Hdpi 5335 enable access to globalsearch without parties

Jenkinsfile_CNP

@@ -53,7 +53,6 @@ withPipeline(type, product, component) {
     setPreviewEnvVars()
     if (githubApi.getLabelsbyPattern(env.BRANCH_NAME, "pr-values:ccd").size() > 0) {
       env.CCD_ENABLED = "true"
-      env.CASE_TYPE_SUFFIX="${CHANGE_ID}"
       enableHighLevelDataSetup()
     } else {
       env.CCD_ENABLED = "false"
@@ -127,6 +126,12 @@ withPipeline(type, product, component) {
     generateDefinitions(builder)
   }
 
+  before('smoketest:preview') {
+    if (githubApi.getLabelsbyPattern(env.BRANCH_NAME, "pr-values:ccd").size() > 0) {
+      sh "./bin/trigger-global-search-index.sh"
+    }
+  }
+
   before('smoketest:aat') {
     env.CASE_TYPE_SUFFIX="staging"
     env.CCD_ENABLED = "true"

bin/trigger-global-search-index.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -ex
+
+S2S_TOKEN=$(curl -s -X POST "${IDAM_S2S_AUTH_URL}/testing-support/lease" \
+  -H 'Content-Type: application/json' \
+  -d '{"microservice": "pcs_api"}')
+
+IDAM_TOKEN=$(curl -s -X POST "${IDAM_API_URL}/o/token" \
+  -H 'Content-Type: application/x-www-form-urlencoded' \
+  --data-urlencode 'grant_type=password' \
+  --data-urlencode "username=${IDAM_SYSTEM_USERNAME}" \
+  --data-urlencode "password=${IDAM_SYSTEM_USER_PASSWORD}" \
+  --data-urlencode 'client_id=pcs-api' \
+  --data-urlencode "client_secret=${PCS_API_IDAM_SECRET}" \
+  --data-urlencode 'scope=openid profile roles' \
+  | python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])")
+
+STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X POST "${DEFINITION_STORE_URL_BASE}/elastic-support/global-search/index" \
+  -H "Authorization: Bearer ${IDAM_TOKEN}" \
+  -H "ServiceAuthorization: Bearer ${S2S_TOKEN}")
+
+if [ "$STATUS" != "201" ]; then
+  echo "ERROR: Global search index returned status ${STATUS}"
+  exit 1
+fi
+
+echo "Global search index created successfully"

charts/pcs-api/values.ccd.preview.template.yaml

@@ -14,7 +14,6 @@ global:
 
 java:
   environment:
-    CASE_TYPE_SUFFIX: ${CHANGE_ID}
     PCS_DB_NAME: "{{ .Values.global.databaseNamePrefix }}pcs"
     PCS_DB_HOST: '{{ tpl .Values.global.postgresHostname $}}'
     PCS_DB_USER_NAME: "{{ .Values.global.postgresUsername}}"
@@ -43,7 +42,6 @@ postgresql:
       - name: "pr-${CHANGE_ID}-data-store"
       - name: "pr-${CHANGE_ID}-definition-store"
       - name: "pr-${CHANGE_ID}-pcs"
-
 ccd:
   enabled: true
   ccd:
@@ -81,6 +79,7 @@ ccd:
         DEFINITION_STORE_DB_OPTIONS: ""
         ELASTIC_SEARCH_INDEX_SHARDS: 1
         ELASTIC_SEARCH_INDEX_SHARDS_REPLICAS: 0
+        DEFINITION_STORE_S2S_AUTHORISED_SERVICES: "ccd_data,ccd_gw,ccd_admin,jui_webapp,pui_webapp,aac_manage_case_assignment,xui_webapp,am_org_role_mapping_service,pcs_api"
       ingressHost: ccd-definition-store-${SERVICE_FQDN}
       keyVaults:
         ccd:
@@ -167,7 +166,7 @@ ccd:
       - name: cluster.initial_master_nodes
         value: ""
       - name: action.auto_create_index
-        value: .security*,.watches,.triggered_watches,.watcher-history-*,.logstash_dead_letter,.ml*,global_search
+        value: .security*,.watches,.triggered_watches,.watcher-history-*,.logstash_dead_letter,.ml*
     persistence:
       enabled: false
     ingress:
@@ -197,8 +196,10 @@ xui-webapp:
       SERVICES_CCD_DATA_STORE_API: http://${SERVICE_NAME}-ccd-data-store-api
       SERVICES_TERMS_AND_CONDITIONS: http://xui-terms-and-conditions-aat.service.core-compute-aat.internal
       SERVICES_HEARINGS_COMPONENT_API: http://jurisdiction-hearings-api-aat.service.core-compute-aat.internal
-      JURISDICTIONS: PCS,CIVIL
-      STAFF_SUPPORTED_JURISDICTIONS: PCS
+      JURISDICTIONS: PCS
+      GLOBAL_SEARCH_SERVICES: PCS,CIVIL,SSCS
+      WA_SUPPORTED_JURISDICTIONS: PCS,CIVIL,SSCS
+      STAFF_SUPPORTED_JURISDICTIONS: PCS,CIVIL,SSCS
       FEATURE_REDIS_ENABLED: false
       REDISCLOUD_URL: http://dummyrediscloudurl
       FEATURE_APP_INSIGHTS_ENABLED: false

