HMAI-95 Add prison filters to prisoner endpoint (#558)

* If prisons filter present, only return prisoner if in matching prison.

* Add tests for more of the error cases.

* Add test for no conumer filters preserving backwards compatibility

* Simplify if condition for verifying if match.

* Extract function for whether a value should be filtered out.

* Fix the integration test.

* Add test for empty list of prisons has no access.

Author: ben-madley-mt

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/controllers/v1/prison/PrisonController.kt

@@ -10,6 +10,7 @@ import jakarta.validation.ValidationException
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.RequestAttribute
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
@@ -19,6 +20,7 @@ import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.Person
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.UpstreamApi
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.UpstreamApiError.Type.BAD_REQUEST
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.UpstreamApiError.Type.ENTITY_NOT_FOUND
+import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.roleconfig.ConsumerFilters
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.services.GetPersonService
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.services.GetPrisonersService
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.services.internal.AuditService
@@ -52,8 +54,9 @@ class PrisonController(
   )
   fun getPerson(
     @PathVariable hmppsId: String,
+    @RequestAttribute filters: ConsumerFilters?,
   ): DataResponse<Person?> {
-    val response = getPersonService.getPrisoner(hmppsId)
+    val response = getPersonService.getPrisoner(hmppsId, filters)
 
     if (response.hasErrorCausedBy(BAD_REQUEST, causedBy = UpstreamApi.NOMIS)) {
       throw ValidationException("Invalid HMPPS ID: $hmppsId")

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/extensions/ConsumerConfigConverter.kt

@@ -10,5 +10,5 @@ import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.roleconfig.Consum
 @ConfigurationPropertiesBinding
 class ConsumerConfigConverter : Converter<String, ConsumerConfig> {
   // Specifically used in the case where there is a consumer config with no fields
-  override fun convert(source: String): ConsumerConfig? = ConsumerConfig(include = emptyList(), filters = ConsumerFilters())
+  override fun convert(source: String): ConsumerConfig? = ConsumerConfig(include = emptyList(), filters = ConsumerFilters(prisons = null))
 }

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/extensions/ConsumerFilterConverter.kt

@@ -8,5 +8,5 @@ import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.roleconfig.Consum
 @Component
 @ConfigurationPropertiesBinding
 class ConsumerFilterConverter : Converter<String, ConsumerFilters> {
-  override fun convert(source: String): ConsumerFilters? = ConsumerFilters()
+  override fun convert(source: String): ConsumerFilters? = ConsumerFilters(prisons = null)
 }

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/models/roleconfig/ConsumerFilters.kt

@@ -1,5 +1,20 @@
 package uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.roleconfig
 
 data class ConsumerFilters(
-  val filters: Map<String, List<String>>? = emptyMap(),
-)
+  val prisons: List<String>?,
+) {
+  fun matchesPrison(prisonId: String?): Boolean = matchesFilterList(prisons, prisonId)
+
+  private fun matchesFilterList(
+    filterList: List<String>?,
+    value: String?,
+  ): Boolean {
+    if (filterList == null) {
+      return true
+    }
+    if (filterList.contains(value)) {
+      return true
+    }
+    return false
+  }
+}

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/services/GetPersonService.kt

@@ -10,6 +10,7 @@ import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.Person
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.Response
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.UpstreamApi
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps.UpstreamApiError
+import uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.roleconfig.ConsumerFilters
 
 @Service
 class GetPersonService(
@@ -109,7 +110,10 @@ class GetPersonService(
 
   fun getPersonFromNomis(nomisNumber: String) = prisonerOffenderSearchGateway.getPrisonOffender(nomisNumber)
 
-  fun getPrisoner(hmppsId: String): Response<Person?> {
+  fun getPrisoner(
+    hmppsId: String,
+    filters: ConsumerFilters?,
+  ): Response<Person?> {
     val prisonerNomisNumber = getNomisNumber(hmppsId)
 
     if (prisonerNomisNumber.errors.isNotEmpty()) {
@@ -144,8 +148,19 @@ class GetPersonService(
       )
     }
 
