fixed tests - changed to two endpoints

ministryofjustice · Jan 27, 2025 · ac451c1 · ac451c1
1 parent d6cad2c
commit ac451c1
Show file tree

Hide file tree

Showing 5 changed files with 120 additions and 92 deletions.
diff --git a/...ice/digital/hmpps/approvedpremisesapi/config/OAuth2ResourceServerSecurityConfiguration.kt b/...ice/digital/hmpps/approvedpremisesapi/config/OAuth2ResourceServerSecurityConfiguration.kt
@@ -84,7 +84,8 @@ class OAuth2ResourceServerSecurityConfiguration {
         authorize(HttpMethod.POST, "/cas2v2/submissions/*/status-updates", hasRole("CAS2_ASSESSOR"))
         authorize(HttpMethod.GET, "/cas2v2/reference-data/**", hasAnyRole("CAS2_ASSESSOR", "POM"))
         authorize(HttpMethod.GET, "/cas2v2/reports/**", hasRole("CAS2_MI"))
-        authorize(HttpMethod.GET, "/cas2v2/people/**", hasAnyAuthority("ROLE_POM", "ROLE_LICENCE_CA", "ROLE_PROBATION"))
+        authorize(HttpMethod.GET, "/cas2v2/people/search-by-crn/**", hasAnyAuthority("ROLE_LICENCE_CA", "ROLE_PROBATION"))
+        authorize(HttpMethod.GET, "/cas2v2/people/search-by-noms/**", hasAnyAuthority("ROLE_POM", "ROLE_LICENCE_CA", "ROLE_PROBATION"))
         authorize("/cas2v2/**", hasAnyAuthority("ROLE_POM", "ROLE_LICENCE_CA"))
 
         authorize(HttpMethod.GET, "/cas3-api.yml", permitAll)

diff --git a/...gov/justice/digital/hmpps/approvedpremisesapi/controller/cas2v2/Cas2v2PeopleController.kt b/...gov/justice/digital/hmpps/approvedpremisesapi/controller/cas2v2/Cas2v2PeopleController.kt
@@ -34,16 +34,21 @@ class Cas2v2PeopleController(
   private val cas2v2UserService: Cas2v2UserService,
 ) : PeopleCas2v2Delegate {
 
-  override fun peopleSearchGet(nomsNumber: String?, crn: String?): ResponseEntity<Person> {
-    return when {
-      nomsNumber != null -> searchByNoms(nomsNumber)
-      crn != null -> searchByCrn(crn)
-      else -> throw BadRequestProblem(errorDetail = "Either nomsNumber or crn must be provided")
+  override fun peopleSearchByCrnCrnGet(crn: String): ResponseEntity<Person> {
+    val deliusUser = cas2v2UserService.getUserForRequest()
+
+    val personInfo = deliusOffenderService.getPersonInfoResult(crn, deliusUser.username, false)
+
+    when (personInfo) {
+      is PersonInfoResult.NotFound -> throw NotFoundProblem(crn, "Offender")
+      is PersonInfoResult.Unknown -> throw personInfo.throwable ?: BadRequestProblem(errorDetail = "Could not retrieve person info for CRN: $crn")
+      is PersonInfoResult.Success -> return ResponseEntity.ok(
+        personTransformer.transformModelToPersonApi(personInfo),
+      )
     }
   }
 
-  @SuppressWarnings("ThrowsCount")
-  private fun searchByNoms(nomsNumber: String): ResponseEntity<Person> {
+  override fun peopleSearchByNomsNomsNumberGet(nomsNumber: String): ResponseEntity<Person> {
     val currentUser = cas2v2UserService.getUserForRequest()
     val caseLoadId = currentUser.activeNomisCaseloadId ?: return ResponseEntity.notFound().build()
     val probationOffenderResult = nomsOffenderService.getPersonByNomsNumberAndActiveCaseLoadId(nomsNumber, caseLoadId)
@@ -61,20 +66,6 @@ class Cas2v2PeopleController(
     }
   }
 
-  private fun searchByCrn(crn: String): ResponseEntity<Person> {
-    val deliusUser = cas2v2UserService.getUserForRequest()
-
-    val personInfo = deliusOffenderService.getPersonInfoResult(crn, deliusUser.username, false)
-
-    when (personInfo) {
-      is PersonInfoResult.NotFound -> throw NotFoundProblem(crn, "Offender")
-      is PersonInfoResult.Unknown -> throw personInfo.throwable ?: BadRequestProblem(errorDetail = "Could not retrieve person info for CRN: $crn")
-      is PersonInfoResult.Success -> return ResponseEntity.ok(
-        personTransformer.transformModelToPersonApi(personInfo),
-      )
-    }
-  }
-
   override fun peopleCrnOasysRiskToSelfGet(crn: String): ResponseEntity<OASysRiskToSelf> {
     getOffenderDetails(crn)
 

diff --git a/src/main/resources/static/cas2v2-api.yml b/src/main/resources/static/cas2v2-api.yml
@@ -411,19 +411,15 @@ paths:
           $ref: '_shared.yml#/components/responses/403Response'
         500:
           $ref: '_shared.yml#/components/responses/500Response'
-  /people/search:
+  /people/search-by-crn/{crn}:
     get:
       tags:
         - People operations
-      summary: Searches for a Person by their Prison Number (NOMIS ID) or CRN
+      summary: Searches for a Person by their CRN
       parameters:
-        - name: nomsNumber
-          in: query
-          description: Prison Number to search for
-          schema:
-            type: string
         - name: crn
-          in: query
+          in: path
+          required: true
           description: CRN to search for
           schema:
             type: string
@@ -452,6 +448,43 @@ paths:
           $ref: '_shared.yml#/components/responses/403Response'
         500:
           $ref: '_shared.yml#/components/responses/500Response'
+  /people/search-by-noms/{nomsNumber}:
+    get:
+      tags:
+        - People operations
+      summary: Searches for a Person by their Prison Number (NOMIS ID)
+      parameters:
+        - name: nomsNumber
+          in: path
+          description: Prison Number to search for
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: successful operation
+          content:
+            'application/json':
+              schema:
+                $ref: '_shared.yml#/components/schemas/Person'
+        400:
+          description: invalid params
+          content:
+            'application/problem+json':
+              schema:
+                $ref: '_shared.yml#/components/schemas/ValidationError'
+        404:
+          description: invalid CRN
+          content:
+            'application/json':
+              schema:
+                $ref: '_shared.yml#/components/schemas/Problem'
+        401:
+          $ref: '_shared.yml#/components/responses/401Response'
+        403:
+          $ref: '_shared.yml#/components/responses/403Response'
+        500:
+          $ref: '_shared.yml#/components/responses/500Response'
   /people/{crn}/oasys/risk-to-self:
     get:
       tags:

diff --git a/src/main/resources/static/codegen/built-cas2v2-api-spec.yml b/src/main/resources/static/codegen/built-cas2v2-api-spec.yml
@@ -413,19 +413,15 @@ paths:
           $ref: '#/components/responses/403Response'
         500:
           $ref: '#/components/responses/500Response'
-  /people/search:
+  /people/search-by-crn/{crn}:
     get:
       tags:
         - People operations
-      summary: Searches for a Person by their Prison Number (NOMIS ID) or CRN
+      summary: Searches for a Person by their CRN
       parameters:
-        - name: nomsNumber
-          in: query
-          description: Prison Number to search for
-          schema:
-            type: string
         - name: crn
-          in: query
+          in: path
+          required: true
           description: CRN to search for
           schema:
             type: string
@@ -454,6 +450,43 @@ paths:
           $ref: '#/components/responses/403Response'
         500:
           $ref: '#/components/responses/500Response'
+  /people/search-by-noms/{nomsNumber}:
+    get:
+      tags:
+        - People operations
+      summary: Searches for a Person by their Prison Number (NOMIS ID)
+      parameters:
+        - name: nomsNumber
+          in: path
+          description: Prison Number to search for
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: successful operation
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/Person'
+        400:
+          description: invalid params
+          content:
+            'application/problem+json':
+              schema:
+                $ref: '#/components/schemas/ValidationError'
+        404:
+          description: invalid CRN
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/Problem'
+        401:
+          $ref: '#/components/responses/401Response'
+        403:
+          $ref: '#/components/responses/403Response'
+        500:
+          $ref: '#/components/responses/500Response'
   /people/{crn}/oasys/risk-to-self:
     get:
       tags:

