From 220e0be4eb64a13ee765ff07b50f02d83cdd0cd3 Mon Sep 17 00:00:00 2001 From: Wasiullah Khan Jadoon Date: Mon, 6 Apr 2026 10:13:40 +0500 Subject: [PATCH 1/3] Third Party User Creation and Transaction Permission Management --- .../controller/ThirdPartyUserController.java | 26 +++++++ .../TransactionPermissionController.java | 43 +++++++++++ .../client/dto/ThirdPartyUserDTO.java | 20 ++++++ .../client/dto/TransactionPermissionDTO.java | 23 ++++++ .../TransactionNotAllowedException.java | 10 +++ .../client/model/TransactionEndpoint.java | 21 ++++++ .../client/model/TransactionPermission.java | 25 +++++++ .../TransactionPermissionRepository.java | 17 +++++ .../aconnect/client/service/AuthService.java | 2 +- .../client/service/ThirdPartyUserService.java | 71 +++++++++++++++++++ .../service/TransactionPermissionService.java | 59 +++++++++++++++ .../client/service/TransactionService.java | 17 ++++- .../main/resources/application-dev.properties | 2 +- .../configuration/constant/AconnectURI.java | 5 ++ .../configuration/constant/ERRCode.java | 3 +- 15 files changed, 340 insertions(+), 4 deletions(-) create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/controller/ThirdPartyUserController.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/dto/ThirdPartyUserDTO.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/dto/TransactionPermissionDTO.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/exception/TransactionNotAllowedException.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionPermission.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/repository/TransactionPermissionRepository.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/service/ThirdPartyUserService.java create mode 100644 aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/controller/ThirdPartyUserController.java b/aconnect/src/main/java/com/mfsys/aconnect/client/controller/ThirdPartyUserController.java new file mode 100644 index 0000000..c63d072 --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/controller/ThirdPartyUserController.java @@ -0,0 +1,26 @@ +package com.mfsys.aconnect.client.controller; + +import com.mfsys.aconnect.client.dto.ThirdPartyUserDTO; +import com.mfsys.aconnect.client.service.ThirdPartyUserService; +import com.mfsys.common.configuration.constant.AconnectURI; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.*; + +@RestController +public class ThirdPartyUserController { + + @Autowired + private ThirdPartyUserService thirdPartyUserService; + + @Autowired + public ThirdPartyUserController(ThirdPartyUserService thirdPartyUserService){ + this.thirdPartyUserService = thirdPartyUserService; + } + + @PostMapping(AconnectURI.CREATE_THIRD_PARTY_USER) + public Object createThirdPartyUser(@RequestBody ThirdPartyUserDTO request, + @RequestHeader("Authorization") String token){ + return thirdPartyUserService.createThirdPartyUser(request, token); + } + +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java b/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java new file mode 100644 index 0000000..4415b06 --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java @@ -0,0 +1,43 @@ +package com.mfsys.aconnect.client.controller; + +import com.mfsys.aconnect.client.dto.TransactionPermissionDTO; +import com.mfsys.aconnect.client.service.TransactionPermissionService; +import com.mfsys.aconnect.client.model.TransactionEndpoint; +import com.mfsys.common.configuration.constant.AconnectURI; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.*; +import java.util.Arrays; + +import java.util.List; +import java.util.stream.Collectors; + +@RestController +public class TransactionPermissionController { + + private final TransactionPermissionService permissionService; + public TransactionPermissionController(TransactionPermissionService permissionService) { + this.permissionService = permissionService; + } + + @PostMapping(AconnectURI.ASSIGN_PERMISSIONS) + public ResponseEntity> assignPermissions( + @RequestBody TransactionPermissionDTO.AssignPermissionsRequest request, @RequestHeader("Authorization") String token) { + return new ResponseEntity<>(permissionService.assignPermissions(request, token), HttpStatus.CREATED); + } + + @GetMapping(AconnectURI.GET_TRANSACTION_PERMISSIONS) + public ResponseEntity> getUserPermissions( + @PathVariable String userId, @RequestHeader("Authorization") String token) { + return ResponseEntity.ok(permissionService.getUserPermissions(userId, token)); + } + + @GetMapping(AconnectURI.GET_TRANSACTION_ENDPOINTS) + public