+    val posPrisoner = prisonResponse.data
+
+    if (
+      filters != null && !filters.matchesPrison(posPrisoner?.prisonId)
+    ) {
+      return Response(
+        data = null,
+        errors = listOf(UpstreamApiError(UpstreamApi.PRISONER_OFFENDER_SEARCH, UpstreamApiError.Type.ENTITY_NOT_FOUND, "Not found")),
+      )
+    }
+
     return Response(
-      data = prisonResponse.data?.toPerson(),
+      data = posPrisoner?.toPerson(),
       errors = prisonResponse.errors,
     )
   }

src/main/resources/application-integration-test.yml

@@ -93,3 +93,14 @@ authorisation:
       include:
         - "/.*"
       filters:
+    limited-prisons:
+      include:
+        - "/v1/prison/prisoners/[^/]*$"
+      filters:
+        prisons:
+          - ABC
+    no-prisons:
+      include:
+        - "/v1/prison/prisoners/[^/]*$"
+      filters:
+        prisons:

src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/controllers/v1/prison/PrisonControllerTest.kt

@@ -3,6 +3,8 @@ package uk.gov.justice.digital.hmpps.hmppsintegrationapi.controllers.v1.prison
 import io.kotest.core.spec.style.DescribeSpec
 import io.kotest.matchers.shouldBe
 import org.mockito.Mockito
+import org.mockito.kotlin.anyOrNull
+import org.mockito.kotlin.eq
 import org.mockito.kotlin.times
 import org.mockito.kotlin.verify
 import org.mockito.kotlin.whenever
@@ -51,15 +53,15 @@ internal class PrisonControllerTest(
       }
 
       it("returns 500 when service throws an exception") {
-        whenever(getPersonService.getPrisoner(hmppsId)).thenThrow(RuntimeException("Service error"))
+        whenever(getPersonService.getPrisoner(eq(hmppsId), anyOrNull())).thenThrow(RuntimeException("Service error"))
 
         val result = mockMvc.performAuthorised("$basePath/prisoners/$hmppsId")
 
         result.response.status.shouldBe(500)
       }
 
       it("returns a person with all fields populated") {
-        whenever(getPersonService.getPrisoner(hmppsId)).thenReturn(
+        whenever(getPersonService.getPrisoner(eq(hmppsId), anyOrNull())).thenReturn(
           Response(
             data =
               Person(
@@ -110,7 +112,7 @@ internal class PrisonControllerTest(
       }
 
       it("logs audit event") {
-        whenever(getPersonService.getPrisoner(hmppsId)).thenReturn(
+        whenever(getPersonService.getPrisoner(eq(hmppsId), anyOrNull())).thenReturn(
           Response(
             data =
               Person(
@@ -136,7 +138,7 @@ internal class PrisonControllerTest(
       }
 
       it("returns 404 when prisoner is not found") {
-        whenever(getPersonService.getPrisoner(hmppsId)).thenReturn(
+        whenever(getPersonService.getPrisoner(eq(hmppsId), anyOrNull())).thenReturn(
           Response(
             data = null,
             errors =
@@ -156,7 +158,7 @@ internal class PrisonControllerTest(
       }
 
       it("returns 404 when NOMIS number is not found") {
-        whenever(getPersonService.getPrisoner(hmppsId)).thenReturn(
+        whenever(getPersonService.getPrisoner(eq(hmppsId), anyOrNull())).thenReturn(
           Response(
             data = null,
             errors =
@@ -176,7 +178,7 @@ internal class PrisonControllerTest(
       }
 
       it("returns 400 when HMPPS ID does not match format") {
-        whenever(getPersonService.getPrisoner(hmppsId)).thenReturn(
+        whenever(getPersonService.getPrisoner(eq(hmppsId), anyOrNull())).thenReturn(
           Response(
             data = null,
             errors =

src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/extensions/AuthorisationFilterTest.kt

@@ -27,7 +27,7 @@ class AuthorisationFilterTest {
     val mockResponse = mock(HttpServletResponse::class.java)
     val mockChain = mock(FilterChain::class.java)
 
-    authorisationConfig.consumers = mapOf(exampleConsumer to ConsumerConfig(include = listOf(examplePath), filters = ConsumerFilters(emptyMap())))
+    authorisationConfig.consumers = mapOf(exampleConsumer to ConsumerConfig(include = listOf(examplePath), filters = ConsumerFilters(prisons = null)))
 
     // Act
     authorisationFilter.doFilter(mockRequest, mockResponse, mockChain)
@@ -44,7 +44,7 @@ class AuthorisationFilterTest {
     val mockResponse = mock(HttpServletResponse::class.java)
     val mockChain = mock(FilterChain::class.java)
 