diff --git a/...ov/justice/digital/hmpps/approvedpremisesapi/integration/cas2v2/Cas2v2PersonSearchTest.kt b/...ov/justice/digital/hmpps/approvedpremisesapi/integration/cas2v2/Cas2v2PersonSearchTest.kt
@@ -3,13 +3,11 @@ package uk.gov.justice.digital.hmpps.approvedpremisesapi.integration.cas2v2
 import com.github.tomakehurst.wiremock.client.WireMock
 import com.github.tomakehurst.wiremock.client.WireMock.aResponse
 import com.github.tomakehurst.wiremock.client.WireMock.get
-import com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo
 import org.junit.jupiter.api.Nested
 import org.junit.jupiter.api.Test
 import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.FullPerson
 import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.PersonStatus
 import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.PersonType
-import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.ServiceName
 import uk.gov.justice.digital.hmpps.approvedpremisesapi.factory.InmateDetailFactory
 import uk.gov.justice.digital.hmpps.approvedpremisesapi.factory.ProbationOffenderDetailFactory
 import uk.gov.justice.digital.hmpps.approvedpremisesapi.integration.Cas2v2IntegrationTestBase
@@ -37,7 +35,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
       @Test
       fun `Searching by NOMIS ID without a JWT returns 401`() {
         webTestClient.get()
-          .uri("/cas2v2/people/search?nomsNumber=nomsNumber").exchange()
+          .uri("/cas2v2/people/search-by-noms/nomsNumber").exchange()
           .expectStatus()
           .isUnauthorized
       }
@@ -50,7 +48,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
         )
 
         webTestClient.get()
-          .uri("/cas2v2/people/search?nomsNumber=nomsNumber")
+          .uri("/cas2v2/people/search-by-noms/nomsNumber")
           .header("Authorization", "Bearer $jwt")
           .exchange()
           .expectStatus()
@@ -66,7 +64,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
         )
 
         webTestClient.get()
-          .uri("/cas2v2/people/search?nomsNumber=nomsNumber")
+          .uri("/cas2v2/people/search-by-noms/nomsNumber")
           .header("Authorization", "Bearer $jwt")
           .exchange()
           .expectStatus()
@@ -79,7 +77,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
           probationOffenderSearchAPIMockForbiddenOffenderSearchCall()
 
           webTestClient.get()
-            .uri("/cas2v2/people/search?nomsNumber=NOMS321")
+            .uri("/cas2v2/people/search-by-noms/NOMS321")
             .header("Authorization", "Bearer $jwt")
             .exchange()
             .expectStatus()
@@ -119,7 +117,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
           prisonAPIMockSuccessfulInmateDetailsCall(inmateDetail = inmateDetail)
 
           webTestClient.get()
-            .uri("/cas2v2/people/search?nomsNumber=NOMS456")
+            .uri("/cas2v2/people/search-by-noms/NOMS456")
             .header("Authorization", "Bearer $jwt")
             .exchange()
             .expectStatus()
@@ -133,7 +131,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
           probationOffenderSearchAPIMockNotFoundSearchCall()
 
           webTestClient.get()
-            .uri("/cas2v2/people/search?nomsNumber=NOMS321")
+            .uri("/cas2v2/people/search-by-noms/NOMS321")
             .header("Authorization", "Bearer $jwt")
             .exchange()
             .expectStatus()
@@ -147,7 +145,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
           probationOffenderSearchAPIMockServerErrorSearchCall()
 
