/** Checks the given member's pin */
private void checkCredentials(Member member, final Channel channel, final String credentials) {
if (member == null) {
return;
}
final ServiceClient client = WebServiceContext.getClient();
final Member restrictedMember = client.getMember();
if (restrictedMember == null) {
// Non-restricted clients use the flag credentials required
if (!client.isCredentialsRequired()) {
// No credentials should be checked
throw new InvalidCredentialsException();
}
} else {
// Restricted clients don't need check if is the same member
if (restrictedMember.equals(member)) {
throw new InvalidCredentialsException();
}
}
if (StringUtils.isEmpty(credentials)) {
throw new InvalidCredentialsException();
}
member = fetchService.fetch(member, Element.Relationships.USER);
accessService.checkCredentials(
channel,
member.getMemberUser(),
credentials,
WebServiceContext.getRequest().getRemoteAddr(),
WebServiceContext.getMember());
}
@Override
public Object transform(final Object at) {
final AccountType accountType = (AccountType) at;
final Map<String, Object> map = new HashMap<String, Object>();
final TransferTypeQuery ttQuery = new TransferTypeQuery();
ttQuery.setPageForCount();
ttQuery.setContext(TransactionContext.PAYMENT);
ttQuery.setFromOwner(from);
ttQuery.setToOwner(to);
ttQuery.setToAccountType(accountType);
ttQuery.setSchedulable(true);
if (from instanceof Member) {
final Member member =
elementService.load(((Member) from).getId(), Element.Relationships.GROUP);
ttQuery.setGroup(member.getGroup());
}
final int count = PageHelper.getTotalCount(transferTypeService.search(ttQuery));
map.put("id", accountType.getId());
map.put("name", accountType.getName());
map.put("currency", accountType.getCurrency());
map.put("allowsScheduledPayments", count > 0);
return map;
}
public boolean expireTicket(final String ticketStr) {
try {
final PaymentRequestTicket ticket =
(PaymentRequestTicket)
ticketService.load(ticketStr, PaymentRequestTicket.Relationships.FROM_CHANNEL);
// Check the member restriction
final Member restricted = WebServiceContext.getMember();
if (restricted != null && !restricted.equals(ticket.getTo())) {
throw new Exception();
}
// Check the from channel
final Channel resolvedChannel = WebServiceContext.getChannel();
final Channel fromChannel = ticket.getFromChannel();
final Channel toChannel = ticket.getToChannel();
if ((fromChannel == null || !fromChannel.equals(resolvedChannel))
&& (toChannel == null || !toChannel.equals(resolvedChannel))) {
throw new Exception();
}
// Check by status
if (ticket.getStatus() == Ticket.Status.PENDING) {
ticketService.expirePaymentRequestTicket(ticket);
return true;
}
} catch (final Exception e) {
webServiceHelper.error(e);
// Ignore exceptions
}
return false;
}
@Override
protected ActionForward handleSubmit(final ActionContext context) throws Exception {
final SendInvoiceForm form = context.getForm();
final boolean fromProfile = !form.isToSystem() && !form.isSelectMember();
try {
final Invoice invoice = invoiceService.send(resolveInvoice(context));
context.sendMessage("invoice.sent");
ActionForward forward = null;
final Map<String, Object> params = new HashMap<String, Object>();
if (fromProfile) {
forward = context.findForward("profile");
params.put("memberId", invoice.getToMember().getId());
} else {
forward = context.findForward("newInvoice");
}
final Member fromMember = invoice.getFromMember();
if (fromMember != null && !fromMember.equals(context.getMember())) {
// From another member
params.put("from", form.getFrom());
} else if (fromProfile) {
params.put("to", form.getTo());
}
if (form.isToSystem()) {
params.put("toSystem", true);
} else if (form.isSelectMember()) {
params.put("selectMember", true);
}
return ActionHelper.redirectWithParams(context.getRequest(), forward, params);
} catch (final SendingInvoiceWithMultipleTransferTypesWithCustomFields e) {
