Skip to content

FINERACT-2639: Implement office-hierarchy access checks for monetary transactions#5984

Open
EmanuelCR03 wants to merge 1 commit into
apache:developfrom
EmanuelCR03:develop
Open

FINERACT-2639: Implement office-hierarchy access checks for monetary transactions#5984
EmanuelCR03 wants to merge 1 commit into
apache:developfrom
EmanuelCR03:develop

Conversation

@EmanuelCR03

Copy link
Copy Markdown
Contributor

Description

FINERACT-2639: Implement office-hierarchy access checks for monetary transactions

Checklist

Please make sure these boxes are checked before submitting your pull request - thanks!

  • Write the commit message as per our guidelines
  • Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
  • Create/update unit or integration tests for verifying the changes made.
  • Follow our coding conventions.
  • Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
  • This PR must not be a "code dump". Large changes can be made in a branch, with assistance. Ask for help on the developer mailing list.

Your assigned reviewer(s) will follow our guidelines for code reviews.

@IOhacker IOhacker requested a review from adamsaghy June 13, 2026 03:11
@EmanuelCR03 EmanuelCR03 reopened this Jun 13, 2026
@adamsaghy

Copy link
Copy Markdown
Contributor

@EmanuelCR03 Please review the failing tests.

1 similar comment
@adamsaghy

Copy link
Copy Markdown
Contributor

@EmanuelCR03 Please review the failing tests.

@Dpk376 Dpk376 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this - valuable hardening. I tested the change locally and traced the call graph; coverage of the monetary entry points looks broad and consistent. A few observations:

1. Redundant validateAccessRights in repayLoanWithTopup

fromLoanAccount's hierarchy is validated twice - once right after it is assembled, and again after toLoanAccount is assembled. The first call looks like a copy-paste duplicate and can be removed.

2. Scheduled-job paths depend on the system user being head-office

validateAccessRights calls authenticatedUser(), which throws if there is no user. transferFunds(...) is invoked by ExecuteStandingInstructionsTasklet, TransferInterestToSavingsTasklet, TransferFeeChargeForLoansTasklet, and deposit-maturity processing. These run as the system user (office_id=1, hierarchy "."), so the prefix check passes for every account - but this is an implicit invariant. Could we add a short comment documenting that dependency, and/or a smoke test on one job path so a future change to the system user's office doesn't silently break standing instructions?

3. Primary repayment path - confirmed makeLoanRepayment is covered transitively via makeLoanRepaymentWithChargeRefundChargeType, so standard repayments are protected. 👍

Test suggestion: a negative integration test (user scoped to a child/sibling office attempting a transaction on an account in another branch → expect NoAuthorizationException / 403), plus a positive same-hierarchy case, would lock in the intended behaviour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants