@@ -8,7 +8,7 @@ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
88import code .api .ResourceDocs1_4_0 .{ResourceDocs140 , ResourceDocsAPIMethodsUtil }
99import code .api .util .APIUtil .{EmptyBody , _ }
1010import code .api .util .{APIUtil , ApiRole , ApiVersionUtils , CallContext , CustomJsonFormats , Glossary , NewStyle }
11- import code .api .util .ApiRole .{canCreateEntitlementAtAnyBank , canCreateEntitlementAtOneBank , canCreateOrganisation , canCreateRoutingScheme , canDeleteEntitlementAtAnyBank , canDeleteOrganisation , canDeleteRoutingScheme , canGetAccountAccessTrace , canGetAnyOrganisation , canGetAnyUser , canGetCacheConfig , canGetCacheInfo , canGetCacheNamespaces , canGetConnectorHealth , canGetCustomersAtOneBank , canGetDatabasePoolInfo , canGetMigrations , canUpdateBankSupportedRoutingScheme , canUpdateOrganisation , canUpdateRoutingScheme }
11+ import code .api .util .ApiRole .{canCreateEntitlementAtAnyBank , canCreateEntitlementAtOneBank , canCreateOrganisation , canCreateRoutingScheme , canDeleteEntitlementAtAnyBank , canDeleteOrganisation , canDeleteRoutingScheme , canGetAccountAccessTrace , canGetAnyOrganisation , canGetAnyUser , canGetCacheConfig , canGetCacheInfo , canGetCacheNamespaces , canGetConnectorHealth , canGetCustomersAtOneBank , canGetDatabasePoolInfo , canGetMigrations , canUpdateBankSupportedRoutingScheme , canUpdateOrganisation , canUpdateRoutingScheme , canUpdateSystemView }
1212import code .api .util .ApiTag ._
1313import code .api .util .ErrorMessages ._
1414import code .api .util .http4s .{ErrorResponseConverter , Http4sRequestAttributes , IdempotencyMiddleware , RequestScopeConnection , ResourceDocMiddleware }
@@ -18,6 +18,7 @@ import code.api.v1_4_0.JSONFactory1_4_0
1818import code .api .v2_0_0 .{BasicViewJson , CreateEntitlementJSON , JSONFactory200 }
1919import code .api .v4_0_0 .JSONFactory400
2020import code .api .v6_0_0 .{BasicAccountJsonV600 , BasicAccountsJsonV600 , BankJsonV600 , CacheConfigJsonV600 , CacheInfoJsonV600 , CacheNamespaceInfoJsonV600 , CacheNamespaceJsonV600 , CacheNamespacesJsonV600 , ConnectorInfoJsonV600 , ConnectorsJsonV600 , DatabasePoolInfoJsonV600 , FeaturesJsonV600 , InMemoryCacheStatusJsonV600 , JSONFactory600 , RedisCacheStatusJsonV600 , StoredProcedureConnectorHealthJsonV600 , UserV600 }
21+ import code .api .v6_0_0 .JSONFactory600 .ViewJsonV600
2122import code .api .cache .Redis
2223import code .bankconnectors .storedprocedure .StoredProcedureUtils
2324import code .migration .MigrationScriptLogProvider
@@ -150,7 +151,7 @@ object Http4s700 {
150151 }
151152 }
152153
153- object Implementations7_0_0 {
154+ object Implementations7_0_0 extends code.util. Helper . MdcLoggable {
154155
155156 // Common prefix: /obp/v7.0.0
156157 val prefixPath = Root / ApiPathZero .toString / implementedInApiVersion.toString
@@ -3437,6 +3438,87 @@ object Http4s700 {
34373438 // ── End BULK ──────────────────────────────────────────────────────────────
34383439
34393440 // ── Test-only rollback endpoint ───────────────────────────────────────────
3441+ // Route: POST /obp/v7.0.0/management/system-views/VIEW_ID/factory-reset
3442+ //
3443+ // Reset an existing system view's permissions and view-level flags to the
3444+ // code-defined defaults. The ViewDefinition row is preserved so any
3445+ // AccountAccess records that reference this view remain valid — only the
3446+ // contents of the view are wiped and rewritten.
