From 097957d315f41c8882f93577eae1c6639fb33774 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Wed, 5 Jun 2024 14:44:59 +0100 Subject: [PATCH 01/10] change validateToken http code to 403 --- .../service/callbacks/EventTokenService.java | 58 ++++--- .../callbacks/EventTokenServiceTest.java | 158 ++++++++++++++++++ .../endpoint/std/CaseDetailsEndpointIT.java | 57 +++++++ 3 files changed, 251 insertions(+), 22 deletions(-) create mode 100644 src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java index c8eceba627..d212082b86 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java @@ -90,7 +90,7 @@ public EventTokenProperties parseToken(final String token) { toString(claims.get(EventTokenProperties.ENTITY_VERSION))); } catch (ExpiredJwtException | SignatureException e) { - throw new EventTokenException(e.getMessage()); + throw new EventTokenException("Token is not valid"); } } @@ -112,30 +112,44 @@ public void validateToken(final String token, throw new BadRequestException("Missing start trigger token"); } - try { - final EventTokenProperties eventTokenProperties = parseToken(token); - - if (!(eventTokenProperties.getEventId() == null - || eventTokenProperties.getEventId().equalsIgnoreCase(event.getId()) - && eventTokenProperties.getCaseId() == null - || eventTokenProperties.getCaseId().equalsIgnoreCase(caseDetails.getId().toString()) - && eventTokenProperties.getJurisdictionId() == null - || eventTokenProperties.getJurisdictionId().equalsIgnoreCase(jurisdictionDefinition.getId()) - && eventTokenProperties.getCaseTypeId() == null - || eventTokenProperties.getCaseTypeId().equalsIgnoreCase(caseTypeDefinition.getId()) - && eventTokenProperties.getUid() == null - || eventTokenProperties.getUid().equalsIgnoreCase(uid))) { - throw new ResourceNotFoundException("Cannot find matching start trigger"); - } - - if (eventTokenProperties.getEntityVersion() != null) { - caseDetails.setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); - } - } catch (EventTokenException e) { - throw new SecurityException("Token is not valid"); + final EventTokenProperties eventTokenProperties = parseToken(token); + + if (!(eventTokenProperties.getEventId() == null + || eventTokenProperties.getEventId().equalsIgnoreCase(event.getId()) + && eventTokenProperties.getCaseId() == null + || eventTokenProperties.getCaseId().equalsIgnoreCase(caseDetails.getId().toString()) + && eventTokenProperties.getJurisdictionId() == null + || eventTokenProperties.getJurisdictionId().equalsIgnoreCase(jurisdictionDefinition.getId()) + && eventTokenProperties.getCaseTypeId() == null + || eventTokenProperties.getCaseTypeId().equalsIgnoreCase(caseTypeDefinition.getId()) + && eventTokenProperties.getUid() == null + || eventTokenProperties.getUid().equalsIgnoreCase(uid))) { + throw new ResourceNotFoundException("Cannot find matching start trigger"); + } + + if (eventTokenProperties.getEntityVersion() != null) { + caseDetails.setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); } } + private boolean isTokenPropertiesMatching(EventTokenProperties eventTokenProperties, + String uid, + CaseDetails caseDetails, + CaseEventDefinition event, + JurisdictionDefinition jurisdictionDefinition, + CaseTypeDefinition caseTypeDefinition) { + return (eventTokenProperties.getEventId() == null + || eventTokenProperties.getEventId().equalsIgnoreCase(event.getId())) + && (eventTokenProperties.getCaseId() == null + || eventTokenProperties.getCaseId().equalsIgnoreCase(caseDetails.getId())) + && (eventTokenProperties.getJurisdictionId() == null + || eventTokenProperties.getJurisdictionId().equalsIgnoreCase(jurisdictionDefinition.getId())) + && (eventTokenProperties.getCaseTypeId() == null + || eventTokenProperties.getCaseTypeId().equalsIgnoreCase(caseTypeDefinition.getId())) + && (eventTokenProperties.getUid() == null + || eventTokenProperties.getUid().equalsIgnoreCase(uid)); + } + /** * Convert to string. * diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java new file mode 100644 index 0000000000..791e8b9fb8 --- /dev/null +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java @@ -0,0 +1,158 @@ +package uk.gov.hmcts.ccd.domain.service.callbacks; + +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import static org.junit.Assert.assertThrows; +import static org.mockito.Mockito.*; + +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import uk.gov.hmcts.ccd.ApplicationParams; +import uk.gov.hmcts.ccd.domain.model.callbacks.EventTokenProperties; +import uk.gov.hmcts.ccd.domain.model.definition.CaseDetails; +import uk.gov.hmcts.ccd.domain.model.definition.CaseEventDefinition; +import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; +import uk.gov.hmcts.ccd.domain.model.definition.JurisdictionDefinition; +import uk.gov.hmcts.ccd.domain.service.common.CaseService; +import uk.gov.hmcts.ccd.endpoint.exceptions.BadRequestException; +import uk.gov.hmcts.ccd.endpoint.exceptions.ResourceNotFoundException; +import uk.gov.hmcts.ccd.infrastructure.RandomKeyGenerator; + +class EventTokenServiceTest { + + @InjectMocks + private EventTokenService eventTokenService; + + @Mock + private RandomKeyGenerator randomKeyGenerator; + + @Mock + private ApplicationParams applicationParams; + + @Mock + private CaseService caseService; + + @Mock + private CaseDetails caseDetails; + + @Mock + private CaseEventDefinition event; + + @Mock + private JurisdictionDefinition jurisdictionDefinition; + + @Mock + private CaseTypeDefinition caseTypeDefinition; + + private String token; + private String uid; + private EventTokenProperties eventTokenProperties; + + + private AutoCloseable openMocks; + + @BeforeEach + public void setUp() { + openMocks = MockitoAnnotations.openMocks(this); + token = "validToken"; + uid = "userId"; + + when(applicationParams.getTokenSecret()).thenReturn("secretKey"); + + eventTokenProperties = new EventTokenProperties( + uid, + "caseId", + "jurisdictionId", + "eventId", + "caseTypeId", + "version", + "caseState", + "1" + ); + } + + @Test + public void testValidateToken_NullToken() { + assertThrows(BadRequestException.class, () -> { + eventTokenService.validateToken(null, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + }); + } + + @Test + public void testValidateToken_EmptyToken() { + assertThrows(BadRequestException.class, () -> { + eventTokenService.validateToken("", uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + }); + } + + @Test + public void testValidateToken_ValidTokenAllConditionsMet() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + // Mock the parseToken method + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } + + + + @Test + public void testValidateToken_InvalidTokenConditionsNotMet() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("differentEventId"); + when(caseDetails.getId()).thenReturn("differentCaseId"); + when(jurisdictionDefinition.getId()).thenReturn("differentJurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("differentCaseTypeId"); + + // Mock the parseToken method + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); + } + + @Test + public void testValidateToken_NonNullEntityVersion() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties propertiesWithVersion = new EventTokenProperties( + uid, + "caseId", + "jurisdictionId", + "eventId", + "caseTypeId", + "version", + "caseState", + "2" + ); + + // Mock the parseToken method + doReturn(propertiesWithVersion).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(2); + } + + @AfterEach + public void tearDown() throws Exception { + openMocks.close(); + } +} diff --git a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java index 8f39f546f3..d6088bbdea 100644 --- a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java +++ b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java @@ -1240,6 +1240,63 @@ public void shouldReturn201WithSearchCriteriaWhenPostCreateCaseForCaseworker() t GlobalSearchTestFixture.assertGlobalSearchData(actualData.getData()); } + @Test + public void shouldReturnBadRequestWhenTokenIsNull() throws Exception { + final String URL = "/citizens/0/jurisdictions/" + JURISDICTION + "/case-types/" + CASE_TYPE + "/cases"; + + final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); + caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); + caseDetailsToSave.setToken(null); + + final MvcResult mvcResult = mockMvc.perform(post(URL) + .contentType(JSON_CONTENT_TYPE) + .content(mapper.writeValueAsBytes(caseDetailsToSave)) + ).andExpect(status().isBadRequest()) + .andReturn(); + + String content = mvcResult.getResponse().getContentAsString(); + assertTrue("The response should contain 'Missing start trigger token'", + content.contains("Missing start trigger token")); + } + + @Test + public void shouldReturnBadRequestWhenTokenIsEmpty() throws Exception { + final String URL = "/citizens/0/jurisdictions/" + JURISDICTION + "/case-types/" + CASE_TYPE + "/cases"; + + final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); + caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); + caseDetailsToSave.setToken(""); + + final MvcResult mvcResult = mockMvc.perform(post(URL) + .contentType(JSON_CONTENT_TYPE) + .content(mapper.writeValueAsBytes(caseDetailsToSave)) + ).andExpect(status().isBadRequest()) + .andReturn(); + + String content = mvcResult.getResponse().getContentAsString(); + assertTrue("The response should contain 'Missing start trigger token'", + content.contains("Missing start trigger token")); + } + + @Test + public void shouldReturnForbiddenWhenTokenIsInvalid() throws Exception { + final String invalidToken = "eyJhbGciOiJIUzI1NiJ9.e0.KUFDva2DpGi-zmDrHrcMOPMC1DlaKodGHKHIsib3gTA"; + final String URL = "/citizens/0/jurisdictions/" + JURISDICTION + "/case-types/" + CASE_TYPE + "/cases"; + + final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); + caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); + caseDetailsToSave.setToken(invalidToken); + + final MvcResult mvcResult = mockMvc.perform(post(URL) + .contentType(JSON_CONTENT_TYPE) + .content(mapper.writeValueAsBytes(caseDetailsToSave)) + ).andExpect(status().isForbidden()) + .andReturn(); + + String content = mvcResult.getResponse().getContentAsString(); + assertTrue("The response should contain 'Token is not valid'", content.contains("Token is not valid")); + } + @Test public void shouldReturn201WhenPostCreateCaseWithNoDataForCitizen() throws Exception { final String URL = "/citizens/0/jurisdictions/" + JURISDICTION + "/case-types/" + CASE_TYPE + "/cases"; From 2253dd8c7498fd0f02c2599c84c4dfc3f07a06c6 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Mon, 10 Jun 2024 16:33:00 +0100 Subject: [PATCH 02/10] fix event token claim validation --- Jenkinsfile_CNP | 1 + Jenkinsfile_nightly | 1 + .../S-156_Case_Creation_Data.td.json | 5 +- ..._Case_Creation_Data_Token_Creation.td.json | 62 ++ ...se_Creation_Using_Caseworker1_Role.td.json | 2 +- .../F-042_Case_Creation_Data_Base.td.json | 33 + ...ng_Caseworker1_Role_Token_Creation.td.json | 62 ++ .../F-044.feature | 5 +- .../F-1016_GetEventTokenBase.td.json | 2 +- ...GetUpdateSuspendedCaseTokenCitizen.td.json | 23 + ...UpdateSuspendedCaseTokenCaseworker.td.json | 23 + .../S-1016.14.td.json | 2 +- .../S-1016.21.td.json | 2 +- .../S-1016.7.td.json | 2 +- ..._PreRequisiteCitizen_TokenCreation.td.json | 2 +- .../S-1018.11-GetUpdateEventToken.td.json | 30 + ...1018.21-GetCitizenUpdateEventToken.td.json | 11 + .../F-1018.feature | 4 +- .../S-1018.11.td.json | 2 +- .../S-1018.21.td.json | 2 +- .../F-1019.feature | 14 +- .../F-122.feature | 8 +- .../S-122.5.td.json | 2 +- .../S-122.6.td.json | 2 +- .../S-122.7.td.json | 2 +- .../S-122.8.td.json | 2 +- .../common/F-122-UpdateEvent2Base.td.json | 92 +++ .../common/S-122-GetToken_UpdateCase2.td.json | 47 ++ .../F-130.feature | 2 +- .../F-130_Get_Event_Token_Base.td.json | 8 +- .../S-130.7.td.json | 2 +- .../S-130.7_Get_Event_Trigger.td.json | 10 + .../S-131.5_CreateCase_Token_Creation.td.json | 3 +- .../F-138_CreateCase_Token_Creation.td.json | 2 +- .../F-139_CreateCase_Token_Creation.td.json | 66 ++ .../S-139.2_CreateCase.td.json | 80 ++- .../S-139.2_CreateCase_Token_Creation.td.json | 2 +- .../F-140.feature | 2 +- .../S-140.2_CreateCase_Token_Creation.td.json | 2 +- .../S-140.9.td.json | 2 +- .../S-140.9_CreateCase_NoCategories.td.json | 86 +++ .../S-140.9_CreateCase_Token_Creation.td.json | 67 ++ .../S-141.12_CreateCase.td.json | 2 +- ...S-141.12_CreateCase_Token_Creation.td.json | 67 ++ .../S-141.2_CreateCase_Token_Creation.td.json | 2 +- .../Befta_Case_Creation_Base_Data.td.json | 2 +- ..._Case_Creation_Data_Token_Creation.td.json | 62 ++ .../uk/gov/hmcts/ccd/ApplicationParams.java | 8 + .../gov/hmcts/ccd/CachingConfiguration.java | 0 .../service/callbacks/EventTokenService.java | 38 +- src/main/resources/application.properties | 2 + .../callbacks/EventTokenServiceTest.java | 310 ++++++++- .../endpoint/std/CaseDetailsEndpointIT.java | 595 +++++++++--------- .../controller/CaseControllerTestIT.java | 3 +- src/test/resources/test.properties | 2 + 55 files changed, 1497 insertions(+), 375 deletions(-) create mode 100644 src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data_Token_Creation.td.json create mode 100644 src/aat/resources/features/F-042 - Get aboutToStart token V1 External/F-042_Case_Creation_Data_Base.td.json create mode 100644 src/aat/resources/features/F-042 - Get aboutToStart token V1 External/_Case_Creation_Using_Caseworker1_Role_Token_Creation.td.json create mode 100644 src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.21_GetUpdateSuspendedCaseTokenCitizen.td.json create mode 100644 src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.7_GetUpdateSuspendedCaseTokenCaseworker.td.json create mode 100644 src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Caseworker/S-1018.11-GetUpdateEventToken.td.json create mode 100644 src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Citizen/S-1018.21-GetCitizenUpdateEventToken.td.json create mode 100644 src/aat/resources/features/F-122 - Conditional Event Post States/common/F-122-UpdateEvent2Base.td.json create mode 100644 src/aat/resources/features/F-122 - Conditional Event Post States/common/S-122-GetToken_UpdateCase2.td.json create mode 100644 src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7_Get_Event_Trigger.td.json create mode 100644 src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json create mode 100644 src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_NoCategories.td.json create mode 100644 src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_Token_Creation.td.json create mode 100644 src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase_Token_Creation.td.json create mode 100644 src/aat/resources/features/common/case/befta_new/Befta_Default_Full_Case_Creation_Data_Token_Creation.td.json delete mode 100644 src/main/java/uk/gov/hmcts/ccd/CachingConfiguration.java diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP index 5f40cb36ee..a6518815f8 100644 --- a/Jenkinsfile_CNP +++ b/Jenkinsfile_CNP @@ -112,6 +112,7 @@ env.BEFTA_RETRY_MAX_ATTEMPTS = "3" env.BEFTA_RETRY_STATUS_CODES = "500,502,503,504" env.BEFTA_RETRY_MAX_DELAY = "1000" env.BEFTA_RETRY_NON_RETRYABLE_HTTP_METHODS = "POST,PUT" +env.TOKEN_CLAIM_VALIDATION_ENABLED="true" withPipeline(type, product, component) { onMaster { diff --git a/Jenkinsfile_nightly b/Jenkinsfile_nightly index 66ff57ce0b..fd50cb2327 100644 --- a/Jenkinsfile_nightly +++ b/Jenkinsfile_nightly @@ -100,6 +100,7 @@ env.BEFTA_RETRY_MAX_ATTEMPTS = "3" env.BEFTA_RETRY_STATUS_CODES = "500,502,503,504" env.BEFTA_RETRY_MAX_DELAY = "1000" env.BEFTA_RETRY_NON_RETRYABLE_HTTP_METHODS = "POST,PUT" +env.TOKEN_CLAIM_VALIDATION_ENABLED="true" withNightlyPipeline(type, product, component) { overrideVaultEnvironments(vaultOverrides) diff --git a/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data.td.json b/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data.td.json index bd47a32860..2a227bdb04 100644 --- a/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data.td.json +++ b/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data.td.json @@ -11,7 +11,10 @@ "request": { "pathVariables": { "ctid": "AAT_AUTH_8" - } + }, + "body": { + "event_token": "${[scenarioContext][parentContext][childContexts][S-156_Case_Creation_Data_Token_Creation][testData][actualResponse][body][token]}" + } }, "expectedResponse": { diff --git a/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data_Token_Creation.td.json b/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data_Token_Creation.td.json new file mode 100644 index 0000000000..0d74b3e00b --- /dev/null +++ b/src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data_Token_Creation.td.json @@ -0,0 +1,62 @@ +{ + "_guid_": "S-156_Case_Creation_Data_Token_Creation", + + "productName": "CCD Data Store", + "operationName": "Start event creation as Case worker", + + "method": "GET", + "uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/event-triggers/{etid}/token", + + "specs": [ + "to create a token for case creation" + ], + + "users": { + "invokingUser": { + "_extends_": "PrivateCaseworker" + } + }, + + "request": { + "headers": { + "_extends_": "Common_Request_Headers" + }, + "pathVariables": { + "uid": "[[DEFAULT_AUTO_VALUE]]", + "jid": "AUTOTEST1", + "ctid": "AAT_AUTH_8", + "etid": "CREATE" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers": { + "Content-Encoding": "gzip", + "Content-Length": "[[ANY_INTEGER_NOT_NULLABLE]]" + }, + "body": { + "token": "[[ANY_STRING_NOT_NULLABLE]]", + "case_details": { + "id": null, + "jurisdiction": "[[ANYTHING_PRESENT]]", + "state": null, + "version": null, + "case_type_id": "[[ANYTHING_PRESENT]]", + "created_date": null, + "last_modified": null, + "last_state_modified_date": null, + "security_classification": null, + "case_data": {}, + "data_classification": {}, + "supplementary_data": null, + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null + }, + "event_id": "CREATE" + } + } +} diff --git a/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/Case_Creation_Using_Caseworker1_Role.td.json b/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/Case_Creation_Using_Caseworker1_Role.td.json index 371b62374c..ee2f1b5b1d 100644 --- a/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/Case_Creation_Using_Caseworker1_Role.td.json +++ b/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/Case_Creation_Using_Caseworker1_Role.td.json @@ -1,6 +1,6 @@ { "_guid_": "Case_Creation_Using_Caseworker1_Role", - "_extends_": "Case_Creation_Data_Base", + "_extends_": "F-042_Case_Creation_Data_Base", "users": { "invokingUser": { diff --git a/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/F-042_Case_Creation_Data_Base.td.json b/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/F-042_Case_Creation_Data_Base.td.json new file mode 100644 index 0000000000..178be371ea --- /dev/null +++ b/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/F-042_Case_Creation_Data_Base.td.json @@ -0,0 +1,33 @@ +{ + "_guid_": "F-042_Case_Creation_Data_Base", + "_extends_": "Case_Creation_Base", + + "request": { + "body": { + "event_token": "${[scenarioContext][parentContext][childContexts][Case_Creation_Using_Caseworker1_Role_Token_Creation][testData][actualResponse][body][token]}" + } + }, + + "expectedResponse": { + "_extends_": "Common_201_Response", + "headers": { + "Content-Encoding": "gzip", + "vary": "accept-encoding", + "Content-Length": "[[ANYTHING_PRESENT]]" + }, + "body": { + "id": "[[ANYTHING_PRESENT]]", + "state": "TODO", + "version": 