return context.sendError("invoice.error.sendingWithMultipleTransferTypesWithCustomFields");
}
}
@Override
protected ActionForward handleValidation(final ActionContext context) {
try {
final Invoice invoice = resolveInvoice(context);
invoiceService.validate(invoice);
// Retrive and fetch the destination account type
AccountType accountType = invoice.getDestinationAccountType();
if (accountType == null) {
final TransferType tt =
transferTypeService.load(
invoice.getTransferType().getId(),
RelationshipHelper.nested(
TransferType.Relationships.TO, AccountType.Relationships.CURRENCY));
accountType = tt.getTo();
} else {
accountType = accountTypeService.load(accountType.getId());
}
// If the validation passed, resolve the confirmation message
final LocalSettings localSettings = settingsService.getLocalSettings();
final UnitsConverter unitsConverter =
localSettings.getUnitsConverter(accountType.getCurrency().getPattern());
final AccountOwner toOwner = invoice.getTo();
final boolean toSystem = toOwner instanceof SystemAccountOwner;
// Retrieve the message arguments
String to;
if (toSystem) {
to = localSettings.getApplicationUsername();
} else {
final Member member = elementService.load(((Member) toOwner).getId());
to = member.getName();
}
final String amount = unitsConverter.toString(invoice.getAmount());
final String confirmationKey = "invoice.sendConfirmationMessage";
final Map<String, Object> fields = new HashMap<String, Object>();
fields.put("confirmationMessage", context.message(confirmationKey, to, amount));
responseHelper.writeStatus(context.getResponse(), ResponseHelper.Status.SUCCESS, fields);
} catch (final ValidationException e) {
responseHelper.writeValidationErrors(context.getResponse(), e);
}
return null;
}
@SuppressWarnings("unchecked")
@Override
protected void prepareForm(final ActionContext context) throws Exception {
final HttpServletRequest request = context.getRequest();
if (!context.isBroker()) {
throw new ValidationException();
}
final Member broker = (Member) context.getElement();
final BrokerGroup brokerGroup = (BrokerGroup) broker.getGroup();
// Get broker commission transaction fees (from member) related to the broker group, including
// the not enabled ones
final TransactionFeeQuery transactionFeeQuery = new TransactionFeeQuery();
transactionFeeQuery.setEntityType(BrokerCommission.class);
transactionFeeQuery.setGeneratedTransferTypeFromNature(AccountType.Nature.MEMBER);
transactionFeeQuery.setBrokerGroup(brokerGroup);
transactionFeeQuery.setReturnDisabled(true);
final List<BrokerCommission> groupCommissions =
(List<BrokerCommission>) transactionFeeService.search(transactionFeeQuery);
// Get current default broker commissions
final List<DefaultBrokerCommission> currentDefaults =
commissionService.loadDefaultBrokerCommissions(
broker, DefaultBrokerCommission.Relationships.BROKER_COMMISSION);
// Prepare list to JSP
final List<DefaultBrokerCommission> defaultBrokerCommissions =
buildCommissions(groupCommissions, currentDefaults);
request.setAttribute("broker", broker);
request.setAttribute("defaultBrokerCommissions", defaultBrokerCommissions);
RequestHelper.storeEnum(request, BrokerCommission.When.class, "whens");
RequestHelper.storeEnum(request, Amount.Type.class, "amountTypes");
}
/** Prepares the parameters for a payment. The resulting status is null when no problem found */
private PrepareParametersResult prepareParameters(final PaymentParameters params) {
final Member restricted = WebServiceContext.getMember();
final boolean fromSystem = params.isFromSystem();
final boolean toSystem = params.isToSystem();
PaymentStatus status = null;
Member fromMember = null;
Member toMember = null;
// Load the from member
if (!fromSystem) {
try {
fromMember = paymentHelper.resolveFromMember(params);
} catch (final EntityNotFoundException e) {
