From f860fc38c1f354aafaa2d8b76cac6b7d0e227b37 Mon Sep 17 00:00:00 2001 From: Michael Clancy Date: Tue, 19 Nov 2024 15:46:27 +0000 Subject: [PATCH] CDPS-1054: Updated roles to be read or read/write and allowed access to reference data to either role. --- .../CorePersonRecordRoleConstants.kt | 2 +- .../resource/CorePersonRecordV1Resource.kt | 16 ++++++++-------- ...ersonProtectedCharacteristicsRoleConstants.kt | 2 +- .../PersonProtectedCharacteristicsV1Resource.kt | 13 +++++-------- .../CorePersonRecordV1ResourceIntTest.kt | 6 +++--- ...nProtectedCharacteristicsV1ResourceIntTest.kt | 2 +- 6 files changed, 19 insertions(+), 22 deletions(-) diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/CorePersonRecordRoleConstants.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/CorePersonRecordRoleConstants.kt index 11c5a7a..e789a58 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/CorePersonRecordRoleConstants.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/CorePersonRecordRoleConstants.kt @@ -2,5 +2,5 @@ package uk.gov.justice.digital.hmpps.personintegrationapi.corepersonrecord object CorePersonRecordRoleConstants { const val CORE_PERSON_RECORD_READ_ROLE = "ROLE_CORE_PERSON_API__CORE_PERSON_DATA__RO" - const val CORE_PERSON_RECORD_WRITE_ROLE = "ROLE_CORE_PERSON_API__CORE_PERSON_DATA__RW" + const val CORE_PERSON_RECORD_READ_WRITE_ROLE = "ROLE_CORE_PERSON_API__CORE_PERSON_DATA__RW" } diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1Resource.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1Resource.kt index 1f3f6bc..05fa2a0 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1Resource.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1Resource.kt @@ -46,7 +46,7 @@ class CorePersonRecordV1Resource( @ResponseStatus(HttpStatus.OK) @Operation( summary = "Performs partial updates on the core person record by prisoner number", - description = "Requires role `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE}`", + description = "Requires role `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}`", responses = [ ApiResponse( responseCode = "204", @@ -64,7 +64,7 @@ class CorePersonRecordV1Resource( ), ApiResponse( responseCode = "403", - description = "Missing required role. Requires ${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE}", + description = "Missing required role. Requires ${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}", content = [ Content( mediaType = MediaType.APPLICATION_JSON_VALUE, @@ -84,7 +84,7 @@ class CorePersonRecordV1Resource( ), ], ) - @PreAuthorize("hasRole('${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE}')") + @PreAuthorize("hasRole('${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}')") fun patchByPrisonerNumber( @RequestParam(required = true) @Valid @ValidPrisonerNumber prisonerNumber: String, @RequestBody(required = true) @Valid corePersonRecordUpdateRequest: CorePersonRecordV1UpdateRequestDto, @@ -110,7 +110,7 @@ class CorePersonRecordV1Resource( @ResponseStatus(HttpStatus.OK) @Operation( summary = "Add or updates the profile image on the core person record by prisoner number", - description = "Requires role `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE}`", + description = "Requires role `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}`", responses = [ ApiResponse( responseCode = "200", @@ -128,7 +128,7 @@ class CorePersonRecordV1Resource( ), ApiResponse( responseCode = "403", - description = "Missing required role. Requires ${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE}.", + description = "Missing required role. Requires ${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}.", content = [ Content( mediaType = MediaType.APPLICATION_JSON_VALUE, @@ -148,7 +148,7 @@ class CorePersonRecordV1Resource( ), ], ) - @PreAuthorize("hasRole('${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE}')") + @PreAuthorize("hasRole('${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}')") fun putProfileImageByPrisonerNumber( @RequestParam(required = true) @Valid @ValidPrisonerNumber prisonerNumber: String, @RequestPart(name = "imageFile", required = true) profileImage: MultipartFile, @@ -170,7 +170,7 @@ class CorePersonRecordV1Resource( summary = "Get all reference data codes for the given domain", description = "Returns the list of reference data codes within the given domain. " + "This endpoint only returns active reference data codes. " + - "Requires role `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_ROLE}`", + "Requires role `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_ROLE}` or `${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}`", responses = [ ApiResponse( responseCode = "200", @@ -189,7 +189,7 @@ class CorePersonRecordV1Resource( ), ], ) - @PreAuthorize("hasRole('${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_ROLE}')") + @PreAuthorize("hasAnyRole('${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_ROLE}', '${CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE}')") fun getReferenceDataCodesByDomain( @PathVariable @Schema( description = "The reference data domain", diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/PersonProtectedCharacteristicsRoleConstants.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/PersonProtectedCharacteristicsRoleConstants.kt index 7a7a997..f637e3f 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/PersonProtectedCharacteristicsRoleConstants.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/PersonProtectedCharacteristicsRoleConstants.kt @@ -2,5 +2,5 @@ package uk.gov.justice.digital.hmpps.personintegrationapi.personprotectercharact object PersonProtectedCharacteristicsRoleConstants { const val PROTECTED_CHARACTERISTICS_READ_ROLE = "ROLE_CORE_PERSON_API__PROTECTED_CHARACTERISTICS_DATA__RO" - const val PROTECTED_CHARACTERISTICS_WRITE_ROLE = "ROLE_CORE_PERSON_API__PROTECTED_CHARACTERISTICS_DATA__RW" + const val PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE = "ROLE_CORE_PERSON_API__PROTECTED_CHARACTERISTICS_DATA__RW" } diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1Resource.