0, + "last_state_modified_date": "[[ANYTHING_PRESENT]]", + "created_date": "[[ANYTHING_PRESENT]]", + "last_modified": "[[ANYTHING_PRESENT]]", + "security_classification": "PUBLIC", + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null + } + } +} diff --git a/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/_Case_Creation_Using_Caseworker1_Role_Token_Creation.td.json b/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/_Case_Creation_Using_Caseworker1_Role_Token_Creation.td.json new file mode 100644 index 0000000000..3c11f9c233 --- /dev/null +++ b/src/aat/resources/features/F-042 - Get aboutToStart token V1 External/_Case_Creation_Using_Caseworker1_Role_Token_Creation.td.json @@ -0,0 +1,62 @@ +{ + "_guid_": "Case_Creation_Using_Caseworker1_Role_Token_Creation", + + "productName": "CCD Data Store", + "operationName": "Start event creation as Case worker", + + "method": "GET", + "uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/event-triggers/{etid}/token", + + "specs": [ + "to create a token for case creation" + ], + + "users": { + "invokingUser": { + "_extends_": "BeftaCaseworker1" + } + }, + + "request": { + "headers": { + "_extends_": "Common_Request_Headers" + }, + "pathVariables": { + "uid": "[[DEFAULT_AUTO_VALUE]]", + "jid": "BEFTA_JURISDICTION_1", + "ctid": "BEFTA_CASETYPE_1_1", + "etid": "CREATE" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers": { + "Content-Encoding": "gzip", + "Content-Length": "[[ANY_INTEGER_NOT_NULLABLE]]" + }, + "body": { + "token": "[[ANY_STRING_NOT_NULLABLE]]", + "case_details": { + "id": null, + "jurisdiction": "[[ANYTHING_PRESENT]]", + "state": null, + "version": null, + "case_type_id": "[[ANYTHING_PRESENT]]", + "created_date": null, + "last_modified": null, + "last_state_modified_date": null, + "security_classification": null, + "case_data": {}, + "data_classification": {}, + "supplementary_data": null, + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null + }, + "event_id": "CREATE" + } + } +} diff --git a/src/aat/resources/features/F-044 - Submit Event V1 External/F-044.feature b/src/aat/resources/features/F-044 - Submit Event V1 External/F-044.feature index 37dd064816..30730e4d38 100644 --- a/src/aat/resources/features/F-044 - Submit Event V1 External/F-044.feature +++ b/src/aat/resources/features/F-044 - Submit Event V1 External/F-044.feature @@ -84,7 +84,10 @@ Scenario: must return 409 when case is altered out of the transaction And the response has all other details as expected. #------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -@S-283 +# After the event token validation fix(ccd-5521), we get the same error in the token creation process since the token +# creation has to be with the same eventId; STOP_PROGRESS, which is not valid for the event process. That's why S-283 +# is not a valid scenario anymore +@S-283 @Ignore Scenario: must return 422 when event submission has failed Given a user with [an active profile in CCD], diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/F-1016_GetEventTokenBase.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/F-1016_GetEventTokenBase.td.json index 601b75a69d..277dc2fbae 100644 --- a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/F-1016_GetEventTokenBase.td.json +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/F-1016_GetEventTokenBase.td.json @@ -26,7 +26,7 @@ "data_classification": "[[ANYTHING_PRESENT]]" }, - "event_id": "updateCaseSubmitTTL" + "event_id": "[[ANYTHING_PRESENT]]" } } } diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.21_GetUpdateSuspendedCaseTokenCitizen.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.21_GetUpdateSuspendedCaseTokenCitizen.td.json new file mode 100644 index 0000000000..3d9b263087 --- /dev/null +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.21_GetUpdateSuspendedCaseTokenCitizen.td.json @@ -0,0 +1,23 @@ +{ + "_guid_": "S-1016.21_GetUpdateSuspendedCaseTokenCitizen", + "_extends_": "F-1016_GetEventTokenBase", + + "users": { + "invokingUser": { + "_extends_": "BeftaCitizen2" + } + }, + + "request": { + "pathVariables": { + "cid": "${[scenarioContext][parentContext][childContexts][F-1016_CreateSuspendedCasePreRequisiteCitizen][testData][actualResponse][body][id]}", + "etid": "updateCaseSubmitSuspendedTTL" + } + }, + + "expectedResponse": { + "body": { + "event_id": "updateCaseSubmitSuspendedTTL" + } + } +} diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.7_GetUpdateSuspendedCaseTokenCaseworker.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.7_GetUpdateSuspendedCaseTokenCaseworker.td.json new file mode 100644 index 0000000000..4f4653697b --- /dev/null +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.7_GetUpdateSuspendedCaseTokenCaseworker.td.json @@ -0,0 +1,23 @@ +{ + "_guid_": "S-1016.7_GetUpdateSuspendedCaseTokenCaseworker", + "_extends_": "F-1016_GetEventTokenBase", + + "users": { + "invokingUser": { + "_extends_": "BeftaMasterCaseworker" + } + }, + + "request": { + "pathVariables": { + "cid": "${[scenarioContext][parentContext][childContexts][F-1016_CreateSuspendedCasePreRequisiteCaseworker][testData][actualResponse][body][id]}", + "etid": "updateCaseSubmitSuspendedTTL" + } + }, + + "expectedResponse": { + "body": { + "event_id": "updateCaseSubmitSuspendedTTL" + } + } +} diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.14.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.14.td.json index 123fea9011..cca591b2f1 100644 --- a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.14.td.json +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.14.td.json @@ -5,7 +5,7 @@ "title": "TTL.Suspended changed to \"No\", SystemTTL and OverrideTTL greater than Guard value using v2 '/cases/{cid}/events'", "prerequisites" : [ { - "Token_Creation": "S-1016_GetUpdateSuspendedCaseTokenCaseworker" + "Token_Creation": "S-1016.7_GetUpdateSuspendedCaseTokenCaseworker" } ], diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.21.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.21.td.json index 9d25a5144b..53537caa12 100644 --- a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.21.td.json +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.21.td.json @@ -5,7 +5,7 @@ "title": "TTL.Suspended changed to \"No\", SystemTTL and OverrideTTL greater than Guard value using '/citizens/{uid}/jurisdictions/{jid}/case-types/{ctid}/cases/{cid}/events'", "prerequisites" : [{ - "Token_Creation": "S-1016_GetUpdateSuspendedCaseTokenCitizen" + "Token_Creation": "S-1016.21_GetUpdateSuspendedCaseTokenCitizen" }], "specs": [ diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.7.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.7.td.json index 0201f4527e..6872e1b206 100644 --- a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.7.td.json +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.7.td.json @@ -5,7 +5,7 @@ "title": "TTL.Suspended changed to \"No\", SystemTTL and OverrideTTL greater than Guard value using '/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/cases/{cid}/events'", "prerequisites" : [ { - "Token_Creation": "S-1016_GetUpdateSuspendedCaseTokenCaseworker" + "Token_Creation": "S-1016.7_GetUpdateSuspendedCaseTokenCaseworker" } ], diff --git a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/UpdateCase/F-1016_UpdateCase_TTLCaseType_updateCaseTTLIncHidden_PreRequisiteCitizen_TokenCreation.td.json b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/UpdateCase/F-1016_UpdateCase_TTLCaseType_updateCaseTTLIncHidden_PreRequisiteCitizen_TokenCreation.td.json index e123ffeac1..f9f249cabf 100644 --- a/src/aat/resources/features/F-1016 - Submit Event to Update TTL/UpdateCase/F-1016_UpdateCase_TTLCaseType_updateCaseTTLIncHidden_PreRequisiteCitizen_TokenCreation.td.json +++ b/src/aat/resources/features/F-1016 - Submit Event to Update TTL/UpdateCase/F-1016_UpdateCase_TTLCaseType_updateCaseTTLIncHidden_PreRequisiteCitizen_TokenCreation.td.json @@ -11,7 +11,7 @@ "request": { "pathVariables": { "cid": "${[scenarioContext][siblingContexts][CreateCase_TTLCaseType_PreRequisiteCitizen][testData][actualResponse][body][id]}", - "etid": "updateCaseTTLInc" + "etid": "updateCaseTTLIncHidden" } }, diff --git a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Caseworker/S-1018.11-GetUpdateEventToken.td.json b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Caseworker/S-1018.11-GetUpdateEventToken.td.json new file mode 100644 index 0000000000..b96d3a8c5e --- /dev/null +++ b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Caseworker/S-1018.11-GetUpdateEventToken.td.json @@ -0,0 +1,30 @@ +{ + "title": "should create an event token for correct inputs", + "_guid_": "S-1018.11-GetUpdateEventToken", + "_extends_": "Token_Creation_Data_For_Master_Caseworker_Case_Creation", + + "users": { + "invokingUser": { + "_extends_": "BeftaMasterCaseworker" + } + }, + + "request": { + "pathVariables": { + "cid": "${[scenarioContext][siblingContexts][F-1018_CreateAnotherCasePreRequisiteCaseworkerBase][testData][actualResponse][body][id]}" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers": { + "Content-Encoding": "gzip", + "Content-Length": "[[ANYTHING_PRESENT]]" + }, + "body": { + "token": "[[ANYTHING_PRESENT]]", + "case_details": "[[ANYTHING_PRESENT]]", + "event_id": "updateCase" + } + } +} diff --git a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Citizen/S-1018.21-GetCitizenUpdateEventToken.td.json b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Citizen/S-1018.21-GetCitizenUpdateEventToken.td.json new file mode 100644 index 0000000000..a7ea5886b4 --- /dev/null +++ b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Citizen/S-1018.21-GetCitizenUpdateEventToken.td.json @@ -0,0 +1,11 @@ +{ + "title": "should create an event token for correct inputs", + "_guid_": "S-1018.21-GetCitizenUpdateEventToken", + "_extends_": "F-1018-GetCitizenUpdateEventTokenBase", + + "request": { + "pathVariables": { + "cid": "${[scenarioContext][siblingContexts][F-1018_CreateAnotherCasePreRequisiteCitizenBase][testData][actualResponse][body][id]}" + } + } +} diff --git a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/F-1018.feature b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/F-1018.feature index 9538b8fc54..3b5206f443 100644 --- a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/F-1018.feature +++ b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/F-1018.feature @@ -158,7 +158,7 @@ Feature: F-1018: Submit Event Creation Handle Case Links And a successful call [to create a case] as in [F-1018_CreateCasePreRequisiteCaseworkerBase] And another successful call [to create a case] as in [F-1018_CreateAnotherCasePreRequisiteCaseworkerBase] And another successful call [to create a case with a different case_type] as in [F-1018_CreateThirdCaseDifferentCaseTypePreRequisiteCaseworkerBase] - And a successful call [to get an event token for the case just created] as in [F-1018-GetUpdateEventToken] + And a successful call [to get an event token for the case just created] as in [S-1018.11-GetUpdateEventToken] When a request is prepared with appropriate values And the request [contains correctly configured CaseLink field as a collection] And the request [specifying the case to be updated, as created in F-1018_CreateLinkedCasePreRequisiteCaseworkerBase, does not contain a CaseLink field] @@ -314,7 +314,7 @@ Feature: F-1018: Submit Event Creation Handle Case Links Given a user with [an active profile in CCD] And a successful call [to create a case] as in [F-1018_CreateCasePreRequisiteCitizenBase] And another successful call [to create a case] as in [F-1018_CreateAnotherCasePreRequisiteCitizenBase] - And a successful call [to get an update event token for the case just created as a Citizen] as in [F-1018-GetCitizenUpdateEventToken] + And a successful call [to get an update event token for the case just created as a Citizen] as in [S-1018.21-GetCitizenUpdateEventToken] When a request is prepared with appropriate values And the request [contains correctly configured CaseLink field with Case Reference created in F-1018_CreateCasePreRequisiteCitizenBase] And the request [specifying the case to be updated, as created in F-1018_CreateAnotherCasePreRequisiteCaseworkerBase, does not contain a CaseLink field] diff --git a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.11.td.json b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.11.td.json index cc90737fbe..81edc0f8c7 100644 --- a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.11.td.json +++ b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.11.td.json @@ -37,7 +37,7 @@ "description": "" }, "security_classification": "PUBLIC", - "event_token" : "${[scenarioContext][childContexts][F-1018-GetUpdateEventToken][testData][actualResponse][body][token]}", + "event_token" : "${[scenarioContext][childContexts][S-1018.11-GetUpdateEventToken][testData][actualResponse][body][token]}", "ignore_warning": true } }, diff --git a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.21.td.json b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.21.td.json index 25e61228a4..7746ae1ae9 100644 --- a/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.21.td.json +++ b/src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.21.td.json @@ -27,7 +27,7 @@ "description": "" }, "security_classification": "PUBLIC", - "event_token" : "${[scenarioContext][childContexts][F-1018-GetCitizenUpdateEventToken][testData][actualResponse][body][token]}", + "event_token" : "${[scenarioContext][childContexts][S-1018.21-GetCitizenUpdateEventToken][testData][actualResponse][body][token]}", "ignore_warning": true } }, diff --git a/src/aat/resources/features/F-1019 - Submit Case Creation Handle Case Links/F-1019.feature b/src/aat/resources/features/F-1019 - Submit Case Creation Handle Case Links/F-1019.feature index 6500c013f6..e55eb2fb7b 100644 --- a/src/aat/resources/features/F-1019 - Submit Case Creation Handle Case Links/F-1019.feature +++ b/src/aat/resources/features/F-1019 - Submit Case Creation Handle Case Links/F-1019.feature @@ -192,7 +192,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links # Submit Event Creation: extra tests for Standard CaseLinks field and flag in CaseLinks table #======================================= - @S-1019.16 + @S-1019.16 Scenario: Standard CaseLinks field should generate caseLink records with StandardLink set to true when Submit Case Creation Event is invoked on v1_external#/case-details-endpoint/saveCaseDetailsForCaseWorkerUsingPOST Given a user with [an active profile in CCD] And a successful call [to create many cases to link to] as in [F-1019_CreateManyTestsCasesCaseworker] @@ -203,7 +203,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links And the response has all other details as expected And a successful call [to verify that the Case Links have been created in the CASE_LINK table with correct values] as in [F-1019-VerifyMultipleCaseLinksUsingStandardLinkField] - @S-1019.17 + @S-1019.17 Scenario: Standard CaseLinks field should generate caseLink records with StandardLink set to true when Submit Case Creation Event is invoked on v1_external#/case-details-endpoint/saveCaseDetailsForCitizenUsingPOST Given a user with [an active profile in CCD] And a successful call [to create many cases to link to] as in [F-1019_CreateManyTestsCasesCaseworker] @@ -214,7 +214,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links And the response has all other details as expected And a successful call [to verify that the Case Links have been created in the CASE_LINK table with correct values] as in [F-1019-VerifyMultipleCaseLinksUsingStandardLinkField] - @S-1019.18 + @S-1019.18 Scenario: Standard CaseLinks field should generate caseLink records with StandardLink set to true when Submit Case Creation Event is invoked on v2_external#/case-controller/createCaseUsingPOST Given a user with [an active profile in CCD] And a successful call [to create many cases to link to] as in [F-1019_CreateManyTestsCasesCaseworker] @@ -230,7 +230,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links # Complex case links: extra tests for extracting CaseLinks from more complex fields #======================================= - @S-1019.19 + @S-1019.19 Scenario: Collection of complex fields with CaseLinks should generate caseLink records when Submit Case Creation Event is invoked on v1_external#/case-details-endpoint/saveCaseDetailsForCaseWorkerUsingPOST Given a user with [an active profile in CCD] And a successful call [to create a case] as in [F-1019_CreateCasePreRequisiteCaseworkerBase] @@ -244,7 +244,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links And the response has all other details as expected And a successful call [to verify that the Case Links have been created in the CASE_LINK table with correct values] as in [F-1019-VerifyMultipleCaseLinks] - @S-1019.20 + @S-1019.20 Scenario: Collection of complex fields with CaseLinks should generate caseLink records when Submit Case Creation Event is invoked on v2_external#/case-controller/createCaseUsingPOST Given a user with [an active profile in CCD] And a successful call [to create a case] as in [F-1019_CreateCasePreRequisiteCaseworkerBase] @@ -258,7 +258,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links And the response has all other details as expected And a successful call [to verify that the Case Links have been created in the CASE_LINK table with correct values] as in [F-1019-VerifyMultipleCaseLinks] - @S-1019.21 + @S-1019.21 Scenario: Nested complex fields with CaseLinks should generate caseLink records when Submit Case Creation Event is invoked on v1_external#/case-details-endpoint/saveCaseDetailsForCaseWorkerUsingPOST Given a user with [an active profile in CCD] And a successful call [to create a case] as in [F-1019_CreateCasePreRequisiteCaseworkerBase] @@ -272,7 +272,7 @@ Feature: F-1019: Submit Case Creation Handle Case Links And the response has all other details as expected And a successful call [to verify that the Case Links have been created in the CASE_LINK table with correct values] as in [F-1019-VerifyMultipleCaseLinks] - @S-1019.22 + @S-1019.22 Scenario: Nested complex fields with CaseLinks should generate caseLink records when Submit Case Creation Event is invoked on v2_external#/case-controller/createCaseUsingPOST Given a user with [an active profile in CCD] And a successful call [to create a case] as in [F-1019_CreateCasePreRequisiteCaseworkerBase] diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/F-122.feature b/src/aat/resources/features/F-122 - Conditional Event Post States/F-122.feature index 36e4d767ab..e37e9e84e2 100644 --- a/src/aat/resources/features/F-122 - Conditional Event Post States/F-122.feature +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/F-122.feature @@ -88,7 +88,7 @@ Feature: F-122: Conditional Event Post States Given a user with [an active profile in CCD], And a successful call [to create a token for case creation] as in [S-122-GetToken_CaseCreate], And a successful call [to create a case] as in [FT_ConditionalPostState_Create_Case], - And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase], + And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase2], When a request is prepared with appropriate values, And the request [contains a case Id that has just been created], @@ -105,7 +105,7 @@ Feature: F-122: Conditional Event Post