-    authorisationConfig.consumers = mapOf(exampleConsumer to ConsumerConfig(include = emptyList(), filters = ConsumerFilters(emptyMap())))
+    authorisationConfig.consumers = mapOf(exampleConsumer to ConsumerConfig(include = emptyList(), filters = ConsumerFilters(prisons = null)))
 
     val authorisationFilter = AuthorisationFilter(authorisationConfig)
 

src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/extensions/ConsumerConfigConverterTest.kt

@@ -13,6 +13,6 @@ class ConsumerConfigConverterTest {
     val consumerConfig = ""
     val actual = ConsumerConfigConverter().convert(consumerConfig)
 
-    actual.shouldBe(ConsumerConfig(emptyList(), ConsumerFilters()))
+    actual.shouldBe(ConsumerConfig(emptyList(), ConsumerFilters(prisons = null)))
   }
 }

src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/extensions/ConsumerFilterConverterTest.kt

@@ -12,6 +12,6 @@ class ConsumerFilterConverterTest {
     val consumerConfig = ""
     val actual = ConsumerFilterConverter().convert(consumerConfig)
 
-    actual.shouldBe(ConsumerFilters())
+    actual.shouldBe(ConsumerFilters(prisons = null))
   }
 }

src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/extensions/FiltersExtractionFilterTest.kt

@@ -25,7 +25,7 @@ class FiltersExtractionFilterTest {
     val mockResponse = mock(HttpServletResponse::class.java)
     val mockChain = mock(FilterChain::class.java)
 
-    authorisationConfig.consumers = mapOf("consumer-name" to ConsumerConfig(include = null, filters = ConsumerFilters(emptyMap())))
+    authorisationConfig.consumers = mapOf("consumer-name" to ConsumerConfig(include = null, filters = ConsumerFilters(prisons = null)))
 
     // Act
     filtersExtractionFilter.doFilter(mockRequest, mockResponse, mockChain)
@@ -43,7 +43,7 @@ class FiltersExtractionFilterTest {
     val mockResponse = mock(HttpServletResponse::class.java)
     val mockChain = mock(FilterChain::class.java)
 
-    val expectedFilters = ConsumerFilters(mapOf("example-filter" to listOf("filter-1", "filter-2")))
+    val expectedFilters = ConsumerFilters(prisons = listOf("filter-1", "filter-2"))
     authorisationConfig.consumers = mapOf("consumer-name" to ConsumerConfig(include = null, filters = expectedFilters))
 
     // Act
@@ -62,7 +62,7 @@ class FiltersExtractionFilterTest {
     val mockResponse = mock(HttpServletResponse::class.java)
     val mockChain = mock(FilterChain::class.java)
 
-    val expectedFilters = ConsumerFilters(mapOf("example-filter" to listOf("filter-1", "filter-2")))
+    val expectedFilters = ConsumerFilters(prisons = listOf("filter-1", "filter-2"))
     authorisationConfig.consumers = mapOf("consumer-name" to ConsumerConfig(include = null, filters = expectedFilters))
 
     // Act

src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/integration/prison/PrisonIntegrationTest.kt

@@ -1,6 +1,8 @@
 package uk.gov.justice.digital.hmpps.hmppsintegrationapi.integration.prison
 
 import org.junit.jupiter.api.Test
+import org.springframework.http.HttpHeaders
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.content
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
 import uk.gov.justice.digital.hmpps.hmppsintegrationapi.integration.IntegrationTestBase
@@ -19,6 +21,26 @@ class PrisonIntegrationTest : IntegrationTestBase() {
       .andExpect(content().json(getExpectedResponse("prisoner-response")))
   }
 
+  @Test
+  fun `return a 404 for prisoner in wrong prison`() {
+    val headers = HttpHeaders()
+    headers.set("subject-distinguished-name", "C=GB,ST=London,L=London,O=Home Office,CN=limited-prisons")
+    mockMvc.perform(
+      get("$basePrisonPath/prisoners/$hmppsId").headers(headers),
+    )
+      .andExpect(status().isNotFound)
+  }
+
+  @Test
+  fun `return a 404 for if consumer has empty list of prisons`() {
+    val headers = HttpHeaders()
+    headers.set("subject-distinguished-name", "C=GB,ST=London,L=London,O=Home Office,CN=no-prisons")
+    mockMvc.perform(
+      get("$basePrisonPath/prisoners/$hmppsId").headers(headers),
+    )
+      .andExpect(status().isNotFound)
+  }
+
   @Test
   fun `return multiple prisoners when querying by complex parameters`() {
     callApi("$basePrisonPath/prisoners?first_name=$firstName&last_name=$lastName&dateOfBirth=$dateOfBirth")