diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP index c2f7d1b948..14b68c48b9 100644 --- a/Jenkinsfile_CNP +++ b/Jenkinsfile_CNP @@ -53,7 +53,6 @@ withPipeline(type, product, component) { setPreviewEnvVars() if (githubApi.getLabelsbyPattern(env.BRANCH_NAME, "pr-values:ccd").size() > 0) { env.CCD_ENABLED = "true" - env.CASE_TYPE_SUFFIX="${CHANGE_ID}" enableHighLevelDataSetup() } else { env.CCD_ENABLED = "false" @@ -130,6 +129,12 @@ withPipeline(type, product, component) { generateDefinitions(builder) } + before('smoketest:preview') { + if (githubApi.getLabelsbyPattern(env.BRANCH_NAME, "pr-values:ccd").size() > 0) { + sh "./bin/trigger-global-search-index.sh" + } + } + before('smoketest:aat') { env.CASE_TYPE_SUFFIX="staging" env.CCD_ENABLED = "true" diff --git a/bin/trigger-global-search-index.sh b/bin/trigger-global-search-index.sh new file mode 100755 index 0000000000..cb61eccf88 --- /dev/null +++ b/bin/trigger-global-search-index.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +set -ex + +S2S_TOKEN=$(curl -s -X POST "${IDAM_S2S_AUTH_URL}/testing-support/lease" \ + -H 'Content-Type: application/json' \ + -d '{"microservice": "pcs_api"}') + +IDAM_TOKEN=$(curl -s -X POST "${IDAM_API_URL}/o/token" \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'grant_type=password' \ + --data-urlencode "username=${IDAM_SYSTEM_USERNAME}" \ + --data-urlencode "password=${IDAM_SYSTEM_USER_PASSWORD}" \ + --data-urlencode 'client_id=pcs-api' \ + --data-urlencode "client_secret=${PCS_API_IDAM_SECRET}" \ + --data-urlencode 'scope=openid profile roles' \ + | python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])") + +STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X POST "${DEFINITION_STORE_URL_BASE}/elastic-support/global-search/index" \ + -H "Authorization: Bearer ${IDAM_TOKEN}" \ + -H "ServiceAuthorization: Bearer ${S2S_TOKEN}") + +if [ "$STATUS" != "201" ]; then + echo "ERROR: Global search index returned status ${STATUS}" + exit 1 +fi + +echo "Global search index created successfully" diff --git a/charts/pcs-api/values.ccd.preview.template.yaml b/charts/pcs-api/values.ccd.preview.template.yaml index 08f0d27540..6a8a69b99f 100644 --- a/charts/pcs-api/values.ccd.preview.template.yaml +++ b/charts/pcs-api/values.ccd.preview.template.yaml @@ -14,7 +14,6 @@ global: java: environment: - CASE_TYPE_SUFFIX: ${CHANGE_ID} PCS_DB_NAME: "{{ .Values.global.databaseNamePrefix }}pcs" PCS_DB_HOST: '{{ tpl .Values.global.postgresHostname $}}' PCS_DB_USER_NAME: "{{ .Values.global.postgresUsername}}" @@ -43,7 +42,6 @@ postgresql: - name: "pr-${CHANGE_ID}-data-store" - name: "pr-${CHANGE_ID}-definition-store" - name: "pr-${CHANGE_ID}-pcs" - ccd: enabled: true ccd: @@ -81,6 +79,7 @@ ccd: DEFINITION_STORE_DB_OPTIONS: "" ELASTIC_SEARCH_INDEX_SHARDS: 1 ELASTIC_SEARCH_INDEX_SHARDS_REPLICAS: 0 + DEFINITION_STORE_S2S_AUTHORISED_SERVICES: "ccd_data,ccd_gw,ccd_admin,jui_webapp,pui_webapp,aac_manage_case_assignment,xui_webapp,am_org_role_mapping_service,pcs_api" ingressHost: ccd-definition-store-${SERVICE_FQDN} keyVaults: ccd: @@ -167,7 +166,7 @@ ccd: - name: cluster.initial_master_nodes value: "" - name: action.auto_create_index - value: .security*,.watches,.triggered_watches,.watcher-history-*,.logstash_dead_letter,.ml*,global_search + value: .security*,.watches,.triggered_watches,.watcher-history-*,.logstash_dead_letter,.ml* persistence: enabled: false ingress: @@ -197,8 +196,10 @@ xui-webapp: SERVICES_CCD_DATA_STORE_API: http://${SERVICE_NAME}-ccd-data-store-api SERVICES_TERMS_AND_CONDITIONS: http://xui-terms-and-conditions-aat.service.core-compute-aat.internal SERVICES_HEARINGS_COMPONENT_API: http://jurisdiction-hearings-api-aat.service.core-compute-aat.internal - JURISDICTIONS: PCS,CIVIL - STAFF_SUPPORTED_JURISDICTIONS: PCS + JURISDICTIONS: PCS + GLOBAL_SEARCH_SERVICES: PCS,CIVIL,SSCS + WA_SUPPORTED_JURISDICTIONS: PCS,CIVIL,SSCS + STAFF_SUPPORTED_JURISDICTIONS: PCS,CIVIL,SSCS FEATURE_REDIS_ENABLED: false REDISCLOUD_URL: http://dummyrediscloudurl FEATURE_APP_INSIGHTS_ENABLED: false diff --git a/src/cftlib/java/uk/gov/hmcts/reform/pcs/CftlibConfig.java b/src/cftlib/java/uk/gov/hmcts/reform/pcs/CftlibConfig.java index 6705017106..9b12decc83 100644 --- a/src/cftlib/java/uk/gov/hmcts/reform/pcs/CftlibConfig.java +++ b/src/cftlib/java/uk/gov/hmcts/reform/pcs/CftlibConfig.java @@ -72,6 +72,7 @@ private void createAccessProfiles(CFTLib lib) { roleNames.add("caseworker"); roleNames.add("caseworker-ras-validation"); + roleNames.add("GS_profile"); lib.createRoles(roleNames.toArray(new String[0])); } diff --git a/src/cftlib/resources/cftlib-am-role-assignments.json b/src/cftlib/resources/cftlib-am-role-assignments.json index a76894ca41..a850b57a67 100644 --- a/src/cftlib/resources/cftlib-am-role-assignments.json +++ b/src/cftlib/resources/cftlib-am-role-assignments.json @@ -15,5 +15,37 @@ "authorisations": [] } ] + }, + { + "email": "pcs-solicitor1@test.com", + "id": "f6484bbb-c10e-319b-ab8d-14361a7d2a23", + "roleAssignments": [ + { + "roleType": "ORGANISATION", + "roleName": "hmcts-admin", + "grantType": "STANDARD", + "roleCategory": "ADMIN", + "classification": "PUBLIC", + "readOnly": false, + "attributes": {}, + "authorisations": [] + } + ] + }, + { + "email": "pcs-solicitor1@test.com", + "id": "f6484bbb-c10e-319b-ab8d-14361a7d2a23", + "roleAssignments": [ + { + "roleType": "ORGANISATION", + "roleName": "[HMCTS-ADMIN]", + "grantType": "STANDARD", + "roleCategory": "ADMIN", + "classification": "PUBLIC", + "readOnly": false, + "attributes": {}, + "authorisations": [] + } + ] } ] diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/CaseType.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/CaseType.java index bada0af4f1..007103015d 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/CaseType.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/CaseType.java @@ -4,7 +4,7 @@ import org.springframework.stereotype.Component; import uk.gov.hmcts.ccd.sdk.api.CCDConfig; import uk.gov.hmcts.ccd.sdk.api.ConfigBuilder; -import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole; +import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile; import uk.gov.hmcts.reform.pcs.ccd.domain.CaseFileCategory; import uk.gov.hmcts.reform.pcs.ccd.domain.PCSCase; import uk.gov.hmcts.reform.pcs.ccd.domain.State; @@ -18,13 +18,13 @@ * Setup some common possessions case type configuration. */ @Component -public class CaseType implements CCDConfig { +public class CaseType implements CCDConfig { private static final String CASE_TYPE_ID = "PCS"; private static final String CASE_TYPE_NAME = "Possession"; private static final String CASE_TYPE_DESCRIPTION = "Possession Case Type"; private static final String JURISDICTION_ID = "PCS"; - private static final String JURISDICTION_NAME = "Civil Possession"; + private static final String JURISDICTION_NAME = "Mortgage and Landlord Possession Claims"; private static final String JURISDICTION_DESCRIPTION = "Civil Possession Jurisdiction"; @Value("${hmcts.hmctsOrgId}") @@ -52,7 +52,7 @@ private static String withSuffix(String base, String separator) { } @Override - public void configure(final ConfigBuilder builder) { + public void configure(final ConfigBuilder builder) { builder.setCallbackHost(caseApiUrl); builder.caseType(getCaseType(), getCaseTypeName(), CASE_TYPE_DESCRIPTION); @@ -102,15 +102,16 @@ public void configure(final ConfigBuilder builder) { .field(PCSCase::getCaseFileView, null, "#ARGUMENT(CaseFileView)"); builder.tab("caseLinks", "Linked Cases") - .forRoles(UserRole.PCS_SOLICITOR) + .forRoles(AccessProfile.PCS_SOLICITOR) .field(PCSCase::getLinkedCasesComponentLauncher, null, "#ARGUMENT(LinkedCases)") .field(PCSCase::getCaseLinks, "LinkedCasesComponentLauncher!