States Given a user with [an active profile in CCD], And a successful call [to create a token for case creation] as in [S-122-GetToken_CaseCreate], And a successful call [to create a case] as in [FT_ConditionalPostState_Create_Case], - And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase], + And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase2], When a request is prepared with appropriate values, And the request [contains a case Id that has just been created], @@ -122,7 +122,7 @@ Feature: F-122: Conditional Event Post States Given a user with [an active profile in CCD], And a successful call [to create a token for case creation] as in [S-122-GetToken_CaseCreate], And a successful call [to create a case] as in [FT_ConditionalPostState_Create_Case], - And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase], + And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase2], When a request is prepared with appropriate values, And the request [contains a case Id that has just been created], @@ -139,7 +139,7 @@ Feature: F-122: Conditional Event Post States Given a user with [an active profile in CCD], And a successful call [to create a token for case creation] as in [S-122-GetToken_CaseCreate], And a successful call [to create a case] as in [FT_ConditionalPostState_Create_Case], - And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase], + And a successful call [to get an event token for the case just created] as in [S-122-GetToken_UpdateCase2], When a request is prepared with appropriate values, And the request [contains a case Id that has just been created], diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.5.td.json b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.5.td.json index 42cf6ff464..b23216164c 100644 --- a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.5.td.json +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.5.td.json @@ -1,6 +1,6 @@ { "_guid_": "S-122.5", - "_extends_": "F-122-UpdateEventBase", + "_extends_": "F-122-UpdateEvent2Base", "title": "Ordering should take precedence when both conditions resolve (End state: CaseUpdated2)", "productName": "CCD data store", diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.6.td.json b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.6.td.json index 9c1227a1c8..7bb66630b2 100644 --- a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.6.td.json +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.6.td.json @@ -1,6 +1,6 @@ { "_guid_": "S-122.6", - "_extends_": "F-122-UpdateEventBase", + "_extends_": "F-122-UpdateEvent2Base", "title": "Sets the state defined with a matching post state condition using OR operator (End state: CaseAmended2)", "productName": "CCD data store", diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.7.td.json b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.7.td.json index 5a76edc0f8..7033f45cbb 100644 --- a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.7.td.json +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.7.td.json @@ -1,6 +1,6 @@ { "_guid_": "S-122.7", - "_extends_": "F-122-UpdateEventBase", + "_extends_": "F-122-UpdateEvent2Base", "title": "*(FieldA) will keep the state as is (End state: CaseCreated)", "productName": "CCD data store", diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.8.td.json b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.8.td.json index da38faf0e7..58828335a9 100644 --- a/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.8.td.json +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/S-122.8.td.json @@ -1,6 +1,6 @@ { "_guid_": "S-122.8", - "_extends_": "F-122-UpdateEventBase", + "_extends_": "F-122-UpdateEvent2Base", "title": "Sets the state defined with a matching post state condition using != operator (End state: CaseRevoked2)", "productName": "CCD data store", diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/common/F-122-UpdateEvent2Base.td.json b/src/aat/resources/features/F-122 - Conditional Event Post States/common/F-122-UpdateEvent2Base.td.json new file mode 100644 index 0000000000..2b84c0c8e7 --- /dev/null +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/common/F-122-UpdateEvent2Base.td.json @@ -0,0 +1,92 @@ +{ + "_guid_": "F-122-UpdateEvent2Base", + "title": "must submit the event creation successfully for TextField and EmailField inputs", + + "productName": "CCD data store", + "operationName": "submit updateCase event with TextField and EmailField values", + + "method": "POST", + "uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/cases/{cid}/events", + + "specs": [ + "an active profile in CCD", + "contains a case Id that has just been created", + "contains Update token created as in S-122-GetToken_UpdateCase" + ], + + "user": { + "_extends_": "BeftaMasterCaseworker" + }, + + "request": { + "headers": { + "_extends_": "Common_Request_Headers" + }, + "pathVariables": { + "uid": "[[DEFAULT_AUTO_VALUE]]", + "jid": "BEFTA_MASTER", + "ctid": "FT_ConditionalPostState", + "cid": "${[scenarioContext][childContexts][FT_ConditionalPostState_Create_Case][testData][actualResponse][body][id]}" + }, + "body": { + "data": { + "_extends_": "FT_ConditionalPostState_Base_Case_Data", + "TextField": "updated testing 1234", + "EmailField": null + }, + "event": { + "id": "updateCase", + "summary": "", + "description": "" + }, + "security_classification": "PUBLIC", + "event_token": "${[scenarioContext][childContexts][S-122-GetToken_UpdateCase2][testData][actualResponse][body][token]}", + "ignore_warning": true + } + }, + + "expectedResponse": { + "responseCode": 201, + "responseMessage": "OK", + "headers": { + "_extends_": "Common_Response_Headers", + "Vary": "Accept-Encoding" + }, + "body": { + "id": "[[ANYTHING_PRESENT]]", + "jurisdiction": "BEFTA_MASTER", + "state": "CaseUpdated2", + "version": "[[ANYTHING_PRESENT]]", + "case_type_id": "FT_ConditionalPostState", + "created_date": "[[ANYTHING_PRESENT]]", + "last_modified": "[[ANYTHING_PRESENT]]", + "last_state_modified_date": "[[ANYTHING_PRESENT]]", + "security_classification": "PUBLIC", + "case_data": { + "AddressField": { + "AddressLine1": null, + "AddressLine2": null, + "AddressLine3": null, + "Country": null + }, + "MoneyField": null, + "MultiSelectField": [], + "EmailField": "matched@test.com", + "YesNoField": null, + "TextField": "updated2", + "PhoneField": null, + "MarritalStatus": null, + "DateField": null, + "TextAreaField": null, + "NumberField": null + }, + "data_classification": "[[ANYTHING_PRESENT]]", + "supplementary_data": null, + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null + } + } +} diff --git a/src/aat/resources/features/F-122 - Conditional Event Post States/common/S-122-GetToken_UpdateCase2.td.json b/src/aat/resources/features/F-122 - Conditional Event Post States/common/S-122-GetToken_UpdateCase2.td.json new file mode 100644 index 0000000000..a8f227a8cd --- /dev/null +++ b/src/aat/resources/features/F-122 - Conditional Event Post States/common/S-122-GetToken_UpdateCase2.td.json @@ -0,0 +1,47 @@ +{ + "_guid_": "S-122-GetToken_UpdateCase2", + "title": "should create an event token for correct inputs", + + "productName": "CCD Data Store", + "operationName": "Retrieve an update token", + + "method": "GET", + "uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/cases/{cid}/event-triggers/{etid}/token", + + "specs": [ + "to get an event token for the case just created" + ], + + "users": { + "invokingUser": { + "_extends_": "BeftaMasterCaseworker" + } + }, + + "request": { + "headers": { + "_extends_": "Common_Request_Headers" + }, + "pathVariables": { + "jid": "BEFTA_MASTER", + "ctid": "FT_ConditionalPostState", + "uid": "[[DEFAULT_AUTO_VALUE]]", + "cid": "${[scenarioContext][parentContext][childContexts][FT_ConditionalPostState_Create_Case][testData][actualResponse][body][id]}", + "etid": "updateCase2" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers": { + "Content-Encoding": "gzip", + "Content-Type": "application/json", + "Content-Length": "[[ANYTHING_PRESENT]]" + }, + "body": { + "token": "[[ANYTHING_PRESENT]]", + "case_details": "[[ANYTHING_PRESENT]]", + "event_id": "updateCase2" + } + } +} diff --git a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130.feature b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130.feature index 5d96c9e04b..91aa2d9066 100644 --- a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130.feature +++ b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130.feature @@ -49,7 +49,7 @@ Feature: F-130: Create Case External API CRUD Tests @S-130.7 Scenario: User submits case creation with no CaseType R Access does not return the case after successful case creation Given a user with [an active profile in CCD] - And a successful call [to create a token for case creation] as in [S-130.1_Get_Event_Trigger] + And a successful call [to create a token for case creation] as in [S-130.7_Get_Event_Trigger] When a request is prepared with appropriate values, And it is submitted to call the [external create case] operation of [CCD Data Store], Then a positive response is received diff --git a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json index f85b7a0f1e..928bbb05ef 100644 --- a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json +++ b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json @@ -5,7 +5,7 @@ "operationName": "Start event creation as Case worker", "method": "GET", - "uri": "/case-types/FT_CRUD/event-triggers/{etid}", + "uri": "/case-types/{cid}/event-triggers/{etid}", "specs": [ "to create a token for case creation" @@ -13,7 +13,8 @@ "users": { "invokingUser": { - "_extends_": "BeftaCaseworker1" + "username": "master.caseworker@gmail.com", + "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" } }, @@ -23,6 +24,7 @@ "Experimental" : "true" }, "pathVariables": { + "cid": "FT_CRUD", "etid": "createCase" } }, @@ -45,7 +47,7 @@ "jurisdiction" : "BEFTA_MASTER", "state" : null, "version" : null, - "case_type_id" : "FT_CRUD", + "case_type_id" : "${[scenarioContext][testData][request][pathVariables][cid]}", "created_date" : null, "last_modified" : null, "last_state_modified_date" : null, diff --git a/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7.td.json b/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7.td.json index 3739f12e56..704901d32b 100644 --- a/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7.td.json +++ b/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7.td.json @@ -18,7 +18,7 @@ "event": { "id": "createCase" }, - "event_token": "${[scenarioContext][childContexts][S-130.1_Get_Event_Trigger][testData][actualResponse][body][token]}", + "event_token": "${[scenarioContext][childContexts][S-130.7_Get_Event_Trigger][testData][actualResponse][body][token]}", "event_data": { "TextField": "value1" } diff --git a/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7_Get_Event_Trigger.td.json b/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7_Get_Event_Trigger.td.json new file mode 100644 index 0000000000..fb0b75292e --- /dev/null +++ b/src/aat/resources/features/F-130 - AC CRUD external createCase/S-130.7_Get_Event_Trigger.td.json @@ -0,0 +1,10 @@ +{ + "_guid_" : "S-130.7_Get_Event_Trigger", + "_extends_" : "F-130_Get_Event_Token_Base", + + "request": { + "pathVariables": { + "cid": "FT_CRUD_2" + } + } +} diff --git a/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json index 8098d04395..691005e545 100644 --- a/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json @@ -14,7 +14,8 @@ "users": { "invokingUser": { - "_extends_": "BeftaCaseworker1" + "username": "master.caseworker@gmail.com", + "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" } }, diff --git a/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_CreateCase_Token_Creation.td.json index b271a798f2..b021a81bdc 100644 --- a/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_CreateCase_Token_Creation.td.json @@ -13,7 +13,7 @@ "users": { "invokingUser": { - "_extends_": "BeftaCaseworker1" + "_extends_": "BeftaCaseworkerCaa" } }, diff --git a/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json new file mode 100644 index 0000000000..ad83324bb7 --- /dev/null +++ b/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json @@ -0,0 +1,66 @@ +{ + "_guid_": "F-139_CreateCase_Token_Creation", + + "productName": "CCD Data Store", + "operationName": "Start event creation as Case worker", + + "method": "GET", + "uri": "/case-types/FT_CRUD/event-triggers/{etid}", + + "specs": [ + "to create a token for case creation" + ], + + "users": { + "invokingUser": { + "username": "master.caseworker@gmail.com", + "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + } + }, + + "request": { + "headers":{ + "_extends_": "Common_Request_Headers", + "Experimental" : "true" + }, + "pathVariables": { + "etid": "createCase" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers" : { + "Content-Encoding" : "gzip", + "Content-Length": "[[ANYTHING_PRESENT]]" + }, + "body" : { + "token" : "[[ANYTHING_PRESENT]]", + "_links": { + "self": { + "href": "[[ANYTHING_PRESENT]]" + } + }, + "case_details" : { + "id" : null, + "jurisdiction" : "BEFTA_MASTER", + "state" : null, + "version" : null, + "case_type_id" : "FT_CRUD", + "created_date" : null, + "last_modified" : null, + "last_state_modified_date" : null, + "security_classification" : null, + "case_data" : { }, + "data_classification": {}, + "supplementary_data": null, + "after_submit_callback_response" : null, + "callback_response_status_code" : null, + "callback_response_status" : null, + "delete_draft_response_status_code" : null, + "delete_draft_response_status" : null + }, + "event_id" : "createCase" + } + } +} diff --git a/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json b/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json index 660d38b967..71cfb91235 100644 --- a/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json +++ b/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json @@ -1,10 +1,86 @@ { "_guid_": "S-139.2_CreateCase", - "_extends_": "F-131_CreateCase", + + "productName": "CCD Data Store", + "operationName": "external create case", + "method": "POST", + "uri": "/case-types/{ctid}/cases", + + "specs" : [ + "to create a full case" + ], + + "users": { + "invokingUser": { + "username": "master.caseworker@gmail.com", + "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + } + }, "request": { + "_extends_": "Common_Request", + "pathVariables": { + "ctid": "FT_CRUD" + }, + "headers": { + "experimental": true + }, "body": { - "event_token": "${[scenarioContext][parentContext][childContexts][S-139.2_CreateCase_Token_Creation][testData][actualResponse][body][token]}" + "data": { + "TextField": "value1", + "TextField2": "value2" + }, + "event": { + "id": "createCase", + "summary": "", + "description": "" + }, + "event_token": "${[scenarioContext][parentContext][childContexts][S-139.2_CreateCase_Token_Creation][testData][actualResponse][body][token]}", + "event_data": { + "TextField": "value1", + "TextField2": "value2" + }, + "ignore_warning": false + } + }, + + "expectedResponse": { + "_extends_": "Common_201_Response", + "headers": { + "Content-Length": "[[ANY_NULLABLE]]", + "Content-Encoding": "[[ANY_NULLABLE]]", + "Content-Type": "application/vnd.uk.gov.hmcts.ccd-data-store-api.create-case.v2+json;charset=UTF-8", + "Connection": "[[ANYTHING_PRESENT]]", + "Keep-Alive": "[[ANYTHING_PRESENT]]", + "Transfer-Encoding": "[[ANYTHING_PRESENT]]", + "Strict-Transport-Security": "[[ANY_NULLABLE]]" + }, + "body" : { + "_links": { + "self": { + "href": "[[ANYTHING_PRESENT]]" + } + }, + "id": "[[ANYTHING_PRESENT]]", + "jurisdiction": "BEFTA_MASTER", + "case_type": "FT_CRUD", + "created_on": "[[ANYTHING_PRESENT]]", + "last_modified_on": "[[ANYTHING_PRESENT]]", + "last_state_modified_on": "[[ANYTHING_PRESENT]]", + "state": "CaseCreated", + "security_classification": "PUBLIC", + "data": { + "TextField": "value1" + }, + "data_classification": { + "TextField": "PUBLIC" + }, + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null } } + } diff --git a/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase_Token_Creation.td.json index e998535003..8ddf7d1eb2 100644 --- a/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase_Token_Creation.td.json @@ -1,4 +1,4 @@ { "_guid_": "S-139.2_CreateCase_Token_Creation", - "_extends_": "F-138_CreateCase_Token_Creation" + "_extends_": "F-139_CreateCase_Token_Creation" } diff --git a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/F-140.feature b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/F-140.feature index 9366196399..0db267b8af 100644 --- a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/F-140.feature +++ b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/F-140.feature @@ -118,7 +118,7 @@ Feature: F-140: CategoriesAndDocument endpoint @S-140.9 #AC9 Scenario: No Categories defined in Categories tab, no categories assigned to Document - Return the hierarchy with ALL documents in the "unCategorisedDocuments" element. - Given a case that has just been created as in [F-140_CreateCase_NoCategories], + Given a case that has just been created as in [S-140.9_CreateCase_NoCategories], And a user with [an active profile in CCD and has read access permissions for all the Document fields], And [a case definition with Document fields in CaseField tab and ComplexTab exist *without* the category Id for case type CT1] in the context, And [a case definition with Collection of Document fields in CaseField tab and ComplexTab exist with the category Id for case type CT1] in the context, diff --git a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.2_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.2_CreateCase_Token_Creation.td.json index 2723e0ff87..891bc0b629 100644 --- a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.2_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.2_CreateCase_Token_Creation.td.json @@ -4,7 +4,7 @@ "users": { "invokingUser": { - "_extends_": "BeftaCaseworker2Solicitor2" + "_extends_": "BeftaCaseworkerCaa" } }, diff --git a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9.td.json b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9.td.json index cc3ade4bd3..b12c2f3a4b 100644 --- a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9.td.json +++ b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9.td.json @@ -21,7 +21,7 @@ "request": { "_extends_": "Common_Request", "pathVariables": { - "cid": "${[scenarioContext][childContexts][F-140_CreateCase_NoCategories][testData][actualResponse][body][id]}" + "cid": "${[scenarioContext][childContexts][S-140.9_CreateCase_NoCategories][testData][actualResponse][body][id]}" } }, diff --git a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_NoCategories.td.json b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_NoCategories.td.json new file mode 100644 index 0000000000..09203bf6e8 --- /dev/null +++ b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_NoCategories.td.json @@ -0,0 +1,86 @@ +{ + "_guid_": "S-140.9_CreateCase_NoCategories", + "productName": "CCD Data Store", + "operationName": "external create case", + "method": "POST", + "uri": "/case-types/{ctid}/cases", + "specs": [ + "to create a full case" + ], + "prerequisites": [ + { + "Token_Creation": "S-140.9_CreateCase_Token_Creation" + } + ], + "users": { + "invokingUser": { + "_extends_": "BeftaCaseworker2Solicitor2" + } + }, + "request": { + "_extends_": "Common_Request", + "pathVariables": { + "ctid": "BEFTA_CASETYPE_2_1" + }, + "headers": { + "experimental": true + }, + "body": { + "data": { + "DocumentField1": { + "document_url": "${[scenarioContext][siblingContexts][F-140_Document_Upload][testData][actualResponse][body][documents][0][_links][self][href]}", + "document_binary_url": "${[scenarioContext][siblingContexts][F-140_Document_Upload][testData][actualResponse][body][documents][0][_links][binary][href]}", + "document_filename": "${[scenarioContext][siblingContexts][F-140_Document_Upload][testData][actualResponse][body][documents][0][originalDocumentName]}" + } + }, + "event": { + "id": "CREATE" + }, + "event_token": "${[scenarioContext][childContexts][Token_Creation][testData][actualResponse][body][token]}", + "ignore_warning": false + } + }, + "expectedResponse": { + "_extends_": "Common_201_Response", + "headers": { + "Content-Length": "[[ANY_NULLABLE]]", + "Content-Encoding": "[[ANY_NULLABLE]]", + "Content-Type": "application/vnd.uk.gov.hmcts.ccd-data-store-api.create-case.v2+json;charset=UTF-8", + "Connection": "[[ANYTHING_PRESENT]]", + "Keep-Alive": "[[ANYTHING_PRESENT]]", + "Transfer-Encoding": "[[ANYTHING_PRESENT]]", + "Strict-Transport-Security": "[[ANY_NULLABLE]]" + }, + "body": { + "_links": { + "self": { + "href": "[[ANYTHING_PRESENT]]" + } + }, + "id": "[[ANYTHING_PRESENT]]", + "jurisdiction": "BEFTA_JURISDICTION_2", + "case_type": "BEFTA_CASETYPE_2_1", + "created_on": "[[ANYTHING_PRESENT]]", + "last_modified_on": "[[ANYTHING_PRESENT]]", + "last_state_modified_on": "[[ANYTHING_PRESENT]]", + "state": "TODO", + "security_classification": "PUBLIC", + "data": { + "DocumentField1": { + "document_url": "${[scenarioContext][siblingContexts][F-140_Document_Upload][testData][actualResponse][body][documents][0][_links][self][href]}", + "document_binary_url": "${[scenarioContext][siblingContexts][F-140_Document_Upload][testData][actualResponse][body][documents][0][_links][binary][href]}", + "document_filename": "${[scenarioContext][siblingContexts][F-140_Document_Upload][testData][actualResponse][body][documents][0][originalDocumentName]}", + "upload_timestamp": "[[ANYTHING_PRESENT]]" + } + }, + "data_classification": { + "DocumentField1": "PUBLIC" + }, + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null + } + } +} diff --git a/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_Token_Creation.td.json new file mode 100644 index 0000000000..c9645a3159 --- /dev/null +++ b/src/aat/resources/features/F-140 - CategoriesAndDocument endpoint/S-140.9_CreateCase_Token_Creation.td.json @@ -0,0 +1,67 @@ +{ + "_guid_": "S-140.9_CreateCase_Token_Creation", + + "productName": "CCD Data Store", + "operationName": "Start event creation as Case worker", + + "method": "GET", + "uri": "/case-types/{ctid}/event-triggers/{etid}", + + "specs": [ + "to create a token for case creation", + "As a prerequisite" + ], + + "users": { + "invokingUser": { + "_extends_": "BeftaCaseworker2Solicitor2" + } + }, + + "request": { + "headers":{ + "_extends_": "Common_Request_Headers", + "Experimental" : "true" + }, + "pathVariables": { + "etid": "CREATE", + "ctid": "BEFTA_CASETYPE_2_1" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers" : { + "Content-Encoding" : "gzip", + "Content-Length": "[[ANYTHING_PRESENT]]" + }, + "body" : { + "token" : "[[ANYTHING_PRESENT]]", + "_links": { + "self": { + "href": "[[ANYTHING_PRESENT]]" + } + }, + "case_details" : { + "id" : null, + "jurisdiction" : "BEFTA_JURISDICTION_2", + "state" : null, + "version" : null, + "case_type_id" : "BEFTA_CASETYPE_2_1", + "created_date" : null, + "last_modified" : null, + "last_state_modified_date" : null, + "security_classification" : null, + "case_data" : { }, + "data_classification": {}, + "supplementary_data": null, + "after_submit_callback_response" : null, + "callback_response_status_code" : null, + "callback_response_status" : null, + "delete_draft_response_status_code" : null, + "delete_draft_response_status" : null + }, + "event_id" : "CREATE" + } + } +} diff --git a/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase.td.json b/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase.td.json index 6cc7b40e0f..2432bdb471 100644 --- a/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase.td.json +++ b/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase.td.json @@ -10,7 +10,7 @@ ], "prerequisites" : [ { - "Token_Creation": "F-141_CreateCase_Token_Creation" + "Token_Creation": "S-141.12_CreateCase_Token_Creation" } ], diff --git a/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase_Token_Creation.td.json new file mode 100644 index 0000000000..d13cc2f876 --- /dev/null +++ b/src/aat/resources/features/F-141 - documentData endpoint/S-141.12_CreateCase_Token_Creation.td.json @@ -0,0 +1,67 @@ +{ + "_guid_": "S-141.12_CreateCase_Token_Creation", + + "productName": "CCD Data Store", + "operationName": "Start event creation as Case worker", + + "method": "GET", + "uri": "/case-types/{ctid}/event-triggers/{etid}", + + "specs": [ + "to create a token for case creation", + "As a prerequisite" + ], + + "users": { + "invokingUser": { + "_extends_": "BeftaMasterCaseworker" + } + }, + + "request": { + "headers":{ + "_extends_": "Common_Request_Headers", + "Experimental" : "true" + }, + "pathVariables": { + "etid": "CREATE", + "ctid": "FT_CaseFileView_2" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers" : { + "Content-Encoding" : "gzip", + "Content-Length": "[[ANYTHING_PRESENT]]" + }, + "body" : { + "token" : "[[ANYTHING_PRESENT]]", + "_links": { + "self": { + "href": "[[ANYTHING_PRESENT]]" + } + }, + "case_details" : { + "id" : null, + "jurisdiction" : "BEFTA_MASTER", + "state" : null, + "version" : null, + "case_type_id" : "FT_CaseFileView_2", + "created_date" : null, + "last_modified" : null, + "last_state_modified_date" : null, + "security_classification" : null, + "case_data" : { }, + "data_classification": {}, + "supplementary_data": null, + "after_submit_callback_response" : null, + "callback_response_status_code" : null, + "callback_response_status" : null, + "delete_draft_response_status_code" : null, + "delete_draft_response_status" : null + }, + "event_id" : "CREATE" + } + } +} diff --git a/src/aat/resources/features/F-141 - documentData endpoint/S-141.2_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-141 - documentData endpoint/S-141.2_CreateCase_Token_Creation.td.json index af9ccf48f5..061e000245 100644 --- a/src/aat/resources/features/F-141 - documentData endpoint/S-141.2_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-141 - documentData endpoint/S-141.2_CreateCase_Token_Creation.td.json @@ -4,7 +4,7 @@ "users": { "invokingUser": { - "_extends_": "BeftaCaseworker2Solicitor2" + "_extends_": "BeftaCaseworkerCaa" } }, diff --git a/src/aat/resources/features/common/case/befta_new/Befta_Case_Creation_Base_Data.td.json b/src/aat/resources/features/common/case/befta_new/Befta_Case_Creation_Base_Data.td.json index afa5bf8c58..96e8493ae2 100644 --- a/src/aat/resources/features/common/case/befta_new/Befta_Case_Creation_Base_Data.td.json +++ b/src/aat/resources/features/common/case/befta_new/Befta_Case_Creation_Base_Data.td.json @@ -24,7 +24,7 @@ "summary": "", "description": "" }, - "event_token": "${[scenarioContext][parentContext][childContexts][Standard_Token_Creation_Data_For_Case_Creation][testData][actualResponse][body][token]}", + "event_token": "${[scenarioContext][parentContext][childContexts][Befta_Default_Full_Case_Creation_Data_Token_Creation][testData][actualResponse][body][token]}", "ignore_warning": false, "draft_id": null } diff --git a/src/aat/resources/features/common/case/befta_new/Befta_Default_Full_Case_Creation_Data_Token_Creation.td.json b/src/aat/resources/features/common/case/befta_new/Befta_Default_Full_Case_Creation_Data_Token_Creation.td.json new file mode 100644 index 0000000000..48a61dc65a --- /dev/null +++ b/src/aat/resources/features/common/case/befta_new/Befta_Default_Full_Case_Creation_Data_Token_Creation.td.json @@ -0,0 +1,62 @@ +{ + "_guid_": "Befta_Default_Full_Case_Creation_Data_Token_Creation", + + "productName": "CCD Data Store", + "operationName": "Start event creation as Case worker", + + "method": "GET", + "uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/event-triggers/{etid}/token", + + "specs": [ + "to create a token for case creation" + ], + + "users": { + "invokingUser": { + "_extends_": "BeftaCaseworker1" + } + }, + + "request": { + "headers": { + "_extends_": "Common_Request_Headers" + }, + "pathVariables": { + "uid": "[[DEFAULT_AUTO_VALUE]]", + "jid": "BEFTA_JURISDICTION_1", + "ctid": "BEFTA_CASETYPE_1_1", + "etid": "CREATE" + } + }, + + "expectedResponse": { + "_extends_": "Common_200_Response", + "headers": { + "Content-Encoding": "gzip", + "Content-Length": "[[ANY_INTEGER_NOT_NULLABLE]]" + }, + "body": { + "token": "[[ANY_STRING_NOT_NULLABLE]]", + "case_details": { + "id": null, + "jurisdiction": "[[ANYTHING_PRESENT]]", + "state": null, + "version": null, + "case_type_id": "[[ANYTHING_PRESENT]]", + "created_date": null, + "last_modified": null, + "last_state_modified_date": null, + "security_classification": null, + "case_data": {}, + "data_classification": {}, + "supplementary_data": null, + "after_submit_callback_response": null, + "callback_response_status_code": null, + "callback_response_status": null, + "delete_draft_response_status_code": null, + "delete_draft_response_status": null + }, + "event_id": "CREATE" + } + } +} diff --git a/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java b/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java index 5187bc8ed7..649666d7b5 100644 --- a/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java +++ b/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java @@ -233,6 +233,9 @@ public class ApplicationParams { @Value("${enable-case-group-access-filtering}") private boolean enableCaseGroupAccessFiltering; + @Value("${token.claim.validation.enabled}") + private boolean validateTokenClaims; + public static String encode(final String stringToEncode) { try { return URLEncoder.encode(stringToEncode, "UTF-8"); @@ -630,4 +633,9 @@ public boolean getCaseGroupAccessFilteringEnabled() { public List getUploadTimestampFeaturedCaseTypes() { return uploadTimestampFeaturedCaseTypes; } + + public boolean isValidateTokenClaims() { + return validateTokenClaims; + } + } diff --git a/src/main/java/uk/gov/hmcts/ccd/CachingConfiguration.java b/src/main/java/uk/gov/hmcts/ccd/CachingConfiguration.java deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java index d212082b86..0a431e822f 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java @@ -13,6 +13,7 @@ import uk.gov.hmcts.ccd.infrastructure.RandomKeyGenerator; import java.util.Date; +import java.util.Optional; import com.google.common.collect.Maps; import io.jsonwebtoken.Claims; @@ -35,6 +36,8 @@ public class EventTokenService { private final RandomKeyGenerator randomKeyGenerator; private final String tokenSecret; private final CaseService caseService; + private final boolean isValidateTokenClaims; + @Autowired public EventTokenService(final RandomKeyGenerator randomKeyGenerator, @@ -42,6 +45,7 @@ public EventTokenService(final RandomKeyGenerator randomKeyGenerator, final CaseService caseService) { this.randomKeyGenerator = randomKeyGenerator; this.tokenSecret = applicationParams.getTokenSecret(); + this.isValidateTokenClaims = applicationParams.isValidateTokenClaims(); this.caseService = caseService; } @@ -114,16 +118,9 @@ public void validateToken(final String token, final EventTokenProperties eventTokenProperties = parseToken(token); - if (!(eventTokenProperties.getEventId() == null - || eventTokenProperties.getEventId().equalsIgnoreCase(event.getId()) - && eventTokenProperties.getCaseId() == null - || eventTokenProperties.getCaseId().equalsIgnoreCase(caseDetails.getId().toString()) - && eventTokenProperties.getJurisdictionId() == null - || eventTokenProperties.getJurisdictionId().equalsIgnoreCase(jurisdictionDefinition.getId()) - && eventTokenProperties.getCaseTypeId() == null - || eventTokenProperties.getCaseTypeId().equalsIgnoreCase(caseTypeDefinition.getId()) - && eventTokenProperties.getUid() == null - || eventTokenProperties.getUid().equalsIgnoreCase(uid))) { + if (isValidateTokenClaims && !isTokenPropertiesMatching(eventTokenProperties, uid, caseDetails, event, + jurisdictionDefinition, + caseTypeDefinition)) { throw new ResourceNotFoundException("Cannot find matching start trigger"); } @@ -138,16 +135,17 @@ private boolean isTokenPropertiesMatching(EventTokenProperties eventTokenPropert CaseEventDefinition event, JurisdictionDefinition jurisdictionDefinition, CaseTypeDefinition caseTypeDefinition) { - return (eventTokenProperties.getEventId() == null - || eventTokenProperties.getEventId().equalsIgnoreCase(event.getId())) - && (eventTokenProperties.getCaseId() == null - || eventTokenProperties.getCaseId().equalsIgnoreCase(caseDetails.getId())) - && (eventTokenProperties.getJurisdictionId() == null - || eventTokenProperties.getJurisdictionId().equalsIgnoreCase(jurisdictionDefinition.getId())) - && (eventTokenProperties.getCaseTypeId() == null - || eventTokenProperties.getCaseTypeId().equalsIgnoreCase(caseTypeDefinition.getId())) - && (eventTokenProperties.getUid() == null - || eventTokenProperties.getUid().equalsIgnoreCase(uid)); + return isMatching(eventTokenProperties.getEventId(), event.getId()) + && isMatching(eventTokenProperties.getCaseId(), caseDetails.getId()) + && isMatching(eventTokenProperties.getJurisdictionId(), jurisdictionDefinition.getId()) + && isMatching(eventTokenProperties.getCaseTypeId(), caseTypeDefinition.getId()) + && isMatching(eventTokenProperties.getUid(), uid); + } + + private boolean isMatching(String tokenValue, String actualValue) { + return Optional.ofNullable(tokenValue) + .map(value -> value.equalsIgnoreCase(actualValue)) + .orElse(true); } /** diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b23aa57281..7cffcdb7a5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -290,3 +290,5 @@ reference.data.cache.refresh.rate.cron=0 0 4 * * ? definition-store.retry.maxAttempts=${DEFINITION_STORE_RETRY_MAX_ATTEMPTS:3} definition-store.retry.maxDelay=${DEFINITION_STORE_RETRY_MAX_DELAY:1000} + +token.claim.validation.enabled=${TOKEN_CLAIM_VALIDATION_ENABLED:false} diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java index 791e8b9fb8..4aceb7af14 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java @@ -5,7 +5,12 @@ import org.junit.jupiter.api.Test; import static org.junit.Assert.assertThrows; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.doReturn; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; import org.mockito.InjectMocks; import org.mockito.Mock; @@ -16,25 +21,17 @@ import uk.gov.hmcts.ccd.domain.model.definition.CaseEventDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; import uk.gov.hmcts.ccd.domain.model.definition.JurisdictionDefinition; -import uk.gov.hmcts.ccd.domain.service.common.CaseService; import uk.gov.hmcts.ccd.endpoint.exceptions.BadRequestException; import uk.gov.hmcts.ccd.endpoint.exceptions.ResourceNotFoundException; -import uk.gov.hmcts.ccd.infrastructure.RandomKeyGenerator; class EventTokenServiceTest { @InjectMocks private EventTokenService eventTokenService; - @Mock - private RandomKeyGenerator randomKeyGenerator; - @Mock private ApplicationParams applicationParams; - @Mock - private CaseService caseService; - @Mock private CaseDetails caseDetails; @@ -57,7 +54,7 @@ class EventTokenServiceTest { @BeforeEach public void setUp() { openMocks = MockitoAnnotations.openMocks(this); - token = "validToken"; + token = "token"; uid = "userId"; when(applicationParams.getTokenSecret()).thenReturn("secretKey"); @@ -76,16 +73,14 @@ public void setUp() { @Test public void testValidateToken_NullToken() { - assertThrows(BadRequestException.class, () -> { - eventTokenService.validateToken(null, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); - }); + assertThrows(BadRequestException.class, () -> eventTokenService.validateToken(null,uid, caseDetails, + event, jurisdictionDefinition, caseTypeDefinition)); } @Test public void testValidateToken_EmptyToken() { - assertThrows(BadRequestException.class, () -> { - eventTokenService.validateToken("", uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); - }); + assertThrows(BadRequestException.class, () -> eventTokenService.validateToken("", uid, caseDetails, + event, jurisdictionDefinition, caseTypeDefinition)); } @Test @@ -97,7 +92,6 @@ public void testValidateToken_ValidTokenAllConditionsMet() { when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); - // Mock the parseToken method doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); @@ -105,24 +99,274 @@ public void testValidateToken_ValidTokenAllConditionsMet() { verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); } + @Test + public void testValidateToken_ValidTokenAllConditionsMetWithNullValues() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties propertiesWithNull = new EventTokenProperties( + null, + null, + null, + null, + null, + "version", + "caseState", + "1" + ); + + doReturn(propertiesWithNull).