diff --git a/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/LimitedAccess.kt b/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/LimitedAccess.kt index 5861690150..72a3354461 100644 --- a/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/LimitedAccess.kt +++ b/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/entity/LimitedAccess.kt @@ -81,6 +81,9 @@ class LimitedAccessUser( ) interface UserAccessRepository : JpaRepository { + @Query("select u from LimitedAccessUser u where upper(u.username) = upper(:username) ") + fun findByUsername(username: String): LimitedAccessUser? + @Query( """ select p.crn as crn, '' as exclusionMessage, p.restrictionMessage as restrictionMessage diff --git a/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessService.kt b/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessService.kt index 6a9dcfb6dc..20d226199d 100644 --- a/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessService.kt +++ b/libs/limited-access/src/main/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessService.kt @@ -9,8 +9,11 @@ import uk.gov.justice.digital.hmpps.entity.isRestricted @Service class UserAccessService(private val uar: UserAccessRepository) { fun userAccessFor(username: String, crns: List): UserAccess { - val limitations: Map> = uar.getAccessFor(username, crns).groupBy { it.crn } - return UserAccess(crns.map { limitations[it].combined(it) }) + val user = uar.findByUsername(username) + + val limitations: List = + user?.let { uar.getAccessFor(it.username, crns) } ?: uar.checkLimitedAccessFor(crns) + return UserAccess(crns.map { limitations.groupBy { it.crn }[it].combined(it) }) } fun checkLimitedAccessFor(crns: List): UserAccess { diff --git a/libs/limited-access/src/test/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessServiceTest.kt b/libs/limited-access/src/test/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessServiceTest.kt index d85411e951..8a173a6415 100644 --- a/libs/limited-access/src/test/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessServiceTest.kt +++ b/libs/limited-access/src/test/kotlin/uk/gov/justice/digital/hmpps/service/UserAccessServiceTest.kt @@ -8,6 +8,7 @@ import org.mockito.InjectMocks import org.mockito.Mock import org.mockito.junit.jupiter.MockitoExtension import org.mockito.kotlin.whenever +import uk.gov.justice.digital.hmpps.entity.LimitedAccessUser import uk.gov.justice.digital.hmpps.entity.PersonAccess import uk.gov.justice.digital.hmpps.entity.UserAccessRepository @@ -22,6 +23,7 @@ internal class UserAccessServiceTest { @Test fun `user limited access is correctly returned`() { val pas = givenLimitedAccessResults() + whenever(uar.findByUsername("john-smith")).thenReturn(LimitedAccessUser("john-smith", 1)) whenever(uar.getAccessFor("john-smith", listOf("E123456", "R123456", "B123456", "N123456"))) .thenReturn(pas) @@ -31,6 +33,18 @@ internal class UserAccessServiceTest { assertThat(res, equalTo(userAccess())) } + @Test + fun `user limited access is correctly returned when user doesn't exist`() { + val pas = givenLimitedAccessResults() + whenever(uar.checkLimitedAccessFor(listOf("E123456", "R123456", "B123456", "N123456"))) + .thenReturn(pas) + + val res = userAccessService.userAccessFor("jane-smith", listOf("E123456", "R123456", "B123456", "N123456")) + + assertThat(res.access.size, equalTo(4)) + assertThat(res, equalTo(userAccess())) + } + @Test fun `limited access is correctly returned`() { val pas = givenLimitedAccessResults() diff --git a/projects/arns-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LimitedAccessTest.kt b/projects/arns-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LimitedAccessTest.kt index 8fc1c9d0f0..20094bcd5e 100644 --- a/projects/arns-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LimitedAccessTest.kt +++ b/projects/arns-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LimitedAccessTest.kt @@ -105,4 +105,54 @@ internal class LimitedAccessTest { ) ) } + + @Test + fun `limited access controls are correctly returned with full access`() { + val res = mockMvc.perform( + MockMvcRequestBuilders.post("/users/access?username=${LimitedAccessGenerator.FULL_ACCESS_USER.username}") + .withOAuth2Token(wireMockserver) + .contentType(MediaType.APPLICATION_JSON) + .content( + objectMapper.writeValueAsString( + listOf( + LimitedAccessGenerator.EXCLUDED_CASE.crn, + LimitedAccessGenerator.RESTRICTED_CASE.crn, + LimitedAccessGenerator.UNLIMITED_ACCESS.crn + ) + ) + ) + ).andReturn().response.contentAsString + + val result = objectMapper.readValue(res) + assertThat( + result.access.first { it.crn == LimitedAccessGenerator.EXCLUDED_CASE.crn }, + equalTo( + CaseAccess( + LimitedAccessGenerator.EXCLUDED_CASE.crn, + userExcluded = false, + userRestricted = false + ) + ) + ) + assertThat( + result.access.first { it.crn == LimitedAccessGenerator.RESTRICTED_CASE.crn }, + equalTo( + CaseAccess( + LimitedAccessGenerator.RESTRICTED_CASE.crn, + userExcluded = false, + userRestricted = false + ) + ) + ) + assertThat( + result.access.first { it.crn == LimitedAccessGenerator.UNLIMITED_ACCESS.crn }, + equalTo( + CaseAccess( + LimitedAccessGenerator.UNLIMITED_ACCESS.crn, + userExcluded = false, + userRestricted = false + ) + ) + ) + } }