libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit a6661dffe23dbf5157167204ccda8855dc1d1d21
parent ed271284bd86be1e96bf3e3a9ced302e59e65ec4
Author: ms <ms@taler.net>
Date:   Fri,  5 Nov 2021 11:46:56 +0100

allow 'admin' to access other customers accounts

Diffstat:

Msandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt | 3++-


Msandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt | 15+++++++++------


2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
@@ -491,7 +491,8 @@ fun dbCreateTables(dbConnectionString: String) {
             BankAccountsTable,
             BankAccountReportsTable,
             BankAccountStatementsTable,
-            TalerWithdrawalsTable
+            TalerWithdrawalsTable,
+            DemobankCustomersTable
         )
     }
 }
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
@@ -1180,7 +1180,10 @@ val sandboxApp: Application.() -> Unit = {
                         res
                     } ?: throw notFound("Account '$accountAccessed' not found")
                     // Check rights.
-                    if (WITH_AUTH && bankAccount.owner != username) throw forbidden(
+                    if (
+                        WITH_AUTH
+                        && (bankAccount.owner != username && username != "admin")
+                    ) throw forbidden(
                             "Customer '$username' cannot access bank account '$accountAccessed'"
                         )
                     val creditDebitIndicator = if (bankAccount.isDebit) {
@@ -1255,8 +1258,8 @@ val sandboxApp: Application.() -> Unit = {
                     val checkExist = transaction {
                         DemobankCustomerEntity.find {
                             DemobankCustomersTable.username eq req.username
-                        }
-                    }.firstOrNull()
+                        }.firstOrNull()
+                    }
                     if (checkExist != null) {
                         throw SandboxError(
                             HttpStatusCode.Conflict,
@@ -1268,7 +1271,7 @@ val sandboxApp: Application.() -> Unit = {
                     transaction {
                         BankAccountEntity.new {
                             iban = getIban()
-                            label = req.username + "acct" // multiple accounts per username not allowed.
+                            label = req.username + "-acct" // multiple accounts per username not allowed.
                             owner = req.username
                             this.demoBank = demobank
                         }
@@ -1305,8 +1308,8 @@ val sandboxApp: Application.() -> Unit = {
                             body.demobankAccountLabel,
                             ensureDemobank(call)
                         )
-                        if (bankAccount.owner != user) throw forbidden(
-                            "User cannot access bank account '${bankAccount.label}'"
+                        if ((user != "admin") && (bankAccount.owner != user)) throw forbidden(
+                            "User ${bankAccount.owner} cannot access bank account '${bankAccount.label}'"
                         )
                         subscriber.bankAccount = bankAccount
                     }