diff --git a/projects/approved-premises-and-delius/build.gradle.kts b/projects/approved-premises-and-delius/build.gradle.kts index 78d13d14f2..7881d33e52 100644 --- a/projects/approved-premises-and-delius/build.gradle.kts +++ b/projects/approved-premises-and-delius/build.gradle.kts @@ -5,6 +5,7 @@ apply(plugin = "com.google.cloud.tools.jib") dependencies { implementation(project(":libs:audit")) implementation(project(":libs:commons")) + implementation(project(":libs:limited-access")) implementation(project(":libs:messaging")) implementation(project(":libs:oauth-client")) implementation(project(":libs:oauth-server")) diff --git a/projects/approved-premises-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/UserController.kt b/projects/approved-premises-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/UserController.kt new file mode 100644 index 0000000000..3be10f48ed --- /dev/null +++ b/projects/approved-premises-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/UserController.kt @@ -0,0 +1,22 @@ +package uk.gov.justice.digital.hmpps.controller + +import jakarta.validation.constraints.Size +import org.springframework.security.access.prepost.PreAuthorize +import org.springframework.web.bind.annotation.RequestBody +import org.springframework.web.bind.annotation.RequestMapping +import org.springframework.web.bind.annotation.RequestMethod +import org.springframework.web.bind.annotation.RequestParam +import org.springframework.web.bind.annotation.RestController +import uk.gov.justice.digital.hmpps.service.UserAccess +import uk.gov.justice.digital.hmpps.service.UserAccessService + +@RestController +@RequestMapping("users") +class UserController(private val uas: UserAccessService) { + @PreAuthorize("hasRole('APPROVED_PREMISES_STAFF')") + @RequestMapping("access", method = [RequestMethod.GET, RequestMethod.POST]) + fun userAccessCheck( + @RequestParam(required = false) username: String?, + @Size(min = 1, max = 500, message = "Please provide between 1 and 500 crns") @RequestBody crns: List + ): UserAccess = username?.let { uas.userAccessFor(it, crns) } ?: uas.checkLimitedAccessFor(crns) +} diff --git a/projects/approved-premises-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/controller/UserControllerTest.kt b/projects/approved-premises-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/controller/UserControllerTest.kt new file mode 100644 index 0000000000..ad7d7dd5cf --- /dev/null +++ b/projects/approved-premises-and-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/controller/UserControllerTest.kt @@ -0,0 +1,64 @@ +package uk.gov.justice.digital.hmpps.controller + +import org.hamcrest.MatcherAssert.assertThat +import org.hamcrest.Matchers.equalTo +import org.junit.jupiter.api.Test +import org.junit.jupiter.api.extension.ExtendWith +import org.mockito.InjectMocks +import org.mockito.Mock +import org.mockito.junit.jupiter.MockitoExtension +import org.mockito.kotlin.verify +import org.mockito.kotlin.whenever +import uk.gov.justice.digital.hmpps.service.CaseAccess +import uk.gov.justice.digital.hmpps.service.UserAccess +import uk.gov.justice.digital.hmpps.service.UserAccessService + +@ExtendWith(MockitoExtension::class) +class UserControllerTest { + @Mock + internal lateinit var userAccessService: UserAccessService + + @InjectMocks + internal lateinit var userController: UserController + + @Test + fun `when username provided, calls service with username`() { + val username = "john-smith" + val crns = listOf("T123456", "T234567", "T345678") + whenever(userAccessService.userAccessFor(username, crns)).thenReturn( + UserAccess( + crns.map { + CaseAccess( + it, + userExcluded = false, + userRestricted = false + ) + } + ) + ) + + val res = userController.userAccessCheck(username, crns) + verify(userAccessService).userAccessFor(username, crns) + assertThat(res.access.size, equalTo(3)) + } + + @Test + fun `when no username provided, calls service without username`() { + val crns = listOf("N123456", "N234567", "N345678") + whenever(userAccessService.checkLimitedAccessFor(crns)).thenReturn( + UserAccess( + crns.map { + CaseAccess( + it, + userExcluded = false, + userRestricted = false + ) + } + ) + ) + + val res = userController.userAccessCheck(null, crns) + verify(userAccessService).checkLimitedAccessFor(crns) + assertThat(res.access.size, equalTo(3)) + } +}