project icon indicating copy to clipboard operation
project copied to clipboard

Published 20 hours ago verified publisher icon mojaloop

Implement settlement API security with privileges

Open PhyuSinMyat8 opened this issue 1 year ago • 3 comments

Implement privilege verification at the API level, to prevent the issues described below:

Scenario

  • Login with user account that is not being assigned to any particular role
  • Go to settlement menu

Result

  • User can access all the data on Settlement menu which include Model, Batches, Matrices, Transfer.
  • He can also perform any actions like creating settlement model, creating matrix, settle and so on.

Actions that can be done on settlement menu without assigning related privileges

  • View_Settlement_Model
  • Create_New_Settlement_Model
  • Filtering_Batches
  • View_Batches
  • Create_Static_Matrix
  • Create_Dynamic_Matrix
  • View_All_Matrix
  • View_Matrix_Details
  • Close_Matrix
  • Lock_Matrix
  • Unlock_Matrix
  • Settle_Matrix
  • Dispute_Matrix
  • View_All_Transfer

PhyuSinMyat8 avatar Nov 15 '23 08:11 PhyuSinMyat8

Renamed to "Implement settlement API security with privileges"

pedrosousabarreto avatar Dec 07 '23 15:12 pedrosousabarreto

@hsuyeemon-tw , I can see you are assigned to this ticket. Are you working on it?

JulieG19 avatar Apr 22 '24 11:04 JulieG19

@JulieG19 I have requested the review before merging my changes for this ticket. Thanks.

hsuyeemon-tw avatar Apr 23 '24 04:04 hsuyeemon-tw