Ejemplo n.º 1
0
 /** Checks the given member's pin */
 private void checkCredentials(Member member, final Channel channel, final String credentials) {
   if (member == null) {
     return;
   }
   final ServiceClient client = WebServiceContext.getClient();
   final Member restrictedMember = client.getMember();
   if (restrictedMember == null) {
     // Non-restricted clients use the flag credentials required
     if (!client.isCredentialsRequired()) {
       // No credentials should be checked
       throw new InvalidCredentialsException();
     }
   } else {
     // Restricted clients don't need check if is the same member
     if (restrictedMember.equals(member)) {
       throw new InvalidCredentialsException();
     }
   }
   if (StringUtils.isEmpty(credentials)) {
     throw new InvalidCredentialsException();
   }
   member = fetchService.fetch(member, Element.Relationships.USER);
   accessService.checkCredentials(
       channel,
       member.getMemberUser(),
       credentials,
       WebServiceContext.getRequest().getRemoteAddr(),
       WebServiceContext.getMember());
 }
    @Override
    public Object transform(final Object at) {
      final AccountType accountType = (AccountType) at;
      final Map<String, Object> map = new HashMap<String, Object>();

      final TransferTypeQuery ttQuery = new TransferTypeQuery();
      ttQuery.setPageForCount();
      ttQuery.setContext(TransactionContext.PAYMENT);
      ttQuery.setFromOwner(from);
      ttQuery.setToOwner(to);
      ttQuery.setToAccountType(accountType);
      ttQuery.setSchedulable(true);
      if (from instanceof Member) {
        final Member member =
            elementService.load(((Member) from).getId(), Element.Relationships.GROUP);
        ttQuery.setGroup(member.getGroup());
      }
      final int count = PageHelper.getTotalCount(transferTypeService.search(ttQuery));

      map.put("id", accountType.getId());
      map.put("name", accountType.getName());
      map.put("currency", accountType.getCurrency());
      map.put("allowsScheduledPayments", count > 0);

      return map;
    }
Ejemplo n.º 3
0
  public boolean expireTicket(final String ticketStr) {
    try {
      final PaymentRequestTicket ticket =
          (PaymentRequestTicket)
              ticketService.load(ticketStr, PaymentRequestTicket.Relationships.FROM_CHANNEL);
      // Check the member restriction
      final Member restricted = WebServiceContext.getMember();
      if (restricted != null && !restricted.equals(ticket.getTo())) {
        throw new Exception();
      }

      // Check the from channel
      final Channel resolvedChannel = WebServiceContext.getChannel();
      final Channel fromChannel = ticket.getFromChannel();
      final Channel toChannel = ticket.getToChannel();
      if ((fromChannel == null || !fromChannel.equals(resolvedChannel))
          && (toChannel == null || !toChannel.equals(resolvedChannel))) {
        throw new Exception();
      }

      // Check by status
      if (ticket.getStatus() == Ticket.Status.PENDING) {
        ticketService.expirePaymentRequestTicket(ticket);
        return true;
      }
    } catch (final Exception e) {
      webServiceHelper.error(e);
      // Ignore exceptions
    }
    return false;
  }
Ejemplo n.º 4
0
  @Override
  protected ActionForward handleSubmit(final ActionContext context) throws Exception {
    final SendInvoiceForm form = context.getForm();
    final boolean fromProfile = !form.isToSystem() && !form.isSelectMember();

    try {
      final Invoice invoice = invoiceService.send(resolveInvoice(context));
      context.sendMessage("invoice.sent");
      ActionForward forward = null;
      final Map<String, Object> params = new HashMap<String, Object>();
      if (fromProfile) {
        forward = context.findForward("profile");
        params.put("memberId", invoice.getToMember().getId());
      } else {
        forward = context.findForward("newInvoice");
      }
      final Member fromMember = invoice.getFromMember();
      if (fromMember != null && !fromMember.equals(context.getMember())) {
        // From another member
        params.put("from", form.getFrom());
      } else if (fromProfile) {
        params.put("to", form.getTo());
      }
      if (form.isToSystem()) {
        params.put("toSystem", true);
      } else if (form.isSelectMember()) {
        params.put("selectMember", true);
      }
      return ActionHelper.redirectWithParams(context.getRequest(), forward, params);
    } catch (final SendingInvoiceWithMultipleTransferTypesWithCustomFields e) {
      return context.sendError("invoice.error.sendingWithMultipleTransferTypesWithCustomFields");
    }
  }
Ejemplo n.º 5
0
  @Override
  protected ActionForward handleValidation(final ActionContext context) {
    try {
      final Invoice invoice = resolveInvoice(context);
      invoiceService.validate(invoice);

