Mandates and Customer At

Author: simonredfern

src/lib/components/OpeyInsightBar.svelte

@@ -33,9 +33,9 @@
       // Ask Opey for a short insight based on notebook + current page
       const insight = await insightService.getInsight(pageContext, recentNotes);
 
-      insightText = insight || "";
+      insightText = insight || pageContext;
     } catch {
-      insightText = "";
+      insightText = pageContext;
     } finally {
       loading = false;
     }

src/lib/config/insightMessages.ts

@@ -4,60 +4,60 @@
  */
 
 const routeDescriptions: Array<{ pattern: RegExp; description: string }> = [
-  { pattern: /^\/banks\/create$/, description: "Create Bank page" },
-  { pattern: /^\/banks\/([^/]+)\/([^/]+)/, description: "Bank detail page" },
-  { pattern: /^\/banks$/, description: "Banks list page" },
-  { pattern: /^\/users$/, description: "Users list page" },
-  { pattern: /^\/consumers$/, description: "API Consumers list page" },
-  { pattern: /^\/aggregate-metrics/, description: "Aggregate Metrics page" },
-  { pattern: /^\/connector-metrics/, description: "Connector Metrics page" },
-  { pattern: /^\/connector-traces/, description: "Connector Traces page" },
-  { pattern: /^\/connector-counts/, description: "Connector Counts page" },
-  { pattern: /^\/metrics/, description: "API Metrics page" },
-  { pattern: /^\/rbac\/entitlements\/create/, description: "Create Entitlement page" },
-  { pattern: /^\/rbac\/entitlements/, description: "Entitlements page" },
-  { pattern: /^\/rbac\/roles/, description: "Roles page" },
-  { pattern: /^\/rbac\/groups/, description: "Groups page" },
-  { pattern: /^\/rbac\/memberships/, description: "Memberships page" },
-  { pattern: /^\/rbac\/entitlement-requests/, description: "Entitlement Requests page" },
-  { pattern: /^\/rbac\/banks/, description: "RBAC Banks page" },
-  { pattern: /^\/system\/cache/, description: "System Cache page" },
-  { pattern: /^\/system\/config-props/, description: "System Config Props page" },
-  { pattern: /^\/system\/database-pool/, description: "Database Pool page" },
-  { pattern: /^\/system\/migrations/, description: "System Migrations page" },
-  { pattern: /^\/system\/webui-props/, description: "WebUI Props page" },
-  { pattern: /^\/system\/signal/, description: "Signals page" },
-  { pattern: /^\/system\//, description: "System settings page" },
-  { pattern: /^\/products\/financial/, description: "Financial Products page" },
-  { pattern: /^\/products\/collections/, description: "Product Collections page" },
-  { pattern: /^\/products\/bootstrap/, description: "Products Bootstrap page" },
-  { pattern: /^\/products/, description: "API Products page" },
-  { pattern: /^\/dynamic-entities\/diagnostics/, description: "Dynamic Entities Diagnostics page" },
-  { pattern: /^\/dynamic-entities\/personal/, description: "Personal Dynamic Entities page" },
-  { pattern: /^\/dynamic-entities/, description: "Dynamic Entities page" },
-  { pattern: /^\/dynamic-endpoints/, description: "Dynamic Endpoints page" },
-  { pattern: /^\/customers\/individual/, description: "Individual Customers page" },
-  { pattern: /^\/customers\/corporate/, description: "Corporate Customers page" },
-  { pattern: /^\/customers/, description: "Customers page" },
-  { pattern: /^\/account-access\/system-views/, description: "System Views page" },
-  { pattern: /^\/account-access\/custom-views/, description: "Custom Views page" },
-  { pattern: /^\/account-access\/account-directory/, description: "Account Directory page" },
-  { pattern: /^\/account-access\/accounts/, description: "My Accounts page" },
-  { pattern: /^\/account-access/, description: "Account Access page" },
-  { pattern: /^\/user\/consents/, description: "My Consents page" },
-  { pattern: /^\/user\/entitlements/, description: "My Entitlements page" },
