CIV-15377 - CE - Role Assignments for Messages (#187)

Co-authored-by: GarethLancaster <[email protected]>
Co-authored-by: m-meulendijks-v1 <[email protected]>

build.gradle

@@ -1,7 +1,7 @@
 plugins {
   id 'checkstyle'
   id 'jacoco'
-  id 'io.spring.dependency-management' version '1.1.0'
+  id 'io.spring.dependency-management' version '1.1.6'
   id 'org.springframework.boot' version '2.7.18'
   id 'org.owasp.dependencycheck' version '8.3.1'
   id 'com.github.ben-manes.versions' version '0.46.0'
@@ -155,7 +155,7 @@ dependencies {
 
   implementation 'org.springframework:spring-expression:5.3.39'
   implementation 'org.springframework:spring-web:5.3.39'
-  implementation 'org.springframework:spring-webmvc:6.1.13'
+  implementation 'org.springframework:spring-webmvc:6.1.14'
 
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '4.0.2'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-openfeign-core', version: '4.0.2'
@@ -165,7 +165,7 @@ dependencies {
   implementation group: 'com.sendgrid', name: 'sendgrid-java', version: '4.9.3'
   implementation group: 'com.github.hmcts', name: 'ccd-client', version: '4.9.1'
 
-  implementation group: 'commons-io', name: 'commons-io', version: '2.11.0'
+  implementation group: 'commons-io', name: 'commons-io', version: '2.17.0'
   implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
 
   implementation group: 'uk.gov.service.notify', name: 'notifications-java-client', version: '5.0.0-RELEASE'

config/owasp/suppressions.xml

@@ -16,7 +16,7 @@
   <cve>CVE-2020-5408</cve>
   </suppress>
   <!--End of temporary suppression section -->
-  <suppress until="2024-10-22">
+  <suppress until="2024-12-22">
     <cve>CVE-2023-33202</cve>
     <cve>CVE-2023-33201</cve>
     <cve>CVE-2024-30171</cve>
@@ -27,5 +27,7 @@
     <cve>CVE-2023-5072</cve>
     <cve>CVE-2024-22262</cve>
     <cve>CVE-2024-34447</cve>
+    <cve>CVE-2024-38820</cve>
+    <cve>CVE-2024-38828</cve>
   </suppress>
 </suppressions>

src/main/java/uk/gov/hmcts/reform/civil/ras/client/RoleAssignmentsApi.java

@@ -6,6 +6,8 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestParam;
+import uk.gov.hmcts.reform.civil.ras.model.QueryRequest;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentRequest;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentServiceResponse;
 import uk.gov.hmcts.reform.civil.ras.model.UpdateRoleAssignmentResponse;
@@ -30,6 +32,23 @@ RoleAssignmentServiceResponse getRoleAssignments(
         @RequestHeader(SERVICE_AUTHORIZATION) String serviceAuthorization,
         @PathVariable(ACTOR_ID) String actorId);
 
+    @PostMapping(
+        value = "/am/role-assignments/query",
+        consumes = APPLICATION_JSON_VALUE,
+        headers = CONTENT_TYPE + "=" + APPLICATION_JSON_VALUE
+    )
+    RoleAssignmentServiceResponse getRoleAssignments(
+        @RequestHeader(AUTHORIZATION) String authorization,
+        @RequestHeader(SERVICE_AUTHORIZATION) String serviceAuthorization,
+        @RequestHeader(value = "x-correlation-id",
+            required = false) String correlationId,
+        @RequestHeader(value = "pageNumber", required = false) Integer pageNumber,
+        @RequestHeader(value = "size", required = false) Integer size,
+        @RequestHeader(value = "sort", required = false) String sort,
+        @RequestHeader(value = "direction", required = false) String direction,
+        @RequestBody(required = true) QueryRequest queryRequest,
+        @RequestParam(value = "includeLabels", defaultValue = "false") Boolean includeLabels);
+
     @PostMapping(
         value = "/am/role-assignments",
         consumes = APPLICATION_JSON_VALUE,

src/main/java/uk/gov/hmcts/reform/civil/ras/model/QueryRequest.java

@@ -0,0 +1,43 @@
+package uk.gov.hmcts.reform.civil.ras.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.Singular;
+import lombok.Value;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Value
+@Builder
+@AllArgsConstructor
+@Getter
+public class QueryRequest {
+
+    @Singular("actorId")
+    private final List<String> actorId;
+    @Singular("roleType")
+    private final List<String> roleType;
+    @Singular("roleName")
+    private final List<String> roleName;
+    @Singular("classification")
+    private final List<String> classification;
+    @Singular("grantType")
+    private final List<String> grantType;
+
+    private LocalDateTime validAt;
+    @Singular("roleCategory")
+    private final List<String> roleCategory;
+
+    private Map<String, List<String>> attributes;
+    @Singular("authorisations")
+    private final List<String> authorisations;
+
+    @Singular("hasAttributes")
+    private final List<String> hasAttributes;
+
+    private Boolean readOnly;
+
+}

src/main/java/uk/gov/hmcts/reform/civil/ras/model/RoleAssignmentResponse.java

@@ -17,6 +17,7 @@ public class RoleAssignmentResponse {
     private String actorIdType;
     private String roleType;
     private String roleName;
+    private String roleLabel;
     private String classification;
     private String grantType;
     private String roleCategory;

src/main/java/uk/gov/hmcts/reform/civil/service/RoleAssignmentsService.java

@@ -5,6 +5,7 @@
 import org.springframework.stereotype.Service;
 import uk.gov.hmcts.reform.authorisation.generators.AuthTokenGenerator;
 import uk.gov.hmcts.reform.civil.ras.client.RoleAssignmentsApi;
+import uk.gov.hmcts.reform.civil.ras.model.QueryRequest;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentRequest;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentServiceResponse;
 
@@ -30,6 +31,27 @@ public RoleAssignmentServiceResponse getRoleAssignments(String actorId,
         );
     }
 
+    public RoleAssignmentServiceResponse getRoleAssignmentsWithLabels(String actorId, String authorization) {
+
+        if (log.isDebugEnabled()) {
+            log.debug(actorId, "Getting Role assignments for actorId {0}");
+        }
+
+        return roleAssignmentApi.getRoleAssignments(
+            authorization,
+            authTokenGenerator.generate(),
+            null,
+            null,
+            null,
+            null,
+            null,
+            QueryRequest.builder()
+                .actorId(actorId)
+                .build(),
+            true
+        );
+    }
+
     public void assignUserRoles(String actorId, String authorization, RoleAssignmentRequest roleAssignmentRequest) {
         if (log.isDebugEnabled()) {
             log.debug(actorId, "Assigning roles to actorId {0}");

src/test/java/uk/gov/hmcts/reform/civil/service/RoleAssignmentsServiceTest.java

@@ -10,13 +10,13 @@
 import uk.gov.hmcts.reform.authorisation.generators.AuthTokenGenerator;
 import uk.gov.hmcts.reform.civil.ras.client.RoleAssignmentsApi;
 import uk.gov.hmcts.reform.civil.ras.model.GrantType;
+import uk.gov.hmcts.reform.civil.ras.model.QueryRequest;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignment;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentRequest;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentResponse;
 import uk.gov.hmcts.reform.civil.ras.model.RoleAssignmentServiceResponse;
 import uk.gov.hmcts.reform.civil.ras.model.RoleCategory;
 import uk.gov.hmcts.reform.civil.ras.model.RoleRequest;
-import uk.gov.hmcts.reform.civil.ras.model.RoleType;
 
 import java.util.List;
 import java.util.Map;
@@ -28,6 +28,7 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
+import static uk.gov.hmcts.reform.civil.ras.model.RoleType.ORGANISATION;
 
 @ExtendWith(SpringExtension.class)
 @SpringBootTest(classes = {
@@ -65,6 +66,35 @@ void init() {
         when(roleAssignmentApi.getRoleAssignments(anyString(), anyString(), anyString())).thenReturn(RAS_RESPONSE);
     }
 
+    @Test
+    void getRoleAssignmentsWithLabels_shouldReturnExpectAssignments() {
+        RoleAssignmentServiceResponse expected = RoleAssignmentServiceResponse.builder()
+            .roleAssignmentResponse(
+                List.of(RoleAssignmentResponse
+                            .builder()
+                            .actorId(ACTORID)
+                            .roleLabel("Role Label")
+                            .build()
+                )
+            )
+            .build();
+        when(roleAssignmentApi.getRoleAssignments(
+            eq(USER_AUTH_TOKEN),
+            eq(SERVICE_TOKEN),
+            eq(null),
+            eq(null),
+            eq(null),
+            eq(null),
+            eq(null),
+            eq(QueryRequest.builder().actorId(ACTORID).build()),
+            eq(true))
+        ).thenReturn(expected);
+
+        var actual = roleAssignmentsService.getRoleAssignmentsWithLabels(ACTORID, USER_AUTH_TOKEN);
+
+        assertEquals(expected, actual);
+    }
+
     @Test
     void shouldReturn() {
         var roleAssignmentsExpected = roleAssignmentsService.getRoleAssignments(ACTORID, USER_AUTH_TOKEN);
@@ -74,17 +104,18 @@ void shouldReturn() {
     @Test
     void shouldPostExpectedPayload() {
         RoleAssignmentRequest request = RoleAssignmentRequest.builder()
-            .roleRequest(RoleRequest.builder()
-                             .assignerId(ACTORID)
-                             .reference("civil-hearings-system-user")
-                             .process("civil-system-user")
-                             .replaceExisting(true)
-                             .build())
+            .roleRequest(
+                RoleRequest.builder()
+                    .assignerId(ACTORID)
+                    .reference("civil-hearings-system-user")
+                    .process("civil-system-user")
+                    .replaceExisting(true)
+                    .build())
             .requestedRoles(List.of(
                 RoleAssignment.builder()
                     .actorId(ACTORID)
                     .actorIdType("IDAM")
-                    .roleType(RoleType.ORGANISATION)
+                    .roleType(ORGANISATION)
                     .classification("PUBLIC")
                     .grantType(GrantType.STANDARD)
                     .roleCategory(RoleCategory.SYSTEM)