Skip to content

Commit 09ae1b2

Browse files
paddynski-mojpaddynski-moj
authored
[BTD-556] New role (#109)
1 parent 7ab39b4 commit 09ae1b2

File tree

11 files changed

+107
-53
lines changed

11 files changed

+107
-53
lines changed

src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/OpenApiConfiguration.kt

+12-4
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,14 @@ import io.swagger.v3.oas.models.servers.Server
88
import org.springframework.boot.info.BuildProperties
99
import org.springframework.context.annotation.Bean
1010
import org.springframework.context.annotation.Configuration
11+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Keys.KEY_LEARNERS
12+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Keys.KEY_MATCHING
13+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLES
14+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_MATCH__RW
15+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
1116

1217
@Configuration
1318
class OpenApiConfiguration(buildProperties: BuildProperties) {
14-
private val version: String = buildProperties.version
1519

1620
@Bean
1721
fun customOpenAPI(): OpenAPI = OpenAPI()
@@ -27,11 +31,15 @@ class OpenApiConfiguration(buildProperties: BuildProperties) {
2731
)
2832
.components(
2933
Components().addSecuritySchemes(
30-
"learner-records-search-read-only-role",
31-
SecurityScheme().addBearerJwtRequirement("ROLE_LEARNER_RECORDS_SEARCH__RO"),
34+
KEY_LEARNERS,
35+
SecurityScheme().addBearerJwtRequirement(ROLE_LEARNER_RECORDS_SEARCH__RO),
36+
).addSecuritySchemes(
37+
KEY_MATCHING,
38+
SecurityScheme().addBearerJwtRequirement(ROLE_LEARNER_RECORDS_MATCH__RW),
3239
),
3340
)
34-
.addSecurityItem(SecurityRequirement().addList("learner-records-search-read-only-role", listOf("read")))
41+
.addSecurityItem(SecurityRequirement().addList(KEY_LEARNERS, ROLES[ROLE_LEARNER_RECORDS_SEARCH__RO]))
42+
.addSecurityItem(SecurityRequirement().addList(KEY_MATCHING, ROLES[ROLE_LEARNER_RECORDS_MATCH__RW]))
3543
}
3644

3745
private fun SecurityScheme.addBearerJwtRequirement(role: String): SecurityScheme = type(SecurityScheme.Type.HTTP)

src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/Roles.kt

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
package uk.gov.justice.digital.hmpps.learnerrecordsapi.config
2+
3+
object Keys {
4+
5+
const val KEY_LEARNERS = "role-learners"
6+
const val KEY_MATCHING = "role-matching"
7+
}
8+
9+
object Roles {
10+
11+
const val ROLE_LEARNER_RECORDS_SEARCH__RO =
12+
"ROLE_LEARNER_RECORDS_SEARCH__RO"
13+
14+
const val ROLE_LEARNER_RECORDS_MATCH__RW =
15+
"ROLE_LEARNER_RECORDS_MATCH__RW"
16+
17+
private const val READ = "read"
18+
private const val WRITE = "write"
19+
20+
val ROLES = mapOf(
21+
ROLE_LEARNER_RECORDS_SEARCH__RO to listOf(READ),
22+
ROLE_LEARNER_RECORDS_MATCH__RW to listOf(READ, WRITE),
23+
)
24+
}

src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/LearnerEventsResource.kt

+2-1
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.RequestHeader
1111
import org.springframework.web.bind.annotation.RequestMapping
1212
import org.springframework.web.bind.annotation.RestController
1313
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.AuditEvent.createAuditEvent
14+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
1415
import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil
1516
import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil.log
1617
import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.LearnerEventsRequest
@@ -20,7 +21,7 @@ import uk.gov.justice.digital.hmpps.learnerrecordsapi.service.LearnerEventsServi
2021
import uk.gov.justice.hmpps.sqs.audit.HmppsAuditService
2122