webServiceHelper.error(e);
status = PaymentStatus.FROM_NOT_FOUND;
}
}
// Load the to member
if (!toSystem) {
try {
toMember = paymentHelper.resolveToMember(params);
} catch (final EntityNotFoundException e) {
webServiceHelper.error(e);
status = PaymentStatus.TO_NOT_FOUND;
}
}
if (status == null) {
if (restricted == null) {
// Ensure has the do payment permission
if (!WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.DO_PAYMENT);
}
// Check the channel immediately, as needed by SMS controller
if (fromMember != null
&& !accessService.isChannelEnabledForMember(channelHelper.restricted(), fromMember)) {
status = PaymentStatus.INVALID_CHANNEL;
}
} else {
// Enforce the restricted to member parameters
if (fromSystem) {
// Restricted to member can't perform payment from system
status = PaymentStatus.FROM_NOT_FOUND;
} else {
if (fromMember == null) {
fromMember = restricted;
} else if (toMember == null && !toSystem) {
toMember = restricted;
}
}
if (status == null) {
// Check make / receive payment permissions
if (fromMember.equals(restricted)) {
if (!WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.DO_PAYMENT);
}
} else {
if (!WebServiceContext.hasPermission(ServiceOperation.RECEIVE_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.RECEIVE_PAYMENT);
}
}
// Ensure that either from or to member is the restricted one
if (!fromMember.equals(restricted) && !toMember.equals(restricted)) {
status = PaymentStatus.INVALID_PARAMETERS;
webServiceHelper.trace(
status
+ ". Reason: Neither the origin nor the destination members are equal to the restricted: "
+ restricted);
}
}
if (status == null) {
// Enforce the permissions
if (restricted.equals(fromMember)
&& !WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.DO_PAYMENT);
} else if (restricted.equals(toMember)
&& !WebServiceContext.hasPermission(ServiceOperation.RECEIVE_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.RECEIVE_PAYMENT);
}
}
}
}
// Ensure both from and to member are present
if (status == null) {
if (fromMember == null && !fromSystem) {
status = PaymentStatus.FROM_NOT_FOUND;
} else if (toMember == null && !toSystem) {
status = PaymentStatus.TO_NOT_FOUND;
}
}
if (status == null) {
// Check the channel
if (fromMember != null
&& !accessService.isChannelEnabledForMember(channelHelper.restricted(), fromMember)) {
status = PaymentStatus.INVALID_CHANNEL;
}
}
if (status == null) {
// Check the credentials
boolean checkCredentials;
if (restricted != null) {
checkCredentials = !fromMember.equals(restricted);
} else {
checkCredentials = !fromSystem && WebServiceContext.getClient().isCredentialsRequired();
}
if (checkCredentials) {
try {
checkCredentials(fromMember, WebServiceContext.getChannel(), params.getCredentials());
} catch (final InvalidCredentialsException e) {
status = PaymentStatus.INVALID_CREDENTIALS;
} catch (final BlockedCredentialsException e) {
status = PaymentStatus.BLOCKED_CREDENTIALS;
}
}
}
// No error
final AccountOwner fromOwner = fromSystem ? SystemAccountOwner.instance() : fromMember;
final AccountOwner toOwner = toSystem ? SystemAccountOwner.instance() : toMember;
return new PrepareParametersResult(status, fromOwner, toOwner);
}
@Override
protected ActionForward handleDisplay(final ActionContext context) throws Exception {
final HttpServletRequest request = context.getRequest();
final SendInvoiceForm form = context.getForm();
final boolean toSystem = form.isToSystem();
final boolean selectMember = form.isSelectMember();
AccountOwner to;
final Member fromMember =
(form.getFrom() == null)
? null
: (Member) elementService.load(Long.valueOf(form.getFrom()));
final Element loggedElement = context.getElement();
if (toSystem) {
// System invoice
to = SystemAccountOwner.instance();
} else {
if (!selectMember) {
// Retrieve the member to send invoice for
Member member = null;
