From 5dfb84f722aebb2dd7810f54b225f4e65601c2ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Mon, 13 Jan 2025 09:57:49 +0100
Subject: [PATCH 1/3] feature/scaRedirect url in create payment response

---
 obp-api/src/main/resources/props/sample.props.template      | 1 +
 .../berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala    | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template
index 505af13c93..77d106b728 100644
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@@ -793,6 +793,7 @@ display_internal_errors=false
 # - decoupled
 # In case that "psu_authentication_method = redirection" you must define
 # psu_authentication_method_sca_redirect_url = redirect_url_value
+# psu_make_payment_sca_redirect_url = redirect_url_value
 # -------------------------------------------------------------- Authentication methods --
 
 ## This property is used for documenting at Resource Doc. It may include the port also (but not /obp)
diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala
index 06ed843a4a..a798861b51 100644
--- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala
+++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala
@@ -632,8 +632,8 @@ object JSONFactory_BERLIN_GROUP_1_3 extends CustomJsonFormats {
 //      Remark: This code may be
     //map OBP transactionRequestId to BerlinGroup PaymentId
     val paymentId = transactionRequest.id.value
-    val scaRedirectUrl = getPropsValue("psu_authentication_method_sca_redirect_url")
-      .openOr(MissingPropsValueAtThisInstance + "psu_authentication_method_sca_redirect_url")
+    val scaRedirectUrl = getPropsValue("psu_make_payment_sca_redirect_url")
+      .openOr(MissingPropsValueAtThisInstance + "psu_make_payment_sca_redirect_url")
     InitiatePaymentResponseJson(
       transactionStatus = transactionRequest.status match {
         case "COMPLETED" => "ACCP"
@@ -641,7 +641,7 @@ object JSONFactory_BERLIN_GROUP_1_3 extends CustomJsonFormats {
       },
       paymentId = paymentId,
       _links = InitiatePaymentResponseLinks(
-        scaRedirect = LinkHrefJson(s"$scaRedirectUrl/payments/$paymentId"),
+        scaRedirect = LinkHrefJson(s"$scaRedirectUrl/$paymentId"),
         self = LinkHrefJson(s"/v1.3/payments/sepa-credit-transfers/$paymentId"),
         status = LinkHrefJson(s"/v1.3/payments/$paymentId/status"),
         scaStatus = LinkHrefJson(s"/v1.3/payments/$paymentId/authorisations/${paymentId}")

From 2689432b5a640699647cf7268a1a61b42b9a65b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Mon, 13 Jan 2025 15:03:03 +0100
Subject: [PATCH 2/3] docfix/Tweak error message of getAccountListOfBerlinGroup

---
 obp-api/src/main/scala/code/api/util/NewStyle.scala | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/util/NewStyle.scala b/obp-api/src/main/scala/code/api/util/NewStyle.scala
index 064c1682f1..1b1ed8c315 100644
--- a/obp-api/src/main/scala/code/api/util/NewStyle.scala
+++ b/obp-api/src/main/scala/code/api/util/NewStyle.scala
@@ -368,17 +368,7 @@ object NewStyle extends MdcLoggable{
       val viewIds = List(ViewId(SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID))
       Views.views.vend.getPrivateBankAccountsFuture(user, viewIds) map { i =>
         if(i.isEmpty) {
-          (unboxFullOrFail(Empty, callContext, NoViewReadAccountsBerlinGroup , 403), callContext)
-        } else {
-          (i, callContext )
-        }
-      }
-    }
-    def getAccountListThroughView(user : User, viewId: ViewId, callContext: Option[CallContext]): OBPReturnType[List[BankIdAccountId]] = {
-      val viewIds = List(viewId)
-      Views.views.vend.getPrivateBankAccountsFuture(user, viewIds) map { i =>
-        if(i.isEmpty) {
-          (unboxFullOrFail(Empty, callContext, NoViewReadAccountsBerlinGroup , 403), callContext)
+          (unboxFullOrFail(Empty, callContext, s"$NoViewReadAccountsBerlinGroup {$SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID}" , 403), callContext)
         } else {
           (i, callContext )
         }

From 39ba747716290a5745b42a066ae2302a6437ce1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Mon, 13 Jan 2025 15:55:30 +0100
Subject: [PATCH 3/3] feature/Tweak function addScopesToConsumer to accept and
 Berlin Group roles

---
 obp-api/src/main/scala/code/api/OAuth2.scala       |  3 ++-
 obp-api/src/main/scala/code/api/util/ApiRole.scala | 11 +++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/obp-api/src/main/scala/code/api/OAuth2.scala b/obp-api/src/main/scala/code/api/OAuth2.scala
index e2e593caf6..4969fe2845 100644
--- a/obp-api/src/main/scala/code/api/OAuth2.scala
+++ b/obp-api/src/main/scala/code/api/OAuth2.scala
@@ -528,7 +528,8 @@ object OAuth2Login extends RestHelper with MdcLoggable {
         val openBankRoles: List[String] =
         // Sync Keycloak's roles
           (json \ "resource_access" \ resourceAccessName \ "roles").extract[List[String]]
-            .filter(role => tryo(ApiRole.valueOf(role)).isDefined) // Keep only the roles OBP-API can recognise
+            // Keep only the roles OBP-API can recognise
+            .filter(role => tryo(ApiRole.valueOf(role)).isDefined || ApiRole.isBerlinGroupRole(role))
         val scopes = Scope.scope.vend.getScopesByConsumerId(consumerPrimaryKey.toString).getOrElse(Nil)
         val databaseState = scopes.map(_.roleName)
         // Already exist at DB
diff --git a/obp-api/src/main/scala/code/api/util/ApiRole.scala b/obp-api/src/main/scala/code/api/util/ApiRole.scala
index aca12c413b..faf4a4270f 100644
--- a/obp-api/src/main/scala/code/api/util/ApiRole.scala
+++ b/obp-api/src/main/scala/code/api/util/ApiRole.scala
@@ -1,5 +1,6 @@
 package code.api.util
 
+import code.api.Constant.{SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID, SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID, SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID, SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID}
 import code.api.dynamic.endpoint.helper.DynamicEndpointHelper
 
 import java.util.concurrent.ConcurrentHashMap
@@ -1058,6 +1059,16 @@ object ApiRole extends MdcLoggable{
     dynamicRoles ::: roles.map(_.toString)
   }
 
+  def isBerlinGroupRole(value: String): Boolean = {
+    value match {
+      case SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID => true
+      case SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID => true
+      case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID => true
+      case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID => true
+      case _ => false
+    }
+  }
+
 }
 
 object Util {