Merge branch 'main' into sar-endpoint

ministryofjustice · Feb 26, 2025 · 3a089ab · 3a089ab
2 parents b80e520 + 09ae1b2
commit 3a089ab
Show file tree

Hide file tree

Showing 11 changed files with 107 additions and 53 deletions.
diff --git a/...main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/OpenApiConfiguration.kt b/...main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/OpenApiConfiguration.kt
@@ -8,10 +8,14 @@ import io.swagger.v3.oas.models.servers.Server
 import org.springframework.boot.info.BuildProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Keys.KEY_LEARNERS
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Keys.KEY_MATCHING
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLES
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_MATCH__RW
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
 
 @Configuration
 class OpenApiConfiguration(buildProperties: BuildProperties) {
-  private val version: String = buildProperties.version
 
   @Bean
   fun customOpenAPI(): OpenAPI = OpenAPI()
@@ -27,11 +31,15 @@ class OpenApiConfiguration(buildProperties: BuildProperties) {
     )
     .components(
       Components().addSecuritySchemes(
-        "learner-records-search-read-only-role",
-        SecurityScheme().addBearerJwtRequirement("ROLE_LEARNER_RECORDS_SEARCH__RO"),
+        KEY_LEARNERS,
+        SecurityScheme().addBearerJwtRequirement(ROLE_LEARNER_RECORDS_SEARCH__RO),
+      ).addSecuritySchemes(
+        KEY_MATCHING,
+        SecurityScheme().addBearerJwtRequirement(ROLE_LEARNER_RECORDS_MATCH__RW),
       ),
     )
-    .addSecurityItem(SecurityRequirement().addList("learner-records-search-read-only-role", listOf("read")))
+    .addSecurityItem(SecurityRequirement().addList(KEY_LEARNERS, ROLES[ROLE_LEARNER_RECORDS_SEARCH__RO]))
+    .addSecurityItem(SecurityRequirement().addList(KEY_MATCHING, ROLES[ROLE_LEARNER_RECORDS_MATCH__RW]))
 }
 
 private fun SecurityScheme.addBearerJwtRequirement(role: String): SecurityScheme = type(SecurityScheme.Type.HTTP)

diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/Roles.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/Roles.kt
@@ -0,0 +1,24 @@
+package uk.gov.justice.digital.hmpps.learnerrecordsapi.config
+
+object Keys {
+
+  const val KEY_LEARNERS = "role-learners"
+  const val KEY_MATCHING = "role-matching"
+}
+
+object Roles {
+
+  const val ROLE_LEARNER_RECORDS_SEARCH__RO =
+    "ROLE_LEARNER_RECORDS_SEARCH__RO"
+
+  const val ROLE_LEARNER_RECORDS_MATCH__RW =
+    "ROLE_LEARNER_RECORDS_MATCH__RW"
+
+  private const val READ = "read"
+  private const val WRITE = "write"
+
+  val ROLES = mapOf(
+    ROLE_LEARNER_RECORDS_SEARCH__RO to listOf(READ),
+    ROLE_LEARNER_RECORDS_MATCH__RW to listOf(READ, WRITE),
+  )
+}
diff --git a/...n/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/LearnerEventsResource.kt b/...n/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/LearnerEventsResource.kt
@@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.RequestHeader
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.AuditEvent.createAuditEvent
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil.log
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.LearnerEventsRequest
@@ -20,7 +21,7 @@ import uk.gov.justice.digital.hmpps.learnerrecordsapi.service.LearnerEventsServi
 import uk.gov.justice.hmpps.sqs.audit.HmppsAuditService
 
 @RestController
-@PreAuthorize("hasRole('ROLE_LEARNER_RECORDS_SEARCH__RO')")
+@PreAuthorize("hasRole('$ROLE_LEARNER_RECORDS_SEARCH__RO')")
 @RequestMapping(value = ["/learner-events"], produces = ["application/json"])
 class LearnerEventsResource(
   private val learnerEventsService: LearnerEventsService,

diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/LearnersResource.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/LearnersResource.kt
@@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.RequestHeader
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.AuditEvent.createAuditEvent
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil.log
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.LearnersRequest
@@ -20,7 +21,7 @@ import uk.gov.justice.digital.hmpps.learnerrecordsapi.service.LearnersService
 import uk.gov.justice.hmpps.sqs.audit.HmppsAuditService
 
 @RestController
-@PreAuthorize("hasRole('ROLE_LEARNER_RECORDS_SEARCH__RO')")
+@PreAuthorize("hasRole('$ROLE_LEARNER_RECORDS_SEARCH__RO')")
 @RequestMapping(value = ["/learners"], produces = ["application/json"])
 class LearnersResource(
   private val learnersService: LearnersService,

diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/MatchResource.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/resource/MatchResource.kt
@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestHeader
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_MATCH__RW
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.logging.LoggerUtil.log
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.ConfirmMatchRequest
@@ -22,8 +23,8 @@ import uk.gov.justice.digital.hmpps.learnerrecordsapi.openapi.MatchConfirmApi
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.service.MatchService
 import java.net.URI
 
