PIN-4504 revoke certified attribute return 409 if certified attribute…

… is already revoked and filter list from the revoked ones

src/main/scala/it/pagopa/interop/tenantprocess/api/impl/TenantApiServiceImpl.scala

@@ -508,6 +508,10 @@ final case class TenantApiServiceImpl(
             attribute.code.getOrElse("none")
           )
         )
+      _                   <- attributeToRevoke.revocationTimestamp
+        .fold(Future.unit)(_ =>
+          Future.failed(AttributeAlreadyRevoked(targetTenantUuid, requesterTenantUuid, attributeUuid))
+        )
       revokedAttribute = attributeToRevoke.copy(revocationTimestamp = now.some)
       updatedTenant <- tenantManagementService
         .updateTenantAttribute(

src/main/scala/it/pagopa/interop/tenantprocess/common/readmodel/ReadModelTenantQueries.scala

@@ -29,7 +29,8 @@ object ReadModelTenantQueries extends ReadModelQuery {
     val filterPipeline: Seq[Bson] = Seq(
       `match`(query),
       lookup(from = "tenants", localField = "data.id", foreignField = "data.attributes.id", as = "tenants"),
-      unwind("$tenants")
+      unwind("$tenants"),
+      `match`(Filters.not(Filters.exists("tenants.data.attributes.revocationTimestamp")))
     )
 
     val projection: Bson = project(

src/main/scala/it/pagopa/interop/tenantprocess/error/ResponseHandlers.scala

@@ -131,6 +131,7 @@ object ResponseHandlers extends AkkaResponses {
       case Failure(ex: CertifiedAttributeNotFoundInTenant)                  => notFound(ex, logMessage)
       case Failure(ex: TenantByIdNotFound)                                  => notFound(ex, logMessage)
       case Failure(ex: RegistryAttributeIdNotFound)                         => notFound(ex, logMessage)
+      case Failure(ex: AttributeAlreadyRevoked)                             => conflict(ex, logMessage)
       case Failure(ex)                                                      => internalServerError(ex, logMessage)
     }
 

src/test/scala/it/pagopa/interop/tenantprocess/provider/CertifiedAttributeSpec.scala

@@ -417,6 +417,37 @@ class CertifiedAttributeSpec extends AnyWordSpecLike with SpecHelper with Scalat
         assert(status == StatusCodes.Forbidden)
       }
     }
+    "fail if certified attribute already revoked" in {
+      implicit val context: Seq[(String, String)] = adminContext
+
+      val tenantId    = UUID.randomUUID()
+      val attributeId = UUID.randomUUID()
+
+      val requester = persistentTenant.copy(
+        id = organizationId,
+        kind = Some(PersistentTenantKind.PA),
+        features = List(PersistentTenantFeature.PersistentCertifier("IPA"))
+      )
+
+      val tenant = persistentTenant.copy(
+        id = tenantId,
+        kind = Some(PersistentTenantKind.PA),
+        attributes = List(
+          persistentCertifiedAttribute.copy(id = attributeId, revocationTimestamp = Some(timestamp)),
+          persistentDeclaredAttribute,
+          persistentVerifiedAttribute
+        )
+      )
+
+      mockDateTimeGet()
+      mockGetTenantById(organizationId, requester)
+      mockGetTenantById(tenantId, tenant)
+      mockGetAttributeById(attributeId, persistentAttribute.copy(id = attributeId, origin = Some("IPA")))
+
+      Delete() ~> tenantService.revokeCertifiedAttributeById(tenantId.toString, attributeId.toString) ~> check {
+        assert(status == StatusCodes.Conflict)
+      }
+    }
     "fail if attribute does not exists on tenant" in {
       implicit val context: Seq[(String, String)] = adminContext