From 6dc77fdb28e83bc6b1d587867af92c79f6cad24b Mon Sep 17 00:00:00 2001 From: Shaed Parkar Date: Mon, 23 Oct 2023 11:24:05 +0100 Subject: [PATCH] VIH-10264 update the roles allowed to view booking list --- .../Controllers/BookingListControllerTest.cs | 18 ++++++------ .../ReferenceDataControllerTests.cs | 2 +- .../Security/UserIdentityTests.cs | 23 ++++----------- .../Controllers/BookingListController.cs | 2 +- .../AdminWebsite/Security/UserIdentity.cs | 29 +++++++++++-------- 5 files changed, 34 insertions(+), 40 deletions(-) diff --git a/AdminWebsite/AdminWebsite.UnitTests/Controllers/BookingListControllerTest.cs b/AdminWebsite/AdminWebsite.UnitTests/Controllers/BookingListControllerTest.cs index 49e11c01e..eac72d1a3 100644 --- a/AdminWebsite/AdminWebsite.UnitTests/Controllers/BookingListControllerTest.cs +++ b/AdminWebsite/AdminWebsite.UnitTests/Controllers/BookingListControllerTest.cs @@ -35,7 +35,7 @@ public void Setup() [Test] public async Task Should_return_booking_list_if_cursor_is_null() { - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(true); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) @@ -55,7 +55,7 @@ public async Task Should_return_booking_list_if_cursor_is_null() [Test] public async Task Should_return_booking_list_if_cursor_is_not_null() { - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(true); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) .ReturnsAsync(new BookingsResponse()); @@ -78,7 +78,7 @@ public async Task Should_return_booking_list_if_cursor_is_not_null() [Test] public async Task Should_return_unauthorized_for_booking_list_if_user_is_not_admin() { - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(false); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(false); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) @@ -99,7 +99,7 @@ public async Task Should_return_unauthorized_for_booking_list_if_user_is_not_adm [Test] public async Task Should_throw_exception_for_booking_list_and_returns_bad_result() { - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(true); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) @@ -191,7 +191,7 @@ public async Task [Test] public async Task Should_return_ok_for_booking_list_with_defined_types_list() { - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(true); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) @@ -211,7 +211,7 @@ public async Task Should_return_ok_for_booking_list_with_defined_types_list() okResult.StatusCode.Should().Be(200); - _userIdentity.Verify(x => x.IsAdministratorRole(), Times.Once); + _userIdentity.Verify(x => x.IsATeamLead(), Times.Once); _bookingsApiClient.Verify(s => s.GetCaseTypesAsync(true), Times.Once); _bookingsApiClient.Verify(x => x.GetHearingsByTypesAsync(It.IsAny()), Times.Once); } @@ -221,7 +221,7 @@ public async Task Should_return_ok_for_booking_list_and_exclude_repeated_types() { var hearingTypesIds = new List { "1", "2" }; - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(true); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) @@ -242,7 +242,7 @@ public async Task Should_return_ok_for_booking_list_and_exclude_repeated_types() okResult.StatusCode.Should().Be(200); - _userIdentity.Verify(x => x.IsAdministratorRole(), Times.Once); + _userIdentity.Verify(x => x.IsATeamLead(), Times.Once); _bookingsApiClient.Verify(s => s.GetCaseTypesAsync(true), Times.Once); _bookingsApiClient.Verify(x => x.GetHearingsByTypesAsync(It.IsAny()), Times.Once); } @@ -478,7 +478,7 @@ private List GetCaseTypesList() private void SetupTestCase() { - _userIdentity.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentity.Setup(x => x.IsATeamLead()).Returns(true); _userIdentity.Setup(x => x.GetGroupDisplayNames()).Returns(new List { "type1", "type2" }); _bookingsApiClient.Setup(x => x.GetHearingsByTypesAsync(It.IsAny())) diff --git a/AdminWebsite/AdminWebsite.UnitTests/Controllers/ReferenceDataControllerTests.cs b/AdminWebsite/AdminWebsite.UnitTests/Controllers/ReferenceDataControllerTests.cs index 5d3626d26..3afbf75af 100644 --- a/AdminWebsite/AdminWebsite.UnitTests/Controllers/ReferenceDataControllerTests.cs +++ b/AdminWebsite/AdminWebsite.UnitTests/Controllers/ReferenceDataControllerTests.cs @@ -53,7 +53,7 @@ public async Task Should_return_all_hearing_types() { // Arrange var includeDeleted = true; - _userIdentityMock.Setup(x => x.IsAdministratorRole()).Returns(true); + _userIdentityMock.Setup(x => x.IsATeamLead()).Returns(true); _bookingsApiClientMock.Setup(x => x.GetCaseTypesAsync(includeDeleted)) .ReturnsAsync(GetCaseTypesList()); diff --git a/AdminWebsite/AdminWebsite.UnitTests/Security/UserIdentityTests.cs b/AdminWebsite/AdminWebsite.UnitTests/Security/UserIdentityTests.cs index c53a2afcb..5910ad7d4 100644 --- a/AdminWebsite/AdminWebsite.UnitTests/Security/UserIdentityTests.cs +++ b/AdminWebsite/AdminWebsite.UnitTests/Security/UserIdentityTests.cs @@ -50,36 +50,25 @@ public void Should_return_group_DisplayNames() [TestCase(AppRoles.JudgeRole, false)] [TestCase(AppRoles.RepresentativeRole, false)] [TestCase(AppRoles.CaseAdminRole, false)] - [TestCase(AppRoles.VhOfficerRole, true)] - public void Should_set_the_isvhofficeradministratorrole_property(string appRole, bool expectedValue) - { - var user = new ClaimsPrincipalBuilder().WithRole(appRole).Build(); - var userIdentity = new UserIdentity(user); - userIdentity.IsVhOfficerAdministratorRole().Should().Be(expectedValue); - } - - [TestCase(AppRoles.CitizenRole, false)] - [TestCase(AppRoles.JudgeRole, false)] - [TestCase(AppRoles.RepresentativeRole, false)] - [TestCase(AppRoles.CaseAdminRole, true)] [TestCase(AppRoles.VhOfficerRole, false)] - public void Should_set_the_iscaseadministratorrole_property(string appRole, bool expectedValue) + [TestCase(AppRoles.AdministratorRole, true)] + public void Should_set_the_isvhofficeradministratorrole_property(string appRole, bool expectedValue) { var user = new ClaimsPrincipalBuilder().WithRole(appRole).Build(); var userIdentity = new UserIdentity(user); - userIdentity.IsCaseAdministratorRole().Should().Be(expectedValue); + userIdentity.IsATeamLead().Should().Be(expectedValue); } [TestCase(AppRoles.CitizenRole, false)] [TestCase(AppRoles.JudgeRole, false)] [TestCase(AppRoles.RepresentativeRole, false)] - [TestCase(AppRoles.CaseAdminRole, true)] [TestCase(AppRoles.VhOfficerRole, true)] - public void Should_set_the_isadministratorrole_property(string appRole, bool expectedValue) + [TestCase(AppRoles.AdministratorRole, false)] + public void Should_set_the_is_a_cso_role_property(string appRole, bool expectedValue) { var user = new ClaimsPrincipalBuilder().WithRole(appRole).Build(); var userIdentity = new UserIdentity(user); - userIdentity.IsAdministratorRole().Should().Be(expectedValue); + userIdentity.IsACso().Should().Be(expectedValue); } [Test] diff --git a/AdminWebsite/AdminWebsite/Controllers/BookingListController.cs b/AdminWebsite/AdminWebsite/Controllers/BookingListController.cs index 20bce1f96..6c1be340a 100644 --- a/AdminWebsite/AdminWebsite/Controllers/BookingListController.cs +++ b/AdminWebsite/AdminWebsite/Controllers/BookingListController.cs @@ -58,7 +58,7 @@ public async Task GetBookingsList([FromBody]BookingSearchRequest r { request.Cursor = _encoder.Encode(request.Cursor); } - if (_userIdentity.IsAdministratorRole()) + if (_userIdentity.IsATeamLead() || _userIdentity.IsACso()) { request.CaseTypes ??= new List(); request.CaseTypes.AddRange(_userIdentity.GetGroupDisplayNames()); diff --git a/AdminWebsite/AdminWebsite/Security/UserIdentity.cs b/AdminWebsite/AdminWebsite/Security/UserIdentity.cs index 49a3bd89e..ecd8f014e 100644 --- a/AdminWebsite/AdminWebsite/Security/UserIdentity.cs +++ b/AdminWebsite/AdminWebsite/Security/UserIdentity.cs @@ -8,10 +8,20 @@ namespace AdminWebsite.Security public interface IUserIdentity { IEnumerable GetGroupDisplayNames(); - bool IsAdministratorRole(); + + /// + /// Does a user have a CSO role (aka VHO but not a team lead) + /// + /// + bool IsACso(); + + /// + /// Does a user have a Team Lead role + /// + /// + bool IsATeamLead(); + string GetUserIdentityName(); - bool IsVhOfficerAdministratorRole(); - bool IsCaseAdministratorRole(); IEnumerable GetAdministratorCaseTypes(); } @@ -36,20 +46,15 @@ public IEnumerable GetAdministratorCaseTypes() { return _administratorRoleClaims.UserCaseTypes; } - - public bool IsAdministratorRole() - { - return IsVhOfficerAdministratorRole() || IsCaseAdministratorRole(); - } - - public bool IsVhOfficerAdministratorRole() + + public bool IsACso() { return _currentUser.IsInRole(AppRoles.VhOfficerRole); } - public bool IsCaseAdministratorRole() + public bool IsATeamLead() { - return _currentUser.IsInRole(AppRoles.CaseAdminRole); + return _currentUser.IsInRole(AppRoles.AdministratorRole); } public string GetUserIdentityName()