      // Retrive and fetch the destination account type
      AccountType accountType = invoice.getDestinationAccountType();
      if (accountType == null) {
        final TransferType tt =
            transferTypeService.load(
                invoice.getTransferType().getId(),
                RelationshipHelper.nested(
                    TransferType.Relationships.TO, AccountType.Relationships.CURRENCY));
        accountType = tt.getTo();
      } else {
        accountType = accountTypeService.load(accountType.getId());
      }

      // If the validation passed, resolve the confirmation message
      final LocalSettings localSettings = settingsService.getLocalSettings();
      final UnitsConverter unitsConverter =
          localSettings.getUnitsConverter(accountType.getCurrency().getPattern());

      final AccountOwner toOwner = invoice.getTo();
      final boolean toSystem = toOwner instanceof SystemAccountOwner;

      // Retrieve the message arguments
      String to;
      if (toSystem) {
        to = localSettings.getApplicationUsername();
      } else {
        final Member member = elementService.load(((Member) toOwner).getId());
        to = member.getName();
      }
      final String amount = unitsConverter.toString(invoice.getAmount());

      final String confirmationKey = "invoice.sendConfirmationMessage";

      final Map<String, Object> fields = new HashMap<String, Object>();
      fields.put("confirmationMessage", context.message(confirmationKey, to, amount));

      responseHelper.writeStatus(context.getResponse(), ResponseHelper.Status.SUCCESS, fields);

    } catch (final ValidationException e) {
      responseHelper.writeValidationErrors(context.getResponse(), e);
    }
    return null;
  }
  @SuppressWarnings("unchecked")
  @Override
  protected void prepareForm(final ActionContext context) throws Exception {
    final HttpServletRequest request = context.getRequest();

    if (!context.isBroker()) {
      throw new ValidationException();
    }

    final Member broker = (Member) context.getElement();
    final BrokerGroup brokerGroup = (BrokerGroup) broker.getGroup();

    // Get broker commission transaction fees (from member) related to the broker group, including
    // the not enabled ones
    final TransactionFeeQuery transactionFeeQuery = new TransactionFeeQuery();
    transactionFeeQuery.setEntityType(BrokerCommission.class);
    transactionFeeQuery.setGeneratedTransferTypeFromNature(AccountType.Nature.MEMBER);
    transactionFeeQuery.setBrokerGroup(brokerGroup);
    transactionFeeQuery.setReturnDisabled(true);
    final List<BrokerCommission> groupCommissions =
        (List<BrokerCommission>) transactionFeeService.search(transactionFeeQuery);

    // Get current default broker commissions
    final List<DefaultBrokerCommission> currentDefaults =
        commissionService.loadDefaultBrokerCommissions(
            broker, DefaultBrokerCommission.Relationships.BROKER_COMMISSION);

    // Prepare list to JSP
    final List<DefaultBrokerCommission> defaultBrokerCommissions =
        buildCommissions(groupCommissions, currentDefaults);

    request.setAttribute("broker", broker);
    request.setAttribute("defaultBrokerCommissions", defaultBrokerCommissions);
    RequestHelper.storeEnum(request, BrokerCommission.When.class, "whens");
    RequestHelper.storeEnum(request, Amount.Type.class, "amountTypes");
  }
Ejemplo n.º 7
0
  /** Prepares the parameters for a payment. The resulting status is null when no problem found */
  private PrepareParametersResult prepareParameters(final PaymentParameters params) {

    final Member restricted = WebServiceContext.getMember();
    final boolean fromSystem = params.isFromSystem();
    final boolean toSystem = params.isToSystem();
    PaymentStatus status = null;
    Member fromMember = null;
    Member toMember = null;
    // Load the from member
    if (!fromSystem) {
      try {
        fromMember = paymentHelper.resolveFromMember(params);
      } catch (final EntityNotFoundException e) {
        webServiceHelper.error(e);
        status = PaymentStatus.FROM_NOT_FOUND;
      }
    }
    // Load the to member
    if (!toSystem) {
      try {
        toMember = paymentHelper.resolveToMember(params);
      } catch (final EntityNotFoundException e) {
        webServiceHelper.error(e);
        status = PaymentStatus.TO_NOT_FOUND;
      }
    }