-  { pattern: /^\/user$/, description: "My Profile page" },
-  { pattern: /^\/abac/, description: "ABAC Rules page" },
-  { pattern: /^\/integration/, description: "Integration / Method Routings page" },
-  { pattern: /^\/api-collections/, description: "API Collections page" },
-  { pattern: /^\/site-map$/, description: "Site Map page" },
-  { pattern: /^\/about$/, description: "About page" },
+  { pattern: /^\/banks\/create$/, description: "Create Bank" },
+  { pattern: /^\/banks\/([^/]+)\/([^/]+)/, description: "Bank detail" },
+  { pattern: /^\/banks$/, description: "Banks list" },
+  { pattern: /^\/users$/, description: "Users list" },
+  { pattern: /^\/consumers$/, description: "API Consumers list" },
+  { pattern: /^\/aggregate-metrics/, description: "Aggregate Metrics" },
+  { pattern: /^\/connector-metrics/, description: "Connector Metrics" },
+  { pattern: /^\/connector-traces/, description: "Connector Traces" },
+  { pattern: /^\/connector-counts/, description: "Connector Counts" },
+  { pattern: /^\/metrics/, description: "API Metrics" },
+  { pattern: /^\/rbac\/entitlements\/create/, description: "Create Entitlement" },
+  { pattern: /^\/rbac\/entitlements/, description: "Entitlements" },
+  { pattern: /^\/rbac\/roles/, description: "Roles" },
+  { pattern: /^\/rbac\/groups/, description: "Groups" },
+  { pattern: /^\/rbac\/memberships/, description: "Memberships" },
+  { pattern: /^\/rbac\/entitlement-requests/, description: "Entitlement Requests" },
+  { pattern: /^\/rbac\/banks/, description: "RBAC Banks" },
+  { pattern: /^\/system\/cache/, description: "System Cache" },
+  { pattern: /^\/system\/config-props/, description: "System Config Props" },
+  { pattern: /^\/system\/database-pool/, description: "Database Pool" },
+  { pattern: /^\/system\/migrations/, description: "System Migrations" },
+  { pattern: /^\/system\/webui-props/, description: "WebUI Props" },
+  { pattern: /^\/system\/signal/, description: "Signals" },
+  { pattern: /^\/system\//, description: "System settings" },
+  { pattern: /^\/products\/financial/, description: "Financial Products" },
+  { pattern: /^\/products\/collections/, description: "Product Collections" },
+  { pattern: /^\/products\/bootstrap/, description: "Products Bootstrap" },
+  { pattern: /^\/products/, description: "API Products" },
+  { pattern: /^\/dynamic-entities\/diagnostics/, description: "Dynamic Entities Diagnostics" },
+  { pattern: /^\/dynamic-entities\/personal/, description: "Personal Dynamic Entities" },
+  { pattern: /^\/dynamic-entities/, description: "Dynamic Entities" },
+  { pattern: /^\/dynamic-endpoints/, description: "Dynamic Endpoints" },
+  { pattern: /^\/customers\/individual/, description: "Individual Customers" },
+  { pattern: /^\/customers\/corporate/, description: "Corporate Customers" },
+  { pattern: /^\/customers/, description: "Customers" },
+  { pattern: /^\/account-access\/system-views/, description: "System Views" },
+  { pattern: /^\/account-access\/custom-views/, description: "Custom Views" },
+  { pattern: /^\/account-access\/account-directory/, description: "Account Directory" },
+  { pattern: /^\/account-access\/accounts/, description: "My Accounts" },
+  { pattern: /^\/account-access/, description: "Account Access" },
+  { pattern: /^\/user\/consents/, description: "My Consents" },
+  { pattern: /^\/user\/entitlements/, description: "My Entitlements" },
+  { pattern: /^\/user$/, description: "My Profile" },
+  { pattern: /^\/abac/, description: "ABAC Rules" },
+  { pattern: /^\/integration/, description: "Integration / Method Routings" },
+  { pattern: /^\/api-collections/, description: "API Collections" },
+  { pattern: /^\/site-map$/, description: "Site Map" },
+  { pattern: /^\/about$/, description: "About" },
 ];
 