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } + + @Test + public void testValidateToken_ValidTokenConditionMetWithNullEventId() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties eventTokenProperties = new EventTokenProperties( + uid, + "caseId", + "jurisdictionId", + null, + "caseTypeId", + "version", + "caseState", + "1" + ); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } + + @Test + public void testValidateToken_ValidTokenConditionMetWithNullCaseId() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties eventTokenProperties = new EventTokenProperties( + uid, + null, + "jurisdictionId", + "eventId", + "caseTypeId", + "version", + "caseState", + "1" + ); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } + + @Test + public void testValidateToken_ValidTokenConditionMetWithNullJurisdictionId() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties eventTokenProperties = new EventTokenProperties( + uid, + "caseId", + null, + "eventId", + "caseTypeId", + "version", + "caseState", + "1" + ); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } + + @Test + public void testValidateToken_ValidTokenConditionMetWithNullCaseTypeId() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties eventTokenProperties = new EventTokenProperties( + uid, + "caseId", + "jurisdictionId", + "eventId", + null, + "version", + "caseState", + "1" + ); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } @Test - public void testValidateToken_InvalidTokenConditionsNotMet() { + public void testValidateToken_ValidTokenConditionMetWithNullUid() { EventTokenService spyEventTokenService = spy(eventTokenService); + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties eventTokenProperties = new EventTokenProperties( + null, + "caseId", + "jurisdictionId", + "eventId", + "caseTypeId", + "version", + "caseState", + "1" + ); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails).setVersion(Integer.parseInt(eventTokenProperties.getEntityVersion())); + } + + @Test + public void testValidateToken_InvalidTokenConditionsEventIdNotMet() { + when(applicationParams.isValidateTokenClaims()).thenReturn(true); + EventTokenService spyEventTokenService = spy(new EventTokenService(null, + applicationParams, null)); + when(event.getId()).thenReturn("differentEventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); + } + + @Test + public void testValidateToken_InvalidTokenConditionsCaseIdNotMet() { + when(applicationParams.isValidateTokenClaims()).thenReturn(true); + EventTokenService spyEventTokenService = spy(new EventTokenService(null, + applicationParams, null)); + + when(event.getId()).thenReturn("eventId"); when(caseDetails.getId()).thenReturn("differentCaseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); + } + + @Test + public void testValidateToken_InvalidTokenConditionsJurisdictionIdNotMet() { + when(applicationParams.isValidateTokenClaims()).thenReturn(true); + EventTokenService spyEventTokenService = spy(new EventTokenService(null, + applicationParams, null)); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); when(jurisdictionDefinition.getId()).thenReturn("differentJurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); + } + + @Test + public void testValidateToken_InvalidTokenConditionsCaseTypeIdNotMet() { + when(applicationParams.isValidateTokenClaims()).thenReturn(true); + EventTokenService spyEventTokenService = spy(new EventTokenService(null, + applicationParams, null)); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); when(caseTypeDefinition.getId()).thenReturn("differentCaseTypeId"); - // Mock the parseToken method doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); } + @Test + public void testValidateToken_InvalidTokenConditionsUidNotMet() { + when(applicationParams.isValidateTokenClaims()).thenReturn(true); + EventTokenService spyEventTokenService = spy(new EventTokenService(null, + applicationParams, null)); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + uid = "differentUid"; + assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); + } + + @Test + public void testValidateToken_DoNothingWhenValidateClaimIsFalseForInvalidTokenConditionsUidNotMet() { + EventTokenService spyEventTokenService = spy(new EventTokenService(null, + applicationParams, null)); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); + + uid = "differentUid"; + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(spyEventTokenService, times(1)).parseToken(token); + verify(caseDetails, times(1)).setVersion(1); + } + @Test public void testValidateToken_NonNullEntityVersion() { EventTokenService spyEventTokenService = spy(eventTokenService); @@ -143,7 +387,6 @@ public void testValidateToken_NonNullEntityVersion() { "2" ); - // Mock the parseToken method doReturn(propertiesWithVersion).when(spyEventTokenService).parseToken(token); spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); @@ -151,6 +394,33 @@ public void testValidateToken_NonNullEntityVersion() { verify(caseDetails).setVersion(2); } + @Test + public void testValidateToken_NullEntityVersion() { + EventTokenService spyEventTokenService = spy(eventTokenService); + + when(event.getId()).thenReturn("eventId"); + when(caseDetails.getId()).thenReturn("caseId"); + when(jurisdictionDefinition.getId()).thenReturn("jurisdictionId"); + when(caseTypeDefinition.getId()).thenReturn("caseTypeId"); + + EventTokenProperties propertiesWithVersion = new EventTokenProperties( + uid, + "caseId", + "jurisdictionId", + "eventId", + "caseTypeId", + "version", + "caseState", + null + ); + + doReturn(propertiesWithVersion).when(spyEventTokenService).parseToken(token); + + spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition); + + verify(caseDetails, never()).setVersion(null); + } + @AfterEach public void tearDown() throws Exception { openMocks.close(); diff --git a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java index d6088bbdea..a04ea8c3dc 100644 --- a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java +++ b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java @@ -66,10 +66,10 @@ import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.empty; +import static org.hamcrest.Matchers.emptyString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasProperty; import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.Matchers.isEmptyString; import static org.hamcrest.collection.IsIn.isIn; import static org.hamcrest.core.Every.everyItem; import static org.junit.Assert.assertEquals; @@ -230,7 +230,7 @@ private void shouldReturn201WithTTLWhenPostCreateCaseEventWithValidData(String u + urlPortionForCaseType + "/cases/" + caseReference + "/events"; final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); - final String token = generateEventToken(template, UID, JURISDICTION, urlPortionForCaseType, caseReference, + final String token = generateEventToken(template, UID, JURISDICTION, "TestAddressBookCaseTTL", caseReference, TEST_EVENT_ID); caseDetailsToSave.setToken(token); final JsonNode DATA = mapper.readTree("{" @@ -572,200 +572,201 @@ public void shouldGenerateCaseEventMessagingDefinition() throws Exception { assertEquals("Incorrect number of rows in messageQueue", 1, messageQueueList.size()); assertEquals(messageQueueList.get(0).getMessageInformation().get("AdditionalData").get("Definition"), - mapper.readTree("{\n" - + " \"OtherAlias\": {\n" - + " \"type\": \"SimpleNumber\",\n" - + " \"subtype\": \"Number\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"ComplexNestedField.NestedNumberField\"\n" - + " },\n" - + " \"NumberField\": {\n" - + " \"type\": \"SimpleNumber\",\n" - + " \"subtype\": \"Number\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"NumberField\"\n" - + " },\n" - + " \"ComplexField\": {\n" - + " \"type\": \"Complex\",\n" - + " \"subtype\": \"ComplexType\",\n" - + " \"typeDef\": {\n" - + " \"ComplexTextField\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"ComplexTextField\"\n" - + " },\n" - + " \"ComplexNestedField\": {\n" - + " \"type\": \"Complex\",\n" - + " \"subtype\": \"NestedComplexType\",\n" - + " \"typeDef\": {\n" - + " \"NestedNumberField\": {\n" - + " \"type\": \"SimpleNumber\",\n" - + " \"subtype\": \"Number\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"NestedNumberField\"\n" - + " }\n" - + " },\n" - + " \"originalId\": \"ComplexNestedField\"\n" - + " }\n" - + " },\n" - + " \"originalId\": \"ComplexField\"\n" - + " },\n" - + " \"YesOrNoField\": {\n" - + " \"type\": \"SimpleBoolean\",\n" - + " \"subtype\": \"YesOrNo\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"YesOrNoField\"\n" - + " },\n" - + " \"DateTimeField\": {\n" - + " \"type\": \"SimpleDateTime\",\n" - + " \"subtype\": \"DateTime\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"DateTimeField\"\n" - + " },\n" - + " \"DocumentField\": {\n" - + " \"type\": \"Complex\",\n" - + " \"subtype\": \"Document\",\n" - + " \"typeDef\": {\n" - + " \"document_url\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"document_url\"\n" - + " },\n" - + " \"document_filename\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"document_filename\"\n" - + " },\n" - + " \"document_binary_url\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"document_binary_url\"\n" - + " },\n" - + " \"category_id\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"category_id\"\n" - + " },\n" - + " \"upload_timestamp\": {\n" - + " \"type\": \"SimpleDateTime\",\n" - + " \"subtype\": \"DateTime\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"upload_timestamp\"\n" - + " }\n" - + " },\n" - + " \"originalId\": \"DocumentField\"\n" - + " },\n" - + " \"AddressUKField\": {\n" - + " \"type\": \"Complex\",\n" - + " \"subtype\": \"AddressUK\",\n" - + " \"typeDef\": {\n" - + " \"County\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"County\"\n" - + " },\n" - + " \"Country\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"Country\"\n" - + " },\n" - + " \"PostCode\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"PostCode\"\n" - + " },\n" - + " \"PostTown\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"PostTown\"\n" - + " },\n" - + " \"AddressLine1\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"AddressLine1\"\n" - + " },\n" - + " \"AddressLine2\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"AddressLine2\"\n" - + " },\n" - + " \"AddressLine3\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"AddressLine3\"\n" - + " }\n" - + " },\n" - + " \"originalId\": \"AddressUKField\"\n" - + " },\n" - + " \"CollectionField\": {\n" - + " \"type\": \"Collection\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"CollectionField\"\n" - + " },\n" - + " \"TopLevelPublish\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"ComplexTextField\"\n" - + " },\n" - + " \"AliasForTextField\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"TextField\"\n" - + " },\n" - + " \"ComplexCollectionField\": {\n" - + " \"type\": \"Collection\",\n" - + " \"subtype\": \"ComplexType\",\n" - + " \"typeDef\": {\n" - + " \"ComplexTextField\": {\n" - + " \"type\": \"SimpleText\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"ComplexTextField\"\n" - + " },\n" - + " \"ComplexNestedField\": {\n" - + " \"type\": \"Complex\",\n" - + " \"subtype\": \"NestedComplexType\",\n" - + " \"typeDef\": {\n" - + " \"NestedNumberField\": {\n" - + " \"type\": \"SimpleNumber\",\n" - + " \"subtype\": \"Number\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"NestedNumberField\"\n" - + " },\n" - + " \"NestedCollectionTextField\": {\n" - + " \"type\": \"Collection\",\n" - + " \"subtype\": \"Text\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"NestedCollectionTextField\"\n" - + " }\n" - + " },\n" - + " \"originalId\": \"ComplexNestedField\"\n" - + " },\n" - + " \"ComplexFixedListField\": {\n" - + " \"type\": \"FixedList\",\n" - + " \"subtype\": \"FixedList\",\n" - + " \"typeDef\": null,\n" - + " \"originalId\": \"ComplexFixedListField\"\n" - + " }\n" - + " },\n" - + " \"originalId\": \"ComplexCollectionField\"\n" - + " }\n" - + "}")); + mapper.readTree(""" + { + "OtherAlias": { + "type": "SimpleNumber", + "subtype": "Number", + "typeDef": null, + "originalId": "ComplexNestedField.NestedNumberField" + }, + "NumberField": { + "type": "SimpleNumber", + "subtype": "Number", + "typeDef": null, + "originalId": "NumberField" + }, + "ComplexField": { + "type": "Complex", + "subtype": "ComplexType", + "typeDef": { + "ComplexTextField": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "ComplexTextField" + }, + "ComplexNestedField": { + "type": "Complex", + "subtype": "NestedComplexType", + "typeDef": { + "NestedNumberField": { + "type": "SimpleNumber", + "subtype": "Number", + "typeDef": null, + "originalId": "NestedNumberField" + } + }, + "originalId": "ComplexNestedField" + } + }, + "originalId": "ComplexField" + }, + "YesOrNoField": { + "type": "SimpleBoolean", + "subtype": "YesOrNo", + "typeDef": null, + "originalId": "YesOrNoField" + }, + "DateTimeField": { + "type": "SimpleDateTime", + "subtype": "DateTime", + "typeDef": null, + "originalId": "DateTimeField" + }, + "DocumentField": { + "type": "Complex", + "subtype": "Document", + "typeDef": { + "document_url": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "document_url" + }, + "document_filename": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "document_filename" + }, + "document_binary_url": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "document_binary_url" + }, + "category_id": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "category_id" + }, + "upload_timestamp": { + "type": "SimpleDateTime", + "subtype": "DateTime", + "typeDef": null, + "originalId": "upload_timestamp" + } + }, + "originalId": "DocumentField" + }, + "AddressUKField": { + "type": "Complex", + "subtype": "AddressUK", + "typeDef": { + "County": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "County" + }, + "Country": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "Country" + }, + "PostCode": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "PostCode" + }, + "PostTown": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "PostTown" + }, + "AddressLine1": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "AddressLine1" + }, + "AddressLine2": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "AddressLine2" + }, + "AddressLine3": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "AddressLine3" + } + }, + "originalId": "AddressUKField" + }, + "CollectionField": { + "type": "Collection", + "subtype": "Text", + "typeDef": null, + "originalId": "CollectionField" + }, + "TopLevelPublish": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "ComplexTextField" + }, + "AliasForTextField": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "TextField" + }, + "ComplexCollectionField": { + "type": "Collection", + "subtype": "ComplexType", + "typeDef": { + "ComplexTextField": { + "type": "SimpleText", + "subtype": "Text", + "typeDef": null, + "originalId": "ComplexTextField" + }, + "ComplexNestedField": { + "type": "Complex", + "subtype": "NestedComplexType", + "typeDef": { + "NestedNumberField": { + "type": "SimpleNumber", + "subtype": "Number", + "typeDef": null, + "originalId": "NestedNumberField" + }, + "NestedCollectionTextField": { + "type": "Collection", + "subtype": "Text", + "typeDef": null, + "originalId": "NestedCollectionTextField" + } + }, + "originalId": "ComplexNestedField" + }, + "ComplexFixedListField": { + "type": "FixedList", + "subtype": "FixedList", + "typeDef": null, + "originalId": "ComplexFixedListField" + } + }, + "originalId": "ComplexCollectionField" + } + }""")); } @Test @@ -774,58 +775,59 @@ public void shouldGenerateCaseEventDataMessagingDefinition() throws Exception { String eventId = "CREATE"; String url = "/caseworkers/0/jurisdictions/" + JURISDICTION + "/case-types/" + caseType + "/cases"; - final JsonNode DATA = mapper.readTree("{\n" - + " \"MoneyGBPField\": \"1000\",\n" - + " \"FixedListField\": \"VALUE3\",\n" - + " \"AddressUKField\": {\n" - + " \"AddressLine1\": \"123 street name\",\n" - + " \"AddressLine2\": \"\",\n" - + " \"AddressLine3\": \"\",\n" - + " \"PostTown\": \"town\",\n" - + " \"County\": \"county\",\n" - + " \"PostCode\": \"postcode\",\n" - + " \"Country\": \"\"\n" - + " },\n" - + " \"ComplexField\": {\n" - + " \"ComplexTextField\": \"text in complex\",\n" - + " \"ComplexFixedListField\": \"VALUE3\",\n" - + " \"ComplexNestedField\": {\n" - + " \"NestedNumberField\": \"1\",\n" - + " \"NestedCollectionTextField\": [\n" - + " {\n" - + " \"value\": \"collection of text in nested complex 1\",\n" - + " \"id\": \"62c18dd8-d6d2-4378-b940-8614ee1ab25a\"\n" - + " },\n" - + " {\n" - + " \"value\": \"collection of text in nested complex 2\",\n" - + " \"id\": \"4acd46b4-f292-4e5d-a436-16dcca6b2cfe\"\n" - + " }\n" - + " ]\n" - + " }\n" - + " },\n" - + " \"DateTimeField\": \"2000-12-12T11:11:11.000\",\n" - + " \"PhoneUKField\": \"07986542987\",\n" - + " \"NumberField\": \"2\",\n" - + " \"MultiSelectListField\": [\n" - + " \"OPTION4\",\n" - + " \"OPTION3\"\n" - + " ],\n" - + " \"YesOrNoField\": \"Yes\",\n" - + " \"EmailField\": \"test@test.com\",\n" - + " \"TextField\": \"text field\",\n" - + " \"DateField\": \"2000-12-12\",\n" - + " \"TextAreaField\": \"text area\",\n" - + " \"CollectionField\": [\n" - + " {\n" - + " \"value\": \"collection field\",\n" - + " \"id\": \"9af355b6-19ef-4a19-b5db-ad873772b478\"\n" - + " },\n" - + " {\n" - + " \"value\": \"collection field 2\",\n" - + " \"id\": \"7bce938e-7400-424f-86c9-c896ecbabc1f\"\n" - + " }\n" - + " ]\n" - + "}"); + final JsonNode DATA = mapper.readTree(""" + { + "MoneyGBPField": "1000", + "FixedListField": "VALUE3", + "AddressUKField": { + "AddressLine1": "123 street name", + "AddressLine2": "", + "AddressLine3": "", + "PostTown": "town", + "County": "county", + "PostCode": "postcode", + "Country": "" + }, + "ComplexField": { + "ComplexTextField": "text in complex", + "ComplexFixedListField": "VALUE3", + "ComplexNestedField": { + "NestedNumberField": "1", + "NestedCollectionTextField": [ + { + "value": "collection of text in nested complex 1", + "id": "62c18dd8-d6d2-4378-b940-8614ee1ab25a" + }, + { + "value": "collection of text in nested complex 2", + "id": "4acd46b4-f292-4e5d-a436-16dcca6b2cfe" + } + ] + } + }, + "DateTimeField": "2000-12-12T11:11:11.000", + "PhoneUKField": "07986542987", + "NumberField": "2", + "MultiSelectListField": [ + "OPTION4", + "OPTION3" + ], + "YesOrNoField": "Yes", + "EmailField": "test@test.com", + "TextField": "text field", + "DateField": "2000-12-12", + "TextAreaField": "text area", + "CollectionField": [ + { + "value": "collection field", + "id": "9af355b6-19ef-4a19-b5db-ad873772b478" + }, + { + "value": "collection field 2", + "id": "7bce938e-7400-424f-86c9-c896ecbabc1f" + } + ] + }"""); Map data = JacksonUtils.convertValue(DATA); @@ -1004,7 +1006,8 @@ public void shouldReturn201WithSearchCriteriaWhenPostCreateCaseForCitizen() thro triggeringEvent.setSummary(SHORT_COMMENT); caseDetailsToSave.setEvent(triggeringEvent); - caseDetailsToSave.setToken(generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, TEST_EVENT_ID)); + caseDetailsToSave.setToken(generateEventTokenNewCase(UID, JURISDICTION, + "MultipleSearchCriteriaAndSearchParties", TEST_EVENT_ID)); final MvcResult mvcResult = mockMvc.perform(post(URL) .contentType(JSON_CONTENT_TYPE) @@ -1226,7 +1229,8 @@ public void shouldReturn201WithSearchCriteriaWhenPostCreateCaseForCaseworker() t final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); - caseDetailsToSave.setToken(generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, TEST_EVENT_ID)); + caseDetailsToSave.setToken(generateEventTokenNewCase(UID, JURISDICTION, + "MultipleSearchCriteriaAndSearchParties", TEST_EVENT_ID)); caseDetailsToSave.setData(GlobalSearchTestFixture.createCaseData()); final MvcResult mvcResult = mockMvc.perform(post(URL) @@ -2134,7 +2138,7 @@ public void shouldReturn201WithSearchCriteriaWhenPostCreateCaseEventCaseworker() caseDetailsToSave.setEvent(createEvent(PRE_STATES_EVENT_ID, SUMMARY, DESCRIPTION)); final String token = generateEventToken(template, - UID, JURISDICTION, CASE_TYPE, caseReference, PRE_STATES_EVENT_ID); + UID, JURISDICTION, "MultipleSearchCriteriaAndSearchParties", caseReference, PRE_STATES_EVENT_ID); caseDetailsToSave.setToken(token); final MvcResult mvcResult = mockMvc.perform(post(URL) .contentType(JSON_CONTENT_TYPE) @@ -2246,7 +2250,7 @@ public void shouldReturn201WithSearchCriteriaWhenPostCreateCaseEventForCitizen() caseDetailsToSave.setEvent(createEvent(PRE_STATES_EVENT_ID, SUMMARY, DESCRIPTION)); final String token = generateEventToken(template, - UID, JURISDICTION, CASE_TYPE, caseReference, PRE_STATES_EVENT_ID); + UID, JURISDICTION, "MultipleSearchCriteriaAndSearchParties", caseReference, PRE_STATES_EVENT_ID); caseDetailsToSave.setToken(token); final MvcResult mvcResult = mockMvc.perform(post(URL) @@ -3709,18 +3713,21 @@ private void shouldReturn201WithEmptyBodyWhenPostCreateCaseWithNoReadAccessOnCas caseDetailsToSave.setEvent(createEvent(CREATE_EVENT_ID, SUMMARY, DESCRIPTION)); final JsonNode DATA = mapper.readTree( - "{\n" + - " \"PersonFirstName\": \"First Name\",\n" + - " \"PersonLastName\": \"Last Name\",\n" + - " \"PersonAddress\": {\n" + - " \"AddressLine1\": \"Address Line 1\",\n" + - " \"AddressLine2\": \"Address Line 2\"\n" + - " }\n" + - "}\n" + """ + { + "PersonFirstName": "First Name", + "PersonLastName": "Last Name", + "PersonAddress": { + "AddressLine1": "Address Line 1", + "AddressLine2": "Address Line 2" + } + } + """ ); - Map data = JacksonUtils.convertValue(DATA); + Map data = JacksonUtils.convertValue(DATA); caseDetailsToSave.setData(data); - final String token = generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, CREATE_EVENT_ID); + final