    if (status == null) {
      if (restricted == null) {
        // Ensure has the do payment permission
        if (!WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
          throw new PermissionDeniedException(
              "The service client doesn't have the following permission: "
                  + ServiceOperation.DO_PAYMENT);
        }
        // Check the channel immediately, as needed by SMS controller
        if (fromMember != null
            && !accessService.isChannelEnabledForMember(channelHelper.restricted(), fromMember)) {
          status = PaymentStatus.INVALID_CHANNEL;
        }
      } else {
        // Enforce the restricted to member parameters
        if (fromSystem) {
          // Restricted to member can't perform payment from system
          status = PaymentStatus.FROM_NOT_FOUND;
        } else {
          if (fromMember == null) {
            fromMember = restricted;
          } else if (toMember == null && !toSystem) {
            toMember = restricted;
          }
        }
        if (status == null) {
          // Check make / receive payment permissions
          if (fromMember.equals(restricted)) {
            if (!WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
              throw new PermissionDeniedException(
                  "The service client doesn't have the following permission: "
                      + ServiceOperation.DO_PAYMENT);
            }
          } else {
            if (!WebServiceContext.hasPermission(ServiceOperation.RECEIVE_PAYMENT)) {
              throw new PermissionDeniedException(
                  "The service client doesn't have the following permission: "
                      + ServiceOperation.RECEIVE_PAYMENT);
            }
          }
          // Ensure that either from or to member is the restricted one
          if (!fromMember.equals(restricted) && !toMember.equals(restricted)) {
            status = PaymentStatus.INVALID_PARAMETERS;
            webServiceHelper.trace(
                status
                    + ". Reason: Neither the origin nor the destination members are equal to the restricted: "
                    + restricted);
          }
        }
        if (status == null) {
          // Enforce the permissions
          if (restricted.equals(fromMember)
              && !WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
            throw new PermissionDeniedException(
                "The service client doesn't have the following permission: "
                    + ServiceOperation.DO_PAYMENT);
          } else if (restricted.equals(toMember)
              && !WebServiceContext.hasPermission(ServiceOperation.RECEIVE_PAYMENT)) {
            throw new PermissionDeniedException(
                "The service client doesn't have the following permission: "
                    + ServiceOperation.RECEIVE_PAYMENT);
          }
        }
      }
    }

    // Ensure both from and to member are present
    if (status == null) {
      if (fromMember == null && !fromSystem) {
        status = PaymentStatus.FROM_NOT_FOUND;
      } else if (toMember == null && !toSystem) {
        status = PaymentStatus.TO_NOT_FOUND;
      }
    }

    if (status == null) {
      // Check the channel
      if (fromMember != null
          && !accessService.isChannelEnabledForMember(channelHelper.restricted(), fromMember)) {
        status = PaymentStatus.INVALID_CHANNEL;
      }
    }
    if (status == null) {
      // Check the credentials
      boolean checkCredentials;
      if (restricted != null) {
        checkCredentials = !fromMember.equals(restricted);
      } else {
        checkCredentials = !fromSystem && WebServiceContext.getClient().isCredentialsRequired();
      }
      if (checkCredentials) {
        try {
          checkCredentials(fromMember, WebServiceContext.getChannel(), params.getCredentials());
        } catch (final InvalidCredentialsException e) {
          status = PaymentStatus.INVALID_CREDENTIALS;
        } catch (final BlockedCredentialsException e) {
          status = PaymentStatus.BLOCKED_CREDENTIALS;
        }
      }
    }

    // No error
    final AccountOwner fromOwner = fromSystem ? SystemAccountOwner.instance() : fromMember;
    final AccountOwner toOwner = toSystem ? SystemAccountOwner.instance() : toMember;
    return new PrepareParametersResult(status, fromOwner, toOwner);
  }
Ejemplo n.º 8
0
  @Override
  protected ActionForward handleDisplay(final ActionContext context) throws Exception {
    final HttpServletRequest request = context.getRequest();
    final SendInvoiceForm form = context.getForm();
    final boolean toSystem = form.isToSystem();
    final boolean selectMember = form.isSelectMember();