=\"\"", "#ARGUMENT(LinkedCases)"); builder.tab("caseFlags", "Case flags") - .forRoles(UserRole.JUDGE, UserRole.FEE_PAID_JUDGE, UserRole.CIRCUIT_JUDGE, UserRole.LEADERSHIP_JUDGE, - UserRole.CTSC_ADMIN, - UserRole.HEARING_CENTRE_ADMIN, - UserRole.WLU_ADMIN) + .forRoles(AccessProfile.JUDGE, AccessProfile.FEE_PAID_JUDGE, AccessProfile.CIRCUIT_JUDGE, + AccessProfile.LEADERSHIP_JUDGE, + AccessProfile.CTSC_ADMIN, + AccessProfile.HEARING_CENTRE_ADMIN, + AccessProfile.WLU_ADMIN) .field(PCSCase::getFlagLauncherInternal, null, "#ARGUMENT(READ)") .field(PCSCase::getCaseFlags, "flagLauncherInternal!=\"\"") .field(PCSCase::getParties, "flagLauncherInternal!=\"\"", "#ARGUMENT(Flags)"); @@ -120,9 +121,9 @@ public void configure(final ConfigBuilder builder) { configureCaseFileCategories(builder); } - private void configureCaseFileCategories(ConfigBuilder builder) { + private void configureCaseFileCategories(ConfigBuilder builder) { for (CaseFileCategory category : CaseFileCategory.values()) { - builder.categories(UserRole.PCS_SOLICITOR) + builder.categories(AccessProfile.PCS_SOLICITOR) .categoryID(category.getId()) .categoryLabel(category.getLabel()) .displayOrder(category.getDisplayOrder()) @@ -130,16 +131,16 @@ private void configureCaseFileCategories(ConfigBuilder } } - private void buildCaseNotesTab(ConfigBuilder builder) { + private void buildCaseNotesTab(ConfigBuilder builder) { builder.tab("notes", "Notes") .field(PCSCase::getCaseNotes); } - private void buildCasePartiesTab(ConfigBuilder builder) { + private void buildCasePartiesTab(ConfigBuilder builder) { builder.tab("caseParties", "Case Parties") .label("Case Parties", null, "#### Case Parties") .field("casePartiesTab_ClaimantDetails") .field("casePartiesTab_DefendantOneDetails") .field("casePartiesTab_DefendantsDetails"); } -} +} \ No newline at end of file diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/AccessProfile.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/AccessProfile.java new file mode 100644 index 0000000000..b4d4a66542 --- /dev/null +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/AccessProfile.java @@ -0,0 +1,54 @@ +package uk.gov.hmcts.reform.pcs.ccd.accesscontrol; + +import static java.util.Arrays.stream; +import static uk.gov.hmcts.ccd.sdk.api.Permission.CRU; +import static uk.gov.hmcts.ccd.sdk.api.Permission.R; + +import com.fasterxml.jackson.annotation.JsonValue; +import java.util.Set; +import lombok.Getter; +import uk.gov.hmcts.ccd.sdk.api.HasRole; +import uk.gov.hmcts.ccd.sdk.api.Permission; + +@Getter +public enum AccessProfile implements HasRole { + + CREATOR("[CREATOR]", CRU), + RAS_VALIDATOR("caseworker-ras-validation", Set.of(R)), + CITIZEN("citizen", CRU), + DEFENDANT("[DEFENDANT]", CRU), + CLAIMANT_SOLICITOR("[CLAIMANTSOLICITOR]", CRU), + DEFENDANT_SOLICITOR("[DEFENDANTSOLICITOR]", CRU), + PCS_CASE_WORKER("caseworker-pcs", Set.of(R)), + PCS_SOLICITOR("caseworker-pcs-solicitor", CRU), + + JUDGE("judge", Set.of(R)), + FEE_PAID_JUDGE("fee-paid-judge", Set.of(R)), + CIRCUIT_JUDGE("circuit-judge", Set.of(R)), + LEADERSHIP_JUDGE("leadership-judge", Set.of(R)), + CTSC_ADMIN("ctsc", Permission.CRU), + HEARING_CENTRE_ADMIN("hearing-centre-admin", Permission.CRU), + WLU_ADMIN("wlu-admin", Permission.CRU), + GS_PROFILE("GS_profile", Set.of(R)), + SYSTEM_USER("pcs-system-update", CRU); + + + @JsonValue + private final String role; + private final Set caseTypePermissions; + + AccessProfile(String role, Set permissions) { + this.role = role; + this.caseTypePermissions = permissions; + } + + public static String[] toRoles(AccessProfile... profiles) { + return stream(profiles) + .map(AccessProfile::getRole) + .toArray(String[]::new); + } + + public String getCaseTypePermissions() { + return Permission.toString(caseTypePermissions); + } +} \ No newline at end of file diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/ExternalUserRole.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/ExternalUserRole.java index e902062679..b6acb2e802 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/ExternalUserRole.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/ExternalUserRole.java @@ -16,8 +16,7 @@ public static ExternalUserRole forCcdRole(UserRole ccdRole) { @Override public String getRole() { - String rolePrefix = (ccdUserRole.getRoleType() == RoleType.IDAM) ? "idam:" : ""; - return rolePrefix + ccdUserRole.getRole(); + return ccdUserRole.getRoleType().prefix() + ccdUserRole.getRole(); } @Override diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccess.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccess.java index b09cf101da..8a1cb8b86b 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccess.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccess.java @@ -1,7 +1,6 @@ package uk.gov.hmcts.reform.pcs.ccd.accesscontrol; -import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole.PCS_CASE_WORKER; -import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole.PCS_SOLICITOR; +import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile.GS_PROFILE; import uk.gov.hmcts.ccd.sdk.api.HasAccessControl; import uk.gov.hmcts.ccd.sdk.api.HasRole; @@ -11,17 +10,11 @@ import com.google.common.collect.SetMultimap; public class GlobalSearchAccess implements HasAccessControl { + @Override public SetMultimap getGrants() { SetMultimap grants = HashMultimap.create(); - grants.putAll(PCS_CASE_WORKER, Permission.CRUD); - - /*** - * Remove before release - */ - - grants.putAll(PCS_SOLICITOR, Permission.CRUD); - + grants.put(GS_PROFILE, Permission.R); return grants; } } diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfiles.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfiles.java index 67128c0a83..5f0f868660 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfiles.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfiles.java @@ -17,7 +17,7 @@ public void configure(ConfigBuilder configBuil .forEach(userRole -> configBuilder .caseRoleToAccessProfile(ExternalUserRole.forCcdRole(userRole)) - .accessProfiles(userRole.getRole()) + .accessProfiles(userRole.getAccessProfiles()) .build() ); } diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleType.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleType.java index 7ef4042251..4271a1f6ff 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleType.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleType.java @@ -2,7 +2,16 @@ enum RoleType { - IDAM, - RAS + IDAM("idam:"), + RAS(""); + private final String prefix; + + RoleType(String prefix) { + this.prefix = prefix; + } + + public String prefix() { + return prefix; + } } diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/UserRole.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/UserRole.java index 099891de5f..037f90ca61 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/UserRole.