From a0c4f5a1baf0a5ec2024ea4171266c824d41b856 Mon Sep 17 00:00:00 2001 From: Menkene Koufan Date: Tue, 1 Oct 2024 09:57:17 +0100 Subject: [PATCH 1/3] chore: created and tested agent access entity --- .../ledgers/baam/db/domain/AccessScope.java | 12 +++++ .../ledgers/baam/db/domain/AgentAccess.java | 51 +++++++++++++++++++ .../db/repository/AgentAccessRepository.java | 12 +++++ .../repository/AgentAccessRepositoryIT.java | 51 +++++++++++++++++++ 4 files changed, 126 insertions(+) create mode 100644 ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java create mode 100644 ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java create mode 100644 ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/test/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepositoryIT.java diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java index 08a6f28ba..094d36b84 100644 --- a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java @@ -11,4 +11,16 @@ public enum AccessScope { WRITE, EXECUTE, DELETE; + + public boolean allowsAction(String action) { + try { + AccessScope requestedAction = AccessScope.valueOf(action); + return this == requestedAction; + } catch (IllegalArgumentException e) { + // Action not allowed + return false; + } + } + + } diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java new file mode 100644 index 000000000..fa0479382 --- /dev/null +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java @@ -0,0 +1,51 @@ +package de.adorsys.ledgers.baam.db.domain; + +import jakarta.persistence.Entity; +import jakarta.persistence.Table; + +@Entity +@Table(name = "agent_access") +public class AgentAccess extends BankAccountAccess { + + public AgentAccess() { + this.setStatus(AccessStatus.ACTIVE); + } + + // Impersonate the account holder to perform an action within the authorized scope + public void impersonate(String action) { + if (this.getStatus() != AccessStatus.ACTIVE) { + throw new IllegalStateException("Access is not active, impersonation is not allowed."); + } + if (this.getScope().allowsAction(action)) { + + // Logic to execute the action on behalf of the account holder + + } else { + throw new IllegalArgumentException("Action not permitted within the current scope."); + } + } + + // Revoke the agent's access + public void revokeAccess() { + this.setStatus(AccessStatus.SUSPENDED); + } + + // Activate agent access if it has been suspended + public void activateAccess() { + this.setStatus(AccessStatus.ACTIVE); + } + + // Restrict access temporarily without full revocation + public void restrictAccess() { + this.setStatus(AccessStatus.RESTRICTED); + } + + // Example usage scenario: Execute a payment on behalf of the account holder + public void executePayment(double amount) { + if (this.getStatus() == AccessStatus.ACTIVE && this.getScope().allowsAction("EXECUTE_PAYMENT")) { + // Perform the payment logic + } else { + throw new IllegalStateException("Payment execution not allowed under the current access status or scope."); + } + } +} diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java new file mode 100644 index 000000000..b10984d40 --- /dev/null +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java @@ -0,0 +1,12 @@ +package de.adorsys.ledgers.baam.db.repository; + +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import de.adorsys.ledgers.baam.db.domain.AgentAccess; + +@Repository +public interface AgentAccessRepository extends JpaRepository { + +} + diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/test/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepositoryIT.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/test/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepositoryIT.java new file mode 100644 index 000000000..416ca6e34 --- /dev/null +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/test/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepositoryIT.java @@ -0,0 +1,51 @@ +package de.adorsys.ledgers.baam.db.repository; + +import com.github.springtestdbunit.DbUnitTestExecutionListener; +import de.adorsys.ledgers.baam.db.domain.*; +import de.adorsys.ledgers.baam.db.test.BaamRepositoryApplication; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.TestExecutionListeners; +import org.springframework.test.context.junit.jupiter.SpringExtension; +import org.springframework.test.context.support.DependencyInjectionTestExecutionListener; +import org.springframework.test.context.transaction.TransactionalTestExecutionListener; + +import static org.junit.jupiter.api.Assertions.assertNotNull; + +@SpringBootTest(classes = BaamRepositoryApplication.class) +@ExtendWith(SpringExtension.class) +@TestExecutionListeners({DependencyInjectionTestExecutionListener.class, + TransactionalTestExecutionListener.class, + DbUnitTestExecutionListener.class}) + +public class AgentAccessRepositoryIT { + + @Autowired + private AgentAccessRepository agentAccessRepository; + + @Test + void test_create_ok() { + // Given + agentAccessRepository.deleteAll(); // Clean up any existing records + AgentAccess agentAccess = new AgentAccess(); + agentAccess.setId("1"); + agentAccess.setAccountId("1L"); + agentAccess.setEntityId("2L"); + agentAccess.setScope(AccessScope.EXECUTE); // Example action scope + agentAccess.setWeight(0.5); // Partial authority + agentAccess.setConditions(AccessCondition.AMOUNT_RESTRICTED); // Example condition + agentAccess.setStatus(AccessStatus.ACTIVE); // Agent is active + agentAccess.setPolicies("Payment-Only Policy"); // Example policy + + // When + AgentAccess savedAccess = agentAccessRepository.save(agentAccess); + + // Retrieve the saved object + AgentAccess result = agentAccessRepository.findById(savedAccess.getId()).orElse(null); + + // Then + assertNotNull(result); + } +} From e5156229aebde7555e82a3ece25855fa1cda26a8 Mon Sep 17 00:00:00 2001 From: Menkene Koufan Date: Tue, 1 Oct 2024 15:25:12 +0100 Subject: [PATCH 2/3] fix: solved pmd check for agent access entity --- .../ledgers/baam/db/domain/AgentAccess.java | 6 +++--- .../ledgers/um/api/service/UserService.java | 17 ++++++++++++----- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java index fa0479382..641c268a0 100644 --- a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java @@ -17,9 +17,8 @@ public void impersonate(String action) { throw new IllegalStateException("Access is not active, impersonation is not allowed."); } if (this.getScope().allowsAction(action)) { - - // Logic to execute the action on behalf of the account holder - + return; + // Perform the payment logic } else { throw new IllegalArgumentException("Action not permitted within the current scope."); } @@ -43,6 +42,7 @@ public void restrictAccess() { // Example usage scenario: Execute a payment on behalf of the account holder public void executePayment(double amount) { if (this.getStatus() == AccessStatus.ACTIVE && this.getScope().allowsAction("EXECUTE_PAYMENT")) { + return; // Perform the payment logic } else { throw new IllegalStateException("Payment execution not allowed under the current access status or scope."); diff --git a/ledgers-user-management/ledgers-user-management-service-api/src/main/java/de/adorsys/ledgers/um/api/service/UserService.java b/ledgers-user-management/ledgers-user-management-service-api/src/main/java/de/adorsys/ledgers/um/api/service/UserService.java index 923810cf8..5a084ba3f 100644 --- a/ledgers-user-management/ledgers-user-management-service-api/src/main/java/de/adorsys/ledgers/um/api/service/UserService.java +++ b/ledgers-user-management/ledgers-user-management-service-api/src/main/java/de/adorsys/ledgers/um/api/service/UserService.java @@ -7,11 +7,18 @@ //NOPMD -import de.adorsys.ledgers.um.api.domain.*; -import org.springframework.data.domain.*; - -import java.time.*; -import java.util.*; +import de.adorsys.ledgers.um.api.domain.UserBO; +import de.adorsys.ledgers.um.api.domain.ScaUserDataBO; +import de.adorsys.ledgers.um.api.domain.AccountAccessBO; +import de.adorsys.ledgers.um.api.domain.AisConsentBO; +import de.adorsys.ledgers.um.api.domain.UserExtendedBO; +import de.adorsys.ledgers.um.api.domain.UserRoleBO; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; + +import java.time.LocalDateTime; +import java.util.List; +import java.util.Map; public interface UserService { From 10143c31d5df2aa89e0ab172569053f8c1f6aab5 Mon Sep 17 00:00:00 2001 From: Menkene Koufan Date: Fri, 4 Oct 2024 12:44:12 +0100 Subject: [PATCH 3/3] chore: proper implementation for agent access --- .../ledgers/baam/db/domain/AccessScope.java | 11 ----- .../ledgers/baam/db/domain/AgentAccess.java | 40 +------------------ .../db/repository/AgentAccessRepository.java | 3 +- 3 files changed, 2 insertions(+), 52 deletions(-) diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java index 094d36b84..ca929a86a 100644 --- a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AccessScope.java @@ -12,15 +12,4 @@ public enum AccessScope { EXECUTE, DELETE; - public boolean allowsAction(String action) { - try { - AccessScope requestedAction = AccessScope.valueOf(action); - return this == requestedAction; - } catch (IllegalArgumentException e) { - // Action not allowed - return false; - } - } - - } diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java index 641c268a0..40db25d8e 100644 --- a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/domain/AgentAccess.java @@ -8,44 +8,6 @@ public class AgentAccess extends BankAccountAccess { public AgentAccess() { - this.setStatus(AccessStatus.ACTIVE); - } - - // Impersonate the account holder to perform an action within the authorized scope - public void impersonate(String action) { - if (this.getStatus() != AccessStatus.ACTIVE) { - throw new IllegalStateException("Access is not active, impersonation is not allowed."); - } - if (this.getScope().allowsAction(action)) { - return; - // Perform the payment logic - } else { - throw new IllegalArgumentException("Action not permitted within the current scope."); - } - } - - // Revoke the agent's access - public void revokeAccess() { - this.setStatus(AccessStatus.SUSPENDED); - } - - // Activate agent access if it has been suspended - public void activateAccess() { - this.setStatus(AccessStatus.ACTIVE); - } - - // Restrict access temporarily without full revocation - public void restrictAccess() { - this.setStatus(AccessStatus.RESTRICTED); - } - - // Example usage scenario: Execute a payment on behalf of the account holder - public void executePayment(double amount) { - if (this.getStatus() == AccessStatus.ACTIVE && this.getScope().allowsAction("EXECUTE_PAYMENT")) { - return; - // Perform the payment logic - } else { - throw new IllegalStateException("Payment execution not allowed under the current access status or scope."); - } + super(); } } diff --git a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java index b10984d40..4983ca562 100644 --- a/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java +++ b/ledgers-bank-account-access-management/ledgers-bank-account-access-repository/src/main/java/de/adorsys/ledgers/baam/db/repository/AgentAccessRepository.java @@ -1,10 +1,9 @@ package de.adorsys.ledgers.baam.db.repository; +import de.adorsys.ledgers.baam.db.domain.AgentAccess; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.stereotype.Repository; -import de.adorsys.ledgers.baam.db.domain.AgentAccess; - @Repository public interface AgentAccessRepository extends JpaRepository {