gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libeufin] branch master updated: allow 'admin' to access other customer


From: gnunet
Subject: [libeufin] branch master updated: allow 'admin' to access other customers accounts
Date: Fri, 05 Nov 2021 11:47:24 +0100

This is an automated email from the git hooks/post-receive script.

ms pushed a commit to branch master
in repository libeufin.

The following commit(s) were added to refs/heads/master by this push:
     new a6661dff allow 'admin' to access other customers accounts
a6661dff is described below

commit a6661dffe23dbf5157167204ccda8855dc1d1d21
Author: ms <ms@taler.net>
AuthorDate: Fri Nov 5 11:46:56 2021 +0100

    allow 'admin' to access other customers accounts
---
 sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt   |  3 ++-
 sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt | 15 +++++++++------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt 
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
index fcb58ed2..b9863704 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/DB.kt
@@ -491,7 +491,8 @@ fun dbCreateTables(dbConnectionString: String) {
             BankAccountsTable,
             BankAccountReportsTable,
             BankAccountStatementsTable,
-            TalerWithdrawalsTable
+            TalerWithdrawalsTable,
+            DemobankCustomersTable
         )
     }
 }
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt 
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
index 35c2f6ba..6ddd9152 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
@@ -1180,7 +1180,10 @@ val sandboxApp: Application.() -> Unit = {
                         res
                     } ?: throw notFound("Account '$accountAccessed' not found")
                     // Check rights.
-                    if (WITH_AUTH && bankAccount.owner != username) throw 
forbidden(
+                    if (
+                        WITH_AUTH
+                        && (bankAccount.owner != username && username != 
"admin")
+                    ) throw forbidden(
                             "Customer '$username' cannot access bank account 
'$accountAccessed'"
                         )
                     val creditDebitIndicator = if (bankAccount.isDebit) {
@@ -1255,8 +1258,8 @@ val sandboxApp: Application.() -> Unit = {
                     val checkExist = transaction {
                         DemobankCustomerEntity.find {
                             DemobankCustomersTable.username eq req.username
-                        }
-                    }.firstOrNull()
+                        }.firstOrNull()
+                    }
                     if (checkExist != null) {
                         throw SandboxError(
                             HttpStatusCode.Conflict,
@@ -1268,7 +1271,7 @@ val sandboxApp: Application.() -> Unit = {
                     transaction {
                         BankAccountEntity.new {
                             iban = getIban()
-                            label = req.username + "acct" // multiple accounts 
per username not allowed.
+                            label = req.username + "-acct" // multiple 
accounts per username not allowed.
                             owner = req.username
                             this.demoBank = demobank
                         }
@@ -1305,8 +1308,8 @@ val sandboxApp: Application.() -> Unit = {
                             body.demobankAccountLabel,
                             ensureDemobank(call)
                         )
-                        if (bankAccount.owner != user) throw forbidden(
-                            "User cannot access bank account 
'${bankAccount.label}'"
+                        if ((user != "admin") && (bankAccount.owner != user)) 
throw forbidden(
+                            "User ${bankAccount.owner} cannot access bank 
account '${bankAccount.label}'"
                         )
                         subscriber.bankAccount = bankAccount
                     }

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]