Greenstand · mzyau · Mar 1, 2021 · Mar 1, 2021 · Mar 1, 2021 · Mar 1, 2021
@@ -414,7 +414,7 @@ class Wallet{
         if(
           trustRelationship.actor_wallet_id === senderWallet.getId() &&
           trustRelationship.target_wallet_id === receiveWallet.getId() &&
-          trustRelationship.request_type === TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.send
+          trustRelationship.request_type === trustType
         ){
           return true;
         }else{
@@ -434,7 +434,7 @@ class Wallet{
         if(
           trustRelationship.actor_wallet_id === receiveWallet.getId() &&
           trustRelationship.target_wallet_id === senderWallet.getId() &&
-          trustRelationship.request_type === TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.receive
+          trustRelationship.request_type === trustType
         ){
           return true;
         }else{

@@ -274,9 +274,9 @@ describe("Wallet", () => {
         target_wallet_id: wallet.getId(),
       }]);
       const result = await wallet.hasTrust(
-        TrustRelationship.ENTITY_TRUST_TYPE.send,
-        wallet,
+        TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.receive,
         wallet2,
+        wallet,
       );
       expect(result).eq(true);
       fn1.restore();

@@ -9,6 +9,8 @@ const helper = require("./utils");
 const Session = require("../models/Session");
 const TrustRelationship = require("../models/TrustRelationship");
 const Joi = require("joi");
+const HttpError = require("../utils/HttpError");
+
 
 trustRouter.get('/',
   helper.apiKeyHandler,
@@ -17,6 +19,7 @@ trustRouter.get('/',
     Joi.assert(
       req.query,
       Joi.object({
+        wallet: Joi.string(),
         state: Joi.string(),
         type: Joi.string(),
         request_type: Joi.string(),
@@ -34,19 +37,38 @@ trustRouter.get('/',
     const session = new Session();
     const walletService = new WalletService(session);
     const trustService = new TrustService(session);
-    const wallet = await walletService.getById(res.locals.wallet_id);
+    const loggedInWallet = await walletService.getById(res.locals.wallet_id);
+    let wallet;
+    if(req.query.wallet) {
+      // check to see if user passed in a wallet name or id (req queries are always default strings)
+      const queryWallet = await walletService.getByIdOrName(req.query.wallet);
+      let isManaged = await loggedInWallet.hasTrust(TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.manage, loggedInWallet, queryWallet);
+      let isYielded = await loggedInWallet.hasTrust(TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.yield, queryWallet, loggedInWallet);
+      // check if we have right permissions to access the query wallet or the same as logged in wallet
+      if(isManaged || isYielded || loggedInWallet._id === queryWallet._id) {                
+        wallet = queryWallet;
+      }
+      else {
+        throw new HttpError(401, "Do not have permission to access this wallet");
+      }
+    }
+    // otherwise if no passed in wallet query, then will just look at logged in wallet
+    wallet = loggedInWallet;
+    // get all trust relationships of the logged in wallet (where logged in wallet is the actor/target/originator)
     const trust_relationships = await wallet.getTrustRelationships(
       req.query.state,
       req.query.type,
       req.query.request_type,
     );
     const subWallets = await wallet.getSubWallets();
+    // get all trust relationships of wallets managed by logged in wallet 
     for(const sw of subWallets){
       const trustRelationships = await sw.getTrustRelationships(
         req.query.state,
         req.query.type,
         req.query.request_type,
       );
+      // avoid duplicates (where subwallet trust ID is the same as one of logged in wallet's trust ID)
       for(tr of trustRelationships){
         if(trust_relationships.every(e => e.id !== tr.id)){
           trust_relationships.push(tr);

@@ -137,6 +137,22 @@ describe("trustRouter", () => {
         TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.send
       )
     });
+
+    it("wallet param filter working for own logged in wallet", async () => {
+      const wallet = new Wallet(uuid.v4())
+      const wallet2 = new Wallet(uuid.v4())
+      const fn = sinon.stub(Wallet.prototype, "getTrustRelationshipsTrusted").resolves({
+        request_type: TrustRelationship.ENTITY_TRUST_REQUEST_TYPE.manage,
+        type: TrustRelationship.ENTITY_TRUST_TYPE.manage,
+        actor_wallet_id: wallet.getId(),
+        target_wallet_id: wallet2.getId(),
+      })
+      const res = await request(app)
+        .get(`/?wallet=${wallet.getId()}`)
+        expect(res).property("statusCode").eq(200);
+        expect(res.body.trust_relationships).lengthOf(1);
+        expect(fn).calledWith(wallet.getId());
+    });
 
     //TODO 
     it.skip("wrong state string should throw 422", () => {

@@ -33,6 +33,9 @@ walletRouter.get('/',
     for (const wallet of subWallets) {
       const json = await wallet.toJSON();
       json.tokens_in_wallet = await tokenService.countTokenByWallet(wallet); 
+      // Hide unnecessary fields 
+      delete json.password;
+      delete json.salt;
       walletsJson.push(json);
     }
 
@@ -48,7 +51,7 @@ walletRouter.get('/',
   })
 );
 
-// TO DO: Add below route to yaml 
+// Don't need this route anymore?
 
 walletRouter.get('/:wallet_id/trust_relationships', 
   helper.apiKeyHandler,