String token = generateEventTokenNewCase(UID, JURISDICTION, + "TestAddressBookCaseNoReadCaseTypeAccess", CREATE_EVENT_ID); caseDetailsToSave.setToken(token); @@ -3730,7 +3737,7 @@ private void shouldReturn201WithEmptyBodyWhenPostCreateCaseWithNoReadAccessOnCas ).andExpect(status().is(201)) .andReturn(); - assertThat(mvcResult.getResponse().getContentAsString(), CoreMatchers.is(isEmptyString())); + assertThat(mvcResult.getResponse().getContentAsString(), CoreMatchers.is(emptyString())); } private void shouldReturn201WithEmptyBodyWhenPostCreateCaseEventWithNoCaseTypeReadAccess(String userRole) @@ -3741,7 +3748,8 @@ private void shouldReturn201WithEmptyBodyWhenPostCreateCaseEventWithNoCaseTypeRe + "/cases/" + caseReference + "/events"; final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); - final String token = generateEventToken(template, UID, JURISDICTION, CASE_TYPE, caseReference, TEST_EVENT_ID); + final String token = generateEventToken(template, UID, JURISDICTION, + "TestAddressBookCaseNoReadCaseTypeAccess", caseReference, TEST_EVENT_ID); caseDetailsToSave.setToken(token); caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); final JsonNode data = mapper.readTree("{" + @@ -3762,7 +3770,7 @@ private void shouldReturn201WithEmptyBodyWhenPostCreateCaseEventWithNoCaseTypeRe .andReturn(); String response = mvcResult.getResponse().getContentAsString(); - assertThat(response, CoreMatchers.is(isEmptyString())); + assertThat(response, CoreMatchers.is(emptyString())); } @@ -3774,7 +3782,8 @@ private void shouldReturn201WithFieldRemovedWhenPostCreateCaseEventWithNoFieldRe + "/cases/" + caseReference + "/events"; final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); - final String token = generateEventToken(template, UID, JURISDICTION, CASE_TYPE, caseReference, TEST_EVENT_ID); + final String token = generateEventToken(template, UID, JURISDICTION, + "TestAddressBookCaseNoReadFieldAccess", caseReference, TEST_EVENT_ID); caseDetailsToSave.setToken(token); caseDetailsToSave.setEvent(createEvent(TEST_EVENT_ID, SUMMARY, DESCRIPTION)); final JsonNode data = mapper.readTree("{" + @@ -3896,26 +3905,27 @@ private void shouldReturn200WithNoCaseDataWhenGetTokenForStartEventWithNoCaseTyp .andExpect(status().is(200)) .andReturn(); - String expected = "{ \n" + - " \"case_details\":{ \n" + - " \"id\":1504259907353610,\n" + - " \"jurisdiction\":\"PROBATE\",\n" + - " \"state\":\"CaseCreated\",\n" + - " \"case_type_id\":\"TestAddressBookCaseNoReadCaseTypeAccess\",\n" + - " \"last_modified\":null,\n" + - " \"security_classification\":\"PUBLIC\",\n" + - " \"case_data\":{ \n" + - "\n" + - " },\n" + - " \"data_classification\":{ \n" + - "\n" + - " },\n" + - " \"after_submit_callback_response\":null,\n" + - " \"callback_response_status_code\":null,\n" + - " \"callback_response_status\":null\n" + - " },\n" + - " \"event_id\":\"TEST_EVENT\"\n" + - "}"; + String expected = """ + { \s + "case_details":{ \s + "id":1504259907353610, + "jurisdiction":"PROBATE", + "state":"CaseCreated", + "case_type_id":"TestAddressBookCaseNoReadCaseTypeAccess", + "last_modified":null, + "security_classification":"PUBLIC", + "case_data":{ \s + + }, + "data_classification":{ \s + + }, + "after_submit_callback_response":null, + "callback_response_status_code":null, + "callback_response_status":null + }, + "event_id":"TEST_EVENT" + }"""; String actual = mvcResult.getResponse().getContentAsString(); assertAll( () -> JSONAssert.assertEquals(expected, actual, JSONCompareMode.LENIENT), @@ -3967,7 +3977,7 @@ public void shouldReturn201AndInsertCaseLinksWhenCreateCaseEvent() caseDetailsToSave.setEvent(createEvent(PRE_STATES_EVENT_ID, SUMMARY, DESCRIPTION)); final String token = generateEventToken(template, - UID, JURISDICTION, CASE_TYPE, reference, PRE_STATES_EVENT_ID); + UID, JURISDICTION, "TestAddressBookCaseCaseLinks", reference, PRE_STATES_EVENT_ID); caseDetailsToSave.setToken(token); final JsonNode data = mapper.readTree( @@ -4038,7 +4048,7 @@ public void shouldReturn201AndDeleteCaseLinksWhenCreateCaseEvent() caseDetailsToSave.setEvent(createEvent(PRE_STATES_EVENT_ID, SUMMARY, DESCRIPTION)); final String token = generateEventToken(template, - UID, JURISDICTION, CASE_TYPE, reference, PRE_STATES_EVENT_ID); + UID, JURISDICTION, "TestAddressBookCaseCaseLinks", reference, PRE_STATES_EVENT_ID); caseDetailsToSave.setToken(token); mockMvc.perform(post(URL).contentType(JSON_CONTENT_TYPE) @@ -5525,7 +5535,8 @@ private void shouldReturn201WithCaseLinksInsertedInDbWhenPostCreateCaseEventWith + CASE_TYPE_CASELINK + "/cases"; final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); caseDetailsToSave.setEvent(createEvent("TEST_EVENT_NO_PRE_STATE", SUMMARY, DESCRIPTION)); - final String token = generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, "TEST_EVENT_NO_PRE_STATE"); + final String token = generateEventTokenNewCase(UID, JURISDICTION, + "TestAddressBookCaseCaseLinks", "TEST_EVENT_NO_PRE_STATE"); caseDetailsToSave.setToken(token); @@ -5582,7 +5593,8 @@ public void shouldReturn422BadRequestWhenCaseLinksSpecifiedDoesNotExist() + CASE_TYPE_CASELINK + "/cases"; final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); caseDetailsToSave.setEvent(createEvent("TEST_EVENT_NO_PRE_STATE", SUMMARY, DESCRIPTION)); - final String token = generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, "TEST_EVENT_NO_PRE_STATE"); + final String token = generateEventTokenNewCase(UID, JURISDICTION, + "TestAddressBookCaseCaseLinks", "TEST_EVENT_NO_PRE_STATE"); caseDetailsToSave.setToken(token); final JsonNode data = mapper.readTree( @@ -5629,7 +5641,8 @@ public void shouldReturn201CaseCreatedButNotInsertCaseLinkInDBWhenCaseLinkIsBLan + CASE_TYPE_CASELINK + "/cases"; final CaseDataContent caseDetailsToSave = newCaseDataContent().build(); caseDetailsToSave.setEvent(createEvent("TEST_EVENT_NO_PRE_STATE", SUMMARY, DESCRIPTION)); - final String token = generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, "TEST_EVENT_NO_PRE_STATE"); + final String token = generateEventTokenNewCase(UID, JURISDICTION, + "TestAddressBookCaseCaseLinks", "TEST_EVENT_NO_PRE_STATE"); caseDetailsToSave.setToken(token); final JsonNode data = mapper.readTree( diff --git a/src/test/java/uk/gov/hmcts/ccd/v2/external/controller/CaseControllerTestIT.java b/src/test/java/uk/gov/hmcts/ccd/v2/external/controller/CaseControllerTestIT.java index cfeeb1cd8a..25e0368406 100644 --- a/src/test/java/uk/gov/hmcts/ccd/v2/external/controller/CaseControllerTestIT.java +++ b/src/test/java/uk/gov/hmcts/ccd/v2/external/controller/CaseControllerTestIT.java @@ -425,7 +425,8 @@ void shouldPopulateMultipleSearchCriteriaAndSearchPartiesPostCreateEvent() throw .withEventId("HAS_PRE_STATES_EVENT") .withSummary("Short comment") .build()) - .withToken(generateEventTokenNewCase(UID, JURISDICTION, CASE_TYPE, "HAS_PRE_STATES_EVENT")) + .withToken(generateEventTokenNewCase(UID, JURISDICTION, + "MultipleSearchCriteriaAndSearchParties", "HAS_PRE_STATES_EVENT")) .withData(GlobalSearchTestFixture.createCaseData()) .build(); diff --git a/src/test/resources/test.properties b/src/test/resources/test.properties index 73673c7f93..80064390e2 100644 --- a/src/test/resources/test.properties +++ b/src/test/resources/test.properties @@ -49,3 +49,5 @@ reference.data.cache.refresh.rate.cron=- definition-store.retry.maxAttempts=5 definition-store.retry.maxDelay=100 + +token.claim.validation.enabled=true From faae9daa22413b1389490f2bf6138485bdc4cf82 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Wed, 19 Jun 2024 15:18:23 +0100 Subject: [PATCH 03/10] replace master.caseworker@gmail.com credentials with alias BeftaMasterCaseworker in FT scenarios --- .../F-113_Case_Data_Create_Token_Creation.td.json | 3 +-- .../F-113 - CaseLinking/F-113_Test_Data_Base.td.json | 6 ++---- .../F-114_Case_Data_Create_Token_Creation.td.json | 3 +-- .../F-114 - Notice Of Change/F-114_Test_Data_Base.td.json | 6 ++---- .../F-127 - Even Enabling Condition/S-127.1.td.json | 3 +-- .../F-127 - Even Enabling Condition/S-127.2.td.json | 3 +-- .../common/FT_Create_Case_EventEnablingCondition.td.json | 3 +-- .../FT_Create_Case_EventEnablingCondition_NotMatch.td.json | 3 +-- .../common/S-127-GetToken_CaseCreate.td.json | 3 +-- .../F-128 - Dynamic Lists/F-128_Test_Data_Base.td.json | 6 ++---- .../F-130_Get_Event_Token_Base.td.json | 3 +-- .../F-130_Test_Data_Base.td.json | 3 +-- .../F-131.5_CreateCase.td.json | 3 +-- .../F-131_CreateCase.td.json | 3 +-- .../F-131_Test_Data_Base.td.json | 3 +-- .../F-131_Token_Creation_Base.td.json | 3 +-- .../S-131.5_CreateCase_Token_Creation.td.json | 3 +-- .../F-132 - AC CRUD external getEvent/F-132.2.td.json | 3 +-- .../F-132_Event_Creation_Base.td.json | 3 +-- .../F-132_Token_Creation_Base.td.json | 3 +-- .../F-134_Test_Data_Base.td.json | 3 +-- .../F-138_Test_Data_Base.td.json | 3 +-- .../F-139_CreateCase_Token_Creation.td.json | 3 +-- .../S-139.2_CreateCase.td.json | 3 +-- 24 files changed, 27 insertions(+), 54 deletions(-) diff --git a/src/aat/resources/features/F-113 - CaseLinking/F-113_Case_Data_Create_Token_Creation.td.json b/src/aat/resources/features/F-113 - CaseLinking/F-113_Case_Data_Create_Token_Creation.td.json index b1c412c452..4e95076f5b 100644 --- a/src/aat/resources/features/F-113 - CaseLinking/F-113_Case_Data_Create_Token_Creation.td.json +++ b/src/aat/resources/features/F-113 - CaseLinking/F-113_Case_Data_Create_Token_Creation.td.json @@ -6,8 +6,7 @@ ], "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, "request": { diff --git a/src/aat/resources/features/F-113 - CaseLinking/F-113_Test_Data_Base.td.json b/src/aat/resources/features/F-113 - CaseLinking/F-113_Test_Data_Base.td.json index 1b3cbec2b0..6a005103f0 100644 --- a/src/aat/resources/features/F-113 - CaseLinking/F-113_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-113 - CaseLinking/F-113_Test_Data_Base.td.json @@ -10,13 +10,11 @@ ], "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" }, "request": { diff --git a/src/aat/resources/features/F-114 - Notice Of Change/F-114_Case_Data_Create_Token_Creation.td.json b/src/aat/resources/features/F-114 - Notice Of Change/F-114_Case_Data_Create_Token_Creation.td.json index d3a467084e..555511c5d0 100644 --- a/src/aat/resources/features/F-114 - Notice Of Change/F-114_Case_Data_Create_Token_Creation.td.json +++ b/src/aat/resources/features/F-114 - Notice Of Change/F-114_Case_Data_Create_Token_Creation.td.json @@ -6,8 +6,7 @@ ], "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, "request": { diff --git a/src/aat/resources/features/F-114 - Notice Of Change/F-114_Test_Data_Base.td.json b/src/aat/resources/features/F-114 - Notice Of Change/F-114_Test_Data_Base.td.json index ac3b8f738b..713672a62c 100644 --- a/src/aat/resources/features/F-114 - Notice Of Change/F-114_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-114 - Notice Of Change/F-114_Test_Data_Base.td.json @@ -10,13 +10,11 @@ ], "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" }, "request": { diff --git a/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.1.td.json b/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.1.td.json index 1bd69991e9..8e6e337231 100644 --- a/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.1.td.json +++ b/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.1.td.json @@ -15,8 +15,7 @@ }, "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_BEFTA_MASTER_CASEWORKER_PWD]]" + "_extends_": "BeftaMasterCaseworker" }, "expectedResponse": { diff --git a/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.2.td.json b/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.2.td.json index 40a5bb8e81..80c2a5d5aa 100644 --- a/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.2.td.json +++ b/src/aat/resources/features/F-127 - Even Enabling Condition/S-127.2.td.json @@ -15,8 +15,7 @@ }, "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_BEFTA_MASTER_CASEWORKER_PWD]]" + "_extends_": "BeftaMasterCaseworker" }, "expectedResponse": { diff --git a/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition.td.json b/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition.td.json index fd16fab19e..b2b374e640 100644 --- a/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition.td.json +++ b/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition.td.json @@ -12,8 +12,7 @@ ], "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_BEFTA_MASTER_CASEWORKER_PWD]]" + "_extends_": "BeftaMasterCaseworker" }, "request": { diff --git a/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition_NotMatch.td.json b/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition_NotMatch.td.json index 7d8ad0ee9e..84b942ca84 100644 --- a/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition_NotMatch.td.json +++ b/src/aat/resources/features/F-127 - Even Enabling Condition/common/FT_Create_Case_EventEnablingCondition_NotMatch.td.json @@ -12,8 +12,7 @@ ], "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_BEFTA_MASTER_CASEWORKER_PWD]]" + "_extends_": "BeftaMasterCaseworker" }, "request": { diff --git a/src/aat/resources/features/F-127 - Even Enabling Condition/common/S-127-GetToken_CaseCreate.td.json b/src/aat/resources/features/F-127 - Even Enabling Condition/common/S-127-GetToken_CaseCreate.td.json index eab08be414..3acbbb0511 100644 --- a/src/aat/resources/features/F-127 - Even Enabling Condition/common/S-127-GetToken_CaseCreate.td.json +++ b/src/aat/resources/features/F-127 - Even Enabling Condition/common/S-127-GetToken_CaseCreate.td.json @@ -16,8 +16,7 @@ }, "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_BEFTA_MASTER_CASEWORKER_PWD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-128 - Dynamic Lists/F-128_Test_Data_Base.td.json b/src/aat/resources/features/F-128 - Dynamic Lists/F-128_Test_Data_Base.td.json index a02d9d67b3..a438907ace 100644 --- a/src/aat/resources/features/F-128 - Dynamic Lists/F-128_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-128 - Dynamic Lists/F-128_Test_Data_Base.td.json @@ -10,13 +10,11 @@ ], "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, "user": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" }, "request": { diff --git a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json index 928bbb05ef..2c27b29a7e 100644 --- a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json +++ b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Get_Event_Token_Base.td.json @@ -13,8 +13,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Test_Data_Base.td.json b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Test_Data_Base.td.json index 750d95db52..638949c838 100644 --- a/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-130 - AC CRUD external createCase/F-130_Test_Data_Base.td.json @@ -12,8 +12,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131.5_CreateCase.td.json b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131.5_CreateCase.td.json index d8aad3309f..6791933705 100644 --- a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131.5_CreateCase.td.json +++ b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131.5_CreateCase.td.json @@ -10,8 +10,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_CreateCase.td.json b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_CreateCase.td.json index 3baec1cce4..ff27e8601a 100644 --- a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_CreateCase.td.json +++ b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_CreateCase.td.json @@ -12,8 +12,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Test_Data_Base.td.json b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Test_Data_Base.td.json index e2b9c90034..41d92dc89e 100644 --- a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Test_Data_Base.td.json @@ -12,8 +12,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Token_Creation_Base.td.json b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Token_Creation_Base.td.json index 8c2e7c1183..2440878972 100644 --- a/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Token_Creation_Base.td.json +++ b/src/aat/resources/features/F-131 - AC CRUD external createEvent/F-131_Token_Creation_Base.td.json @@ -15,8 +15,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json index 691005e545..78da47934e 100644 --- a/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-131 - AC CRUD external createEvent/S-131.5_CreateCase_Token_Creation.td.json @@ -14,8 +14,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132.2.td.json b/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132.2.td.json index 836e68dfe4..6319fb9f28 100644 --- a/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132.2.td.json +++ b/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132.2.td.json @@ -14,8 +14,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Event_Creation_Base.td.json b/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Event_Creation_Base.td.json index 51b41c062a..b6076c74ce 100644 --- a/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Event_Creation_Base.td.json +++ b/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Event_Creation_Base.td.json @@ -13,8 +13,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Token_Creation_Base.td.json b/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Token_Creation_Base.td.json index 7b2f819238..7672367eca 100644 --- a/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Token_Creation_Base.td.json +++ b/src/aat/resources/features/F-132 - AC CRUD external getEvent/F-132_Token_Creation_Base.td.json @@ -15,8 +15,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-134 - AC CRUD internal jurisdictions/F-134_Test_Data_Base.td.json b/src/aat/resources/features/F-134 - AC CRUD internal jurisdictions/F-134_Test_Data_Base.td.json index 603fcc7694..40b01694dc 100644 --- a/src/aat/resources/features/F-134 - AC CRUD internal jurisdictions/F-134_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-134 - AC CRUD internal jurisdictions/F-134_Test_Data_Base.td.json @@ -18,8 +18,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_Test_Data_Base.td.json b/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_Test_Data_Base.td.json index ccbf9cf5df..86b6836b04 100644 --- a/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_Test_Data_Base.td.json +++ b/src/aat/resources/features/F-138 - AC CRUD internal case-history/F-138_Test_Data_Base.td.json @@ -11,8 +11,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json b/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json index ad83324bb7..32863ec3bd 100644 --- a/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json +++ b/src/aat/resources/features/F-139 - AC CRUD internal case view/F-139_CreateCase_Token_Creation.td.json @@ -13,8 +13,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, diff --git a/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json b/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json index 71cfb91235..d80335f42b 100644 --- a/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json +++ b/src/aat/resources/features/F-139 - AC CRUD internal case view/S-139.2_CreateCase.td.json @@ -12,8 +12,7 @@ "users": { "invokingUser": { - "username": "master.caseworker@gmail.com", - "password": "[[$CCD_CASEWORKER_AUTOTEST_PASSWORD]]" + "_extends_": "BeftaMasterCaseworker" } }, From 951abd7ec823b892a713e6ed3a598f10b7d2f237 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Wed, 20 Nov 2024 11:10:41 +0000 Subject: [PATCH 04/10] remove unused import --- src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java b/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java index 6483377b16..8d93be0ba9 100644 --- a/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java +++ b/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java @@ -12,8 +12,6 @@ import java.util.Base64; import java.util.List; -import static java.util.stream.Collectors.toList; - @Named @Singleton public class ApplicationParams { From d7e065506d2f198afec90f4692d5d66b8410400b Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Fri, 22 Nov 2024 14:57:16 +0000 Subject: [PATCH 05/10] improve exceptions --- .../domain/service/callbacks/EventTokenService.java | 5 ++--- .../service/callbacks/EventTokenServiceTest.java | 12 ++++++------ .../uk/gov/hmcts/ccd/endpoint/std/CallbackTest.java | 4 ++-- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java index 0a431e822f..6060fe273a 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java @@ -9,7 +9,6 @@ import uk.gov.hmcts.ccd.domain.service.common.CaseService; import uk.gov.hmcts.ccd.endpoint.exceptions.BadRequestException; import uk.gov.hmcts.ccd.endpoint.exceptions.EventTokenException; -import uk.gov.hmcts.ccd.endpoint.exceptions.ResourceNotFoundException; import uk.gov.hmcts.ccd.infrastructure.RandomKeyGenerator; import java.util.Date; @@ -94,7 +93,7 @@ public EventTokenProperties parseToken(final String token) { toString(claims.get(EventTokenProperties.ENTITY_VERSION))); } catch (ExpiredJwtException | SignatureException e) { - throw new EventTokenException("Token is not valid"); + throw new EventTokenException("Token is not valid: " + e.getMessage()); } } @@ -121,7 +120,7 @@ public void validateToken(final String token, if (isValidateTokenClaims && !isTokenPropertiesMatching(eventTokenProperties, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)) { - throw new ResourceNotFoundException("Cannot find matching start trigger"); + throw new EventTokenException("Token properties do not match the expected values"); } if (eventTokenProperties.getEntityVersion() != null) { diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java index 4aceb7af14..0574bdba8d 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java @@ -22,7 +22,7 @@ import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; import uk.gov.hmcts.ccd.domain.model.definition.JurisdictionDefinition; import uk.gov.hmcts.ccd.endpoint.exceptions.BadRequestException; -import uk.gov.hmcts.ccd.endpoint.exceptions.ResourceNotFoundException; +import uk.gov.hmcts.ccd.endpoint.exceptions.EventTokenException; class EventTokenServiceTest { @@ -274,7 +274,7 @@ public void testValidateToken_InvalidTokenConditionsEventIdNotMet() { doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); - assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + assertThrows(EventTokenException.class, () -> spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); } @@ -291,7 +291,7 @@ public void testValidateToken_InvalidTokenConditionsCaseIdNotMet() { doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); - assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + assertThrows(EventTokenException.class, () -> spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); } @@ -308,7 +308,7 @@ public void testValidateToken_InvalidTokenConditionsJurisdictionIdNotMet() { doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); - assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + assertThrows(EventTokenException.class, () -> spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); } @@ -325,7 +325,7 @@ public void testValidateToken_InvalidTokenConditionsCaseTypeIdNotMet() { doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); - assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + assertThrows(EventTokenException.class, () -> spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); } @@ -343,7 +343,7 @@ public void testValidateToken_InvalidTokenConditionsUidNotMet() { doReturn(eventTokenProperties).when(spyEventTokenService).parseToken(token); uid = "differentUid"; - assertThrows(ResourceNotFoundException.class, () -> spyEventTokenService.validateToken(token, uid, + assertThrows(EventTokenException.class, () -> spyEventTokenService.validateToken(token, uid, caseDetails, event, jurisdictionDefinition, caseTypeDefinition)); } diff --git a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CallbackTest.java b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CallbackTest.java index a289fea297..cd7e90ac8a 100644 --- a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CallbackTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CallbackTest.java @@ -1377,7 +1377,7 @@ public void shouldReturn404WhenPostCreateEventWithInvalidEventTokenForCaseworker .content(mapper.writeValueAsBytes(caseDetailsToSave)) ).andReturn(); - assertEquals("Did not catch invalid token", 404, mvcResult.getResponse().getStatus()); + assertEquals("Did not catch invalid token", 403, mvcResult.getResponse().getStatus()); } @Test @@ -1403,7 +1403,7 @@ public void shouldReturn404WhenPostCreateEventWithInvalidEventTokenForCitizen() .content(mapper.writeValueAsBytes(caseDetailsToSave)) ).andReturn(); - assertEquals("Did not catch invalid token", 404, mvcResult.getResponse().getStatus()); + assertEquals("Did not catch invalid token", 403, mvcResult.getResponse().getStatus()); } @Test From 3622da3b03ad482a847ce1855636f849370a1993 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Fri, 13 Jun 2025 16:03:57 +0100 Subject: [PATCH 06/10] make ACL and ComplexACL immutable with shallow cloning to reduce memory usage from defensive copies of CaseTypeDefinition objects --- .../model/definition/AccessControlList.java | 98 +- .../model/definition/CaseEventDefinition.java | 6 +- .../definition/CaseEventFieldDefinition.java | 2 +- .../model/definition/CaseFieldDefinition.java | 18 +- .../model/definition/CaseStateDefinition.java | 2 +- .../model/definition/CaseTypeDefinition.java | 22 +- .../domain/model/definition/ComplexACL.java | 54 +- .../ccd/domain/model/definition/Copyable.java | 20 +- .../model/definition/FieldTypeDefinition.java | 4 +- .../definition/JurisdictionDefinition.java | 2 +- .../domain/model/definition/WizardPage.java | 2 +- .../model/definition/WizardPageField.java | 2 +- .../DefaultCaseDataAccessControl.java | 6 +- .../AttributeBasedAccessControlService.java | 17 +- .../aggregated/CaseViewFieldBuilderTest.java | 55 +- .../definition/AccessControlListTest.java | 81 +- .../definition/CaseFieldDefinitionTest.java | 48 +- ...orisedGetCaseHistoryViewOperationTest.java | 13 +- ...sedGetCaseTypeDefinitionOperationTest.java | 184 ++- ...edGetCaseTypeDefinitionsOperationTest.java | 208 +-- .../AuthorisedGetCaseViewOperationTest.java | 9 +- .../CaseSearchResultViewGeneratorTest.java | 141 +- .../CaseSearchesViewAccessControlTest.java | 135 +- .../DefaultCaseDataAccessControlTest.java | 9 +- ...seudoRoleToAccessProfileGeneratorTest.java | 4 +- .../AccessControlServiceFilterTest.java | 666 ++++----- .../common/AccessControlServiceTest.java | 1202 ++++++++--------- ...ttributeBasedAccessControlServiceTest.java | 32 +- .../CompoundAccessControlServiceTest.java | 568 ++++---- .../service/common/TestBuildersUtil.java | 75 +- .../globalsearch/GlobalSearchParserTest.java | 56 +- 31 files changed, 1895 insertions(+), 1846 deletions(-) diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlList.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlList.java index 68ed7c0112..f09b9636ff 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlList.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlList.java @@ -4,60 +4,57 @@ import com.fasterxml.jackson.annotation.JsonGetter; import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonProperty; -import java.io.Serializable; - +import com.fasterxml.jackson.annotation.JsonCreator; +import lombok.Builder; -public class AccessControlList implements Serializable, Copyable { - - private String accessProfile; - private boolean create; - private boolean read; - private boolean update; - private boolean delete; +import java.io.Serializable; +import java.util.Objects; + +public class AccessControlList implements Serializable { + + private final String accessProfile; + private final boolean create; + private final boolean read; + private final boolean update; + private final boolean delete; + + @JsonCreator + @Builder + public AccessControlList( + @JsonProperty("accessProfile") @JsonAlias("role") String accessProfile, + @JsonProperty("create") boolean create, + @JsonProperty("read") boolean read, + @JsonProperty("update") boolean update, + @JsonProperty("delete") boolean delete + ) { + this.accessProfile = accessProfile; + this.create = create; + this.read = read; + this.update = update; + this.delete = delete; + } @JsonGetter("role") public String getAccessProfile() { return accessProfile; } - @JsonProperty("accessProfile") - @JsonAlias("role") - public void setAccessProfile(String accessProfile) { - this.accessProfile = accessProfile; - } - public boolean isCreate() { return create; } - public void setCreate(boolean create) { - this.create = create; - } - public boolean isRead() { return read; } - public void setRead(boolean read) { - this.read = read; - } - public boolean isUpdate() { return update; } - public void setUpdate(boolean update) { - this.update = update; - } - public boolean isDelete() { return delete; } - public void setDelete(boolean delete) { - this.delete = delete; - } - @Override public String toString() { return "ACL{" @@ -67,15 +64,36 @@ public String toString() { + '}'; } - @JsonIgnore @Override - public AccessControlList createCopy() { - AccessControlList copy = new AccessControlList(); - copy.setAccessProfile(this.accessProfile); - copy.setCreate(this.create); - copy.setRead(this.read); - copy.setUpdate(this.update); - copy.setDelete(this.delete); - return copy; + public boolean equals(Object o) { + if (this == o) { + return true; + } + + if (!(o instanceof AccessControlList that)) { + return false; + } + + return create == that.create + && read == that.read + && update == that.update + && delete == that.delete + && Objects.equals(accessProfile, that.accessProfile); + } + + @Override + public int hashCode() { + return Objects.hash(accessProfile, create, read, update, delete); + } + + @JsonIgnore + public AccessControlList duplicate() { + return AccessControlList.builder() + .accessProfile(this.accessProfile) + .create(this.create) + .read(this.read) + .update(this.update) + .delete(this.delete) + .build(); } } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventDefinition.java index 9780889178..4b344a9749 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventDefinition.java @@ -246,16 +246,16 @@ public CaseEventDefinition createCopy() { copy.setName(this.getName()); copy.setDescription(this.getDescription()); copy.setDisplayOrder(this.getDisplayOrder()); - copy.setCaseFields(createCopyList(this.getCaseFields())); + copy.setCaseFields(createDeepCopyList(this.getCaseFields())); copy.setPreStates(this.getPreStates() != null ? new ArrayList<>(this.getPreStates()) : null); - copy.setPostStates(createCopyList(this.getPostStates())); + copy.setPostStates(createDeepCopyList(this.getPostStates())); copy.setRetriesTimeoutAboutToStartEvent(this.getRetriesTimeoutAboutToStartEvent() != null ? new ArrayList<>(this.getRetriesTimeoutAboutToStartEvent()) : null); copy.setRetriesTimeoutURLAboutToSubmitEvent(this.getRetriesTimeoutURLAboutToSubmitEvent() != null ? new ArrayList<>(this.getRetriesTimeoutURLAboutToSubmitEvent()) : null); copy.setRetriesTimeoutURLSubmittedEvent(this.getRetriesTimeoutURLSubmittedEvent() != null ? new ArrayList<>(this.getRetriesTimeoutURLSubmittedEvent()) : null); - copy.setAccessControlLists(createACLCopyList(this.getAccessControlLists())); + copy.setAccessControlLists(createShallowCopyList(this.getAccessControlLists())); copy.setCallBackURLAboutToStartEvent(this.getCallBackURLAboutToStartEvent()); copy.setCallBackURLAboutToSubmitEvent(this.getCallBackURLAboutToSubmitEvent()); copy.setCallBackURLSubmittedEvent(this.getCallBackURLSubmittedEvent()); diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventFieldDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventFieldDefinition.java index 91974fc8fd..db2c1521fd 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventFieldDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseEventFieldDefinition.java @@ -198,7 +198,7 @@ public CaseEventFieldDefinition createCopy() { copy.setRetainHiddenValue(this.getRetainHiddenValue()); copy.setPublish(this.getPublish()); copy.setPublishAs(this.getPublishAs()); - copy.setCaseEventFieldComplexDefinitions(createCopyList(this.getCaseEventFieldComplexDefinitions())); + copy.setCaseEventFieldComplexDefinitions(createDeepCopyList(this.getCaseEventFieldComplexDefinitions())); copy.setDefaultValue(this.getDefaultValue()); copy.setNullifyByDefault(this.getNullifyByDefault()); diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinition.java index 4a43f76c2d..bb2aa56afb 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinition.java @@ -230,7 +230,7 @@ private static void propagateACLsToNestedFields(CommonField caseField, List { final List cloneACLs = - acls.stream().map(AccessControlList::createCopy).collect(toList()); + acls.stream().map(AccessControlList::duplicate).collect(toList()); nestedField.setAccessControlLists(cloneACLs); propagateACLsToNestedFields(nestedField, acls); }); @@ -376,8 +376,8 @@ public CaseFieldDefinition createCopy() { copy.setLiveUntil(this.getLiveUntil()); copy.setOrder(this.getOrder()); copy.setShowCondition(this.getShowCondition()); - copy.setAccessControlLists(createACLCopyList(this.getAccessControlLists())); - copy.setComplexACLs(deepCopyComplexACLs(this.getComplexACLs())); + copy.setAccessControlLists(createShallowCopyList(this.getAccessControlLists())); + copy.setComplexACLs(createShallowCopyList(this.getComplexACLs())); copy.setMetadata(this.isMetadata()); copy.setDisplayContext(this.getDisplayContext()); copy.setDisplayContextParameter(this.getDisplayContextParameter()); @@ -387,16 +387,4 @@ public CaseFieldDefinition createCopy() { return copy; } - - private List deepCopyComplexACLs(List complexACLs) { - if (complexACLs == null || complexACLs.isEmpty()) { - return complexACLs; - } - - List copiedACLs = new ArrayList<>(complexACLs.size()); - for (ComplexACL acl : complexACLs) { - copiedACLs.add(acl.deepCopy()); - } - return copiedACLs; - } } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseStateDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseStateDefinition.java index ec47b10c36..9b2b261558 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseStateDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseStateDefinition.java @@ -92,7 +92,7 @@ public CaseStateDefinition createCopy() { copy.setDescription(this.getDescription()); copy.setDisplayOrder(this.getDisplayOrder()); copy.setTitleDisplay(this.getTitleDisplay()); - copy.setAccessControlLists(createACLCopyList(this.getAccessControlLists())); + copy.setAccessControlLists(createShallowCopyList(this.getAccessControlLists())); return copy; } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseTypeDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseTypeDefinition.java index f88547b2a8..8e08ab0465 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseTypeDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/CaseTypeDefinition.java @@ -292,21 +292,21 @@ public CaseTypeDefinition createCopy() { copy.setJurisdictionDefinition(this.getJurisdictionDefinition() != null ? this.getJurisdictionDefinition().createCopy() : null); copy.setSecurityClassification(this.getSecurityClassification()); - copy.setEvents(createCopyList(this.getEvents())); - copy.setStates(createCopyList(this.getStates())); - copy.setCaseFieldDefinitions(createCopyList(this.getCaseFieldDefinitions())); + copy.setEvents(createDeepCopyList(this.getEvents())); + copy.setStates(createDeepCopyList(this.getStates())); + copy.setCaseFieldDefinitions(createDeepCopyList(this.getCaseFieldDefinitions())); copy.setPrintableDocumentsUrl(this.getPrintableDocumentsUrl()); - copy.setAccessControlLists(createACLCopyList(this.getAccessControlLists())); + copy.setAccessControlLists(createShallowCopyList(this.getAccessControlLists())); copy.setCallbackGetCaseUrl(this.getCallbackGetCaseUrl()); copy.setRetriesGetCaseUrl(this.getRetriesGetCaseUrl() != null ? new ArrayList<>(this.getRetriesGetCaseUrl()) : null); - copy.setSearchAliasFields(createCopyList(this.getSearchAliasFields())); - copy.setSearchParties(createCopyList(this.getSearchParties())); - copy.setSearchCriterias(createCopyList(this.getSearchCriterias())); - copy.setCategories(createCopyList(this.getCategories())); - copy.setRoleToAccessProfiles(createCopyList(this.getRoleToAccessProfiles())); - copy.setAccessTypeRoleDefinitions(createCopyList(this.getAccessTypeRoleDefinitions())); - copy.setAccessTypeDefinitions(createCopyList(this.getAccessTypeDefinitions())); + copy.setSearchAliasFields(createDeepCopyList(this.getSearchAliasFields())); + copy.setSearchParties(createDeepCopyList(this.getSearchParties())); + copy.setSearchCriterias(createDeepCopyList(this.getSearchCriterias())); + copy.setCategories(createDeepCopyList(this.getCategories())); + copy.setRoleToAccessProfiles(createDeepCopyList(this.getRoleToAccessProfiles())); + copy.setAccessTypeRoleDefinitions(createDeepCopyList(this.getAccessTypeRoleDefinitions())); + copy.setAccessTypeDefinitions(createDeepCopyList(this.getAccessTypeDefinitions())); return copy; } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/ComplexACL.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/ComplexACL.java index 60405019f0..f08c36cb5c 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/ComplexACL.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/ComplexACL.java @@ -1,27 +1,51 @@ package uk.gov.hmcts.ccd.domain.model.definition; -import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonAlias; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonProperty; -public class ComplexACL extends AccessControlList { - private String listElementCode; +import java.util.Objects; + +public final class ComplexACL extends AccessControlList { + private final String listElementCode; + + @JsonCreator + public ComplexACL( + @JsonProperty("accessProfile") @JsonAlias("role") String accessProfile, + @JsonProperty("create") boolean create, + @JsonProperty("read") boolean read, + @JsonProperty("update") boolean update, + @JsonProperty("delete") boolean delete, + @JsonProperty("listElementCode") String listElementCode + ) { + super(accessProfile, create, read, update, delete); + this.listElementCode = listElementCode; + } public String getListElementCode() { return listElementCode; } - public void setListElementCode(String listElementCode) { - this.listElementCode = listElementCode; + @Override + public String toString() { + return super.toString() + ", listElementCode='" + listElementCode + "'"; + } + + @Override + public boolean equals(Object o) { + if (!super.equals(o)) { + return false; + } + + if (!(o instanceof ComplexACL that)) { + return false; + } + + return Objects.equals(listElementCode, that.listElementCode); } - @JsonIgnore - public ComplexACL deepCopy() { - ComplexACL copy = new ComplexACL(); - copy.setListElementCode(this.getListElementCode()); - copy.setAccessProfile(this.getAccessProfile()); - copy.setCreate(this.isCreate()); - copy.setRead(this.isRead()); - copy.setUpdate(this.isUpdate()); - copy.setDelete(this.isDelete()); - return copy; + @Override + public int hashCode() { + return Objects.hash(super.hashCode(), listElementCode); } } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/Copyable.