Merge pull request #338 from LerianStudio/fix/MIDAZ-334

Fix/MIDAZ-334
LerianStudio · Dec 2, 2024 · 3f29034 · 3f29034
2 parents 56bfd57 + 35ef1ee
commit 3f29034
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 81 deletions.
diff --git a/components/ledger/internal/services/command/delete-account.go b/components/ledger/internal/services/command/delete-account.go
@@ -24,6 +24,17 @@ func (uc *UseCase) DeleteAccountByID(ctx context.Context, organizationID, ledger
 
 	logger.Infof("Remove account for id: %s", id.String())
 
+	accFound, err := uc.AccountRepo.Find(ctx, organizationID, ledgerID, nil, id)
+	if err != nil {
+		mopentelemetry.HandleSpanError(&span, "Failed to find account by alias", err)
+
+		return err
+	}
+
+	if accFound != nil && accFound.ID == id.String() && accFound.Type == "external" {
+		return pkg.ValidateBusinessError(constant.ErrForbiddenExternalAccountManipulation, reflect.TypeOf(mmodel.Account{}).Name())
+	}
+
 	if err := uc.AccountRepo.Delete(ctx, organizationID, ledgerID, portfolioID, id); err != nil {
 		mopentelemetry.HandleSpanError(&span, "Failed to delete account on repo by id", err)
 

diff --git a/components/ledger/internal/services/command/update-account.go b/components/ledger/internal/services/command/update-account.go
@@ -26,13 +26,17 @@ func (uc *UseCase) UpdateAccount(ctx context.Context, organizationID, ledgerID u
 
 	if pkg.IsNilOrEmpty(uai.Alias) {
 		uai.Alias = nil
-	} else {
-		_, err := uc.AccountRepo.FindByAlias(ctx, organizationID, ledgerID, *uai.Alias)
-		if err != nil {
-			mopentelemetry.HandleSpanError(&span, "Failed to find account by alias", err)
+	}
 
-			return nil, err
-		}
+	accFound, err := uc.AccountRepo.Find(ctx, organizationID, ledgerID, nil, id)
+	if err != nil {
+		mopentelemetry.HandleSpanError(&span, "Failed to find account by alias", err)
+
+		return nil, err
+	}
+
+	if accFound != nil && accFound.ID == id.String() && accFound.Type == "external" {
+		return nil, pkg.ValidateBusinessError(constant.ErrForbiddenExternalAccountManipulation, reflect.TypeOf(mmodel.Account{}).Name())
 	}
 
