PI-1833: Added RW roles (#3159)

* PI-1833: Added RW roles

projects/create-and-vary-a-licence-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/UserResource.kt

@@ -14,12 +14,12 @@ import uk.gov.justice.digital.hmpps.ldap.removeRole
 @RestController
 @RequestMapping("users")
 class UserResource(private val ldapTemplate: LdapTemplate) {
-    @PreAuthorize("hasRole('PROBATION_API__CVL__USER_ROLES')")
+    @PreAuthorize("hasAnyRole('PROBATION_API__CVL__USER_ROLES','PROBATION_API__CVL__USER_ROLES__RW')")
     @PutMapping(value = ["/{username}/roles"])
     fun addRole(@PathVariable username: String) =
         ldapTemplate.addRole(username, DeliusRole.LHDCBT002)
 
-    @PreAuthorize("hasRole('PROBATION_API__CVL__USER_ROLES')")
+    @PreAuthorize("hasAnyRole('PROBATION_API__CVL__USER_ROLES','PROBATION_API__CVL__USER_ROLES__RW')")
     @DeleteMapping(value = ["/{username}/roles"])
     fun removeRole(@PathVariable username: String) =
         ldapTemplate.removeRole(username, DeliusRole.LHDCBT002)

projects/create-and-vary-a-licence-and-delius/src/main/resources/application.yml

@@ -60,6 +60,7 @@ context.initializer.classes: uk.gov.justice.digital.hmpps.wiremock.WireMockIniti
 jwt.authorities:
   - ROLE_CVL_CONTEXT
   - ROLE_PROBATION_API__CVL__USER_ROLES
+  - ROLE_PROBATION_API__CVL__USER_ROLES__RW
   - ROLE_PROBATION_API__CVL__CASE_DETAIL
 
 oauth2:

projects/custody-key-dates-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/KeyDateController.kt

@@ -14,7 +14,7 @@ class KeyDateController(
     private val telemetryService: TelemetryService
 ) {
     @PostMapping
-    @PreAuthorize("hasRole('PROBATION_API__CUSTODY_DATES__UPDATE')")
+    @PreAuthorize("hasAnyRole('PROBATION_API__CUSTODY_DATES__UPDATE','PROBATION_API__CUSTODY_DATES__RW')")
     fun updateKeyDates(
         @RequestBody
         @Size(min = 1, max = 1000, message = "Please provide between 1 and 1000 noms numbers")

projects/custody-key-dates-and-delius/src/main/resources/application.yml

@@ -51,6 +51,7 @@ context.initializer.classes: uk.gov.justice.digital.hmpps.wiremock.WireMockIniti
 
 jwt.authorities:
   - ROLE_PROBATION_API__CUSTODY_DATES__UPDATE
+  - ROLE_PROBATION_API__CUSTODY_DATES__RW
 
 messaging.consumer.queue: message-queue
 

projects/hdc-licences-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/UserController.kt

@@ -20,7 +20,7 @@ import java.time.format.DateTimeFormatter
 
 @RestController
 @RequestMapping(value = ["/users/{username}"])
-@PreAuthorize("hasRole('PROBATION_API__HDC__USER_ROLES')")
+@PreAuthorize("hasAnyRole('PROBATION_API__HDC__USER_ROLES','PROBATION_API__HDC__USER_ROLES__RW')")
 class UserController(private val ldapTemplate: LdapTemplate) {
     @GetMapping("/details")
     fun getUserDetails(@PathVariable username: String) = UserDetails(

projects/hdc-licences-and-delius/src/main/resources/application.yml

@@ -50,6 +50,7 @@ context.initializer.classes: uk.gov.justice.digital.hmpps.wiremock.WireMockIniti
 jwt.authorities:
   - ROLE_PROBATION_API__HDC__STAFF
   - ROLE_PROBATION_API__HDC__USER_ROLES
+  - ROLE_PROBATION_API__HDC__USER_ROLES__RW
 
 logging.level:
   uk.gov.justice.digital.hmpps: DEBUG

projects/hmpps-auth-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/controller/UserController.kt

@@ -40,7 +40,7 @@ class UserController(private val userService: UserService) {
     fun getUsersByEmail(@RequestParam email: String) = userService.getUsersByEmail(email)
 
     @PostMapping("/user/{username}/password")
-    @PreAuthorize("hasAnyRole('ROLE_DELIUS_USER_AUTH','PROBATION_API__HMPPS_AUTH__UPDATE_PASSWORD')")
+    @PreAuthorize("hasAnyRole('ROLE_DELIUS_USER_AUTH','PROBATION_API__HMPPS_AUTH__PASSWORD__RW')")
     @Operation(description = "Change a Delius user's password. Requires `ROLE_DELIUS_USER_AUTH`.")
     @ApiResponses(
         value = [

projects/hmpps-auth-and-delius/src/main/resources/application.yml

@@ -51,7 +51,7 @@ jwt.authorities:
   - ROLE_DELIUS_USER_AUTH
   - ROLE_DELIUS_USER_DETAILS
   - ROLE_PROBATION_API__HMPPS_AUTH__AUTHENTICATE
-  - ROLE_PROBATION_API__HMPPS_AUTH__UPDATE_PASSWORD
+  - ROLE_PROBATION_API__HMPPS_AUTH__PASSWORD__RW
   - ROLE_PROBATION_API__HMPPS_AUTH__USER_DETAILS
 
 logging.level:

projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/OfficeLocationResource.kt

@@ -11,7 +11,7 @@ import uk.gov.justice.digital.hmpps.service.ProviderService
 @RequestMapping("/office-locations")
 class OfficeLocationResource(private val providerService: ProviderService) {
 
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping
     fun findAllActiveLocations(): List<OfficeLocation> = providerService.findActiveOfficeLocations()
 }

projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/PduResource.kt

@@ -10,7 +10,7 @@ import uk.gov.justice.digital.hmpps.service.ProviderService
 @RestController
 @RequestMapping("/probation-delivery-units")
 class PduResource(private val providerService: ProviderService) {
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping
     fun findAllDeliveryUnits(): List<DeliveryUnit> = providerService.findSelectableDeliveryUnits()
 }

projects/refer-and-monitor-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/resource/ProbationCaseResource.kt

@@ -21,25 +21,25 @@ class ProbationCaseResource(
     private val personService: PersonService,
     private val convictionService: ConvictionService
 ) {
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping("responsible-officer")
     fun findResponsibleOfficer(@PathVariable crn: String): ResponsibleOfficer =
         managerService.findResponsibleCommunityManager(crn)
 
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping("identifiers")
     fun findIdentifiers(@PathVariable crn: String): CaseIdentifier = personService.findIdentifiers(crn)
 
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping("details")
     fun findDetails(@PathVariable crn: String): ResponseEntity<CaseDetail> =
         personService.findDetailsFor(crn)?.let { ResponseEntity.ok(it) } ?: ResponseEntity.notFound().build()
 
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping("convictions")
     fun findConvictions(@PathVariable crn: String): CaseConvictions = convictionService.findConvictions(crn)
 
-    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL')")
+    @PreAuthorize("hasAnyRole('CRS_REFERRAL','PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW')")
     @GetMapping("convictions/{id}")
     fun findConviction(@PathVariable crn: String, @PathVariable id: Long) = convictionService.findConviction(crn, id)
 }

projects/refer-and-monitor-and-delius/src/main/resources/application.yml

@@ -57,7 +57,7 @@ context.initializer.classes: uk.gov.justice.digital.hmpps.wiremock.WireMockIniti
 
 jwt.authorities:
   - ROLE_CRS_REFERRAL
-  - ROLE_PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL
+  - ROLE_PROBATION_API__REFER_AND_MONITOR__CASE_DETAIL__RW
 
 messaging.consumer.queue: message-queue