+@PreAuthorize("hasRole('$ROLE_LEARNER_RECORDS_MATCH__RW')")
 @RestController
-@PreAuthorize("hasRole('ROLE_LEARNER_RECORDS_SEARCH__RO')")
 @RequestMapping(value = ["/match"], produces = ["application/json"])
 class MatchResource(
   private val matchService: MatchService,

diff --git a/...uk/gov/justice/digital/hmpps/learnerrecordsapi/config/HmppsBoldLrsExceptionHandlerTest.kt b/...uk/gov/justice/digital/hmpps/learnerrecordsapi/config/HmppsBoldLrsExceptionHandlerTest.kt
@@ -6,6 +6,7 @@ import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.http.HttpStatus
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.integration.IntegrationTestBase
 import java.time.Duration
 
@@ -32,7 +33,7 @@ class HmppsBoldLrsExceptionHandlerTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri(uri)
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .exchange()
         .expectStatus()
         .isEqualTo(expectedStatus)
@@ -136,7 +137,7 @@ class HmppsBoldLrsExceptionHandlerTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/test/okhttp-timeout")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .exchange()
         .expectStatus()
         .isEqualTo(HttpStatus.REQUEST_TIMEOUT)

diff --git a/src/test/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/ValidationTest.kt b/src/test/kotlin/uk/gov/justice/digital/hmpps/learnerrecordsapi/config/ValidationTest.kt
@@ -6,6 +6,7 @@ import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.http.HttpStatus
 import org.springframework.http.MediaType
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.integration.IntegrationTestBase
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.Gender
 
@@ -42,7 +43,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(findLearnerByDemographicsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -84,7 +85,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(findLearnerByDemographicsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -122,7 +123,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learner-events")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(learnerEventsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -163,7 +164,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(findLearnerByDemographicsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -204,7 +205,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(findLearnerByDemographicsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -245,7 +246,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(findLearnerByDemographicsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -282,7 +283,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learner-events")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(learnerEventsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -319,7 +320,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learner-events")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .bodyValue(learnerEventsRequest)
         .accept(MediaType.parseMediaType("application/json"))
@@ -356,7 +357,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .contentType(MediaType.APPLICATION_JSON)
         .bodyValue(findLearnerByDemographicsRequest)
@@ -393,7 +394,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learner-events")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser").contentType(MediaType.APPLICATION_JSON)
         .bodyValue(findLearnerByDemographicsRequest)
         .exchange()
@@ -433,7 +434,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learners")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .contentType(MediaType.APPLICATION_JSON)
         .bodyValue(requestJsonWithoutGivenName)
@@ -475,7 +476,7 @@ class ValidationTest : IntegrationTestBase() {
     val actualResponse = objectMapper.readValue(
       webTestClient.post()
         .uri("/learner-events")
-        .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+        .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
         .header("X-Username", "TestUser")
         .contentType(MediaType.APPLICATION_JSON)
         .bodyValue(requestJsonWithoutGivenName)

diff --git a/...k/gov/justice/digital/hmpps/learnerrecordsapi/integration/LearnerEventsResourceIntTest.kt b/...k/gov/justice/digital/hmpps/learnerrecordsapi/integration/LearnerEventsResourceIntTest.kt
@@ -11,6 +11,7 @@ import org.springframework.http.MediaType
 import software.amazon.awssdk.services.sqs.model.PurgeQueueRequest
 import software.amazon.awssdk.services.sqs.model.ReceiveMessageRequest
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.HmppsBoldLrsExceptionHandler
+import uk.gov.justice.digital.hmpps.learnerrecordsapi.config.Roles.ROLE_LEARNER_RECORDS_SEARCH__RO
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.integration.wiremock.LRSApiExtension.Companion.lrsApiMock
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.lrsapi.response.LearningEvent
 import uk.gov.justice.digital.hmpps.learnerrecordsapi.models.request.Gender
@@ -54,7 +55,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .header("X-Username", "TestUser")
           .bodyValue(getLearningEventsRequest)
           .accept(MediaType.parseMediaType("application/json"))
@@ -104,7 +105,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .header("X-Username", "TestUser")
           .bodyValue(getLearningEventsRequest)
           .accept(MediaType.parseMediaType("application/json"))
@@ -158,7 +159,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .header("X-Username", "TestUser")
           .bodyValue(getLearningEventsRequest)
           .accept(MediaType.parseMediaType("application/json"))
@@ -189,7 +190,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .header("X-Username", "TestUser")
           .bodyValue(getLearningEventsRequest)
           .accept(MediaType.parseMediaType("application/json"))
@@ -220,7 +221,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .header("X-Username", "TestUser")
           .bodyValue(getLearningEventsRequest)
           .accept(MediaType.parseMediaType("application/json"))
@@ -243,7 +244,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .bodyValue(getLearningEventsRequest)
           .accept(MediaType.parseMediaType("application/json"))
           .exchange()
@@ -271,7 +272,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
       val actualResponse = objectMapper.readValue(
         webTestClient.post()
           .uri("/learner-events")
-          .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+          .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
           .header("X-Username", "TestUser")
           .bodyValue(extendedRequestBody)
           .accept(MediaType.parseMediaType("application/json"))
@@ -302,7 +303,7 @@ class LearnerEventsResourceIntTest : IntegrationTestBase() {
     lrsApiMock.stubLearningEventsExactMatchFull()
     webTestClient.post()
       .uri("/learner-events")
-      .headers(setAuthorisation(roles = listOf("ROLE_LEARNER_RECORDS_SEARCH__RO")))
+      .headers(setAuthorisation(roles = listOf(ROLE_LEARNER_RECORDS_SEARCH__RO)))
       .header("X-Username", "TestUser")
       .bodyValue(getLearningEventsRequest)
       .accept(MediaType.parseMediaType("application/json"))