diff --git a/server/models/Wallet.js b/server/models/Wallet.js index 336ed7be..e004cfaa 100644 --- a/server/models/Wallet.js +++ b/server/models/Wallet.js @@ -414,7 +414,7 @@ class Wallet{ if( trustRelationship.actor_wallet_id === senderWallet.getId() && trustRelationship.target_wallet_id === receiveWallet.getId() && - trustRelationship.request_type === TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.send + trustRelationship.request_type === trustType ){ return true; }else{ @@ -434,7 +434,7 @@ class Wallet{ if( trustRelationship.actor_wallet_id === receiveWallet.getId() && trustRelationship.target_wallet_id === senderWallet.getId() && - trustRelationship.request_type === TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.receive + trustRelationship.request_type === trustType ){ return true; }else{ diff --git a/server/models/Wallet.spec.js b/server/models/Wallet.spec.js index 476819f4..8107b557 100644 --- a/server/models/Wallet.spec.js +++ b/server/models/Wallet.spec.js @@ -274,9 +274,9 @@ describe("Wallet", () => { target_wallet_id: wallet.getId(), }]); const result = await wallet.hasTrust( - TrustRelationship.ENTITY_TRUST_TYPE.send, - wallet, + TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.receive, wallet2, + wallet, ); expect(result).eq(true); fn1.restore(); diff --git a/server/routes/trustRouter.js b/server/routes/trustRouter.js index eddc8c44..69674407 100644 --- a/server/routes/trustRouter.js +++ b/server/routes/trustRouter.js @@ -9,6 +9,8 @@ const helper = require("./utils"); const Session = require("../models/Session"); const TrustRelationship = require("../models/TrustRelationship"); const Joi = require("joi"); +const HttpError = require("../utils/HttpError"); + trustRouter.get('/', helper.apiKeyHandler, @@ -17,6 +19,7 @@ trustRouter.get('/', Joi.assert( req.query, Joi.object({ + wallet: Joi.string(), state: Joi.string(), type: Joi.string(), request_type: Joi.string(), @@ -34,19 +37,38 @@ trustRouter.get('/', const session = new Session(); const walletService = new WalletService(session); const trustService = new TrustService(session); - const wallet = await walletService.getById(res.locals.wallet_id); + const loggedInWallet = await walletService.getById(res.locals.wallet_id); + let wallet; + if(req.query.wallet) { + // check to see if user passed in a wallet name or id (req queries are always default strings) + const queryWallet = await walletService.getByIdOrName(req.query.wallet); + let isManaged = await loggedInWallet.hasTrust(TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.manage, loggedInWallet, queryWallet); + let isYielded = await loggedInWallet.hasTrust(TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.yield, queryWallet, loggedInWallet); + // check if we have right permissions to access the query wallet or the same as logged in wallet + if(isManaged || isYielded || loggedInWallet._id === queryWallet._id) { + wallet = queryWallet; + } + else { + throw new HttpError(401, "Do not have permission to access this wallet"); + } + } + // otherwise if no passed in wallet query, then will just look at logged in wallet + wallet = loggedInWallet; + // get all trust relationships of the logged in wallet (where logged in wallet is the actor/target/originator) const trust_relationships = await wallet.getTrustRelationships( req.query.state, req.query.type, req.query.request_type, ); const subWallets = await wallet.getSubWallets(); + // get all trust relationships of wallets managed by logged in wallet for(const sw of subWallets){ const trustRelationships = await sw.getTrustRelationships( req.query.state, req.query.type, req.query.request_type, ); + // avoid duplicates (where subwallet trust ID is the same as one of logged in wallet's trust ID) for(tr of trustRelationships){ if(trust_relationships.every(e => e.id !== tr.id)){ trust_relationships.push(tr); diff --git a/server/routes/trustRouter.spec.js b/server/routes/trustRouter.spec.js index 1d0e6585..f01104b6 100644 --- a/server/routes/trustRouter.spec.js +++ b/server/routes/trustRouter.spec.js @@ -137,6 +137,21 @@ describe("trustRouter", () => { TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.send ) }); + + it("wallet param filter working for own logged in wallet", async () => { + sinon.stub(WalletService.prototype, "getById").resolves(new Wallet(walletId)); + sinon.stub(TrustService.prototype, "convertToResponse").resolves({id:trustId}); + const fn = sinon.stub(Wallet.prototype, "getTrustRelationships").resolves([{}]); + const res = await request(app) + .get(`/?wallet=${walletId}`); + expect(res).property("statusCode").eq(200); + expect(res.body.trust_relationships).lengthOf(1); + expect(fn).calledWith( + TrustRelationship.ENTITY_TRUST_STATE_TYPE.trusted, + TrustRelationship.ENTITY_TRUST_TYPE.manage, + TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.manage + ); + }); //TODO it.skip("wrong state string should throw 422", () => { diff --git a/server/routes/walletRouter.js b/server/routes/walletRouter.js index 87cbacda..6c245595 100644 --- a/server/routes/walletRouter.js +++ b/server/routes/walletRouter.js @@ -33,6 +33,9 @@ walletRouter.get('/', for (const wallet of subWallets) { const json = await wallet.toJSON(); json.tokens_in_wallet = await tokenService.countTokenByWallet(wallet); + // Hide unnecessary fields + delete json.password; + delete json.salt; walletsJson.push(json); } @@ -48,7 +51,7 @@ walletRouter.get('/', }) ); -// TO DO: Add below route to yaml +// Don't need this route anymore? walletRouter.get('/:wallet_id/trust_relationships', helper.apiKeyHandler,