 /**
  * Get a human-readable description of the current page for Opey context.
  */
 export function describeRoute(pathname: string): string {
   const match = routeDescriptions.find((r) => r.pattern.test(pathname));
-  return match ? match.description : `Page: ${pathname}`;
+  return match ? match.description : pathname;
 }

src/lib/config/navigation.ts

@@ -34,6 +34,7 @@ import {
   Hash,
   Map,
   Radio,
+  FileSignature,
 } from "@lucide/svelte";
 import { env } from "$env/dynamic/public";
 
@@ -336,11 +337,21 @@ function buildAccountAccessItems(): NavigationItem[] {
       label: "Custom Views",
       iconComponent: Eye,
     },
+    {
+      href: "/account-access/view-permissions",
+      label: "View Permissions",
+      iconComponent: Shield,
+    },
     {
       href: "/account-access/account-directory",
       label: "Account Directory",
       iconComponent: FolderOpen,
     },
+    {
+      href: "/mandates",
+      label: "Mandates",
+      iconComponent: FileSignature,
+    },
   ];
 
   return items;
@@ -584,7 +595,7 @@ export const navSections: NavigationSection[] = [
   { id: "rbac", label: "RBAC", iconComponent: Shield, items: rbacItems, basePaths: ["/rbac"] },
   { id: "banks", label: "Banks", iconComponent: Building2, items: banksItems, basePaths: ["/banks"] },
   { id: "customers", label: "Customers", iconComponent: Users, items: customersItems, basePaths: ["/customers"] },
-  { id: "account-access", label: "Account Access", iconComponent: Landmark, items: accountAccessItems, basePaths: ["/account-access"] },
+  { id: "account-access", label: "Account Access", iconComponent: Landmark, items: accountAccessItems, basePaths: ["/account-access", "/mandates"] },
   { id: "dynamic-entities", label: "Dynamic Entities", iconComponent: Box, items: dynamicEntitiesItems, basePaths: ["/dynamic-entities"] },
   { id: "dynamic-endpoints", label: "Dynamic Endpoints", iconComponent: Plug, items: dynamicEndpointsItems, basePaths: ["/dynamic-endpoints"] },
 ];

src/lib/utils/roleChecker.ts

@@ -228,6 +228,23 @@ export const SITE_MAP: Record<string, PageRoleConfig> = {
     optional: [{ role: "CanExecuteAbacRule" }],
   },
 
+  // ── Mandates ────────────────────────────────────────────
+  "/mandates/[bank_id]/[account_id]": {
+    required: [{ role: "CanGetMandate", bankScoped: true }],
+  },
+  "/mandates/[bank_id]/[account_id]/create": {
+    required: [{ role: "CanCreateMandate", bankScoped: true }],
+  },
+  "/mandates/[bank_id]/[account_id]/[mandate_id]": {
+    required: [{ role: "CanGetMandate", bankScoped: true }],
+    optional: [
+      { role: "CanCreateSignatoryPanel", bankScoped: true },
+      { role: "CanCreateMandateProvision", bankScoped: true },
+      { role: "CanGetSignatoryPanel", bankScoped: true },
+      { role: "CanGetMandateProvision", bankScoped: true },
+    ],
+  },
+
   // ── Customers ───────────────────────────────────────────
   "/customers/individual": {
     required: [{ role: "CanGetCustomersAtOneBank", bankScoped: true }],

src/routes/(protected)/account-access/accounts/[bank_id]/[account_id]/[view_id]/+page.svelte

