson<RawPayment>()
+ val randId = getRandomString(16)
+ transaction {
+ val localIban = if (body.direction == "DBIT") body.debtorIban else body.creditorIban
+ BankAccountTransactionsTable.insert {
+ it[creditorIban] = body.creditorIban
+ it[creditorBic] = body.creditorBic
+ it[creditorName] = body.creditorName
+ it[debtorIban] = body.debtorIban
+ it[debtorBic] = body.debtorBic
+ it[debtorName] = body.debtorName
+ it[subject] = body.subject
+ it[amount] = body.amount
+ it[currency] = body.currency
+ it[date] = Instant.now().toEpochMilli()
+ it[accountServicerReference] = "sandbox-$randId"
+ it[account] = getBankAccountFromIban(localIban).id
+ it[direction] = body.direction
+ }
+ }
+ call.respondText("Payment created")
+ return@post
+ }
+
/**
* Associates a new bank account with an existing Ebics subscriber.
*/