ResponseEntity> getAllEndpoints(@RequestHeader("Authorization") String token) { + List endpoints = Arrays.stream(TransactionEndpoint.values()) + .map(TransactionEndpoint::getCode) + .collect(Collectors.toList()); + return ResponseEntity.ok(endpoints); + } + +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/dto/ThirdPartyUserDTO.java b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/ThirdPartyUserDTO.java new file mode 100644 index 0000000..0988f2f --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/ThirdPartyUserDTO.java @@ -0,0 +1,20 @@ +package com.mfsys.aconnect.client.dto; + +import lombok.Data; +import java.util.List; +import java.util.Map; + +@Data +public class ThirdPartyUserDTO { + private String formId; + private String postProcessFormId; + private String workFlowId; + private String operation; + private String porOrgacode; + private String usercode; + private Map filesMap; + private List autoIncrementFields; + private List> uniqueConstraints; + private List formCounters; + private String payload; +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/dto/TransactionPermissionDTO.java b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/TransactionPermissionDTO.java new file mode 100644 index 0000000..e4bf6f6 --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/dto/TransactionPermissionDTO.java @@ -0,0 +1,23 @@ +package com.mfsys.aconnect.client.dto; + +import lombok.Data; +import java.util.List; + +public class TransactionPermissionDTO { + + @Data + public static class AssignPermissionsRequest { + private String userId; + private String porOrgacode; + private List transactionEndpoints; + } + + @Data + public static class PermissionResponse { + private Long id; + private String userId; + private String transactionEndpoint; + private boolean isAllowed; + } + +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/exception/TransactionNotAllowedException.java b/aconnect/src/main/java/com/mfsys/aconnect/client/exception/TransactionNotAllowedException.java new file mode 100644 index 0000000..65641bf --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/exception/TransactionNotAllowedException.java @@ -0,0 +1,10 @@ +package com.mfsys.aconnect.client.exception; + +import com.mfsys.common.configuration.constant.ERRCode; +import com.mfsys.common.configuration.exception.ApplicationException; + +public class TransactionNotAllowedException extends ApplicationException { + public TransactionNotAllowedException(String porOrgacode){ + super(porOrgacode, ERRCode.TRANSACTION_NOT_ALLOWED_EXCEPTION); + } +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java b/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java new file mode 100644 index 0000000..261580c --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java @@ -0,0 +1,21 @@ +package com.mfsys.aconnect.client.model; + +import com.mfsys.common.configuration.constant.AconnectURI; + +public enum TransactionEndpoint { + + ACCOUNT_TO_GL(AconnectURI.TRANSACTION_ACCOUNT_GL_URI), + GL_TO_GL(AconnectURI.TRANSACTION_GL_GL_URI), + ACCOUNT_TO_ACCOUNT(AconnectURI.ACCOUNT_TO_ACCOUNT_TRANSACTION_URI), + GL_TO_ACCOUNT(AconnectURI.GL_TO_ACCOUNT_TRANSACTION_URI); + + private final String code; + + TransactionEndpoint(String code) { + this.code = code; + } + + public String getCode() { + return code; + } +} \ No newline at end of file diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionPermission.java b/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionPermission.java new file mode 100644 index 0000000..572ceb8 --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionPermission.java @@ -0,0 +1,25 @@ +package com.mfsys.aconnect.client.model; + +import jakarta.persistence.*; +import lombok.*; + +@Entity(name = "transaction_permissions") +@Table(name = "transaction_permissions") +@Data +@NoArgsConstructor +@AllArgsConstructor +public class TransactionPermission { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @Column(name = "user_id", nullable = false) + private String userId; + + @Column(name = "transaction_endpoint", nullable = false) + private String transactionEndpoint; + + @Column(name = "is_allowed", nullable = false, columnDefinition = "TINYINT(1)") + private boolean isAllowed; +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/repository/TransactionPermissionRepository.java b/aconnect/src/main/java/com/mfsys/aconnect/client/repository/TransactionPermissionRepository.java new file mode 100644 index 0000000..3b89c2a --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/repository/TransactionPermissionRepository.java @@ -0,0 +1,17 @@ +package com.mfsys.aconnect.client.repository; + +import com.mfsys.aconnect.client.model.TransactionPermission; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.stereotype.Repository; + +import java.util.List; +import java.util.Optional; + +@Repository +public interface TransactionPermissionRepository extends JpaRepository { + List findByUserId(String userId); + Optional findByUserIdAndTransactionEndpoint(String userId, String transactionEndpoint); + @Modifying + void deleteByUserId(String userId); +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/AuthService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/AuthService.java index 9daedc7..60b5953 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/AuthService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/AuthService.java @@ -33,7 +33,7 @@ public class AuthService { HttpEntity> request = new HttpEntity<>(requestPayload, headers); try { - ResponseEntity response = restTemplate.postForEntity(securityURI, request, String.class); + ResponseEntity response = restTemplate.postForEntity(securityURI+"/security/auth/user", request, String.class); JsonNode jsonNode = objectMapper.readTree(response.getBody()); Map result = new HashMap<>(); diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/ThirdPartyUserService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/ThirdPartyUserService.java new file mode 100644 index 0000000..a57c9f3 --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/ThirdPartyUserService.java @@ -0,0 +1,71 @@ +package com.mfsys.aconnect.client.service; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.mfsys.aconnect.client.dto.ThirdPartyUserDTO; +import com.mfsys.aconnect.configuration.config.WebClientConfig; +import com.mfsys.aconnect.usermanagement.dto.UserDTOs; +import com.mfsys.aconnect.usermanagement.model.Role; +import com.mfsys.aconnect.usermanagement.service.UserService; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Service; +import org.springframework.http.*; +import java.util.Map; + +@Service +public class ThirdPartyUserService { + + @Value("${app.security.uri}") + private String securityURI; + + private final WebClientConfig webClientConfig; + private final UserService userService; + private final ObjectMapper objectMapper; + + public ThirdPartyUserService(WebClientConfig webClientConfig, UserService userService, ObjectMapper objectMapper){ + this.webClientConfig = webClientConfig; + this.userService = userService; + this.objectMapper = objectMapper; + } + + public Object createThirdPartyUser(ThirdPartyUserDTO request, String token){ + String porOrgacode = request.getPorOrgacode(); + String url = securityURI + "/security/user"; + + HttpHeaders headers = new HttpHeaders(); + headers.set("Authorization", token); + headers.set("POR_ORGACODE", porOrgacode); + headers.set("SUS_USERCODE", request.getUsercode()); + headers.setContentType(MediaType.APPLICATION_JSON); + + ResponseEntity response = webClientConfig.post(url, request, headers); + if (response.getStatusCode().is2xxSuccessful()) { + saveToAconnect(request); + } + return response.getBody(); + } + + private void saveToAconnect(ThirdPartyUserDTO request) { + try { + Map payloadMap = objectMapper.readValue(request.getPayload(), Map.class); + + UserDTOs.UserRequest userRequest = new UserDTOs.UserRequest(); + userRequest.setUserId(getStr(payloadMap, "SUS_USERCODE")); + userRequest.setPorOrgacode(getStr(payloadMap, "POR_ORGACODE")); + userRequest.setUserFullname(getStr(payloadMap, "SUS_NAME")); + userRequest.setPassword(getStr(payloadMap, "SUS_PASSWORD")); + userRequest.setEmail(getStr(payloadMap, "SUS_EMAIL")); + userRequest.setRole(Role.USER); + + userService.createUser(userRequest); + + } catch (Exception e) { + System.err.println("Failed to save third party user to Aconnect: " + e.getMessage()); + } + } + + private String getStr(Map map, String key) { + Object val = map.get(key); + return val != null ? val.toString() : null; + } + +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java new file mode 100644 index 0000000..216c56d --- /dev/null +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java @@ -0,0 +1,59 @@ +package com.mfsys.aconnect.client.service; + +import com.mfsys.aconnect.client.dto.TransactionPermissionDTO; +import com.mfsys.aconnect.client.model.TransactionPermission; +import com.mfsys.aconnect.client.repository.TransactionPermissionRepository; +import jakarta.transaction.Transactional; +import org.springframework.stereotype.Service; +import java.util.List; +import java.util.stream.Collectors; + +@Service +public class TransactionPermissionService { + + private final TransactionPermissionRepository permissionRepository; + public TransactionPermissionService(TransactionPermissionRepository permissionRepository) { + this.permissionRepository = permissionRepository; + } + + @Transactional + public List assignPermissions(TransactionPermissionDTO.AssignPermissionsRequest request, String token) { + String porOrgacode = request.getPorOrgacode(); + permissionRepository.deleteByUserId(request.getUserId()); + List permissions = request.getTransactionEndpoints().stream() + .map(endpoint -> { + TransactionPermission p = new TransactionPermission(); + p.setUserId(request.getUserId()); + p.setTransactionEndpoint(endpoint); + p.setAllowed(true); + return p; + }) + .collect(Collectors.toList()); + List saved = permissionRepository.saveAll(permissions); + return saved.stream().map(this::mapToResponse).collect(Collectors.toList()); + } + + public List getUserPermissions(String userId, String token) { + return permissionRepository.findByUserId(userId) + .stream() + .map(this::mapToResponse) + .collect(Collectors.toList()); + } + + public boolean isAllowed(String userId, String transactionEndpoint) { + return permissionRepository + .findByUserIdAndTransactionEndpoint(userId, transactionEndpoint) + .map(TransactionPermission::isAllowed) + .orElse(false); + } + + private TransactionPermissionDTO.PermissionResponse mapToResponse(TransactionPermission p) { + TransactionPermissionDTO.PermissionResponse response = new TransactionPermissionDTO.PermissionResponse(); + response.setId(p.getId()); + response.setUserId(p.getUserId()); + response.setTransactionEndpoint(p.getTransactionEndpoint()); + response.setAllowed(p.isAllowed()); + return response; + } + +} diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionService.java index f0ea2e2..f7a5ada 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionService.java @@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Service; +import com.mfsys.aconnect.client.model.TransactionEndpoint; import org.springframework.http.HttpHeaders; @@ -29,9 +30,11 @@ public class TransactionService { private final WebClientConfig webClientService; private final TransactionLogService transactionLogService; - public TransactionService(WebClientConfig webClientService, TransactionLogService transactionLogService) { + private final TransactionPermissionService permissionService; + public TransactionService(WebClientConfig webClientService, TransactionLogService transactionLogService, TransactionPermissionService permissionService) { this.webClientService = webClientService; this.transactionLogService = transactionLogService; + this.permissionService = permissionService; } public ResponseEntity getActiveAccountDetails(String porOrgacode, String mbmBkmsnumber, LocalDate sgtGntrvaluedate, String tokenHeader, String userCode) { @@ -54,6 +57,9 @@ public class TransactionService { public ResponseEntity processAccountTransaction(AccountGLTransactionRequest accountGLTransactionRequest, String tokenHeader) { + if (!permissionService.isAllowed(accountGLTransactionRequest.getSgtGntrcreateusr(), TransactionEndpoint.ACCOUNT_TO_GL.getCode())) { + throw new TransactionNotAllowedException(accountGLTransactionRequest.getPorOrgacode()); + } Double creditAmount = accountGLTransactionRequest.getCreditGl().getSgtGntramtfc(); Double debitAmount = accountGLTransactionRequest.getDebitAcc().getSgtGntramtfc(); @@ -93,6 +99,9 @@ public class TransactionService { } public Object processGLTransaction(GLtoGLRequest gLtoGLRequest, String tokenHeader) { + if (!permissionService.isAllowed(gLtoGLRequest.getSgtGntrcreateusr(), TransactionEndpoint.GL_TO_GL.getCode())) { + throw new TransactionNotAllowedException(gLtoGLRequest.getPorOrgacode()); + } Double creditAmount = gLtoGLRequest.getCreditGl().getSgtGntramtfc(); Double debitAmount = gLtoGLRequest.getDebitGl().getSgtGntramtfc(); @@ -145,6 +154,9 @@ public class TransactionService { } public Object processAccToAccTransaction(AccountToAccountDTO accountToAccountDTO, String tokenHeader) { + if (!permissionService.isAllowed(accountToAccountDTO.getSgtGntrcreateusr(), TransactionEndpoint.ACCOUNT_TO_ACCOUNT.getCode())) { + throw new TransactionNotAllowedException(accountToAccountDTO.getPorOrgacode()); + } BigDecimal creditAmount = accountToAccountDTO.getCreditAcc().getSgtGntramtfc(); BigDecimal debitAmount = accountToAccountDTO.getDebitAcc().getSgtGntramtfc(); @@ -196,6 +208,9 @@ public