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1Resource.kt index 4110dda..1a9bbc3 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1Resource.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1Resource.kt @@ -5,7 +5,6 @@ import io.swagger.v3.oas.annotations.media.ArraySchema import io.swagger.v3.oas.annotations.media.Content import io.swagger.v3.oas.annotations.media.Schema import io.swagger.v3.oas.annotations.responses.ApiResponse -import io.swagger.v3.oas.annotations.security.SecurityRequirement import io.swagger.v3.oas.annotations.tags.Tag import jakarta.validation.Valid import org.springframework.http.HttpStatus @@ -43,8 +42,7 @@ class PersonProtectedCharacteristicsV1Resource { @PutMapping("/religion") @ResponseStatus(HttpStatus.OK) @Operation( - description = "Requires role `${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_WRITE_ROLE}`", - security = [SecurityRequirement(name = PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_WRITE_ROLE)], + description = "Requires role `${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE}`", responses = [ ApiResponse( responseCode = "200", @@ -62,7 +60,7 @@ class PersonProtectedCharacteristicsV1Resource { ), ApiResponse( responseCode = "403", - description = "Missing required role. Requires ${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_WRITE_ROLE}", + description = "Missing required role. Requires ${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE}", content = [ Content( mediaType = MediaType.APPLICATION_JSON_VALUE, @@ -82,7 +80,7 @@ class PersonProtectedCharacteristicsV1Resource { ), ], ) - @PreAuthorize("hasRole('${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_WRITE_ROLE}')") + @PreAuthorize("hasRole('${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE}')") fun putReligionByPrisonerNumber( @RequestParam(required = true) @Valid @ValidPrisonerNumber prisonerNumber: String, @RequestBody(required = true) @Valid religionV1RequestDto: ReligionV1RequestDto, @@ -101,8 +99,7 @@ class PersonProtectedCharacteristicsV1Resource { summary = "Get all reference data codes for the given domain", description = "Returns the list of reference data codes within the given domain. " + "This endpoint only returns active reference data codes. " + - "Requires role `${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_ROLE}`", - security = [SecurityRequirement(name = PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_ROLE)], + "Requires role `${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_ROLE}` or `${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE}`", responses = [ ApiResponse( responseCode = "200", @@ -121,7 +118,7 @@ class PersonProtectedCharacteristicsV1Resource { ), ], ) - @PreAuthorize("hasRole('${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_ROLE}')") + @PreAuthorize("hasAnyRole('${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_ROLE}', '${PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE}')") fun getReferenceDataCodesByDomain( @PathVariable @Schema( description = "The reference data domain", diff --git a/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1ResourceIntTest.kt b/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1ResourceIntTest.kt index d0bb90e..7f6ffe1 100644 --- a/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1ResourceIntTest.kt +++ b/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1ResourceIntTest.kt @@ -54,7 +54,7 @@ class CorePersonRecordV1ResourceIntTest : IntegrationTestBase() { fun `can patch core person record by prisoner number`() { webTestClient.patch().uri("/v1/core-person-record?prisonerNumber=$PRISONER_NUMBER") .contentType(MediaType.APPLICATION_JSON) - .headers(setAuthorisation(roles = listOf(CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE))) + .headers(setAuthorisation(roles = listOf(CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE))) .bodyValue(VALID_PATCH_REQUEST_BODY) .exchange() .expectStatus().isNoContent @@ -69,7 +69,7 @@ class CorePersonRecordV1ResourceIntTest : IntegrationTestBase() { webTestClient.patch() .uri("/v1/core-person-record?prisonerNumber=$PRISONER_NUMBER_NOT_FOUND") .contentType(MediaType.APPLICATION_JSON) - .headers(setAuthorisation(roles = listOf(CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE))) + .headers(setAuthorisation(roles = listOf(CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE))) .bodyValue(VALID_PATCH_REQUEST_BODY) .exchange() .expectStatus().isNotFound @@ -114,7 +114,7 @@ class CorePersonRecordV1ResourceIntTest : IntegrationTestBase() { val response = webTestClient.put() .uri("/v1/core-person-record/profile-image?prisonerNumber=$PRISONER_NUMBER") .contentType(MediaType.MULTIPART_FORM_DATA) - .headers(setAuthorisation(roles = listOf(CorePersonRecordRoleConstants.CORE_PERSON_RECORD_WRITE_ROLE))) + .headers(setAuthorisation(roles = listOf(CorePersonRecordRoleConstants.CORE_PERSON_RECORD_READ_WRITE_ROLE))) .body(BodyInserters.fromMultipartData(MULTIPART_BUILDER.build())) .exchange() .expectStatus().isOk diff --git a/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1ResourceIntTest.kt b/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1ResourceIntTest.kt index 533d962..d2ea8cc 100644 --- a/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1ResourceIntTest.kt +++ b/src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1ResourceIntTest.kt @@ -51,7 +51,7 @@ class PersonProtectedCharacteristicsV1ResourceIntTest : IntegrationTestBase() { val response = webTestClient.put() .uri("v1/person-protected-characteristics/religion?prisonerNumber=$PRISONER_NUMBER") .contentType(MediaType.APPLICATION_JSON) - .headers(setAuthorisation(roles = listOf(PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_WRITE_ROLE))) + .headers(setAuthorisation(roles = listOf(PersonProtectedCharacteristicsRoleConstants.PROTECTED_CHARACTERISTICS_READ_WRITE_ROLE))) .bodyValue(TEST_RELIGION_REQUEST_DTO) .exchange() .expectStatus().isOk