FF-212: Validate accessibility for create operations (#289)

* Check wallet accessibility upon creting withdrawals and p2p transfers * Check identity accessibility for other creations * Use existing party in test because now it's being checked * Rename type tranfer_wallet() -> wallet_class()
2024-11-06 02:35:18 +00:00 · 2020-09-01 14:12:28 +03:00 · 2020-09-01 14:12:28 +03:00 · bb668eb378
commit bb668eb378
parent 87072db6dc
7 changed files with 22 additions and 5 deletions
--- a/apps/ff_transfer/src/ff_instrument.erl
+++ b/apps/ff_transfer/src/ff_instrument.erl
@ -165,6 +165,7 @@ create(Params = #{
        Identity = ff_identity_machine:identity(unwrap(identity, ff_identity_machine:get(IdentityID))),
        Currency = unwrap(currency, ff_currency:get(CurrencyID)),
        Events = unwrap(ff_account:create(ID, Identity, Currency)),
+        accessible = unwrap(identity, ff_identity:is_accessible(Identity)),
        CreatedAt = ff_time:now(),
        [{created, genlib_map:compact(#{
            version => ?ACTUAL_FORMAT_VERSION,
--- a/apps/ff_transfer/src/ff_withdrawal.erl
+++ b/apps/ff_transfer/src/ff_withdrawal.erl
@ -402,6 +402,7 @@ create(Params) ->
        Timestamp = ff_maybe:get_defined(quote_timestamp(Quote), CreatedAt),
        DomainRevision = ensure_domain_revision_defined(quote_domain_revision(Quote)),
        Wallet = unwrap(wallet, get_wallet(WalletID)),
+        accessible = unwrap(wallet, ff_wallet:is_accessible(Wallet)),
        Destination = unwrap(destination, get_destination(DestinationID)),
        Resource = unwrap(destination_resource, ff_destination:resource_full(Destination, ResourceDescriptor)),

--- a/apps/fistful/src/ff_identity.erl
+++ b/apps/fistful/src/ff_identity.erl
@ -222,6 +222,7 @@ set_blocking(Identity) ->

 create(Params = #{id := ID, party := Party, provider := ProviderID, class := ClassID}) ->
    do(fun () ->
+        accessible = unwrap(party, ff_party:is_accessible(Party)),
        Provider = unwrap(provider, ff_provider:get(ProviderID)),
        Class = unwrap(identity_class, ff_provider:get_identity_class(ClassID, Provider)),
        LevelID = ff_identity_class:initial_level(Class),
--- a/apps/fistful/test/ff_identity_SUITE.erl
+++ b/apps/fistful/test/ff_identity_SUITE.erl
@ -69,12 +69,13 @@ get_missing_fails(_C) ->
    ID = genlib:unique(),
    {error, notfound} = ff_identity_machine:get(ID).

-create_missing_fails(_C) ->
+create_missing_fails(C) ->
    ID = genlib:unique(),
+    Party = create_party(C),
    {error, {provider, notfound}} = ff_identity_machine:create(
        #{
            id       => ID,
-            party    => <<"party">>,
+            party    => Party,
            provider => <<"who">>,
            class    => <<"person">>
        },
@ -83,7 +84,7 @@ create_missing_fails(_C) ->
    {error, {identity_class, notfound}} = ff_identity_machine:create(
        #{
            id       => ID,
-            party    => <<"party">>,
+            party    => Party,
            provider => <<"good-one">>,
            class    => <<"nosrep">>
        },
--- a/apps/w2w/src/w2w_transfer.erl
+++ b/apps/w2w/src/w2w_transfer.erl
@ -70,9 +70,11 @@
    balance := cash()
 }.

+-type wallet_class() :: wallet_from | wallet_to.
+
 -type create_error() ::
-    {wallet_from, notfound} |
-    {wallet_to, notfound} |
+    {wallet_class(), notfound} |
+    {wallet_class(), ff_wallet:inaccessibility()} |
    {terms, ff_party:validate_w2w_transfer_creation_error()} |
    {inconsistent_currency, {
        W2WTransfer :: currency_id(),
@ -247,6 +249,8 @@ create(Params) ->
        DomainRevision = ff_domain_config:head(),
        WalletFrom = unwrap(wallet_from, get_wallet(WalletFromID)),
        WalletTo = unwrap(wallet_to, get_wallet(WalletToID)),
+        accessible = unwrap(wallet_from, ff_wallet:is_accessible(WalletFrom)),
+        accessible = unwrap(wallet_to,   ff_wallet:is_accessible(WalletTo)),
        Identity = get_wallet_identity(WalletFrom),
        PartyID = ff_identity:party(Identity),
        {ok, PartyRevision} = ff_party:get_revision(PartyID),
--- a/apps/wapi/src/wapi_wallet_ff_backend.erl
+++ b/apps/wapi/src/wapi_wallet_ff_backend.erl
@ -158,6 +158,7 @@ get_identity(IdentityId, Context) ->
 -spec create_identity(params(), ctx()) -> result(map(),
    {provider, notfound}       |
    {identity_class, notfound} |
+    {inaccessible, ff_party:inaccessibility()} |
    {email, notfound}          |
    {external_id_conflict, id(), external_id()}
 ).
--- a/apps/wapi/src/wapi_wallet_handler.erl
+++ b/apps/wapi/src/wapi_wallet_handler.erl
@ -102,6 +102,8 @@ process_request('CreateIdentity', #{'Identity' := Params}, Context, Opts) ->
    case wapi_wallet_ff_backend:create_identity(Params, Context) of
        {ok, Identity = #{<<"id">> := IdentityId}} ->
            wapi_handler_utils:reply_ok(201, Identity, get_location('GetIdentity', [IdentityId], Opts));
+         {error, {inaccessible, _}} ->
+            wapi_handler_utils:reply_ok(422, wapi_handler_utils:get_error_msg(<<"Party inaccessible">>));
        {error, {provider, notfound}} ->
            wapi_handler_utils:reply_ok(422, wapi_handler_utils:get_error_msg(<<"No such provider">>));
        {error, {identity_class, notfound}} ->
@ -848,6 +850,12 @@ process_request('CreateW2WTransfer', #{'W2WTransferParameters' := Params}, Conte
        {error, {wallet_to, notfound}} ->
            wapi_handler_utils:reply_ok(422,
                wapi_handler_utils:get_error_msg(<<"No such wallet receiver">>));
+        {error, {wallet_from, {inaccessible, _}}} ->
+            wapi_handler_utils:reply_ok(422,
+                wapi_handler_utils:get_error_msg(<<"Sender wallet is unaccessible">>));
+        {error, {wallet_to, {inaccessible, _}}} ->
+            wapi_handler_utils:reply_ok(422,
+                wapi_handler_utils:get_error_msg(<<"Receiver wallet is unaccessible">>));
        {error, {terms, {terms_violation, {not_allowed_currency, _Details}}}} ->
            wapi_handler_utils:reply_ok(422,
                wapi_handler_utils:get_error_msg(<<"Currency not allowed">>));