class TransactionService { } public Object processGLtoAccTransaction(GlToAccountDTO glToAccountDTO, String tokenHeader) { + if (!permissionService.isAllowed(glToAccountDTO.getSgtGntrcreateusr(), TransactionEndpoint.GL_TO_ACCOUNT.getCode())) { + throw new TransactionNotAllowedException(glToAccountDTO.getPorOrgacode()); + } BigDecimal creditAmount = glToAccountDTO.getCreditAcc().getSgtGntramtfc(); BigDecimal debitAmount = glToAccountDTO.getDebitGl().getSgtGntramtfc(); diff --git a/aconnect/src/main/resources/application-dev.properties b/aconnect/src/main/resources/application-dev.properties index 778d675..2102d57 100644 --- a/aconnect/src/main/resources/application-dev.properties +++ b/aconnect/src/main/resources/application-dev.properties @@ -1,4 +1,4 @@ -app.security.uri=http://localhost:9090/security/auth/user +app.security.uri=http://localhost:9090 app.deposit.uri=http://localhost:9095 app.generalledger.uri=http://localhost:9093 app.onlinebanking.uri=http://localhost:9099 diff --git a/common/src/main/java/com/mfsys/common/configuration/constant/AconnectURI.java b/common/src/main/java/com/mfsys/common/configuration/constant/AconnectURI.java index 94f543a..01bd0f3 100644 --- a/common/src/main/java/com/mfsys/common/configuration/constant/AconnectURI.java +++ b/common/src/main/java/com/mfsys/common/configuration/constant/AconnectURI.java @@ -6,6 +6,7 @@ public interface AconnectURI { String DEPOSIT = "/deposit"; String CRM = "/crm"; String LOAN = "/loan"; + String CREATE_THIRD_PARTY_USER = "/createThirdPartyUser"; String GENERALLEDGER = "/generalledger"; String SIGNIN = "/signin"; String TRANSACTION_URI = "/transactions"; @@ -17,8 +18,12 @@ public interface AconnectURI { String BUSINESS = "/business"; String REVERSE_URI = "/reversal"; String AUTHORIZATION_URI = "/authorizations"; + String TRANSACTION_PERMISSIONS = "/transaction-permissions"; String DEPOSIT_AUTHORIZATION_URI = DEPOSIT + AUTHORIZATION_URI; String GENERALLEDGER_AUTHORIZATION_URI = GENERALLEDGER + AUTHORIZATION_URI; + String ASSIGN_PERMISSIONS = TRANSACTION_PERMISSIONS + "/assign"; + String GET_TRANSACTION_PERMISSIONS = TRANSACTION_PERMISSIONS + "/{userId}"; + String GET_TRANSACTION_ENDPOINTS = TRANSACTION_PERMISSIONS + "/endpoints"; // Cancellation String DEPOSIT_CANCELLATION_URI = DEPOSIT + TRANSACTION_URI + CANCEL_URI; diff --git a/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java b/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java index 9204c78..796b5c3 100644 --- a/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java +++ b/common/src/main/java/com/mfsys/common/configuration/constant/ERRCode.java @@ -17,7 +17,8 @@ public enum ERRCode implements ErrorMessage { MISSING_ACCOUNT_NUMBER("ERR_ACCT_0001","Account number is required"), SAMEACCOUNTNUMBER("ERR_ACCT_0002","Account number must be different"), PREVIOUS_DAY_CANCELLATION("ERR_TRX_0004","Previous day transactions cannot be cancelled"), - TRANSACTION_NOT_FOUND_EXCEPTION("ERR_TRX_0005","Previous day transaction not found"); + TRANSACTION_NOT_FOUND_EXCEPTION("ERR_TRX_0005","Previous day transaction not found"), + TRANSACTION_NOT_ALLOWED_EXCEPTION("ERR_TRX_0006","User not allowed to perform this transaction"); From 4937c1d671ae99b180cb7ed8cee639df5d9a6c08 Mon Sep 17 00:00:00 2001 From: Wasiullah Khan Jadoon Date: Mon, 6 Apr 2026 15:20:06 +0500 Subject: [PATCH 2/3] Removed CiiHive Authorization and Add TokenByPass for CreateThirdPartyUser --- .../controller/TransactionPermissionController.java | 10 +++++----- .../client/service/TransactionPermissionService.java | 4 ++-- .../common/configuration/constant/TokenBypassURI.java | 1 + 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java b/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java index 4415b06..adc703d 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/controller/TransactionPermissionController.java @@ -22,18 +22,18 @@ public class TransactionPermissionController { @PostMapping(AconnectURI.ASSIGN_PERMISSIONS) public ResponseEntity> assignPermissions( - @RequestBody TransactionPermissionDTO.AssignPermissionsRequest request, @RequestHeader("Authorization") String token) { - return new ResponseEntity<>(permissionService.assignPermissions(request, token), HttpStatus.CREATED); + @RequestBody TransactionPermissionDTO.AssignPermissionsRequest request) { + return new ResponseEntity<>(permissionService.assignPermissions(request), HttpStatus.CREATED); } @GetMapping(AconnectURI.GET_TRANSACTION_PERMISSIONS) public ResponseEntity> getUserPermissions( - @PathVariable String