2223
@RestController
23-
@PreAuthorize("hasRole('ROLE_LEARNER_RECORDS_SEARCH__RO')")
24+
@PreAuthorize("hasRole('$ROLE_LEARNER_RECORDS_SEARCH__RO')")
2425
@RequestMapping(value = ["/learner-events"], produces = ["application/json"])
2526
class LearnerEventsResource(
2627
private val learnerEventsService: LearnerEventsService,

src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/LearnersResource.kt

+2-1
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.RequestHeader
1111
import org.springframework.web.bind.annotation.RequestMapping
1212
import org.springframework.web.bind.annotation.RestController
1313
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.AuditEvent.createAuditEvent
14+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
1415
import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil
1516
import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil.log
1617
import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.LearnersRequest
@@ -20,7 +21,7 @@ import uk.gov.justice.digital.hmpps.learnerrecordsapi.service.LearnersService
2021
import uk.gov.justice.hmpps.sqs.audit.HmppsAuditService
2122

2223
@RestController
23-
@PreAuthorize("hasRole('ROLE_LEARNER_RECORDS_SEARCH__RO')")
24+
@PreAuthorize("hasRole('$ROLE_LEARNER_RECORDS_SEARCH__RO')")
2425
@RequestMapping(value = ["/learners"], produces = ["application/json"])
2526
class LearnersResource(
2627
private val learnersService: LearnersService,

src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/MatchResource.kt

+2-1
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.RequestBody
1212
import org.springframework.web.bind.annotation.RequestHeader
1313
import org.springframework.web.bind.annotation.RequestMapping
1414
import org.springframework.web.bind.annotation.RestController
15+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_MATCH__RW
1516
import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil
1617
import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil.log
1718
import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.ConfirmMatchRequest
@@ -22,8 +23,8 @@ import uk.gov.justice.digital.hmpps.learnerrecordsapi.openapi.MatchConfirmApi
2223
import uk.gov.justice.digital.hmpps.learnerrecordsapi.service.MatchService
2324
import java.net.URI
2425

26+
@PreAuthorize("hasRole('$ROLE_LEARNER_RECORDS_MATCH__RW')")
2527
@RestController
26-
@PreAuthorize("hasRole('ROLE_LEARNER_RECORDS_SEARCH__RO')")
2728
@RequestMapping(value = ["/match"], produces = ["application/json"])
2829
class MatchResource(
2930
private val matchService: MatchService,

src/test/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/HmppsBoldLrsExceptionHandlerTest.kt

+3-2
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import org.junit.jupiter.api.BeforeEach
66
import org.junit.jupiter.api.Test
77
import org.springframework.beans.factory.annotation.Autowired
88
import org.springframework.http.HttpStatus
9+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
910
import uk.gov.justice.digital.hmpps.learnerrecordsapi.integration.IntegrationTestBase
1011
import java.time.Duration
1112

@@ -32,7 +33,7 @@ class HmppsBoldLrsExceptionHandlerTest : IntegrationTestBase() {
3233
val actualResponse = objectMapper.readValue(
3334
webTestClient.post()
3435
.uri(uri)
35-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
36+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
3637
.exchange()
3738
.expectStatus()
3839
.isEqualTo(expectedStatus)
@@ -123,7 +124,7 @@ class HmppsBoldLrsExceptionHandlerTest : IntegrationTestBase() {
123124
val actualResponse = objectMapper.readValue(
124125
webTestClient.post()
125126
.uri("/test/okhttp-timeout")
126-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
127+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
127128
.exchange()
128129
.expectStatus()
129130
.isEqualTo(HttpStatus.REQUEST_TIMEOUT)

src/test/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/ValidationTest.kt

+13-12
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import org.junit.jupiter.api.Test
66
import org.springframework.beans.factory.annotation.Autowired
77
import org.springframework.http.HttpStatus
88
import org.springframework.http.MediaType
9+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
910
import uk.gov.justice.digital.hmpps.learnerrecordsapi.integration.IntegrationTestBase
1011
import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.Gender
1112