src/cftlib/java/uk/gov/hmcts/reform/pcs/CftlibConfig.java

@@ -72,6 +72,7 @@ private void createAccessProfiles(CFTLib lib) {
 
         roleNames.add("caseworker");
         roleNames.add("caseworker-ras-validation");
+        roleNames.add("GS_profile");
 
         lib.createRoles(roleNames.toArray(new String[0]));
     }

src/cftlib/resources/cftlib-am-role-assignments.json

@@ -15,5 +15,37 @@
         "authorisations": []
       }
     ]
+  },
+  {
+    "email": "pcs-solicitor1@test.com",
+    "id": "f6484bbb-c10e-319b-ab8d-14361a7d2a23",
+    "roleAssignments": [
+      {
+        "roleType": "ORGANISATION",
+        "roleName": "hmcts-admin",
+        "grantType": "STANDARD",
+        "roleCategory": "ADMIN",
+        "classification": "PUBLIC",
+        "readOnly": false,
+        "attributes": {},
+        "authorisations": []
+      }
+    ]
+  },
+  {
+    "email": "pcs-solicitor1@test.com",
+    "id": "f6484bbb-c10e-319b-ab8d-14361a7d2a23",
+    "roleAssignments": [
+      {
+        "roleType": "ORGANISATION",
+        "roleName": "[HMCTS-ADMIN]",
+        "grantType": "STANDARD",
+        "roleCategory": "ADMIN",
+        "classification": "PUBLIC",
+        "readOnly": false,
+        "attributes": {},
+        "authorisations": []
+      }
+    ]
   }
 ]

src/main/java/uk/gov/hmcts/reform/pcs/ccd/CaseType.java

@@ -4,7 +4,7 @@
 import org.springframework.stereotype.Component;
 import uk.gov.hmcts.ccd.sdk.api.CCDConfig;
 import uk.gov.hmcts.ccd.sdk.api.ConfigBuilder;
-import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole;
+import uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile;
 import uk.gov.hmcts.reform.pcs.ccd.domain.CaseFileCategory;
 import uk.gov.hmcts.reform.pcs.ccd.domain.PCSCase;
 import uk.gov.hmcts.reform.pcs.ccd.domain.State;
@@ -18,7 +18,7 @@
  * Setup some common possessions case type configuration.
  */
 @Component
-public class CaseType implements CCDConfig<PCSCase, State, UserRole> {
+public class CaseType implements CCDConfig<PCSCase, State, AccessProfile> {
 
     private static final String CASE_TYPE_ID = "PCS";
     private static final String CASE_TYPE_NAME = "Possession";
@@ -49,7 +49,7 @@ private static String withSuffix(String base, String separator) {
     }
 
     @Override
-    public void configure(final ConfigBuilder<PCSCase, State, UserRole> builder) {
+    public void configure(final ConfigBuilder<PCSCase, State, AccessProfile> builder) {
         builder.setCallbackHost(getenv().getOrDefault("CASE_API_URL", "http://localhost:3206"));
 
         builder.caseType(getCaseType(), getCaseTypeName(), CASE_TYPE_DESCRIPTION);
@@ -97,7 +97,7 @@ public void configure(final ConfigBuilder<PCSCase, State, UserRole> builder) {
             .field(PCSCase::getCaseFileView, null, "#ARGUMENT(CaseFileView)");
 
         builder.tab("caseLinks", "Linked Cases")
-            .forRoles(UserRole.PCS_SOLICITOR)
+            .forRoles(AccessProfile.PCS_SOLICITOR)
             .field(PCSCase::getLinkedCasesComponentLauncher, null, "#ARGUMENT(LinkedCases)")
             .field(PCSCase::getCaseLinks, "LinkedCasesComponentLauncher!=\"\"", "#ARGUMENT(LinkedCases)");
 