userId, @RequestHeader("Authorization") String token) { - return ResponseEntity.ok(permissionService.getUserPermissions(userId, token)); + @PathVariable String userId) { + return ResponseEntity.ok(permissionService.getUserPermissions(userId)); } @GetMapping(AconnectURI.GET_TRANSACTION_ENDPOINTS) - public ResponseEntity> getAllEndpoints(@RequestHeader("Authorization") String token) { + public ResponseEntity> getAllEndpoints() { List endpoints = Arrays.stream(TransactionEndpoint.values()) .map(TransactionEndpoint::getCode) .collect(Collectors.toList()); diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java index 216c56d..fd30f19 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionPermissionService.java @@ -17,7 +17,7 @@ public class TransactionPermissionService { } @Transactional - public List assignPermissions(TransactionPermissionDTO.AssignPermissionsRequest request, String token) { + public List assignPermissions(TransactionPermissionDTO.AssignPermissionsRequest request) { String porOrgacode = request.getPorOrgacode(); permissionRepository.deleteByUserId(request.getUserId()); List permissions = request.getTransactionEndpoints().stream() @@ -33,7 +33,7 @@ public class TransactionPermissionService { return saved.stream().map(this::mapToResponse).collect(Collectors.toList()); } - public List getUserPermissions(String userId, String token) { + public List getUserPermissions(String userId) { return permissionRepository.findByUserId(userId) .stream() .map(this::mapToResponse) diff --git a/common/src/main/java/com/mfsys/common/configuration/constant/TokenBypassURI.java b/common/src/main/java/com/mfsys/common/configuration/constant/TokenBypassURI.java index 6ac5b36..9570cf9 100644 --- a/common/src/main/java/com/mfsys/common/configuration/constant/TokenBypassURI.java +++ b/common/src/main/java/com/mfsys/common/configuration/constant/TokenBypassURI.java @@ -9,6 +9,7 @@ public interface TokenBypassURI { "/aconnect/authentication/login", "/aconnect/authentication/signup", "/aconnect/signin", + "/aconnect/createThirdPartyUser", "/aconnect/deposit/uploadDocument", "/aconnect/crm/uploadDocument", From a6b7078306722e690b6279bdb787850a2bca3110 Mon Sep 17 00:00:00 2001 From: Wasiullah Khan Jadoon Date: Mon, 6 Apr 2026 17:53:31 +0500 Subject: [PATCH 3/3] Added permission check for Authorization, rejection, reversal and cancellation of transactions --- .../client/model/TransactionEndpoint.java | 14 +++++++++++++- .../service/CancellationTransactionService.java | 13 ++++++++++++- .../client/service/RejectTransactionService.java | 12 +++++++++++- .../service/ReversalTransactionService.java | 12 +++++++++++- .../service/TransactionAuthorizationService.java | 15 +++++++++++++-- 5 files changed, 60 insertions(+), 6 deletions(-) diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java b/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java index 261580c..1116849 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/model/TransactionEndpoint.java @@ -7,7 +7,19 @@ public enum TransactionEndpoint { ACCOUNT_TO_GL(AconnectURI.TRANSACTION_ACCOUNT_GL_URI), GL_TO_GL(AconnectURI.TRANSACTION_GL_GL_URI), ACCOUNT_TO_ACCOUNT(AconnectURI.ACCOUNT_TO_ACCOUNT_TRANSACTION_URI), - GL_TO_ACCOUNT(AconnectURI.GL_TO_ACCOUNT_TRANSACTION_URI); + GL_TO_ACCOUNT(AconnectURI.GL_TO_ACCOUNT_TRANSACTION_URI), + + DEPOSIT_REJECTION(AconnectURI.DEPOSIT_TRANSACTION_REJECT_URI), + GL_REJECTION(AconnectURI.GENERALLEDGER_TRANSACTION_REJECT_URI), + + DEPOSIT_REVERSAL(AconnectURI.DEPOSIT_TRANSACTION_REVERSAL_URI), + GL_REVERSAL(AconnectURI.GENERALLEDGER_TRANSACTION_REVERSAL_URI), + + DEPOSIT_CANCELLATION(AconnectURI.DEPOSIT_CANCELLATION_URI), + GL_CANCELLATION(AconnectURI.GENERALLEDGER_CANCELLATION_URI), + + DEPOSIT_AUTHORIZATION(AconnectURI.DEPOSIT_AUTHORIZATION_URI), + GL_AUTHORIZATION(AconnectURI.GENERALLEDGER_AUTHORIZATION_URI); private final String code; diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/CancellationTransactionService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/CancellationTransactionService.java index 60c7443..0fab668 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/CancellationTransactionService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/CancellationTransactionService.java @@ -3,7 +3,9 @@ package com.mfsys.aconnect.client.service; import com.mfsys.aconnect.client.dto.DepositCancellationDTO; import com.mfsys.aconnect.client.dto.GLCancellationDTO; import com.mfsys.aconnect.client.exception.PreviousDayCancellationException; +import