 	account := &mmodel.Account{

diff --git a/pkg/constant/errors.go b/pkg/constant/errors.go
@@ -8,77 +8,78 @@ import (
  * For more details, refer to the API documentation: https://docs.midaz.io/midaz/api-reference/resources/errors-list
  */
 var (
-	ErrDuplicateLedger                     = errors.New("0001")
-	ErrLedgerNameConflict                  = errors.New("0002")
-	ErrAssetNameOrCodeDuplicate            = errors.New("0003")
-	ErrCodeUppercaseRequirement            = errors.New("0004")
-	ErrCurrencyCodeStandardCompliance      = errors.New("0005")
-	ErrUnmodifiableField                   = errors.New("0006")
-	ErrEntityNotFound                      = errors.New("0007")
-	ErrActionNotPermitted                  = errors.New("0008")
-	ErrMissingFieldsInRequest              = errors.New("0009")
-	ErrAccountTypeImmutable                = errors.New("0010")
-	ErrInactiveAccountType                 = errors.New("0011")
-	ErrAccountBalanceDeletion              = errors.New("0012")
-	ErrResourceAlreadyDeleted              = errors.New("0013")
-	ErrProductIDInactive                   = errors.New("0014")
-	ErrDuplicateProductName                = errors.New("0015")
-	ErrBalanceRemainingDeletion            = errors.New("0016")
-	ErrInvalidScriptFormat                 = errors.New("0017")
-	ErrInsufficientFunds                   = errors.New("0018")
-	ErrAccountIneligibility                = errors.New("0019")
-	ErrAliasUnavailability                 = errors.New("0020")
-	ErrParentTransactionIDNotFound         = errors.New("0021")
-	ErrImmutableField                      = errors.New("0022")
-	ErrTransactionTimingRestriction        = errors.New("0023")
-	ErrAccountStatusTransactionRestriction = errors.New("0024")
-	ErrInsufficientAccountBalance          = errors.New("0025")
-	ErrTransactionMethodRestriction        = errors.New("0026")
-	ErrDuplicateTransactionTemplateCode    = errors.New("0027")
-	ErrDuplicateAssetPair                  = errors.New("0028")
-	ErrInvalidParentAccountID              = errors.New("0029")
-	ErrMismatchedAssetCode                 = errors.New("0030")
-	ErrChartTypeNotFound                   = errors.New("0031")
-	ErrInvalidCountryCode                  = errors.New("0032")
-	ErrInvalidCodeFormat                   = errors.New("0033")
-	ErrAssetCodeNotFound                   = errors.New("0034")
-	ErrPortfolioIDNotFound                 = errors.New("0035")
-	ErrProductIDNotFound                   = errors.New("0036")
-	ErrLedgerIDNotFound                    = errors.New("0037")
-	ErrOrganizationIDNotFound              = errors.New("0038")
-	ErrParentOrganizationIDNotFound        = errors.New("0039")
-	ErrInvalidType                         = errors.New("0040")
-	ErrTokenMissing                        = errors.New("0041")
-	ErrInvalidToken                        = errors.New("0042")
-	ErrInsufficientPrivileges              = errors.New("0043")
-	ErrPermissionEnforcement               = errors.New("0044")
-	ErrJWKFetch                            = errors.New("0045")
-	ErrInternalServer                      = errors.New("0046")
-	ErrBadRequest                          = errors.New("0047")
-	ErrInvalidDSLFileFormat                = errors.New("0048")
-	ErrEmptyDSLFile                        = errors.New("0049")
-	ErrMetadataKeyLengthExceeded           = errors.New("0050")
-	ErrMetadataValueLengthExceeded         = errors.New("0051")
-	ErrAccountIDNotFound                   = errors.New("0052")
-	ErrUnexpectedFieldsInTheRequest        = errors.New("0053")
-	ErrIDsNotFoundForAccounts              = errors.New("0054")
-	ErrAssetIDNotFound                     = errors.New("0055")
-	ErrNoAssetsFound                       = errors.New("0056")
-	ErrNoProductsFound                     = errors.New("0057")
-	ErrNoPortfoliosFound                   = errors.New("0058")
-	ErrNoOrganizationsFound                = errors.New("0059")
-	ErrNoLedgersFound                      = errors.New("0060")
-	ErrBalanceUpdateFailed                 = errors.New("0061")
-	ErrNoAccountIDsProvided                = errors.New("0062")
-	ErrFailedToRetrieveAccountsByAliases   = errors.New("0063")
-	ErrNoAccountsFound                     = errors.New("0064")
-	ErrInvalidPathParameter                = errors.New("0065")
-	ErrInvalidAccountType                  = errors.New("0066")
-	ErrInvalidMetadataNesting              = errors.New("0067")
-	ErrOperationIDNotFound                 = errors.New("0068")
-	ErrNoOperationsFound                   = errors.New("0069")
-	ErrTransactionIDNotFound               = errors.New("0070")
-	ErrNoTransactionsFound                 = errors.New("0071")
-	ErrInvalidTransactionType              = errors.New("0072")
-	ErrTransactionValueMismatch            = errors.New("0073")
+	ErrDuplicateLedger                      = errors.New("0001")
+	ErrLedgerNameConflict                   = errors.New("0002")
+	ErrAssetNameOrCodeDuplicate             = errors.New("0003")
+	ErrCodeUppercaseRequirement             = errors.New("0004")
+	ErrCurrencyCodeStandardCompliance       = errors.New("0005")
+	ErrUnmodifiableField                    = errors.New("0006")
+	ErrEntityNotFound                       = errors.New("0007")
+	ErrActionNotPermitted                   = errors.New("0008")
+	ErrMissingFieldsInRequest               = errors.New("0009")
+	ErrAccountTypeImmutable                 = errors.New("0010")
+	ErrInactiveAccountType                  = errors.New("0011")
+	ErrAccountBalanceDeletion               = errors.New("0012")
+	ErrResourceAlreadyDeleted               = errors.New("0013")
+	ErrProductIDInactive                    = errors.New("0014")
+	ErrDuplicateProductName                 = errors.New("0015")
+	ErrBalanceRemainingDeletion             = errors.New("0016")
+	ErrInvalidScriptFormat                  = errors.New("0017")
+	ErrInsufficientFunds                    = errors.New("0018")
+	ErrAccountIneligibility                 = errors.New("0019")
+	ErrAliasUnavailability                  = errors.New("0020")
+	ErrParentTransactionIDNotFound          = errors.New("0021")
+	ErrImmutableField                       = errors.New("0022")
+	ErrTransactionTimingRestriction         = errors.New("0023")
+	ErrAccountStatusTransactionRestriction  = errors.New("0024")
+	ErrInsufficientAccountBalance           = errors.New("0025")
+	ErrTransactionMethodRestriction         = errors.New("0026")
+	ErrDuplicateTransactionTemplateCode     = errors.New("0027")
+	ErrDuplicateAssetPair                   = errors.New("0028")
+	ErrInvalidParentAccountID               = errors.New("0029")
+	ErrMismatchedAssetCode                  = errors.New("0030")
+	ErrChartTypeNotFound                    = errors.New("0031")
+	ErrInvalidCountryCode                   = errors.New("0032")
+	ErrInvalidCodeFormat                    = errors.New("0033")
+	ErrAssetCodeNotFound                    = errors.New("0034")
+	ErrPortfolioIDNotFound                  = errors.New("0035")
+	ErrProductIDNotFound                    = errors.New("0036")
+	ErrLedgerIDNotFound                     = errors.New("0037")
+	ErrOrganizationIDNotFound               = errors.New("0038")
+	ErrParentOrganizationIDNotFound         = errors.New("0039")
+	ErrInvalidType                          = errors.New("0040")
+	ErrTokenMissing                         = errors.New("0041")
+	ErrInvalidToken                         = errors.New("0042")
+	ErrInsufficientPrivileges               = errors.New("0043")
+	ErrPermissionEnforcement                = errors.New("0044")
+	ErrJWKFetch                             = errors.New("0045")
+	ErrInternalServer                       = errors.New("0046")
+	ErrBadRequest                           = errors.New("0047")
+	ErrInvalidDSLFileFormat                 = errors.New("0048")
+	ErrEmptyDSLFile                         = errors.New("0049")
+	ErrMetadataKeyLengthExceeded            = errors.New("0050")
+	ErrMetadataValueLengthExceeded          = errors.New("0051")
+	ErrAccountIDNotFound                    = errors.New("0052")
+	ErrUnexpectedFieldsInTheRequest         = errors.New("0053")
+	ErrIDsNotFoundForAccounts               = errors.New("0054")
+	ErrAssetIDNotFound                      = errors.New("0055")
+	ErrNoAssetsFound                        = errors.New("0056")
+	ErrNoProductsFound                      = errors.New("0057")
+	ErrNoPortfoliosFound                    = errors.New("0058")
+	ErrNoOrganizationsFound                 = errors.New("0059")
+	ErrNoLedgersFound                       = errors.New("0060")
+	ErrBalanceUpdateFailed                  = errors.New("0061")
+	ErrNoAccountIDsProvided                 = errors.New("0062")
+	ErrFailedToRetrieveAccountsByAliases    = errors.New("0063")
+	ErrNoAccountsFound                      = errors.New("0064")
+	ErrInvalidPathParameter                 = errors.New("0065")
+	ErrInvalidAccountType                   = errors.New("0066")
+	ErrInvalidMetadataNesting               = errors.New("0067")
+	ErrOperationIDNotFound                  = errors.New("0068")
+	ErrNoOperationsFound                    = errors.New("0069")
+	ErrTransactionIDNotFound                = errors.New("0070")
+	ErrNoTransactionsFound                  = errors.New("0071")
+	ErrInvalidTransactionType               = errors.New("0072")
+	ErrTransactionValueMismatch             = errors.New("0073")
+	ErrForbiddenExternalAccountManipulation = errors.New("0074")
 )
diff --git a/pkg/errors.go b/pkg/errors.go
@@ -717,6 +717,12 @@ func ValidateBusinessError(err error, entityType string, args ...any) error {
 			Title:      "Transaction Value Mismatch",
 			Message:    "The values for the source, the destination, or both do not match the specified transaction amount. Please verify the values and try again.",
 		},
+		constant.ErrForbiddenExternalAccountManipulation: ValidationError{
+			EntityType: entityType,
+			Code:       constant.ErrForbiddenExternalAccountManipulation.Error(),
+			Title:      "External Account Modification Prohibited",
+			Message:    "Accounts of type 'external' cannot be deleted or modified as they are used for traceability with external systems. Please review your request and ensure operations are only performed on internal accounts.",
+		},
 	}
 