@@ -1,6 +1,6 @@
 <script lang="ts">
   import { page } from "$app/state";
-  import { Landmark, ArrowLeft, Loader2, User, Tag, Route, Copy, Check, Plus } from "@lucide/svelte";
+  import { Landmark, ArrowLeft, Loader2, User, Tag, Route, Copy, Check, Plus, FileSignature } from "@lucide/svelte";
   import { trackedFetch } from "$lib/utils/trackedFetch";
   import MissingRoleAlert from "$lib/components/MissingRoleAlert.svelte";
 
@@ -305,6 +305,10 @@
             </div>
           </div>
           <div class="header-actions">
+            <a href="/mandates/{encodeURIComponent(bankId)}/{encodeURIComponent(accountId)}" class="btn-secondary" data-testid="view-mandates">
+              <FileSignature size={16} />
+              Mandates
+            </a>
             <a href="/account-access/accounts" class="btn-secondary">
               <ArrowLeft size={16} />
               Back

src/routes/(protected)/account-access/custom-views/create/+page.svelte

@@ -169,9 +169,9 @@
       const result = await response.json();
       submitSuccess = true;
 
-      // Redirect to the new view's detail page after showing success message
+      // Redirect to the custom views list after showing success message
       setTimeout(() => {
-        goto(`/account-access/custom-views/${result.view_id}`);
+        goto("/account-access/custom-views");
       }, 2500);
     } catch (err) {
       submitError =

src/routes/(protected)/account-access/view-permissions/+page.server.ts

@@ -0,0 +1,80 @@
+import type { PageServerLoad } from "./$types";
+import { error } from "@sveltejs/kit";
+import { createLogger } from "$lib/utils/logger";
+import { obp_requests } from "$lib/obp/requests";
+import { SessionOAuthHelper } from "$lib/oauth/sessionHelper";
+
+const logger = createLogger("ViewPermissionsPageServer");
+
+interface ViewPermission {
+  permission: string;
+  category: string;
+}
+
+interface ViewPermissionsResponse {
+  permissions: ViewPermission[];
+}
+
+export const load: PageServerLoad = async ({ locals }) => {
+  const session = locals.session;
+
+  if (!session?.data?.user) {
+    throw error(401, "Unauthorized");
+  }
+
+  const sessionOAuth = SessionOAuthHelper.getSessionOAuth(session);
+  const accessToken = sessionOAuth?.accessToken;
+
+  if (!accessToken) {
+    logger.warn("No access token available for view permissions page");
+    return {
+      hasApiAccess: false,
+      permissionsByCategory: [],
+      totalCount: 0,
+      error: "No API access token available",
+    };
+  }
+
+  try {
+    const endpoint = `/obp/v6.0.0/management/view-permissions`;
+    logger.info(`Fetching view permissions from ${endpoint}`);
+
+    const response: ViewPermissionsResponse = await obp_requests.get(
+      endpoint,
+      accessToken,
+    );
+
+    const categoryMap = new Map<string, string[]>();
+    for (const p of response.permissions) {
+      const perms = categoryMap.get(p.category) || [];
+      perms.push(p.permission);
+      categoryMap.set(p.category, perms);
+    }
+
+    const permissionsByCategory = Array.from(categoryMap.entries()).map(
+      ([category, permissions]) => ({ category, permissions }),
+    );
+
+    logger.info(
+      `Loaded ${response.permissions.length} permissions in ${permissionsByCategory.length} categories`,
+    );
+
+    return {
+      hasApiAccess: true,
+      permissionsByCategory,
+      totalCount: response.permissions.length,
+    };
+  } catch (err) {
+    logger.error("Error loading view permissions:", err);
+
+    return {
+      hasApiAccess: true,
+      permissionsByCategory: [],
+      totalCount: 0,
+      error:
+        err instanceof Error
+          ? err.message
+          : "Failed to load view permissions",
+    };
+  }
+};