com.mfsys.aconnect.client.exception.TransactionNotAllowedException; import com.mfsys.aconnect.client.exception.TransactionNotFoundException; +import com.mfsys.aconnect.client.model.TransactionEndpoint; import com.mfsys.aconnect.client.model.TransactionLog; import com.mfsys.aconnect.client.repository.TransactionLogRepository; import com.mfsys.aconnect.configuration.config.WebClientConfig; @@ -27,12 +29,18 @@ public class CancellationTransactionService { private final WebClientConfig webClientConfig; private final TransactionLogRepository transactionLogRepository; - public CancellationTransactionService(WebClientConfig webClientConfig, TransactionLogRepository transactionLogRepository) { + private final TransactionPermissionService permissionService; + public CancellationTransactionService(WebClientConfig webClientConfig, TransactionLogRepository transactionLogRepository, + TransactionPermissionService permissionService) { this.webClientConfig = webClientConfig; this.transactionLogRepository = transactionLogRepository; + this.permissionService = permissionService; } public ResponseEntity processDepositCancellationTransaction(DepositCancellationDTO depositCancellationDTO, String tokenHeader) { + if (!permissionService.isAllowed(depositCancellationDTO.getSusUsercode(), TransactionEndpoint.DEPOSIT_CANCELLATION.getCode())) { + throw new TransactionNotAllowedException(depositCancellationDTO.getPorOrgacode()); + } String porOrgacode = depositCancellationDTO.getPorOrgacode(); // TransactionLog log = transactionLogRepository @@ -62,6 +70,9 @@ public class CancellationTransactionService { } public ResponseEntity processGLCancellationTransaction(GLCancellationDTO glCancellationDTO, String tokenHeader) { + if (!permissionService.isAllowed(glCancellationDTO.getSusUsercode(), TransactionEndpoint.GL_CANCELLATION.getCode())) { + throw new TransactionNotAllowedException(glCancellationDTO.getPorOrgacode()); + } String porOrgacode = glCancellationDTO.getPorOrgacode(); // TransactionLog log = transactionLogRepository diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/RejectTransactionService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/RejectTransactionService.java index a18c71c..eca30a5 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/RejectTransactionService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/RejectTransactionService.java @@ -1,6 +1,8 @@ package com.mfsys.aconnect.client.service; import com.mfsys.aconnect.client.dto.DepositRejectDTO; +import com.mfsys.aconnect.client.exception.TransactionNotAllowedException; +import com.mfsys.aconnect.client.model.TransactionEndpoint; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.*; import org.springframework.stereotype.Service; @@ -18,11 +20,16 @@ public class RejectTransactionService { private String generalledgerURI; private final WebClientConfig webClientConfig; - public RejectTransactionService(WebClientConfig webClientConfig) { + private final TransactionPermissionService permissionService; + public RejectTransactionService(WebClientConfig webClientConfig, TransactionPermissionService permissionService) { this.webClientConfig = webClientConfig; + this.permissionService = permissionService; } public ResponseEntity processDepositRejectionTransaction(DepositRejectDTO rejectRequest, String tokenHeader) { + if (!permissionService.isAllowed(rejectRequest.getSusUsercode(), TransactionEndpoint.DEPOSIT_REJECTION.getCode())) { + throw new TransactionNotAllowedException(rejectRequest.getPorOrgacode()); + } String porOrgacode = rejectRequest.getPorOrgacode(); String url = depositURI + "/deposit/" + "/organizations/" + porOrgacode + "/transactions" + ACONNECT +"/rejection"; HttpHeaders headers = new HttpHeaders(); @@ -39,6 +46,9 @@ public class RejectTransactionService { } public ResponseEntity processGLRejectionTransaction(DepositRejectDTO rejectRequest, String tokenHeader) { + if (!permissionService.isAllowed(rejectRequest.getSusUsercode(), TransactionEndpoint.GL_REJECTION.getCode())) { + throw new TransactionNotAllowedException(rejectRequest.getPorOrgacode()); + } String porOrgacode = rejectRequest.getPorOrgacode(); String url = generalledgerURI + "/generalledger/" + "/organizations/" + porOrgacode + "/transactions" + ACONNECT +"/rejection"; HttpHeaders headers = new HttpHeaders(); diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/ReversalTransactionService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/ReversalTransactionService.java index b4fc070..7968d00 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/ReversalTransactionService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/ReversalTransactionService.java @@ -2,6 +2,8 @@ package com.mfsys.aconnect.client.service; import com.mfsys.aconnect.client.dto.DepositReversalDTO; import com.mfsys.aconnect.client.dto.GLReversalDTO; +import com.mfsys.aconnect.client.exception.TransactionNotAllowedException; +import com.mfsys.aconnect.client.model.TransactionEndpoint; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.