From b50e08de885c718a388067c0fefcb3adcff0093e Mon Sep 17 00:00:00 2001 From: pmcphee77 <150798161+pmcphee77@users.noreply.github.com> Date: Mon, 5 Feb 2024 17:19:51 +0000 Subject: [PATCH] PI-1833: Fixed refer and monitor roles (#3163) * PI-1833: Fixed refer and monitor roles * PI-1833: Fixed pre-sentence roles --- .../digital/hmpps/controller/PSRContextController.kt | 2 +- .../justice/digital/hmpps/api/resource/ReferralResource.kt | 4 ++-- .../gov/justice/digital/hmpps/api/resource/UserResource.kt | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/projects/pre-sentence-reports-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/PSRContextController.kt b/projects/pre-sentence-reports-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/PSRContextController.kt index bec0bc5b76..a929a074e4 100644 --- a/projects/pre-sentence-reports-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/PSRContextController.kt +++ b/projects/pre-sentence-reports-to-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/PSRContextController.kt @@ -17,7 +17,7 @@ class PSRContextController( private val service: PreSentenceReportService ) { - @PreAuthorize("hasAnyRole('ROLE_PSR_CONTEXT','PROBATION_API__PSR__CASE_DETAILS')") + @PreAuthorize("hasAnyRole('ROLE_PSR_CONTEXT','PROBATION_API__PSR__CONTEXT')") @Operation( summary = "Probation case information related to the pre-sentence report", description = """Creating a pre-sentence report requires details of the relevant diff --git a/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/ReferralResource.kt b/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/ReferralResource.kt index 701ff57b26..6206d07677 100644 --- a/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/ReferralResource.kt +++ b/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/ReferralResource.kt @@ -19,7 +19,7 @@ class ReferralResource( private val nsiService: NsiService, private val appointmentService: AppointmentService ) { - @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')") + @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')") @PutMapping @ResponseStatus(HttpStatus.NO_CONTENT) fun referralStarted(@PathVariable crn: String, @RequestBody referralStarted: ReferralStarted) { @@ -30,7 +30,7 @@ class ReferralResource( ) } - @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')") + @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')") @PutMapping("/{referralId}/appointments") @ResponseStatus(HttpStatus.OK) fun mergeAppointment( diff --git a/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt b/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt index cba12a7ff9..cd4fff40f8 100644 --- a/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt +++ b/projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt @@ -26,19 +26,19 @@ class UserResource( private val userService: UserService, private val auditUserRepository: AuditUserRepository ) { - @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')") + @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')") @GetMapping("managed-cases") fun managedCases(@PathVariable username: String): ManagedCases = managerService.findCasesManagedBy(userNameFrom(username)) - @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')") + @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')") @RequestMapping("access", method = [RequestMethod.GET, RequestMethod.POST]) fun userAccessCheck( @PathVariable username: String, @Size(min = 1, max = 500, message = "Please provide between 1 and 500 crns") @RequestBody crns: List ): UserAccess = userService.userAccessFor(userNameFrom(username), crns) - @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')") + @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')") @GetMapping("details") fun userDetails(@PathVariable username: String): ResponseEntity = userService.userDetails(userNameFrom(username))?.let { ResponseEntity.ok(it) } ?: ResponseEntity.notFound()