mxfactorial icon indicating copy to clipboard operation
mxfactorial copied to clipboard
verified publisher icon systemaccounting

balances queried by account owners only

Open mxfactorial opened this issue 6 years ago • 0 comments

for privacy, debitor and creditor values in transactions receive queries from account owners only. EXCEPTION: account in query set as public by owner (later feature)

  1. sign into account on react client
  2. POST /graphql/transactions with query and cognito token

expected

  1. /graphql calls getUser() with cognito token
  2. cognito data returns from getUser()
  3. /graphql tests cognito data.Username in debitor and creditor values of balance query before resolving measure-faas invocation:
const authorizeAccountBalanceQuery = (query, usernameFromCognitoGetUser) => {
  // ...
  if (query.creditor !== usernameFromCognitoGetUser && query.debitor !== usernameFromCognitoGetUser) {
    console.log("401 Unauthorized")
    return "401 Unauthorized"
  }
  // ...
}

*Estimations will include unit and e2e test coverage of requirements. New screens will include an e2e inventory test (example).

mxfactorial avatar May 12 '19 03:05 mxfactorial