*; import org.springframework.stereotype.Service; @@ -19,12 +21,17 @@ public class ReversalTransactionService { private String generalledgerURI; private final WebClientConfig webClientConfig; - public ReversalTransactionService(WebClientConfig webClientConfig) { + private final TransactionPermissionService permissionService; + public ReversalTransactionService(WebClientConfig webClientConfig, TransactionPermissionService permissionService) { this.webClientConfig = webClientConfig; + this.permissionService = permissionService; } public ResponseEntity processDepositReversalTransaction(DepositReversalDTO reversalRequest, String tokenHeader) { + if (!permissionService.isAllowed(reversalRequest.getSusUsercode(), TransactionEndpoint.DEPOSIT_REVERSAL.getCode())) { + throw new TransactionNotAllowedException(reversalRequest.getPorOrgacode()); + } String porOrgacode = reversalRequest.getPorOrgacode(); String nodeID = reversalRequest.getNodeId(); String sgtGntrtranlink = reversalRequest.getSgtGntrtranlink(); @@ -45,6 +52,9 @@ public class ReversalTransactionService { public ResponseEntity processGLReversalTransaction(GLReversalDTO reversalRequest, String tokenHeader) { + if (!permissionService.isAllowed(reversalRequest.getSusUsercode(), TransactionEndpoint.GL_REVERSAL.getCode())) { + throw new TransactionNotAllowedException(reversalRequest.getPorOrgacode()); + } String porOrgacode = reversalRequest.getPorOrgacode(); String nodeID = reversalRequest.getNodeId(); String sgtGntrtranlink = reversalRequest.getSgtGntrtranlink(); diff --git a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionAuthorizationService.java b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionAuthorizationService.java index a47d8c9..b59c994 100644 --- a/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionAuthorizationService.java +++ b/aconnect/src/main/java/com/mfsys/aconnect/client/service/TransactionAuthorizationService.java @@ -2,6 +2,8 @@ package com.mfsys.aconnect.client.service; import com.mfsys.aconnect.client.dto.DepositAuthorizationRequest; import com.mfsys.aconnect.client.dto.GLAuthorizationDTO; +import com.mfsys.aconnect.client.exception.TransactionNotAllowedException; +import com.mfsys.aconnect.client.model.TransactionEndpoint; import com.mfsys.aconnect.configuration.config.WebClientConfig; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.*; @@ -19,10 +21,16 @@ public class TransactionAuthorizationService { private String generalledgerURI; private final WebClientConfig webClientConfig; - public TransactionAuthorizationService(WebClientConfig webClientConfig) { - this.webClientConfig = webClientConfig;} + private final TransactionPermissionService permissionService; + public TransactionAuthorizationService(WebClientConfig webClientConfig, TransactionPermissionService permissionService) { + this.webClientConfig = webClientConfig; + this.permissionService = permissionService; + } public ResponseEntity processDepositAuthTransaction(DepositAuthorizationRequest authorizationRequest, String tokenHeader) { + if (!permissionService.isAllowed(authorizationRequest.getSusUsercode(), TransactionEndpoint.DEPOSIT_AUTHORIZATION.getCode())) { + throw new TransactionNotAllowedException(authorizationRequest.getPorOrgacode()); + } String porOrgacode = authorizationRequest.getPorOrgacode(); String url = depositURI + "/deposit/" + "/organizations/" + porOrgacode + "/transactions" + ACONNECT + "/authorizations"; HttpHeaders headers = new HttpHeaders(); @@ -40,6 +48,9 @@ public class TransactionAuthorizationService { } public ResponseEntity processGLAuthTransaction(GLAuthorizationDTO authorizationRequest, String tokenHeader) { + if (!permissionService.isAllowed(authorizationRequest.getSusUsercode(), TransactionEndpoint.GL_AUTHORIZATION.getCode())) { + throw new TransactionNotAllowedException(authorizationRequest.getPorOrgacode()); + } String porOrgacode = authorizationRequest.getPorOrgacode(); String url = generalledgerURI + "/generalledger/" + "/organizations/" + porOrgacode + "/transactions/authorizations"; HttpHeaders headers = new HttpHeaders();