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/UserRole.java @@ -1,33 +1,40 @@ package uk.gov.hmcts.reform.pcs.ccd.accesscontrol; import com.fasterxml.jackson.annotation.JsonValue; -import lombok.AllArgsConstructor; import lombok.Getter; import uk.gov.hmcts.ccd.sdk.api.HasRole; import uk.gov.hmcts.ccd.sdk.api.Permission; import java.util.Set; +import static uk.gov.hmcts.ccd.sdk.api.Permission.CRU; import static uk.gov.hmcts.ccd.sdk.api.Permission.R; +import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile.GS_PROFILE; import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.RoleType.IDAM; import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.RoleType.RAS; /** * All the different roles for a PCS case. */ -@AllArgsConstructor @Getter public enum UserRole implements HasRole { - CITIZEN("citizen", Permission.CRU, IDAM), - CREATOR("[CREATOR]", Permission.CRU, RAS), - DEFENDANT("[DEFENDANT]", Permission.CRU, RAS), - CLAIMANT_SOLICITOR("[CLAIMANTSOLICITOR]", Permission.CRU, RAS), - PCS_CASE_WORKER("caseworker-pcs", Set.of(R), IDAM), - PCS_SOLICITOR("caseworker-pcs-solicitor", Permission.CRU, IDAM), + CREATOR("[CREATOR]", CRU, RAS), RAS_VALIDATOR("caseworker-ras-validation", Set.of(R), IDAM), + + CITIZEN("citizen", CRU, IDAM), + DEFENDANT("[DEFENDANT]", CRU, RAS), + CLAIMANT_SOLICITOR("[CLAIMANTSOLICITOR]", CRU, RAS), + DEFENDANT_SOLICITOR("[DEFENDANTSOLICITOR]", CRU, RAS), + + PCS_CASE_WORKER("caseworker-pcs", Set.of(R), IDAM), + PCS_SOLICITOR("caseworker-pcs-solicitor", CRU, IDAM), + + HMCTS_ADMIN("hmcts-admin", Set.of(R), RAS, GS_PROFILE), + HMCTS_JUDICIARY("hmcts-judiciary", Set.of(R), RAS, GS_PROFILE), + HMCTS_CTSC("hmcts-ctsc", Set.of(R), RAS, GS_PROFILE), + HMCTS_LEGAL_OPERATIONS("hmcts-legal-operations", Set.of(R), RAS, GS_PROFILE), CTSC_ADMIN("ctsc", Permission.CRU, RAS), - DEFENDANT_SOLICITOR("[DEFENDANTSOLICITOR]", Permission.CRU, RAS), HEARING_CENTRE_ADMIN("hearing-centre-admin", Permission.CRU, RAS), WLU_ADMIN("wlu-admin", Permission.CRU, RAS), FEE_PAID_JUDGE("fee-paid-judge", Set.of(R), RAS), @@ -41,8 +48,24 @@ public enum UserRole implements HasRole { private final String role; private final Set caseTypePermissions; private final RoleType roleType; + private final String[] accessProfiles; + + UserRole(String role, Set permissions, RoleType roleType) { + this(role, permissions, roleType, role); + } + + UserRole(String role, Set permissions, RoleType roleType, AccessProfile... accessProfiles) { + this(role, permissions, roleType, AccessProfile.toRoles(accessProfiles)); + } + + UserRole(String role, Set permissions, RoleType roleType, String... accessProfiles) { + this.role = role; + this.caseTypePermissions = permissions; + this.roleType = roleType; + this.accessProfiles = accessProfiles; + } public String getCaseTypePermissions() { return Permission.toString(caseTypePermissions); } -} +} \ No newline at end of file diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/config/HighLevelDataSetupApp.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/config/HighLevelDataSetupApp.java index 4dc4fb70ab..baf730b16f 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/config/HighLevelDataSetupApp.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/config/HighLevelDataSetupApp.java @@ -22,7 +22,27 @@ public class HighLevelDataSetupApp extends DataLoaderToDefinitionStore { private static final CcdRoleConfig[] CCD_ROLES = { new CcdRoleConfig("caseworker-pcs", "PUBLIC"), new CcdRoleConfig("caseworker-pcs-solicitor", "PUBLIC"), + new CcdRoleConfig("caseworker-ras-validation", "PUBLIC"), new CcdRoleConfig("citizen", "PUBLIC"), + new