3447+ //
3448+ // Each successful invocation is audit-logged at INFO level with the
3449+ // calling user_id and the reset view_id; this is a high-impact admin
3450+ // action and we want a trace of who reset what.
3451+ val factoryResetSystemView : HttpRoutes [IO ] = HttpRoutes .of[IO ] {
3452+ case req @ POST -> `prefixPath` / " management" / " system-views" / viewIdStr / " factory-reset" =>
3453+ EndpointHelpers .withUser(req) { (user, cc) =>
3454+ val viewId = ViewId (viewIdStr)
3455+ for {
3456+ view <- ViewNewStyle .factoryResetSystemView(viewId, Some (cc))
3457+ } yield {
3458+ logger.info(
3459+ s " AUDIT factoryResetSystemView: user_id= ${user.userId} provider= ${user.provider} " +
3460+ s " view_id= ${viewId.value} permissions_count= ${view.allowed_actions.size}"
3461+ )
3462+ JSONFactory600 .createViewJsonV600(view)
3463+ }
3464+ }
3465+ }
3466+
3467+ resourceDocs += ResourceDoc (
3468+ null ,
3469+ implementedInApiVersion,
3470+ nameOf(factoryResetSystemView),
3471+ " POST" ,
3472+ " /management/system-views/VIEW_ID/factory-reset" ,
3473+ " Factory Reset a System View" ,
3474+ s """ Reset the system view identified by VIEW_ID to the code-defined defaults.
3475+ |
3476+ |This wipes the view's existing permissions and re-applies whatever the
3477+ |running OBP-API code currently defines as the default permission set
3478+ |for that system view id. View-level flags (name, description, is_firehose,
3479+ |alias settings, is_public) are also restored to defaults.
3480+ |
3481+ |The underlying view row is preserved, so any AccountAccess records that
3482+ |grant users this view on specific accounts remain in place — only the
3483+ |contents of the view itself are reset.
3484+ |
3485+ |Each successful invocation is audit-logged with the calling user_id and
3486+ |the reset view_id.
3487+ |
3488+ | ${userAuthenticationMessage(true )}""" .stripMargin,
3489+ EmptyBody ,
3490+ ViewJsonV600 (
3491+ bank_id = " " ,
3492+ account_id = " " ,
3493+ view_id = " auditor" ,
3494+ view_name = " Auditor" ,
3495+ description = " auditor" ,
3496+ metadata_view = " " ,
3497+ is_public = false ,
3498+ is_system = true ,
3499+ is_firehose = Some (false ),
3500+ alias = " " ,
3501+ hide_metadata_if_alias_used = false ,
3502+ can_grant_access_to_views = Nil ,
3503+ can_revoke_access_to_views = Nil ,
3504+ allowed_actions = List (
3505+ " can_see_bank_account_balance" ,
3506+ " can_see_transaction_amount" ,
3507+ " can_add_comment" ,
3508+ " can_add_tag"
3509+ )
3510+ ),
3511+ List (
3512+ $AuthenticatedUserIsRequired ,
3513+ UserHasMissingRoles ,
3514+ SystemViewNotFound ,
3515+ UnknownError
3516+ ),
3517+ apiTagSystemView :: Nil ,
3518+ Some (List (canUpdateSystemView)),
3519+ http4sPartialFunction = Some (factoryResetSystemView)
3520+ )
3521+
34403522 // Enabled only in Lift test mode (Props.testMode == true, i.e. -Drun.mode=test).
34413523 // Props.testMode is set from the JVM system property before any props file loads,
34423524 // so it is reliably available at object-initialization time unlike file-based props.
0 commit comments