           webTestClient.get()
-            .uri("/cas2v2/people/search?nomsNumber=NOMS321")
+            .uri("/cas2v2/people/search-by-noms/NOMS321")
             .header("Authorization", "Bearer $jwt")
             .exchange()
             .expectStatus()
@@ -189,7 +187,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
           prisonAPIMockSuccessfulInmateDetailsCall(inmateDetail = inmateDetail)
 
           webTestClient.get()
-            .uri("/cas2v2/people/search?nomsNumber=NOMS321")
+            .uri("/cas2v2/people/search-by-noms/NOMS321")
             .header("Authorization", "Bearer $jwt")
             .exchange()
             .expectStatus()
@@ -221,7 +219,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
       @Test
       fun `Searching by CRN without a JWT returns 401`() {
         webTestClient.get()
-          .uri("/cas2v2/people/search?crn=CRN")
+          .uri("/cas2v2/people/search-by-crn/CRN")
           .exchange()
           .expectStatus()
           .isUnauthorized
@@ -250,7 +248,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
         )
 
         webTestClient.get()
-          .uri("/cas2v2/people/search?crn=CRN")
+          .uri("/cas2v2/people/search-by-crn/CRN")
           .header("Authorization", "Bearer $jwt")
           .exchange()
           .expectStatus()
@@ -259,46 +257,18 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
 
       @Test
       fun `Searching for a CRN with ROLE_POM returns 403`() {
+        val jwt = jwtAuthHelper.createAuthorizationCodeJwt(
+          subject = "username",
+          authSource = "delius",
+          roles = listOf("ROLE_POM"),
+        )
 
-//        val jwt = jwtAuthHelper.createAuthorizationCodeJwt(
-//          subject = "username",
-//          authSource = "delius",
-//          roles = listOf("ROLE_POM"),
-//        )
-//
-//        webTestClient.get()
-//          .uri("/cas2v2/people/search?crn=CRN")
-//          .header("Authorization", "Bearer $jwt")
-//          .header("X-Service-Name", ServiceName.cas2v2.value)
-//          .exchange()
-//          .expectStatus()
-//          .isForbidden
-
-        givenAUser  { _, _ ->
-          val jwt = jwtAuthHelper.createAuthorizationCodeJwt(
-            subject = "username",
-            authSource = "delius",
-            roles = listOf("ROLE_POM"),
-          )
-          wiremockServer.stubFor(
-            get(WireMock.urlEqualTo("/search/USERNAME"))
-              .willReturn(
-                aResponse()
-                  .withHeader("Content-Type", "application/json")
-                  .withStatus(403),
-              ),
-          )
-
-          webTestClient.get()
-            .uri("/cas2v2/people/search?crn=CRN")
-            .header("Authorization", "Bearer $jwt")
-            .exchange()
-            .expectStatus()
-            .isForbidden
-        }
-
-
-
+        webTestClient.get()
+          .uri("/cas2v2/people/search-by-crn/CRN")
+          .header("Authorization", "Bearer $jwt")
+          .exchange()
+          .expectStatus()
+          .isForbidden
       }
 
       @Test
@@ -314,7 +284,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
           )
 
           webTestClient.get()
-            .uri("/cas2v2/people/search?crn=CRN")
+            .uri("/cas2v2/people/search-by-crn/CRN")
             .header("Authorization", "Bearer $jwt")
             .exchange()
             .expectStatus()
@@ -357,7 +327,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
             },
           ) { offenderDetails, inmateDetails ->
             webTestClient.get()
-              .uri("/cas2v2/people/search?crn=CRN")
+              .uri("/cas2v2/people/search-by-crn/CRN")
               .header("Authorization", "Bearer $jwt")
               .exchange()
               .expectStatus()
@@ -405,7 +375,7 @@ class Cas2v2PersonSearchTest : Cas2v2IntegrationTestBase() {
             },
           ) { offenderDetails, _ ->
             webTestClient.get()
-              .uri("/cas2v2/people/search?crn=CRN")
+              .uri("/cas2v2/people/search-by-crn/CRN")
               .header("Authorization", "Bearer $jwt")
               .exchange()
               .expectStatus()