    AccountOwner to;
    final Member fromMember =
        (form.getFrom() == null)
            ? null
            : (Member) elementService.load(Long.valueOf(form.getFrom()));
    final Element loggedElement = context.getElement();
    if (toSystem) {
      // System invoice
      to = SystemAccountOwner.instance();
    } else {
      if (!selectMember) {
        // Retrieve the member to send invoice for
        Member member = null;
        final Long memberId = IdConverter.instance().valueOf(form.getTo());
        if (memberId != null && memberId != loggedElement.getId()) {
          final Element element = elementService.load(memberId, Element.Relationships.USER);
          if (element instanceof Member) {
            member = (Member) element;
          }
        }
        if (member == null) {
          throw new ValidationException();
        }
        request.setAttribute("member", member);
        to = member;
      } else {
        // The member will be selected later
        to = null;
      }
    }

    // If we know who will receive the invoice, get the transfer types or dest account types
    if (to != null) {
      if (context.isAdmin() && fromMember == null) {
        // Only admins may select the transfer type
        final TransferTypeQuery query = new TransferTypeQuery();
        query.setChannel(Channel.WEB);
        query.setContext(TransactionContext.PAYMENT);
        query.setFromOwner(to);
        query.setToOwner(context.getAccountOwner());
        query.setUsePriority(true);
        request.setAttribute("transferTypes", transferTypeService.search(query));
      } else {
        // Members may select the destination account type
        final MemberAccountTypeQuery query = new MemberAccountTypeQuery();
        query.setOwner(fromMember == null ? (Member) loggedElement.getAccountOwner() : fromMember);
        query.setCanPay(to);
        final List<? extends AccountType> accountTypes = accountTypeService.search(query);
        if (accountTypes.isEmpty()) {
          return context.sendError("invoice.error.noAccountType");
        }
        request.setAttribute("accountTypes", accountTypes);
      }
    }

    // Resolve the possible currencies
    final MemberGroup group = getMemberGroup(context);
    final List<Currency> currencies;
    if (group != null) {
      currencies = currencyService.listByMemberGroup(group);
      final MemberAccountType defaultAccountType =
          accountTypeService.getDefault(group, AccountType.Relationships.CURRENCY);
      // Preselect the default currency
      if (defaultAccountType != null) {
        form.setCurrency(CoercionHelper.coerce(String.class, defaultAccountType.getCurrency()));
      }
    } else {
      currencies = currencyService.listAll();
    }
    request.setAttribute("currencies", currencies);

    if (currencies.isEmpty()) {
      // No currencies means no possible payment!!!
      throw new ValidationException("payment.error.noTransferType");
    } else if (currencies.size() == 1) {
      // Special case: There is a single currency. The JSP will use this object
      request.setAttribute("singleCurrency", currencies.get(0));
    }

    request.setAttribute("toSystem", toSystem);
    request.setAttribute("toMember", !toSystem);
    request.setAttribute("selectMember", selectMember);
    request.setAttribute("from", fromMember);

    final boolean useTransferType = context.isAdmin() && fromMember == null;
    request.setAttribute("useTransferType", useTransferType);

    // Check whether scheduled payments may be performed
    boolean allowsScheduling = false;
    boolean allowsMultipleScheduling = false;
    if (context.isAdmin() && fromMember == null) {
      allowsScheduling = true;
      allowsMultipleScheduling = true;
    } else {
      MemberGroup memberGroup;
      if (fromMember == null) {
        memberGroup = ((Member) context.getAccountOwner()).getMemberGroup();
      } else {
        memberGroup = fromMember.getMemberGroup();
      }
      final MemberGroupSettings memberSettings = memberGroup.getMemberSettings();
      allowsScheduling = memberSettings.isAllowsScheduledPayments();
      allowsMultipleScheduling = memberSettings.isAllowsMultipleScheduledPayments();
    }
    if (allowsScheduling) {
      request.setAttribute("allowsScheduling", allowsScheduling);
      request.setAttribute("allowsMultipleScheduling", allowsMultipleScheduling);
      final Collection<SchedulingType> schedulingTypes =
          EnumSet.of(SchedulingType.IMMEDIATELY, SchedulingType.SINGLE_FUTURE);
      if (allowsMultipleScheduling) {
        schedulingTypes.add(SchedulingType.MULTIPLE_FUTURE);
      }
      request.setAttribute("schedulingTypes", schedulingTypes);
      request.setAttribute(
          "schedulingFields",
          Arrays.asList(TimePeriod.Field.MONTHS, TimePeriod.Field.WEEKS, TimePeriod.Field.DAYS));
    }

    return context.getInputForward();
  }