bff dev upgrde
This commit is contained in:
Stephan D
@@ -47,6 +47,10 @@ func (a *LedgerAPI) createAccount(r *http.Request, account *model.Account, token
|
||||
if err != nil {
|
||||
return response.BadPayload(a.logger, a.Name(), err)
|
||||
}
|
||||
accountRole, err := mapLedgerAccountRole(payload.Role)
|
||||
if err != nil {
|
||||
return response.BadPayload(a.logger, a.Name(), err)
|
||||
}
|
||||
if a.client == nil {
|
||||
return response.Internal(a.logger, mservice.Ledger, merrors.Internal("ledger client is not configured"))
|
||||
}
|
||||
@@ -78,7 +82,7 @@ func (a *LedgerAPI) createAccount(r *http.Request, account *model.Account, token
|
||||
Currency: payload.Currency,
|
||||
Status: ledgerv1.AccountStatus_ACCOUNT_STATUS_ACTIVE,
|
||||
AllowNegative: payload.AllowNegative,
|
||||
IsSettlement: payload.IsSettlement,
|
||||
Role: accountRole,
|
||||
Metadata: payload.Metadata,
|
||||
Describable: describable,
|
||||
})
|
||||
@@ -128,14 +132,14 @@ func mapLedgerAccountType(accountType srequest.LedgerAccountType) (ledgerv1.Acco
|
||||
return parsed, nil
|
||||
}
|
||||
|
||||
func mapLedgerAccountStatus(status srequest.LedgerAccountStatus) (ledgerv1.AccountStatus, error) {
|
||||
raw := string(status)
|
||||
if ledgerconv.IsAccountStatusUnspecified(raw) {
|
||||
return ledgerv1.AccountStatus_ACCOUNT_STATUS_UNSPECIFIED, nil
|
||||
func mapLedgerAccountRole(role model.AccountRole) (ledgerv1.AccountRole, error) {
|
||||
raw := strings.TrimSpace(string(role))
|
||||
if ledgerconv.IsAccountRoleUnspecified(raw) {
|
||||
return ledgerv1.AccountRole_ACCOUNT_ROLE_OPERATING, nil
|
||||
}
|
||||
parsed, ok := ledgerconv.ParseAccountStatus(raw)
|
||||
parsed, ok := ledgerconv.ParseAccountRole(raw)
|
||||
if !ok {
|
||||
return ledgerv1.AccountStatus_ACCOUNT_STATUS_UNSPECIFIED, merrors.InvalidArgument("unsupported status: "+string(status), "status")
|
||||
return ledgerv1.AccountRole_ACCOUNT_ROLE_UNSPECIFIED, merrors.InvalidArgument("unsupported role: "+raw, "role")
|
||||
}
|
||||
return parsed, nil
|
||||
}
|
||||
|
||||
@@ -7,11 +7,13 @@ import (
|
||||
"github.com/tech/sendico/pkg/merrors"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mservice"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
ledgerv1 "github.com/tech/sendico/pkg/proto/ledger/v1"
|
||||
"github.com/tech/sendico/server/interface/api/sresponse"
|
||||
mutil "github.com/tech/sendico/server/internal/mutil/param"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.uber.org/zap"
|
||||
"google.golang.org/protobuf/types/known/wrapperspb"
|
||||
)
|
||||
|
||||
func (a *LedgerAPI) listAccounts(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
|
||||
@@ -22,22 +24,28 @@ func (a *LedgerAPI) listAccounts(r *http.Request, account *model.Account, token
|
||||
}
|
||||
|
||||
ctx := r.Context()
|
||||
res, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionRead)
|
||||
hasReadPermission, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionRead)
|
||||
if err != nil {
|
||||
a.logger.Warn("Failed to check ledger accounts access permissions", zap.Error(err), mutil.PLog(a.oph, r))
|
||||
return response.Auto(a.logger, a.Name(), err)
|
||||
}
|
||||
if !res {
|
||||
a.logger.Debug("Access denied when listing ledger accounts", mutil.PLog(a.oph, r))
|
||||
return response.AccessDenied(a.logger, a.Name(), "ledger accounts read permission denied")
|
||||
}
|
||||
if a.client == nil {
|
||||
return response.Internal(a.logger, mservice.Ledger, merrors.Internal("ledger client is not configured"))
|
||||
}
|
||||
|
||||
resp, err := a.client.ListAccounts(ctx, &ledgerv1.ListAccountsRequest{
|
||||
req := &ledgerv1.ListAccountsRequest{
|
||||
OrganizationRef: orgRef.Hex(),
|
||||
})
|
||||
}
|
||||
|
||||
// If user has read permission, return all accounts in organization.
|
||||
// Otherwise, filter to only accounts owned by the requesting account.
|
||||
if !hasReadPermission {
|
||||
req.OwnerRefFilter = wrapperspb.String(account.ID.Hex())
|
||||
a.logger.Debug("Filtering ledger accounts by owner due to limited permissions",
|
||||
mzap.ObjRef("owner_ref", account.ID), mutil.PLog(a.oph, r))
|
||||
}
|
||||
|
||||
resp, err := a.client.ListAccounts(ctx, req)
|
||||
if err != nil {
|
||||
a.logger.Warn("Failed to list ledger accounts", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
|
||||
return response.Auto(a.logger, mservice.Ledger, err)
|
||||
|
||||
Reference in New Issue
Block a user