@@ -42,7 +43,7 @@ class ValidationTest : IntegrationTestBase() {
4243
val actualResponse = objectMapper.readValue(
4344
webTestClient.post()
4445
.uri("/learners")
45-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
46+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
4647
.header("X-Username", "TestUser")
4748
.bodyValue(findLearnerByDemographicsRequest)
4849
.accept(MediaType.parseMediaType("application/json"))
@@ -84,7 +85,7 @@ class ValidationTest : IntegrationTestBase() {
8485
val actualResponse = objectMapper.readValue(
8586
webTestClient.post()
8687
.uri("/learners")
87-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
88+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
8889
.header("X-Username", "TestUser")
8990
.bodyValue(findLearnerByDemographicsRequest)
9091
.accept(MediaType.parseMediaType("application/json"))
@@ -122,7 +123,7 @@ class ValidationTest : IntegrationTestBase() {
122123
val actualResponse = objectMapper.readValue(
123124
webTestClient.post()
124125
.uri("/learner-events")
125-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
126+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
126127
.header("X-Username", "TestUser")
127128
.bodyValue(learnerEventsRequest)
128129
.accept(MediaType.parseMediaType("application/json"))
@@ -163,7 +164,7 @@ class ValidationTest : IntegrationTestBase() {
163164
val actualResponse = objectMapper.readValue(
164165
webTestClient.post()
165166
.uri("/learners")
166-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
167+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
167168
.header("X-Username", "TestUser")
168169
.bodyValue(findLearnerByDemographicsRequest)
169170
.accept(MediaType.parseMediaType("application/json"))
@@ -204,7 +205,7 @@ class ValidationTest : IntegrationTestBase() {
204205
val actualResponse = objectMapper.readValue(
205206
webTestClient.post()
206207
.uri("/learners")
207-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
208+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
208209
.header("X-Username", "TestUser")
209210
.bodyValue(findLearnerByDemographicsRequest)
210211
.accept(MediaType.parseMediaType("application/json"))
@@ -245,7 +246,7 @@ class ValidationTest : IntegrationTestBase() {
245246
val actualResponse = objectMapper.readValue(
246247
webTestClient.post()
247248
.uri("/learners")
248-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
249+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
249250
.header("X-Username", "TestUser")
250251
.bodyValue(findLearnerByDemographicsRequest)
251252
.accept(MediaType.parseMediaType("application/json"))
@@ -282,7 +283,7 @@ class ValidationTest : IntegrationTestBase() {
282283
val actualResponse = objectMapper.readValue(
283284
webTestClient.post()
284285
.uri("/learner-events")
285-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
286+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
286287
.header("X-Username", "TestUser")
287288
.bodyValue(learnerEventsRequest)
288289
.accept(MediaType.parseMediaType("application/json"))
@@ -319,7 +320,7 @@ class ValidationTest : IntegrationTestBase() {
319320
val actualResponse = objectMapper.readValue(
320321
webTestClient.post()
321322
.uri("/learner-events")
322-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
323+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
323324
.header("X-Username", "TestUser")
324325
.bodyValue(learnerEventsRequest)
325326
.accept(MediaType.parseMediaType("application/json"))
@@ -356,7 +357,7 @@ class ValidationTest : IntegrationTestBase() {
356357
val actualResponse = objectMapper.readValue(
357358
webTestClient.post()
358359
.uri("/learners")
359-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
360+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
360361
.header("X-Username", "TestUser")
361362
.contentType(MediaType.APPLICATION_JSON)
362363
.bodyValue(findLearnerByDemographicsRequest)
@@ -393,7 +394,7 @@ class ValidationTest : IntegrationTestBase() {
393394
val actualResponse = objectMapper.readValue(
394395
webTestClient.post()
395396
.uri("/learner-events")
396-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
397+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
397398
.header("X-Username", "TestUser").contentType(MediaType.APPLICATION_JSON)
398399
.bodyValue(findLearnerByDemographicsRequest)
399400
.exchange()
@@ -433,7 +434,7 @@ class ValidationTest : IntegrationTestBase() {
433434
val actualResponse = objectMapper.readValue(
434435
webTestClient.post()
435436
.uri("/learners")
436-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
437+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
437438
.header("X-Username", "TestUser")
438439
.contentType(MediaType.APPLICATION_JSON)
439440
.bodyValue(requestJsonWithoutGivenName)
@@ -475,7 +476,7 @@ class ValidationTest : IntegrationTestBase() {
475476
val actualResponse = objectMapper.readValue(
476477
webTestClient.post()
477478
.uri("/learner-events")
478-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
479+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
479480
.header("X-Username", "TestUser")
480481
.contentType(MediaType.APPLICATION_JSON)
481482
.bodyValue(requestJsonWithoutGivenName)

