PI-1827 Add user access endpoint for Tier UI (#3143)

* PI-1827 Add user access endpoint for Tier UI

* Add test

libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessService.kt

@@ -8,6 +8,9 @@ import uk.gov.justice.digital.hmpps.entity.isRestricted
 
 @Service
 class UserAccessService(private val uar: UserAccessRepository) {
+    fun caseAccessFor(username: String, crn: String) =
+        userAccessFor(username, listOf(crn)).access.first { it.crn == crn }
+
     fun userAccessFor(username: String, crns: List<String>): UserAccess {
         val user = uar.findByUsername(username)
 

libs/limited-access/src/test/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessServiceTest.kt

@@ -57,6 +57,17 @@ internal class UserAccessServiceTest {
         assertThat(res, equalTo(userAccess()))
     }
 
+    @Test
+    fun `single case access is correctly returned`() {
+        val pas = givenLimitedAccessResults()
+        whenever(uar.findByUsername("john-smith")).thenReturn(LimitedAccessUser("john-smith", 1))
+        whenever(uar.getAccessFor("john-smith", listOf("E123456"))).thenReturn(pas)
+
+        val res = userAccessService.caseAccessFor("john-smith", "E123456")
+
+        assertThat(res, equalTo(userAccess().access[0]))
+    }
+
     private fun givenLimitedAccessResults() =
         listOf(
             object : PersonAccess {

projects/tier-to-delius/build.gradle.kts

@@ -8,6 +8,7 @@ dependencies {
     implementation(project(":libs:messaging"))
     implementation(project(":libs:oauth-client"))
     implementation(project(":libs:oauth-server"))
+    implementation(project(":libs:limited-access"))
 
     implementation("org.springframework.boot:spring-boot-starter-actuator")
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")

projects/tier-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/UserController.kt

@@ -0,0 +1,21 @@
+package uk.gov.justice.digital.hmpps.controller
+
+import org.springframework.security.access.prepost.PreAuthorize
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+import uk.gov.justice.digital.hmpps.service.CaseAccess
+import uk.gov.justice.digital.hmpps.service.UserAccessService
+
+@RestController
+@RequestMapping("users")
+@PreAuthorize("hasRole('TIER_DETAILS')")
+class UserController(private val userAccessService: UserAccessService) {
+
+    @GetMapping("/{username}/access/{crn}")
+    fun userAccessCheck(
+        @PathVariable username: String,
+        @PathVariable crn: String,
+    ): CaseAccess = userAccessService.caseAccessFor(username, crn)
+}

projects/tier-to-delius/src/test/kotlin/uk/gov/justice/digital/hmpps/controller/UserControllerTest.kt

@@ -0,0 +1,37 @@
+package uk.gov.justice.digital.hmpps.controller
+
+import org.hamcrest.CoreMatchers.equalTo
+import org.hamcrest.MatcherAssert.assertThat
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.extension.ExtendWith
+import org.mockito.InjectMocks
+import org.mockito.Mock
+import org.mockito.junit.jupiter.MockitoExtension
+import org.mockito.kotlin.whenever
+import uk.gov.justice.digital.hmpps.service.CaseAccess
+import uk.gov.justice.digital.hmpps.service.UserAccessService
+
+@ExtendWith(MockitoExtension::class)
+internal class UserControllerTest {
+    @Mock
+    lateinit var userAccessService: UserAccessService
+
+    @InjectMocks
+    lateinit var userController: UserController
+
+    @Test
+    fun `check user access`() {
+        val caseAccess = CaseAccess(
+            crn = "crn",
+            userRestricted = false,
+            userExcluded = true,
+            exclusionMessage = "testing",
+        )
+
+        whenever(userAccessService.caseAccessFor("username", "crn")).thenReturn(caseAccess)
+
+        val response = userController.userAccessCheck("username", "crn")
+
+        assertThat(response, equalTo(caseAccess))
+    }
+}