PI-1639 (#2739)

ministryofjustice · Nov 24, 2023 · 5ff804b · 5ff804b
1 parent 5c5c058
commit 5ff804b
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 4 deletions.
diff --git a/...or-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/UserResourceTest.kt b/...or-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/UserResourceTest.kt
@@ -23,6 +23,7 @@ import uk.gov.justice.digital.hmpps.api.model.ManagedCases
 import uk.gov.justice.digital.hmpps.api.model.Name
 import uk.gov.justice.digital.hmpps.api.model.UserDetail
 import uk.gov.justice.digital.hmpps.data.generator.PersonGenerator
+import uk.gov.justice.digital.hmpps.data.generator.ProviderGenerator
 import uk.gov.justice.digital.hmpps.data.generator.UserGenerator
 import uk.gov.justice.digital.hmpps.security.withOAuth2Token
 import uk.gov.justice.digital.hmpps.service.CaseAccess
@@ -188,6 +189,15 @@ class UserResourceTest {
         ).andExpect(status().isNotFound)
     }
 
+    @Test
+    fun `user details not found returns 404 from id`() {
+        mockMvc.perform(
+            MockMvcRequestBuilders.get("/users/829185656291/details")
+                .withOAuth2Token(wireMockServer)
+                .contentType(MediaType.APPLICATION_JSON)
+        ).andExpect(status().isNotFound)
+    }
+
     @Test
     fun `user details are correctly returned`() {
         val res = mockMvc.perform(
@@ -199,4 +209,16 @@ class UserResourceTest {
         val userDetail = objectMapper.readValue<UserDetail>(res)
         assertThat(userDetail, equalTo(UserDetail("john-smith", Name("John", "Smith"), "[email protected]")))
     }
+
+    @Test
+    fun `user details are correctly returned from id`() {
+        val res = mockMvc.perform(
+            MockMvcRequestBuilders.get("/users/${ProviderGenerator.JOHN_SMITH_USER.id}/details")
+                .withOAuth2Token(wireMockServer)
+                .contentType(MediaType.APPLICATION_JSON)
+        ).andReturn().response.contentAsString
+
+        val userDetail = objectMapper.readValue<UserDetail>(res)
+        assertThat(userDetail, equalTo(UserDetail("john-smith", Name("John", "Smith"), "[email protected]")))
+    }
 }
diff --git a/...itor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt b/...itor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt
@@ -1,6 +1,7 @@
 package uk.gov.justice.digital.hmpps.api.resource
 
 import jakarta.validation.constraints.Size
+import org.springframework.data.repository.findByIdOrNull
 import org.springframework.http.ResponseEntity
 import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.validation.annotation.Validated
@@ -15,28 +16,38 @@ import uk.gov.justice.digital.hmpps.api.model.UserDetail
 import uk.gov.justice.digital.hmpps.service.ManagerService
 import uk.gov.justice.digital.hmpps.service.UserAccess
 import uk.gov.justice.digital.hmpps.service.UserService
+import uk.gov.justice.digital.hmpps.user.AuditUserRepository
 
 @Validated
 @RestController
 @RequestMapping("users/{username}")
 class UserResource(
     private val managerService: ManagerService,
-    private val userService: UserService
+    private val userService: UserService,
+    private val auditUserRepository: AuditUserRepository
 ) {
     @PreAuthorize("hasRole('CRS_REFERRAL')")
     @GetMapping("managed-cases")
     fun managedCases(@PathVariable username: String): ManagedCases =
-        managerService.findCasesManagedBy(username)
+        managerService.findCasesManagedBy(userNameFrom(username))
 
     @PreAuthorize("hasRole('CRS_REFERRAL')")
     @RequestMapping("access", method = [RequestMethod.GET, RequestMethod.POST])
     fun userAccessCheck(
         @PathVariable username: String,
         @Size(min = 1, max = 500, message = "Please provide between 1 and 500 crns") @RequestBody crns: List<String>
-    ): UserAccess = userService.userAccessFor(username, crns)
+    ): UserAccess = userService.userAccessFor(userNameFrom(username), crns)
 
     @PreAuthorize("hasRole('CRS_REFERRAL')")
     @GetMapping("details")
     fun userDetails(@PathVariable username: String): ResponseEntity<UserDetail> =
-        userService.userDetails(username)?.let { ResponseEntity.ok(it) } ?: ResponseEntity.notFound().build()
+        userService.userDetails(userNameFrom(username))?.let { ResponseEntity.ok(it) } ?: ResponseEntity.notFound()
+            .build()
+
+    private fun userNameFrom(idOrUsername: String): String =
+        if (idOrUsername.matches("^\\d.*$".toRegex())) {
+            auditUserRepository.findByIdOrNull(idOrUsername.toLong())?.username ?: idOrUsername
+        } else {
+            idOrUsername
+        }
 }
diff --git a/...cts/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/CrnResource.kt b/...cts/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/CrnResource.kt
@@ -7,6 +7,7 @@ import uk.gov.justice.digital.hmpps.integrations.delius.person.PersonRepository
 
 @RestController
 class CrnResource(private val personRepository: PersonRepository) {
+    @PreAuthorize("hasRole('TIER_DETAILS')")
     @GetMapping("/probation-cases")
     @PreAuthorize("hasRole('TIER_DETAILS')")
     fun findAllActiveCrns() = personRepository.findAllCrns()