src/test/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/integration/LearnerEventsResourceIntTest.kt

+9-8
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import org.springframework.http.MediaType
1111
import software.amazon.awssdk.services.sqs.model.PurgeQueueRequest
1212
import software.amazon.awssdk.services.sqs.model.ReceiveMessageRequest
1313
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.HmppsBoldLrsExceptionHandler
14+
import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
1415
import uk.gov.justice.digital.hmpps.learnerrecordsapi.integration.wiremock.LRSApiExtension.Companion.lrsApiMock
1516
import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.lrsapi.response.LearningEvent
1617
import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.Gender
@@ -54,7 +55,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
5455
val actualResponse = objectMapper.readValue(
5556
webTestClient.post()
5657
.uri("/learner-events")
57-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
58+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
5859
.header("X-Username", "TestUser")
5960
.bodyValue(getLearningEventsRequest)
6061
.accept(MediaType.parseMediaType("application/json"))
@@ -104,7 +105,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
104105
val actualResponse = objectMapper.readValue(
105106
webTestClient.post()
106107
.uri("/learner-events")
107-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
108+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
108109
.header("X-Username", "TestUser")
109110
.bodyValue(getLearningEventsRequest)
110111
.accept(MediaType.parseMediaType("application/json"))
@@ -158,7 +159,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
158159
val actualResponse = objectMapper.readValue(
159160
webTestClient.post()
160161
.uri("/learner-events")
161-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
162+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
162163
.header("X-Username", "TestUser")
163164
.bodyValue(getLearningEventsRequest)
164165
.accept(MediaType.parseMediaType("application/json"))
@@ -189,7 +190,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
189190
val actualResponse = objectMapper.readValue(
190191
webTestClient.post()
191192
.uri("/learner-events")
192-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
193+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
193194
.header("X-Username", "TestUser")
194195
.bodyValue(getLearningEventsRequest)
195196
.accept(MediaType.parseMediaType("application/json"))
@@ -220,7 +221,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
220221
val actualResponse = objectMapper.readValue(
221222
webTestClient.post()
222223
.uri("/learner-events")
223-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
224+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
224225
.header("X-Username", "TestUser")
225226
.bodyValue(getLearningEventsRequest)
226227
.accept(MediaType.parseMediaType("application/json"))
@@ -243,7 +244,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
243244
val actualResponse = objectMapper.readValue(
244245
webTestClient.post()
245246
.uri("/learner-events")
246-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
247+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
247248
.bodyValue(getLearningEventsRequest)
248249
.accept(MediaType.parseMediaType("application/json"))
249250
.exchange()
@@ -271,7 +272,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
271272
val actualResponse = objectMapper.readValue(
272273
webTestClient.post()
273274
.uri("/learner-events")
274-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
275+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
275276
.header("X-Username", "TestUser")
276277
.bodyValue(extendedRequestBody)
277278
.accept(MediaType.parseMediaType("application/json"))
@@ -302,7 +303,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
302303
lrsApiMock.stubLearningEventsExactMatchFull()
303304
webTestClient.post()
304305
.uri("/learner-events")
305-
.headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
306+
.headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
306307
.header("X-Username", "TestUser")
307308
.bodyValue(getLearningEventsRequest)
308309
.accept(MediaType.parseMediaType("application/json"))

0 commit comments

Comments
 (0)