CcdRoleConfig("caseworker", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-systemupdate", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-anonymouscitizen", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-callagent", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-judge", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-judge-salaried", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-clerk", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-dwpresponsewriter", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-registrar", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-superuser", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-teamleader", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-panelmember", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-bulkscan", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-pcqextractor", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-hmrcresponsewriter", "PUBLIC"), + new CcdRoleConfig("caseworker-sscs-ibcaresponsewriter", "PUBLIC"), + new CcdRoleConfig("caseworker-wa-task-configuration", "RESTRICTED"), + new CcdRoleConfig("GS_profile", "PUBLIC"), new CcdRoleConfig("caseworker-ras-validation", "PUBLIC"), new CcdRoleConfig("ctsc", "PUBLIC"), new CcdRoleConfig("hearing-centre-admin", "PUBLIC"), diff --git a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/domain/State.java b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/domain/State.java index 539824db7a..32aeec350c 100644 --- a/src/main/java/uk/gov/hmcts/reform/pcs/ccd/domain/State.java +++ b/src/main/java/uk/gov/hmcts/reform/pcs/ccd/domain/State.java @@ -8,6 +8,7 @@ import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.ClaimantAccess; import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.DefendantAccess; import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.InternalCaseFlagAccess; +import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.GlobalSearchAccess; import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.RasValidationAccess; /** @@ -27,14 +28,16 @@ public enum State { @CCD( label = "Pending Case Issued", - access = {ClaimantAccess.class, CitizenAccess.class, RasValidationAccess.class, InternalCaseFlagAccess.class}, + access = {ClaimantAccess.class, CitizenAccess.class, RasValidationAccess.class, + InternalCaseFlagAccess.class, GlobalSearchAccess.class}, hint = "${caseTitleMarkdown}" ) PENDING_CASE_ISSUED, @CCD( label = "Case Issued", - access = {CaseworkerReadAccess.class, ClaimantAccess.class, DefendantAccess.class, RasValidationAccess.class}, + access = {CaseworkerReadAccess.class, ClaimantAccess.class, DefendantAccess.class, RasValidationAccess.class, + GlobalSearchAccess.class}, hint = "${caseTitleMarkdown}" ) CASE_ISSUED diff --git a/src/test/java/uk/gov/hmcts/reform/pcs/ccd/CaseTypeTest.java b/src/test/java/uk/gov/hmcts/reform/pcs/ccd/CaseTypeTest.java index 462420e612..402fb001fb 100644 --- a/src/test/java/uk/gov/hmcts/reform/pcs/ccd/CaseTypeTest.java +++ b/src/test/java/uk/gov/hmcts/reform/pcs/ccd/CaseTypeTest.java @@ -11,8 +11,9 @@ import uk.gov.hmcts.ccd.sdk.api.Search; import uk.gov.hmcts.ccd.sdk.api.SearchCases; import uk.gov.hmcts.ccd.sdk.api.Tab; +import uk.gov.hmcts.ccd.sdk.api.Tab.TabBuilder; import uk.gov.hmcts.ccd.sdk.api.TabField; -import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole; +import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile; import uk.gov.hmcts.reform.pcs.ccd.domain.PCSCase; import uk.gov.hmcts.reform.pcs.ccd.domain.State; @@ -26,7 +27,7 @@ class CaseTypeTest { private CaseType caseType; @Mock - private ConfigBuilderImpl builder; + private ConfigBuilderImpl builder; @Mock private PropertyUtils utils; @@ -61,17 +62,17 @@ void shouldGetCaseTypeName() { @Test void shouldConfigureCaseTypeTabs() { // Given - final Tab.TabBuilder nextStepsTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder summaryTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder caseHistoryTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder hiddenTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder serviceRequestTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder caseNotesTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder caseLinksTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder caseFileViewTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder casePartiesTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Tab.TabBuilder caseFlagsTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); - final Search.SearchBuilder searchBuilder = + final TabBuilder nextStepsTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final TabBuilder summaryTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final TabBuilder caseHistoryTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final TabBuilder hiddenTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final TabBuilder serviceRequestTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final Tab.TabBuilder caseNotesTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); + final TabBuilder caseLinksTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final TabBuilder caseFileViewTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final TabBuilder casePartiesTabBuilder = TabBuilder.builder(PCSCase.class, utils); + final Tab.TabBuilder caseFlagsTabBuilder = Tab.TabBuilder.builder(PCSCase.class, utils); + final Search.SearchBuilder searchBuilder = Search.SearchBuilder.builder(PCSCase.class, utils); final SearchCases.SearchCasesBuilder searchCasesBuilder = SearchCases.SearchCasesBuilder.builder(PCSCase.class, utils); @@ -90,19 +91,19 @@ void shouldConfigureCaseTypeTabs() { when(builder.tab("caseFileView", "Case File View")).thenReturn(caseFileViewTabBuilder); when(builder.tab("caseParties", "Case Parties")).thenReturn(casePartiesTabBuilder); when(builder.tab("caseFlags", "Case flags")).thenReturn(caseFlagsTabBuilder); - when(builder.categories(UserRole.PCS_SOLICITOR)) - .thenReturn(CaseCategory.CaseCategoryBuilder.builder(UserRole.PCS_SOLICITOR)); + when(builder.categories(AccessProfile.PCS_SOLICITOR)) + .thenReturn(CaseCategory.CaseCategoryBuilder.builder(AccessProfile.PCS_SOLICITOR)); // When caseType.configure(builder); - final Tab nextStepsTab = nextStepsTabBuilder.build(); - final Tab summaryTab = summaryTabBuilder.build(); - final Tab caseHistoryTab = caseHistoryTabBuilder.build(); - final Tab hiddenTab = hiddenTabBuilder.build(); - final Tab serviceRequestTab = serviceRequestTabBuilder.build(); - final Tab caseLinksTab = caseLinksTabBuilder.build(); - final Tab casePartiesTab = casePartiesTabBuilder.build(); - final Tab caseFileViewTab = caseFileViewTabBuilder.build(); + final Tab nextStepsTab = nextStepsTabBuilder.build(); + final Tab summaryTab = summaryTabBuilder.build(); + final Tab caseHistoryTab = caseHistoryTabBuilder.build(); + final Tab hiddenTab = hiddenTabBuilder.build(); + final Tab serviceRequestTab = serviceRequestTabBuilder.build(); + final Tab caseLinksTab = caseLinksTabBuilder.build(); + final Tab casePartiesTab = casePartiesTabBuilder.build(); + final Tab caseFileViewTab = caseFileViewTabBuilder.build(); // Then assertThat(nextStepsTab.getFields()).extracting(TabField::getId).contains("nextStepsMarkdown"); diff --git a/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccessTest.java b/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccessTest.java index 7c9f0963bf..839dc6486d 100644 --- a/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccessTest.java +++ b/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccessTest.java @@ -3,7 +3,8 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.entry; -import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole.PCS_CASE_WORKER; +import static uk.gov.hmcts.ccd.sdk.api.Permission.R; +import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile.GS_PROFILE; import uk.gov.hmcts.ccd.sdk.api.HasRole; import uk.gov.hmcts.ccd.sdk.api.Permission; @@ -12,6 +13,8 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import java.util.Set; + class GlobalSearchAccessTest { private GlobalSearchAccess underTest; @@ -24,7 +27,7 @@ void setUp() { @Test void shouldGrantGlobalSearchAccess() { SetMultimap grants = underTest.getGrants(); - assertThat(grants.asMap()).contains(entry(PCS_CASE_WORKER, Permission.CRUD)); + assertThat(grants.asMap()).contains(entry(GS_PROFILE, Set.of(R))); } } diff --git a/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfilesTest.java b/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfilesTest.java index d612b737a5..b8c8b4942c 100644 --- a/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfilesTest.java +++ b/src/test/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfilesTest.java @@ -1,10 +1,8 @@ package uk.gov.hmcts.reform.pcs.ccd.accesscontrol; -import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; -import org.mockito.MockedStatic; import org.mockito.junit.jupiter.MockitoExtension; import uk.gov.hmcts.ccd.sdk.api.CaseRoleToAccessProfile.CaseRoleToAccessProfileBuilder; import uk.gov.hmcts.ccd.sdk.api.ConfigBuilder; @@ -12,9 +10,10 @@ import uk.gov.hmcts.reform.pcs.ccd.domain.State; import static java.util.Arrays.stream; +import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.mockStatic; +import static org.mockito.ArgumentMatchers.argThat; +import static org.mockito.Mockito.atLeastOnce; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -28,40 +27,33 @@ class RoleToAccessProfilesTest { @Mock private CaseRoleToAccessProfileBuilder accessProfileBuilder; - - private final RoleToAccessProfiles underTest = new RoleToAccessProfiles(); - - - @BeforeEach - void setUp() { - when(configBuilder.caseRoleToAccessProfile(any())).thenReturn(accessProfileBuilder); - when(accessProfileBuilder.accessProfiles(any(String.class))).thenReturn(accessProfileBuilder); + //Tests that accessing UserRoles via ExternalRole wrapper uses prefix for Idam roles + @Test + void shouldAddIdamPrefixForIdamRolesOnly() { + stream(UserRole.values()).forEach(role -> { + String ccdRole = ExternalUserRole.forCcdRole(role).getRole(); + if (role.getRoleType() == RoleType.IDAM) { + assertThat(ccdRole).startsWith("idam:"); + } else { + assertThat(ccdRole).doesNotStartWith("idam:"); + } + }); } @Test void shouldRegisterAccessProfileForEveryUserRole() { - - try (MockedStatic mockedStatic = - mockStatic(ExternalUserRole.class)) { - - stream(UserRole.values()).forEach(userRole -> { - ExternalUserRole mockedRole = mock(ExternalUserRole.class); - - mockedStatic.when(() -> ExternalUserRole.forCcdRole(userRole)) - .thenReturn(mockedRole); - }); - - underTest.configure(configBuilder); - - stream(UserRole.values()).forEach(userRole -> { - verify(configBuilder).caseRoleToAccessProfile( - ExternalUserRole.forCcdRole(userRole)); - - verify(accessProfileBuilder).accessProfiles(userRole.getRole()); - }); - verify(accessProfileBuilder, times(UserRole.values().length)).build(); - } + when(configBuilder.caseRoleToAccessProfile(any())).thenReturn(accessProfileBuilder); + when(accessProfileBuilder.accessProfiles(any(String.class))).thenReturn(accessProfileBuilder); + underTest.configure(configBuilder); + stream(UserRole.values()).forEach(userRole -> { + String expectedExternalRole = ExternalUserRole.forCcdRole(userRole).getRole(); + verify(configBuilder).caseRoleToAccessProfile(argThat( + externalRole -> externalRole.getRole().equals(expectedExternalRole) + )); + verify(accessProfileBuilder, atLeastOnce()).accessProfiles(userRole.getAccessProfiles()); + }); + verify(accessProfileBuilder, times(UserRole.values().length)).build(); } -} +} \ No newline at end of file