RWA-2712 Delete Task API Modification (#1154)

Co-authored-by: Martin Spasov <martin.y.spasov@gmail.com>
hmcts · Sep 7, 2023 · 8605518 · 8605518
1 parent 905f4b7
commit 8605518
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 14 deletions.
diff --git a/...a/uk/gov/hmcts/reform/wataskmanagementapi/provider/TaskManagerDeleteTaskProviderTest.java b/...a/uk/gov/hmcts/reform/wataskmanagementapi/provider/TaskManagerDeleteTaskProviderTest.java
@@ -52,6 +52,6 @@ private void setInitMock() {
         doNothing().when(taskDeletionService).deleteTasksByCaseId(any());
         UserInfo userInfo = mock((UserInfo.class));
         when(userInfo.getUid()).thenReturn("someUserId");
-        when(clientAccessControlService.hasExclusiveAccess(any())).thenReturn(true);
+        when(clientAccessControlService.hasPrivilegedAccess(any())).thenReturn(true);
     }
 }
diff --git a/...t/java/uk/gov/hmcts/reform/wataskmanagementapi/controllers/DeleteTasksControllerTest.java b/...t/java/uk/gov/hmcts/reform/wataskmanagementapi/controllers/DeleteTasksControllerTest.java
@@ -41,7 +41,6 @@
 import static uk.gov.hmcts.reform.wataskmanagementapi.cft.enums.CFTTaskState.TERMINATED;
 import static uk.gov.hmcts.reform.wataskmanagementapi.cft.enums.CFTTaskState.UNASSIGNED;
 import static uk.gov.hmcts.reform.wataskmanagementapi.config.SecurityConfiguration.SERVICE_AUTHORIZATION;
-import static uk.gov.hmcts.reform.wataskmanagementapi.utils.ServiceMocks.IDAM_AUTHORIZATION_TOKEN;
 import static uk.gov.hmcts.reform.wataskmanagementapi.utils.ServiceMocks.SERVICE_AUTHORIZATION_TOKEN;
 
 @ExtendWith(OutputCaptureExtension.class)
@@ -67,8 +66,6 @@ public class DeleteTasksControllerTest extends SpringBootIntegrationBaseTest {
 
     @BeforeEach
     void setUp() {
-        when(authTokenGenerator.generate())
-            .thenReturn(IDAM_AUTHORIZATION_TOKEN);
         mockServices = new ServiceMocks(
                 idamWebApi,
                 serviceAuthorisationApi,
@@ -95,7 +92,7 @@ void shouldDeleteTasksByCaseId(final CapturedOutput output) throws Exception {
         assertThat(tasks.get(2).getTaskId()).isEqualTo(taskId3);
 
         when(launchDarklyFeatureFlagProvider.getBooleanValue(any(), any(), any())).thenReturn(true);
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
             .thenReturn(true);
 
         mockMvc.perform(
@@ -118,7 +115,7 @@ void shouldReturnBadResponseError() throws Exception {
         final String caseId = "123";
 
         when(launchDarklyFeatureFlagProvider.getBooleanValue(any(), any(), any())).thenReturn(true);
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
             .thenReturn(true);
         mockMvc.perform(
                         post("/task/delete")
@@ -135,7 +132,7 @@ void shouldReturnForbiddenResponseError() throws Exception {
         final String caseId = "1615817621013640";
 
         when(launchDarklyFeatureFlagProvider.getBooleanValue(any(), any(), any())).thenReturn(true);
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
             .thenReturn(false);
         mockMvc.perform(
                         post("/task/delete")

diff --git a/...ava/uk/gov/hmcts/reform/wataskmanagementapi/auth/restrict/ClientAccessControlService.java b/...ava/uk/gov/hmcts/reform/wataskmanagementapi/auth/restrict/ClientAccessControlService.java
@@ -46,6 +46,20 @@ public boolean hasPrivilegedAccess(String serviceAuthToken, AccessControlRespons
         return privilegedAccessClients.contains(serviceName);
     }
 
+    /**
+     * Extracts client id from service authorization token and returns if client is whitelisted as PrivilegedAccess.
+     *
+     * @param serviceAuthToken the service authorization token.
+     * @return whether a client has been whitelisted in config.hasPrivilegedAccess property.
+     */
+    public boolean hasPrivilegedAccess(String serviceAuthToken) {
+        Objects.requireNonNull(serviceAuthToken, "ServiceAuthorization must not be null");
+
+        String serviceName = serviceAuthTokenValidator.getServiceName(serviceAuthToken);
+
+        return privilegedAccessClients.contains(serviceName);
+    }
+
 
     /**
      * Extracts client id from service authorization token and returns if client is whitelisted as exclusiveClient.

diff --git a/src/main/java/uk/gov/hmcts/reform/wataskmanagementapi/controllers/TaskActionsController.java b/src/main/java/uk/gov/hmcts/reform/wataskmanagementapi/controllers/TaskActionsController.java
@@ -363,7 +363,7 @@ public ResponseEntity<Void> deleteTasks(
             @RequestBody final DeleteTasksRequest deleteTasksRequest,
             @RequestHeader(SERVICE_AUTHORIZATION) String serviceAuthToken) {
         try {
-            boolean hasAccess = clientAccessControlService.hasExclusiveAccess(serviceAuthToken);
+            boolean hasAccess = clientAccessControlService.hasPrivilegedAccess(serviceAuthToken);
 
             if (!hasAccess) {
                 return buildErrorResponseEntityAndLogError(HttpStatus.FORBIDDEN.value(),

diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -12,8 +12,8 @@ management:
         include: health, info, prometheus
 
 config:
-  privilegedAccessClients: ${TASK_MANAGEMENT_PRIVILEGED_CLIENTS:wa_task_management_api,xui_webapp}
-  exclusiveAccessClients: ${TASK_MANAGEMENT_EXCLUSIVE_CLIENTS:wa_task_management_api,wa_task_monitor,wa_case_event_handler,wa_workflow_api,ccd_case_disposer}
+  privilegedAccessClients: ${TASK_MANAGEMENT_PRIVILEGED_CLIENTS:wa_task_management_api,xui_webapp,ccd_case_disposer}
+  exclusiveAccessClients: ${TASK_MANAGEMENT_EXCLUSIVE_CLIENTS:wa_task_management_api,wa_task_monitor,wa_case_event_handler,wa_workflow_api}
   allowedJurisdictions: ${ALLOWED_JURISDICTIONS:ia,wa,sscs,civil,publiclaw,privatelaw,employment}
   allowedCaseTypes: ${ALLOWED_CASE_TYPES:asylum,wacasetype,sscs,civil,generalapplication,care_supervision_epo,prlapps,et_englandwales,et_englandwales_listings,et_englandwales_multiple,et_scotland,et_scotland_listings,et_scotland_multiple,et_admin}
   search:

diff --git a/...uk/gov/hmcts/reform/wataskmanagementapi/auth/restrict/ClientAccessControlServiceTest.java b/...uk/gov/hmcts/reform/wataskmanagementapi/auth/restrict/ClientAccessControlServiceTest.java
@@ -131,4 +131,34 @@ void hasExclusiveAccess_should_throw_null_pointer_exception_if_required_paramete
             .hasMessage("ServiceAuthorization must not be null");
 
     }
+
+    @Test
+    void hasPrivilegedAccess_should_return_true_if_service_whitelisted() {
+
+        when(serviceAuthTokenValidator.getServiceName(SERVICE_AUTH_TOKEN))
+            .thenReturn(PRIVILEGED_ACCESS_SERVICE_NAME);
+
+        boolean result = clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTH_TOKEN);
+
+        assertTrue(result);
+    }
+
+    @Test
+    void hasPrivilegedAccess_should_return_false_if_service_is_not_whitelisted() {
+        when(serviceAuthTokenValidator.getServiceName(SERVICE_AUTH_TOKEN))
+            .thenReturn("anotherService");
+
+        boolean result = clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTH_TOKEN);
+
+        assertFalse(result);
+    }
+
+    @Test
+    void hasPrivilegedAccess_should_throw_null_pointer_exception_if_ServiceAuthToken_is_null() {
+
+        assertThatThrownBy(() -> clientAccessControlService.hasPrivilegedAccess(null))
+            .isInstanceOf(NullPointerException.class)
+            .hasMessage("ServiceAuthorization must not be null");
+
+    }
 }
diff --git a/...t/java/uk/gov/hmcts/reform/wataskmanagementapi/controllers/TaskActionsControllerTest.java b/...t/java/uk/gov/hmcts/reform/wataskmanagementapi/controllers/TaskActionsControllerTest.java
@@ -443,7 +443,7 @@ void should_return_201_response_for_tasks_deletion() {
 
         final DeleteTasksRequest deleteTasksRequest =
                 new DeleteTasksRequest(new DeleteCaseTasksAction("1234567890123456"));
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
                 .thenReturn(true);
 
 
@@ -458,7 +458,7 @@ void should_return_403_response_for_tasks_deletion() {
 
         final DeleteTasksRequest deleteTasksRequest =
                 new DeleteTasksRequest(new DeleteCaseTasksAction("1234567890123456"));
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
                 .thenReturn(false);
 
         final ResponseEntity<Void> responseEntity = taskActionsController.deleteTasks(deleteTasksRequest,
@@ -471,7 +471,7 @@ void should_return_403_response_for_tasks_deletion() {
     void should_return_400_response_for_tasks_deletion() {
 
         final DeleteTasksRequest deleteTasksRequest = new DeleteTasksRequest(new DeleteCaseTasksAction("123"));
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
                 .thenReturn(true);
 
         final ResponseEntity<Void> responseEntity = taskActionsController.deleteTasks(deleteTasksRequest,
@@ -485,7 +485,7 @@ void should_return_500_response_for_tasks_deletion() {
 
         final DeleteTasksRequest deleteTasksRequest = new DeleteTasksRequest(new DeleteCaseTasksAction(
                 "1234567890123456"));
-        when(clientAccessControlService.hasExclusiveAccess(SERVICE_AUTHORIZATION_TOKEN))
+        when(clientAccessControlService.hasPrivilegedAccess(SERVICE_AUTHORIZATION_TOKEN))
                 .thenReturn(true);
 
         doThrow(new RuntimeException("some exception")).when(taskDeletionService)