When user attempts to create transaction request for account they don't own, show possible permissions they need

Question

When user attempts to create transaction request for account they don't own, show possible permissions they need

Opened this issue 6 years ago · 0 comments

Currently (12bd9a3) when a user attempts to create a transaction request /obp/v3.1.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/SEPA/transaction-requests when they don't have the canCreateAnyTransactionRequest entitlement then a traceback occurs.

Steps to reproduce:

Attempt to create a transaction request /obp/v3.1.0/banks/BANK_ID/accounts/ACCOUNT_ID/VIEW_ID/transaction-request-types/SEPA/transaction-requests with a user which does not have the canCreateAnyTransactionRequest permission.

Expected behaviour:
The response should be:

OBP-40002: Insufficient authorisation to create TransactionRequest. The Transaction Request could not be created because you don't have access to the owner view of the from account or you don't have access to canCreateAnyTransactionRequest.