@@ -106,17 +106,17 @@ public void configure(final ConfigBuilder<PCSCase, State, UserRole> builder) {
         configureCaseFileCategories(builder);
     }
 
-    private void configureCaseFileCategories(ConfigBuilder<PCSCase, State, UserRole> builder) {
+    private void configureCaseFileCategories(ConfigBuilder<PCSCase, State, AccessProfile> builder) {
         for (CaseFileCategory category : CaseFileCategory.values()) {
-            builder.categories(UserRole.PCS_SOLICITOR)
+            builder.categories(AccessProfile.PCS_SOLICITOR)
                 .categoryID(category.getId())
                 .categoryLabel(category.getLabel())
                 .displayOrder(category.getDisplayOrder())
                 .build();
         }
     }
 
-    private void buildCasePartiesTab(ConfigBuilder<PCSCase, State, UserRole> builder) {
+    private void buildCasePartiesTab(ConfigBuilder<PCSCase, State, AccessProfile> builder) {
         builder.tab("caseParties", "Case Parties")
             .label("Case Parties", null, "#### Case Parties")
             .field("casePartiesTab_ClaimantDetails")

src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/AccessProfile.java

@@ -0,0 +1,45 @@
+package uk.gov.hmcts.reform.pcs.ccd.accesscontrol;
+
+import static java.util.Arrays.stream;
+import static uk.gov.hmcts.ccd.sdk.api.Permission.CRU;
+import static uk.gov.hmcts.ccd.sdk.api.Permission.R;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+import java.util.Set;
+import lombok.Getter;
+import uk.gov.hmcts.ccd.sdk.api.HasRole;
+import uk.gov.hmcts.ccd.sdk.api.Permission;
+
+@Getter
+public enum AccessProfile implements HasRole {
+
+    CREATOR("[CREATOR]", CRU),
+    RAS_VALIDATOR("caseworker-ras-validation", Set.of(R)),
+    CITIZEN("citizen", CRU),
+    DEFENDANT("[DEFENDANT]", CRU),
+    CLAIMANT_SOLICITOR("[CLAIMANTSOLICITOR]", CRU),
+    DEFENDANT_SOLICITOR("[DEFENDANTSOLICITOR]", CRU),
+    PCS_CASE_WORKER("caseworker-pcs", Set.of(R)),
+    PCS_SOLICITOR("caseworker-pcs-solicitor", CRU),
+
+    GS_PROFILE("GS_profile", Set.of(R));
+
+    @JsonValue
+    private final String role;
+    private final Set<Permission> caseTypePermissions;
+
+    AccessProfile(String role, Set<Permission> permissions) {
+        this.role = role;
+        this.caseTypePermissions = permissions;
+    }
+
+    public static String[] toRoles(AccessProfile... profiles) {
+        return stream(profiles)
+            .map(AccessProfile::getRole)
+            .toArray(String[]::new);
+    }
+
+    public String getCaseTypePermissions() {
+        return Permission.toString(caseTypePermissions);
+    }
+}

src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/ExternalUserRole.java

@@ -16,8 +16,7 @@ public static ExternalUserRole forCcdRole(UserRole ccdRole) {
 
     @Override
     public String getRole() {
-        String rolePrefix = (ccdUserRole.getRoleType() == RoleType.IDAM) ? "idam:" : "";
-        return rolePrefix + ccdUserRole.getRole();
+        return ccdUserRole.getRoleType().prefix() + ccdUserRole.getRole();
     }
 
     @Override

src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/GlobalSearchAccess.java

@@ -1,7 +1,6 @@
 package uk.gov.hmcts.reform.pcs.ccd.accesscontrol;
 
-import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole.PCS_CASE_WORKER;
-import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.UserRole.PCS_SOLICITOR;
+import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile.GS_PROFILE;
 
 import uk.gov.hmcts.ccd.sdk.api.HasAccessControl;
 import uk.gov.hmcts.ccd.sdk.api.HasRole;
@@ -11,17 +10,11 @@
 import com.google.common.collect.SetMultimap;
 
 public class GlobalSearchAccess implements HasAccessControl {
+
     @Override
     public SetMultimap<HasRole, Permission> getGrants() {
         SetMultimap<HasRole, Permission> grants = HashMultimap.create();
-        grants.putAll(PCS_CASE_WORKER, Permission.CRUD);
-
-        /***
-         * Remove before release
-         */
-
-        grants.putAll(PCS_SOLICITOR, Permission.CRUD);
-
+        grants.put(GS_PROFILE, Permission.R);
         return grants;
     }
 }

src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleToAccessProfiles.java

@@ -17,7 +17,7 @@ public void configure(ConfigBuilder<PCSCase, State, ExternalUserRole> configBuil
             .forEach(userRole ->
                          configBuilder
                              .caseRoleToAccessProfile(ExternalUserRole.forCcdRole(userRole))
-                             .accessProfiles(userRole.getRole())
+                             .accessProfiles(userRole.getAccessProfiles())
                              .build()
             );
     }

src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/RoleType.java

@@ -2,7 +2,16 @@
 
 enum RoleType {
 
-    IDAM,
-    RAS
+    IDAM("idam:"),
+    RAS("");
 
+    private final String prefix;
+
+    RoleType(String prefix) {
+        this.prefix = prefix;
+    }
+
+    public String prefix() {
+        return prefix;
+    }
 }

src/main/java/uk/gov/hmcts/reform/pcs/ccd/accesscontrol/UserRole.java

@@ -1,37 +1,60 @@
 package uk.gov.hmcts.reform.pcs.ccd.accesscontrol;
 
 import com.fasterxml.jackson.annotation.JsonValue;
-import lombok.AllArgsConstructor;
 import lombok.Getter;
 import uk.gov.hmcts.ccd.sdk.api.HasRole;
 import uk.gov.hmcts.ccd.sdk.api.Permission;
 
 import java.util.Set;
 
+import static uk.gov.hmcts.ccd.sdk.api.Permission.CRU;
 import static uk.gov.hmcts.ccd.sdk.api.Permission.R;
+import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.AccessProfile.GS_PROFILE;
 import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.RoleType.IDAM;
 import static uk.gov.hmcts.reform.pcs.ccd.accesscontrol.RoleType.RAS;
 
 /**
  * All the different roles for a PCS case.
  */
-@AllArgsConstructor
 @Getter
 public enum UserRole implements HasRole {
 
-    CITIZEN("citizen", Permission.CRU, IDAM),
-    CREATOR("[CREATOR]", Permission.CRU, RAS),
-    DEFENDANT("[DEFENDANT]", Permission.CRU, RAS),
-    CLAIMANT_SOLICITOR("[CLAIMANTSOLICITOR]", Permission.CRU, RAS),
-    PCS_CASE_WORKER("caseworker-pcs", Set.of(R), IDAM),
-    PCS_SOLICITOR("caseworker-pcs-solicitor", Permission.CRU, IDAM),
+    CREATOR("[CREATOR]", CRU, RAS),
     RAS_VALIDATOR("caseworker-ras-validation", Set.of(R), IDAM),
-    DEFENDANT_SOLICITOR("[DEFENDANTSOLICITOR]", Permission.CRU, RAS);
+
+    CITIZEN("citizen", CRU, IDAM),
+    DEFENDANT("[DEFENDANT]", CRU, RAS),
+    CLAIMANT_SOLICITOR("[CLAIMANTSOLICITOR]", CRU, RAS),
+    DEFENDANT_SOLICITOR("[DEFENDANTSOLICITOR]", CRU, RAS),
+
+    PCS_CASE_WORKER("caseworker-pcs", Set.of(R), IDAM),
+    PCS_SOLICITOR("caseworker-pcs-solicitor", CRU, IDAM),
+
+    HMCTS_ADMIN("hmcts-admin", Set.of(R), RAS, GS_PROFILE),
+    HMCTS_JUDICIARY("hmcts-judiciary", Set.of(R), RAS, GS_PROFILE),
+    HMCTS_CTSC("hmcts-ctsc", Set.of(R), RAS, GS_PROFILE),
+    HMCTS_LEGAL_OPERATIONS("hmcts-legal-operations", Set.of(R), RAS, GS_PROFILE);
 
     @JsonValue
     private final String role;
     private final Set<Permission> caseTypePermissions;
     private final RoleType roleType;
+    private final String[] accessProfiles;
+
+    UserRole(String role, Set<Permission> permissions, RoleType roleType) {
+        this(role, permissions, roleType, role);
+    }
+
+    UserRole(String role, Set<Permission> permissions, RoleType roleType, AccessProfile... accessProfiles) {
+        this(role, permissions, roleType, AccessProfile.toRoles(accessProfiles));
+    }
+
+    UserRole(String role, Set<Permission> permissions, RoleType roleType, String... accessProfiles) {
+        this.role = role;
+        this.caseTypePermissions = permissions;
+        this.roleType = roleType;
+        this.accessProfiles = accessProfiles;
+    }
 
     public String getCaseTypePermissions() {
         return Permission.toString(caseTypePermissions);