Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MAN-192: Add endpoint to check user access for list of crns #4478

Merged
merged 1 commit into from
Dec 3, 2024
Merged

MAN-192: Add endpoint to check user access for list of crns #4478

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 42 additions & 1 deletion ...ius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LaoCaseloadIntegrationTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,18 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
import uk.gov.justice.digital.hmpps.api.model.user.StaffCaseload
import uk.gov.justice.digital.hmpps.data.generator.ContactGenerator.LIMITED_ACCESS_USER
import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.EXCLUSION
import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.PERSONAL_DETAILS
import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.RESTRICTION
import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.RESTRICTION_EXCLUSION
import uk.gov.justice.digital.hmpps.service.UserAccess
import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.contentAsJson
import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.withJson
import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.withToken

@AutoConfigureMockMvc
Expand All @@ -27,7 +31,6 @@ internal class LaoCaseloadIntegrationTest {

@Test
fun `all caseload activity for an lao user`() {

val person = LIMITED_ACCESS_USER
val res = mockMvc
.perform(get("/caseload/user/${person.username}").withToken())
Expand Down Expand Up @@ -65,4 +68,42 @@ internal class LaoCaseloadIntegrationTest {
assertThat(caseload[3].limitedAccess, equalTo(false))
assertNotEquals(caseload[3].caseName, null)
}

@Test
fun `check lao access for a user with list of crns`() {
val person = LIMITED_ACCESS_USER
val crns = listOf(RESTRICTION_EXCLUSION.crn, EXCLUSION.crn, RESTRICTION.crn, PERSONAL_DETAILS.crn)
val res = mockMvc
.perform(
MockMvcRequestBuilders.post("/user/${person.username}/access").withToken()
.withJson(crns)
)
.andExpect(status().isOk)
.andReturn().response.contentAsJson<UserAccess>()

val userAccess = res.access.sortedBy { it.crn }

assertThat(userAccess[0].userExcluded, equalTo(true))
assertThat(userAccess[0].userRestricted, equalTo(true))

assertThat(userAccess[1].userExcluded, equalTo(true))
assertThat(userAccess[1].userRestricted, equalTo(false))

assertThat(userAccess[2].userExcluded, equalTo(false))
assertThat(userAccess[2].userRestricted, equalTo(true))

assertThat(userAccess[3].userExcluded, equalTo(false))
assertThat(userAccess[3].userRestricted, equalTo(false))
}

@Test
fun `check lao access returns 400 when no crns are provided`() {
val person = LIMITED_ACCESS_USER
mockMvc
.perform(
MockMvcRequestBuilders.post("/user/${person.username}/access").withToken()
.withJson(emptyList<String>())
)
.andExpect(status().isBadRequest)
}
}
12 changes: 9 additions & 3 deletions ...elius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/controller/UserAccessController.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
package uk.gov.justice.digital.hmpps.api.controller

import io.swagger.v3.oas.annotations.tags.Tag
import jakarta.validation.constraints.Size
import org.springframework.security.access.prepost.PreAuthorize
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PathVariable
import org.springframework.web.bind.annotation.RestController
import org.springframework.web.bind.annotation.*
import uk.gov.justice.digital.hmpps.service.UserAccessService

@RestController
Expand All @@ -14,4 +13,11 @@ class UserAccessController(private val userAccessService: UserAccessService) {
@GetMapping("/user/{username}/access/{crn}")
fun checkAccess(@PathVariable username: String, @PathVariable crn: String) =
userAccessService.caseAccessFor(username, crn)

@PostMapping("/user/{username}/access")
fun checkUserAccess(
@PathVariable username: String,
@Size(min = 1, max = 500, message = "Please provide between 1 and 500 crns")
@RequestBody crns: List<String>
) = userAccessService.userAccessFor(username, crns)
}
Loading