 	if mappedError, found := errorMap[err]; found {

diff --git a/pkg/mmodel/account.go b/pkg/mmodel/account.go
@@ -13,7 +13,7 @@ import (
 type CreateAccountInput struct {
 	AssetCode       string         `json:"assetCode" validate:"required,max=100" example:"BRL"`
 	Name            string         `json:"name" validate:"max=256" example:"My Account"`
-	Alias           *string        `json:"alias" validate:"max=100" example:"@person1"`
+	Alias           *string        `json:"alias" validate:"max=100,excludes=@external/" example:"@person1"`
 	Type            string         `json:"type" validate:"required" example:"creditCard"`
 	ParentAccountID *string        `json:"parentAccountId" validate:"omitempty,uuid" example:"00000000-0000-0000-0000-000000000000"`
 	ProductID       *string        `json:"productId" validate:"omitempty,uuid" example:"00000000-0000-0000-0000-000000000000"`
@@ -34,7 +34,7 @@ type UpdateAccountInput struct {
 	Status         Status         `json:"status"`
 	AllowSending   *bool          `json:"allowSending" example:"true"`
 	AllowReceiving *bool          `json:"allowReceiving" example:"true"`
-	Alias          *string        `json:"alias" validate:"max=100" example:"@person1"`
+	Alias          *string        `json:"alias" validate:"max=100,excludes=@external/" example:"@person1"`
 	ProductID      *string        `json:"productId" validate:"uuid" example:"00000000-0000-0000-0000-000000000000"`
 	Metadata       map[string]any `json:"metadata" validate:"dive,keys,keymax=100,endkeys,nonested,valuemax=2000"`
 } // @name UpdateAccountInput