From 5ff804b789d9d9d2197abda54d75c48ea41f20b4 Mon Sep 17 00:00:00 2001 From: Anthony Britton <105213050+anthony-britton-moj@users.noreply.github.com> Date: Fri, 24 Nov 2023 17:26:44 +0000 Subject: [PATCH] PI-1639 (#2739) --- .../justice/digital/hmpps/UserResourceTest.kt | 22 +++++++++++++++++++ .../hmpps/api/resource/UserResource.kt | 19 ++++++++++++---- .../digital/hmpps/controller/CrnResource.kt | 1 + 3 files changed, 38 insertions(+), 4 deletions(-) diff --git a/projects/refer-and-monitor-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/UserResourceTest.kt b/projects/refer-and-monitor-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/UserResourceTest.kt index 5430b14c80..1f9dad9393 100644 --- a/projects/refer-and-monitor-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/UserResourceTest.kt +++ b/projects/refer-and-monitor-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/UserResourceTest.kt @@ -23,6 +23,7 @@ import uk.gov.justice.digital.hmpps.api.model.ManagedCases import uk.gov.justice.digital.hmpps.api.model.Name import uk.gov.justice.digital.hmpps.api.model.UserDetail import uk.gov.justice.digital.hmpps.data.generator.PersonGenerator +import uk.gov.justice.digital.hmpps.data.generator.ProviderGenerator import uk.gov.justice.digital.hmpps.data.generator.UserGenerator import uk.gov.justice.digital.hmpps.security.withOAuth2Token import uk.gov.justice.digital.hmpps.service.CaseAccess @@ -188,6 +189,15 @@ class UserResourceTest { ).andExpect(status().isNotFound) } + @Test + fun `user details not found returns 404 from id`() { + mockMvc.perform( + MockMvcRequestBuilders.get("/users/829185656291/details") + .withOAuth2Token(wireMockServer) + .contentType(MediaType.APPLICATION_JSON) + ).andExpect(status().isNotFound) + } + @Test fun `user details are correctly returned`() { val res = mockMvc.perform( @@ -199,4 +209,16 @@ class UserResourceTest { val userDetail = objectMapper.readValue(res) assertThat(userDetail, equalTo(UserDetail("john-smith", Name("John", "Smith"), "john.smith@moj.gov.uk"))) } + + @Test + fun `user details are correctly returned from id`() { + val res = mockMvc.perform( + MockMvcRequestBuilders.get("/users/${ProviderGenerator.JOHN_SMITH_USER.id}/details") + .withOAuth2Token(wireMockServer) + .contentType(MediaType.APPLICATION_JSON) + ).andReturn().response.contentAsString + + val userDetail = objectMapper.readValue(res) + assertThat(userDetail, equalTo(UserDetail("john-smith", Name("John", "Smith"), "john.smith@moj.gov.uk"))) + } } diff --git a/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt b/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt index c7472ef150..ffb08fea3b 100644 --- a/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt +++ b/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt @@ -1,6 +1,7 @@ package uk.gov.justice.digital.hmpps.api.resource import jakarta.validation.constraints.Size +import org.springframework.data.repository.findByIdOrNull import org.springframework.http.ResponseEntity import org.springframework.security.access.prepost.PreAuthorize import org.springframework.validation.annotation.Validated @@ -15,28 +16,38 @@ import uk.gov.justice.digital.hmpps.api.model.UserDetail import uk.gov.justice.digital.hmpps.service.ManagerService import uk.gov.justice.digital.hmpps.service.UserAccess import uk.gov.justice.digital.hmpps.service.UserService +import uk.gov.justice.digital.hmpps.user.AuditUserRepository @Validated @RestController @RequestMapping("users/{username}") class UserResource( private val managerService: ManagerService, - private val userService: UserService + private val userService: UserService, + private val auditUserRepository: AuditUserRepository ) { @PreAuthorize("hasRole('CRS_REFERRAL')") @GetMapping("managed-cases") fun managedCases(@PathVariable username: String): ManagedCases = - managerService.findCasesManagedBy(username) + managerService.findCasesManagedBy(userNameFrom(username)) @PreAuthorize("hasRole('CRS_REFERRAL')") @RequestMapping("access", method = [RequestMethod.GET, RequestMethod.POST]) fun userAccessCheck( @PathVariable username: String, @Size(min = 1, max = 500, message = "Please provide between 1 and 500 crns") @RequestBody crns: List - ): UserAccess = userService.userAccessFor(username, crns) + ): UserAccess = userService.userAccessFor(userNameFrom(username), crns) @PreAuthorize("hasRole('CRS_REFERRAL')") @GetMapping("details") fun userDetails(@PathVariable username: String): ResponseEntity = - userService.userDetails(username)?.let { ResponseEntity.ok(it) } ?: ResponseEntity.notFound().build() + userService.userDetails(userNameFrom(username))?.let { ResponseEntity.ok(it) } ?: ResponseEntity.notFound() + .build() + + private fun userNameFrom(idOrUsername: String): String = + if (idOrUsername.matches("^\\d.*$".toRegex())) { + auditUserRepository.findByIdOrNull(idOrUsername.toLong())?.username ?: idOrUsername + } else { + idOrUsername + } } diff --git a/projects/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/CrnResource.kt b/projects/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/CrnResource.kt index 3d02d0e3f8..bb6b2a3d72 100644 --- a/projects/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/CrnResource.kt +++ b/projects/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/CrnResource.kt @@ -7,6 +7,7 @@ import uk.gov.justice.digital.hmpps.integrations.delius.person.PersonRepository @RestController class CrnResource(private val personRepository: PersonRepository) { + @PreAuthorize("hasRole('TIER_DETAILS')") @GetMapping("/probation-cases") @PreAuthorize("hasRole('TIER_DETAILS')") fun findAllActiveCrns() = personRepository.findAllCrns()