final Long memberId = IdConverter.instance().valueOf(form.getTo());
if (memberId != null && memberId != loggedElement.getId()) {
final Element element = elementService.load(memberId, Element.Relationships.USER);
if (element instanceof Member) {
member = (Member) element;
}
}
if (member == null) {
throw new ValidationException();
}
request.setAttribute("member", member);
to = member;
} else {
// The member will be selected later
to = null;
}
}
// If we know who will receive the invoice, get the transfer types or dest account types
if (to != null) {
if (context.isAdmin() && fromMember == null) {
// Only admins may select the transfer type
final TransferTypeQuery query = new TransferTypeQuery();
query.setChannel(Channel.WEB);
query.setContext(TransactionContext.PAYMENT);
query.setFromOwner(to);
query.setToOwner(context.getAccountOwner());
query.setUsePriority(true);
request.setAttribute("transferTypes", transferTypeService.search(query));
} else {
// Members may select the destination account type
final MemberAccountTypeQuery query = new MemberAccountTypeQuery();
query.setOwner(fromMember == null ? (Member) loggedElement.getAccountOwner() : fromMember);
query.setCanPay(to);
final List<? extends AccountType> accountTypes = accountTypeService.search(query);
if (accountTypes.isEmpty()) {
return context.sendError("invoice.error.noAccountType");
}
request.setAttribute("accountTypes", accountTypes);
}
}
// Resolve the possible currencies
final MemberGroup group = getMemberGroup(context);
final List<Currency> currencies;
if (group != null) {
currencies = currencyService.listByMemberGroup(group);
final MemberAccountType defaultAccountType =
accountTypeService.getDefault(group, AccountType.Relationships.CURRENCY);
// Preselect the default currency
if (defaultAccountType != null) {
form.setCurrency(CoercionHelper.coerce(String.class, defaultAccountType.getCurrency()));
}
} else {
currencies = currencyService.listAll();
}
request.setAttribute("currencies", currencies);
if (currencies.isEmpty()) {
// No currencies means no possible payment!!!
throw new ValidationException("payment.error.noTransferType");
} else if (currencies.size() == 1) {
// Special case: There is a single currency. The JSP will use this object
request.setAttribute("singleCurrency", currencies.get(0));
}
request.setAttribute("toSystem", toSystem);
request.setAttribute("toMember", !toSystem);
request.setAttribute("selectMember", selectMember);
request.setAttribute("from", fromMember);
final boolean useTransferType = context.isAdmin() && fromMember == null;
request.setAttribute("useTransferType", useTransferType);
// Check whether scheduled payments may be performed
boolean allowsScheduling = false;
boolean allowsMultipleScheduling = false;
if (context.isAdmin() && fromMember == null) {
allowsScheduling = true;
allowsMultipleScheduling = true;
} else {
MemberGroup memberGroup;
if (fromMember == null) {
memberGroup = ((Member) context.getAccountOwner()).getMemberGroup();
} else {
memberGroup = fromMember.getMemberGroup();
}
final MemberGroupSettings memberSettings = memberGroup.getMemberSettings();
allowsScheduling = memberSettings.isAllowsScheduledPayments();
allowsMultipleScheduling = memberSettings.isAllowsMultipleScheduledPayments();
}
if (allowsScheduling) {
request.setAttribute("allowsScheduling", allowsScheduling);
request.setAttribute("allowsMultipleScheduling", allowsMultipleScheduling);
final Collection<SchedulingType> schedulingTypes =
EnumSet.of(SchedulingType.IMMEDIATELY, SchedulingType.SINGLE_FUTURE);
if (allowsMultipleScheduling) {
schedulingTypes.add(SchedulingType.MULTIPLE_FUTURE);
}
request.setAttribute("schedulingTypes", schedulingTypes);
request.setAttribute(
"schedulingFields",
Arrays.asList(TimePeriod.Field.MONTHS, TimePeriod.Field.WEEKS, TimePeriod.Field.DAYS));
}
return context.getInputForward();
}
