Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

balances queried by account owners only #100

Open
mxfactorial opened this issue May 12, 2019 · 0 comments
Open

balances queried by account owners only #100

mxfactorial opened this issue May 12, 2019 · 0 comments

Comments

@mxfactorial
Copy link
Contributor

for privacy, debitor and creditor values in transactions receive queries from account owners only. EXCEPTION: account in query set as public by owner (later feature)

  1. sign into account on react client
  2. POST /graphql/transactions with query and cognito token

expected

  1. /graphql calls getUser() with cognito token
  2. cognito data returns from getUser()
  3. /graphql tests cognito data.Username in debitor and creditor values of balance query before resolving measure-faas invocation:
const authorizeAccountBalanceQuery = (query, usernameFromCognitoGetUser) => {
  // ...
  if (query.creditor !== usernameFromCognitoGetUser && query.debitor !== usernameFromCognitoGetUser) {
    console.log("401 Unauthorized")
    return "401 Unauthorized"
  }
  // ...
}

*Estimations will include unit and e2e test coverage of requirements. New screens will include an e2e inventory test (example).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant