diff --git a/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LaoCaseloadIntegrationTest.kt b/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LaoCaseloadIntegrationTest.kt index beaf388719..019035815d 100644 --- a/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LaoCaseloadIntegrationTest.kt +++ b/projects/manage-supervision-and-delius/src/integrationTest/kotlin/uk/gov/justice/digital/hmpps/LaoCaseloadIntegrationTest.kt @@ -9,14 +9,18 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock import org.springframework.boot.test.context.SpringBootTest import org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT import org.springframework.test.web.servlet.MockMvc +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status import uk.gov.justice.digital.hmpps.api.model.user.StaffCaseload import uk.gov.justice.digital.hmpps.data.generator.ContactGenerator.LIMITED_ACCESS_USER import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.EXCLUSION +import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.PERSONAL_DETAILS import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.RESTRICTION import uk.gov.justice.digital.hmpps.data.generator.personalDetails.PersonDetailsGenerator.RESTRICTION_EXCLUSION +import uk.gov.justice.digital.hmpps.service.UserAccess import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.contentAsJson +import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.withJson import uk.gov.justice.digital.hmpps.test.MockMvcExtensions.withToken @AutoConfigureMockMvc @@ -27,7 +31,6 @@ internal class LaoCaseloadIntegrationTest { @Test fun `all caseload activity for an lao user`() { - val person = LIMITED_ACCESS_USER val res = mockMvc .perform(get("/caseload/user/${person.username}").withToken()) @@ -65,4 +68,42 @@ internal class LaoCaseloadIntegrationTest { assertThat(caseload[3].limitedAccess, equalTo(false)) assertNotEquals(caseload[3].caseName, null) } + + @Test + fun `check lao access for a user with list of crns`() { + val person = LIMITED_ACCESS_USER + val crns = listOf(RESTRICTION_EXCLUSION.crn, EXCLUSION.crn, RESTRICTION.crn, PERSONAL_DETAILS.crn) + val res = mockMvc + .perform( + MockMvcRequestBuilders.post("/user/${person.username}/access").withToken() + .withJson(crns) + ) + .andExpect(status().isOk) + .andReturn().response.contentAsJson() + + val userAccess = res.access.sortedBy { it.crn } + + assertThat(userAccess[0].userExcluded, equalTo(true)) + assertThat(userAccess[0].userRestricted, equalTo(true)) + + assertThat(userAccess[1].userExcluded, equalTo(true)) + assertThat(userAccess[1].userRestricted, equalTo(false)) + + assertThat(userAccess[2].userExcluded, equalTo(false)) + assertThat(userAccess[2].userRestricted, equalTo(true)) + + assertThat(userAccess[3].userExcluded, equalTo(false)) + assertThat(userAccess[3].userRestricted, equalTo(false)) + } + + @Test + fun `check lao access returns 400 when no crns are provided`() { + val person = LIMITED_ACCESS_USER + mockMvc + .perform( + MockMvcRequestBuilders.post("/user/${person.username}/access").withToken() + .withJson(emptyList()) + ) + .andExpect(status().isBadRequest) + } } diff --git a/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/controller/UserAccessController.kt b/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/controller/UserAccessController.kt index 3978f62ff5..707c27de01 100644 --- a/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/controller/UserAccessController.kt +++ b/projects/manage-supervision-and-delius/src/main/kotlin/uk/gov/justice/digital/hmpps/api/controller/UserAccessController.kt @@ -1,10 +1,9 @@ package uk.gov.justice.digital.hmpps.api.controller import io.swagger.v3.oas.annotations.tags.Tag +import jakarta.validation.constraints.Size import org.springframework.security.access.prepost.PreAuthorize -import org.springframework.web.bind.annotation.GetMapping -import org.springframework.web.bind.annotation.PathVariable -import org.springframework.web.bind.annotation.RestController +import org.springframework.web.bind.annotation.* import uk.gov.justice.digital.hmpps.service.UserAccessService @RestController @@ -14,4 +13,11 @@ class UserAccessController(private val userAccessService: UserAccessService) { @GetMapping("/user/{username}/access/{crn}") fun checkAccess(@PathVariable username: String, @PathVariable crn: String) = userAccessService.caseAccessFor(username, crn) + + @PostMapping("/user/{username}/access") + fun checkUserAccess( + @PathVariable username: String, + @Size(min = 1, max = 500, message = "Please provide between 1 and 500 crns") + @RequestBody crns: List + ) = userAccessService.userAccessFor(username, crns) } \ No newline at end of file