FINERACT-1430: Fix social status access restriction implementation

Author: Satish11012007

fineract-core/src/main/java/org/apache/fineract/infrastructure/security/service/PermissionConstants.java

@@ -195,8 +195,9 @@ public class Client extends AbstractAuditableWithUTCDateTimeCustom<Long> {
     @JoinColumn(name = "client_classification_cv_id")
     private CodeValue clientClassification;
 
-    @Column(name = "social_status_cv_id")
-    private Long socialStatus;
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "social_status_cv_id")
+    private CodeValue socialStatus;
 
     @Column(name = "legal_form_enum")
     private Integer legalForm;

fineract-core/src/main/java/org/apache/fineract/portfolio/client/domain/Client.java

@@ -42,7 +42,6 @@
 import org.apache.fineract.infrastructure.core.service.PaginationHelper;
 import org.apache.fineract.infrastructure.core.service.SearchParameters;
 import org.apache.fineract.infrastructure.core.service.database.DatabaseSpecificSQLGenerator;
-import org.apache.fineract.infrastructure.security.service.PermissionConstants;
 import org.apache.fineract.infrastructure.security.service.PlatformSecurityContext;
 import org.apache.fineract.infrastructure.security.utils.ColumnValidator;
 import org.apache.fineract.portfolio.client.data.ClientCollateralManagementData;
@@ -68,6 +67,8 @@
 @RequiredArgsConstructor
 public class ClientReadPlatformServiceImpl implements ClientReadPlatformService {
 
+    private static final String READ_HIGH_PROFILE_CLIENT = "READ_HIGH_PROFILE_CLIENT";
+
     private final JdbcTemplate jdbcTemplate;
     private final PlatformSecurityContext context;
     private final CodeValueReadPlatformService codeValueReadPlatformService;
@@ -215,7 +216,7 @@ public ClientData retrieveOne(final Long clientId) {
 
             final Client client = clientRepositoryWrapper.getClientByClientIdAndHierarchy(clientId, hierarchySearchString);
             if (client.getSocialStatus() != null) {
-                context.authenticatedUser().validateHasPermissionTo(PermissionConstants.CAN_VIEW_HIGH_PROFILE_CLIENT);
+                context.authenticatedUser().validateHasPermissionTo(READ_HIGH_PROFILE_CLIENT);
             }
             final ClientData clientData = clientMapper.map(client);
 

fineract-provider/src/main/java/org/apache/fineract/portfolio/client/service/ClientReadPlatformServiceImpl.java

@@ -31,7 +31,6 @@
     <include file="tenant-store/changelog-tenant-store.xml" relativeToChangelogFile="true" context="tenant_store_db AND !initial_switch"/>
     <include file="tenant/initial-switch-changelog-tenant.xml" relativeToChangelogFile="true" context="tenant_db AND initial_switch"/>
     <include file="tenant/changelog-tenant.xml" relativeToChangelogFile="true" context="tenant_db AND !initial_switch"/>
-    <include file="FINERACT-1430-add-social-status.xml" relativeToChangelogFile="true" context="tenant_db AND !initial_switch"/>
     <!-- Add new module to the end of this modules list (to keep the existing auto-increment identifiers) -->
     <include file="db/changelog/tenant/module/loan/module-changelog-master.xml" context="tenant_db AND !initial_switch"/>
     <include file="db/changelog/tenant/module/investor/module-changelog-master.xml" context="tenant_db AND !initial_switch"/>

fineract-provider/src/main/resources/db/changelog/FINERACT-1430-add-social-status.xml

@@ -227,4 +227,5 @@
     <include file="parts/0206_transaction_summary_with_asset_owner_classification_name_bug_fix.xml" relativeToChangelogFile="true" />
     <include file="parts/0207_add_allow_full_term_for_tranche.xml" relativeToChangelogFile="true" />
     <include file="parts/0208_trial_balance_summary_with_asset_owner_journal_entry_aggregation_fix.xml" relativeToChangelogFile="true" />
+    <include file="parts/0209_add_social_status_restriction.xml" relativeToChangelogFile="true" />
 </databaseChangeLog>

fineract-provider/src/main/resources/db/changelog/db.changelog-master.xml

@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements. See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership. The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License. You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.3.xsd">
+    <changeSet id="1" author="fineract">
+        <preConditions onFail="MARK_RAN">
+            <not>
+                <columnExists tableName="m_client" columnName="social_status_cv_id"/>
+            </not>
+        </preConditions>
+        <addColumn tableName="m_client">
+            <column name="social_status_cv_id" type="INT"/>
+        </addColumn>
+    </changeSet>
+
+    <changeSet id="2" author="fineract">
+        <preConditions onFail="MARK_RAN">
+            <not>
+                <foreignKeyConstraintExists foreignKeyName="fk_client_social_status"/>
+            </not>
+        </preConditions>
+        <addForeignKeyConstraint baseTableName="m_client" baseColumnNames="social_status_cv_id" referencedTableName="m_code_value"
+                                 referencedColumnNames="id" constraintName="fk_client_social_status"/>
+    </changeSet>
+
+    <changeSet id="3" author="fineract">
+        <preConditions onFail="MARK_RAN">
+            <sqlCheck expectedResult="0">
+                SELECT COUNT(1) FROM m_permission WHERE code = 'READ_HIGH_PROFILE_CLIENT'
+            </sqlCheck>
+        </preConditions>
+        <insert tableName="m_permission">
+            <column name="grouping" value="portfolio"/>
+            <column name="code" value="READ_HIGH_PROFILE_CLIENT"/>
+            <column name="entity_name" value="HIGH_PROFILE_CLIENT"/>
+            <column name="action_name" value="READ"/>
+            <column name="can_maker_checker" valueBoolean="false"/>
+        </insert>
+    </changeSet>
+</databaseChangeLog>