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/Copyable.java index 9521559b7e..261e992160 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/Copyable.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/Copyable.java @@ -7,7 +7,7 @@ public interface Copyable { T createCopy(); - default > List createCopyList(List originalList) { + default > List createDeepCopyList(List originalList) { if (originalList == null) { return null; } @@ -19,20 +19,10 @@ default > List createCopyList(List originalList) { return copyList; } - default List createACLCopyList(List accessControlLists) { - if (accessControlLists == null || accessControlLists.isEmpty()) { - return accessControlLists; - } - - List copiedACLs = new ArrayList<>(accessControlLists.size()); - for (AccessControlList accessControlList : accessControlLists) { - if (accessControlList instanceof ComplexACL) { - copiedACLs.add(((ComplexACL) accessControlList).deepCopy()); - } else { - copiedACLs.add(accessControlList.createCopy()); - } + default List createShallowCopyList(List originalList) { + if (originalList == null) { + return null; } - - return copiedACLs; + return new ArrayList<>(originalList); } } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/FieldTypeDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/FieldTypeDefinition.java index 5c6b9b8fc1..8c443e12f9 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/FieldTypeDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/FieldTypeDefinition.java @@ -173,8 +173,8 @@ public FieldTypeDefinition createCopy() { copy.setMin(this.min); copy.setMax(this.max); copy.setRegularExpression(this.regularExpression); - copy.setFixedListItemDefinitions(createCopyList(this.fixedListItemDefinitions)); - copy.setComplexFields(createCopyList(this.complexFields)); + copy.setFixedListItemDefinitions(createDeepCopyList(this.fixedListItemDefinitions)); + copy.setComplexFields(createDeepCopyList(this.complexFields)); copy.setCollectionFieldTypeDefinition(this.collectionFieldTypeDefinition != null ? this.collectionFieldTypeDefinition.createCopy() : null); return copy; diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/JurisdictionDefinition.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/JurisdictionDefinition.java index e9507b0162..e61ee4d293 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/JurisdictionDefinition.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/JurisdictionDefinition.java @@ -98,7 +98,7 @@ public JurisdictionDefinition createCopy() { copy.setLiveFrom(this.liveFrom != null ? new Date(this.liveFrom.getTime()) : null); copy.setLiveUntil(this.liveUntil != null ? new Date(this.liveUntil.getTime()) : null); copy.setCaseTypeDefinitions(this.caseTypeDefinitions != null - ? createCopyList(this.caseTypeDefinitions) : null); + ? createDeepCopyList(this.caseTypeDefinitions) : null); return copy; } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPage.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPage.java index 389ec32060..9e47f7c470 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPage.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPage.java @@ -118,7 +118,7 @@ public WizardPage createCopy() { clonedPage.setCallBackURLMidEvent(this.callBackURLMidEvent); clonedPage.setRetriesTimeoutMidEvent(this.retriesTimeoutMidEvent != null ? new ArrayList<>(this.retriesTimeoutMidEvent) : null); - clonedPage.setWizardPageFields(createCopyList(this.wizardPageFields)); + clonedPage.setWizardPageFields(createDeepCopyList(this.wizardPageFields)); return clonedPage; } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPageField.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPageField.java index ac042495e8..430015139b 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPageField.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/definition/WizardPageField.java @@ -63,7 +63,7 @@ public WizardPageField createCopy() { clonedField.setCaseFieldId(this.caseFieldId); clonedField.setOrder(this.order); clonedField.setPageColumnNumber(this.pageColumnNumber); - clonedField.setComplexFieldOverrides(createCopyList(this.complexFieldOverrides)); + clonedField.setComplexFieldOverrides(createDeepCopyList(this.complexFieldOverrides)); return clonedField; } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControl.java b/src/main/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControl.java index 7a873cc635..a2518c610a 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControl.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControl.java @@ -486,8 +486,8 @@ private List generatePostFilteringAccessGrants(CaseDetails caseDetail } private AccessControlList getCreateAccessControlList() { - var accessControlList = new AccessControlList(); - accessControlList.setCreate(true); - return accessControlList; + return AccessControlList.builder() + .create(true) + .build(); } } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlService.java b/src/main/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlService.java index 5e94c2b377..5137e7c4a8 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlService.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlService.java @@ -46,17 +46,10 @@ private List updateAccessControlCRUD(AccessProfile accessProf List accessControlLists) { return accessControlLists .stream() - .filter(acls -> accessProfile.getAccessProfile().equals(acls.getAccessProfile())) - .map(acls -> { - AccessControlList accessControl = acls; - if (accessProfile.getReadOnly()) { - accessControl = acls.createCopy(); - accessControl.setCreate(false); - accessControl.setDelete(false); - accessControl.setUpdate(false); - accessControl.setRead(true); - } - return accessControl; - }).collect(Collectors.toList()); + .filter(acl -> accessProfile.getAccessProfile().equals(acl.getAccessProfile())) + .map(acl -> accessProfile.getReadOnly() + ? new AccessControlList(acl.getAccessProfile(), false, true, false, false) + : acl) + .collect(Collectors.toList()); } } diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/model/aggregated/CaseViewFieldBuilderTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/model/aggregated/CaseViewFieldBuilderTest.java index 5e322a0da5..ee5409919f 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/model/aggregated/CaseViewFieldBuilderTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/model/aggregated/CaseViewFieldBuilderTest.java @@ -35,7 +35,6 @@ import static uk.gov.hmcts.ccd.domain.model.aggregated.CaseViewField.READONLY; import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.COLLECTION; import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.COMPLEX; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.FieldTypeBuilder.aFieldType; @@ -48,12 +47,27 @@ public class CaseViewFieldBuilderTest { private static final String FIRST_NAME = "Patrick"; private static final String LAST_NAME = "Smith"; private static final JsonNodeFactory JSON_NODE_FACTORY = new JsonNodeFactory(false); - private static final AccessControlList acl1 = anAcl().withRole("role1").withCreate(true).withRead(true) - .withUpdate(true).withDelete(false).build(); - private static final AccessControlList acl2 = anAcl().withRole("role2").withCreate(true).withRead(true) - .withUpdate(false).withDelete(true).build(); - private static final AccessControlList acl3 = anAcl().withRole("role3").withCreate(false).withRead(false) - .withUpdate(true).withDelete(false).build(); + private static final AccessControlList acl1 = AccessControlList.builder() + .accessProfile("role1") + .create(true) + .read(true) + .update(true) + .delete(false) + .build(); + private static final AccessControlList acl2 = AccessControlList.builder() + .accessProfile("role2") + .create(true) + .read(true) + .update(false) + .delete(true) + .build(); + private static final AccessControlList acl3 = AccessControlList.builder() + .accessProfile("role3") + .create(false) + .read(false) + .update(true) + .delete(false) + .build(); private static final FieldTypeDefinition TEXT_FIELD_TYPE_DEFINITION = aFieldType().withId("Text").withType("Text") .build(); private static final CaseFieldDefinition CASE_FIELD = newCaseField() @@ -340,12 +354,27 @@ class CaseViewFieldACLTest { private final FieldTypeDefinition familyFieldTypeDefinition = aFieldType().withId(FAMILY).withType(COMPLEX).withComplexField(familyNames).withComplexField(members) .withComplexField(address).build(); - private final AccessControlList acl1 = anAcl().withRole("role1").withCreate(true).withRead(true) - .withUpdate(true).withDelete(false).build(); - private final AccessControlList acl2 = anAcl().withRole("role2").withCreate(true).withRead(true) - .withUpdate(false).withDelete(true).build(); - private final AccessControlList acl3 = anAcl().withRole("role3").withCreate(false).withRead(false) - .withUpdate(true).withDelete(false).build(); + private final AccessControlList acl1 = AccessControlList.builder() + .accessProfile("role1") + .create(true) + .read(true) + .update(true) + .delete(false) + .build(); + private final AccessControlList acl2 = AccessControlList.builder() + .accessProfile("role2") + .create(true) + .read(true) + .update(false) + .delete(true) + .build(); + private final AccessControlList acl3 = AccessControlList.builder() + .accessProfile("role3") + .create(false) + .read(false) + .update(true) + .delete(false) + .build(); private final CaseFieldDefinition family = newCaseField() .withId(FAMILY) .withFieldType(familyFieldTypeDefinition) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlListTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlListTest.java index fdadcdd139..3d1f37c7b4 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlListTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/AccessControlListTest.java @@ -11,13 +11,10 @@ class AccessControlListTest { @Test void shouldValidateAccessControlListParsing() throws JsonProcessingException { - AccessControlList accessControlList = new AccessControlList(); - - accessControlList.setUpdate(false); - accessControlList.setRead(false); - accessControlList.setDelete(false); - accessControlList.setCreate(true); - accessControlList.setAccessProfile("test"); + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile("test") + .create(true) + .build(); ObjectMapper objectMapper = new ObjectMapper(); String value = objectMapper.writeValueAsString(accessControlList); @@ -27,13 +24,14 @@ void shouldValidateAccessControlListParsing() throws JsonProcessingException { @Test void shouldValidateAccessControlListSerializationWithRole() throws JsonProcessingException { - String accessControlJson = "{\n" - + "\t\"role\": \"caseworker-probate-public\",\n" - + "\t\"create\": true,\n" - + "\t\"read\": true,\n" - + "\t\"update\": true,\n" - + "\t\"delete\": false\n" - + "}"; + String accessControlJson = """ + { + "role": "caseworker-probate-public", + "create": true, + "read": true, + "update": true, + "delete": false + }"""; ObjectMapper objectMapper = new ObjectMapper(); AccessControlList value = objectMapper.readValue(accessControlJson, AccessControlList.class); @@ -42,13 +40,14 @@ void shouldValidateAccessControlListSerializationWithRole() throws JsonProcessin @Test void shouldValidateAccessControlListSerializationWithAccessProfile() throws JsonProcessingException { - String accessControlJson = "{\n" - + "\t\"accessProfile\": \"caseworker-probate-public\",\n" - + "\t\"create\": true,\n" - + "\t\"read\": true,\n" - + "\t\"update\": true,\n" - + "\t\"delete\": false\n" - + "}"; + String accessControlJson = """ + { + "accessProfile": "caseworker-probate-public", + "create": true, + "read": true, + "update": true, + "delete": false + }"""; ObjectMapper objectMapper = new ObjectMapper(); AccessControlList value = objectMapper.readValue(accessControlJson, AccessControlList.class); @@ -57,15 +56,12 @@ void shouldValidateAccessControlListSerializationWithAccessProfile() throws Json @Test void shouldCreateDuplicate() { - AccessControlList accessControlList = new AccessControlList(); - - accessControlList.setUpdate(false); - accessControlList.setRead(false); - accessControlList.setDelete(false); - accessControlList.setCreate(true); - accessControlList.setAccessProfile("test"); + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile("test") + .create(true) + .build(); - AccessControlList duplicate = accessControlList.createCopy(); + AccessControlList duplicate = accessControlList.duplicate(); assertNotNull(duplicate); assertEquals(duplicate.getAccessProfile(), accessControlList.getAccessProfile()); @@ -73,27 +69,24 @@ void shouldCreateDuplicate() { @Test void shouldValidateToString() { - AccessControlList accessControlList = new AccessControlList(); + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile("test") + .create(true) + .build(); - accessControlList.setUpdate(false); - accessControlList.setRead(false); - accessControlList.setDelete(false); - accessControlList.setCreate(true); - accessControlList.setAccessProfile("test"); - - assertNotNull("ACL{accessProfile='test', crud=C}", accessControlList.toString()); + assertEquals("ACL{accessProfile='test', crud=C}", accessControlList.toString()); } @Test void shouldValidateToStringWithCRUD() { - AccessControlList accessControlList = new AccessControlList(); - - accessControlList.setUpdate(true); - accessControlList.setRead(true); - accessControlList.setDelete(true); - accessControlList.setCreate(true); - accessControlList.setAccessProfile("test"); + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile("test") + .create(true) + .read(true) + .update(true) + .delete(true) + .build(); assertEquals("ACL{accessProfile='test', crud=CRUD}", accessControlList.toString()); } diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinitionTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinitionTest.java index ec75957d1a..3c682f73f4 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinitionTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/model/definition/CaseFieldDefinitionTest.java @@ -22,7 +22,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.COLLECTION; import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.COMPLEX; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.ComplexACLBuilder.aComplexACL; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.FieldTypeBuilder.aFieldType; @@ -174,27 +173,42 @@ public class CaseFieldDefinitionTest { private FieldTypeDefinition familyFieldTypeDefinition = aFieldType().withId(FAMILY).withType(COMPLEX).withComplexField(familyInfo).withComplexField(members).build(); - private AccessControlList acl1 = - anAcl().withRole(ROLE1).withCreate(true).withRead(true).withUpdate(true).withDelete(false).build(); - private AccessControlList acl2 = - anAcl().withRole(ROLE2).withCreate(true).withRead(true).withUpdate(false).withDelete(true).build(); - private AccessControlList acl3 = - anAcl().withRole(ROLE3).withCreate(false).withRead(false).withUpdate(true).withDelete(false).build(); + private AccessControlList acl1 = AccessControlList.builder() + .accessProfile(ROLE1) + .create(true) + .read(true) + .update(true) + .delete(false) + .build(); + private AccessControlList acl2 = AccessControlList.builder() + .accessProfile(ROLE2) + .create(true) + .read(true) + .update(false) + .delete(true) + .build(); + private AccessControlList acl3 = AccessControlList.builder() + .accessProfile(ROLE3) + .create(false) + .read(false) + .update(true) + .delete(false) + .build(); private ComplexACL complexACL1 - = aComplexACL().withListElementCode(MEMBERS).withRole(ROLE1).withCreate(false).withRead(true).withUpdate(true) - .withDelete(false).build(); + = aComplexACL().listElementCode(MEMBERS).accessProfile(ROLE1).create(false).read(true).update(true) + .delete(false).build(); private ComplexACL complexACL2 - = aComplexACL().withListElementCode(MEMBERS + "." + PERSON).withRole(ROLE1).withCreate(false).withRead(true) - .withUpdate(false).withDelete(false).build(); + = aComplexACL().listElementCode(MEMBERS + "." + PERSON).accessProfile(ROLE1).create(false).read(true) + .update(false).delete(false).build(); private ComplexACL complexACL3 - = aComplexACL().withListElementCode(MEMBERS + "." + PERSON + "." + NAME).withRole(ROLE1).withCreate(false) - .withRead(true).withUpdate(false).withDelete(false).build(); + = aComplexACL().listElementCode(MEMBERS + "." + PERSON + "." + NAME).accessProfile(ROLE1).create(false) + .read(true).update(false).delete(false).build(); private ComplexACL complexACL4 - = aComplexACL().withListElementCode(FAMILY_INFO).withRole(ROLE1).withCreate(true).withRead(true) - .withUpdate(true).withDelete(false).build(); + = aComplexACL().listElementCode(FAMILY_INFO).accessProfile(ROLE1).create(true).read(true) + .update(true).delete(false).build(); private ComplexACL complexACL5 - = aComplexACL().withListElementCode(FAMILY_INFO + "." + FAMILY_ADDRESS).withRole(ROLE1).withCreate(true) - .withRead(true).withUpdate(false).withDelete(false).build(); + = aComplexACL().listElementCode(FAMILY_INFO + "." + FAMILY_ADDRESS).accessProfile(ROLE1).create(true) + .read(true).update(false).delete(false).build(); private CaseFieldDefinition family; @BeforeEach diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseHistoryViewOperationTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseHistoryViewOperationTest.java index 8daece84f5..081f4ae610 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseHistoryViewOperationTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseHistoryViewOperationTest.java @@ -164,12 +164,13 @@ private static Set createAccessProfiles(Set userRoles) { private static List createAccessControlList(Set userRoles) { return userRoles.stream() - .map(userRole -> { - AccessControlList controlList = new AccessControlList(); - controlList.setAccessProfile(userRole); - controlList.setRead(true); - return controlList; - }) + .map(userRole -> AccessControlList.builder() + .accessProfile(userRole) + .create(false) + .read(true) + .update(false) + .delete(false) + .build()) .toList(); } diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionOperationTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionOperationTest.java index 899aecb108..a5fa4ebc0a 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionOperationTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionOperationTest.java @@ -10,6 +10,7 @@ import org.mockito.Mock; import org.mockito.MockitoAnnotations; import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.AccessProfile; +import uk.gov.hmcts.ccd.domain.model.definition.AccessControlList; import uk.gov.hmcts.ccd.domain.model.definition.CaseEventDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseFieldDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseStateDefinition; @@ -33,7 +34,6 @@ import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_CREATE; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_READ; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_UPDATE; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseEventBuilder.newCaseEvent; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseStateBuilder.newState; @@ -79,90 +79,132 @@ class AuthorisedGetCaseTypeDefinitionOperationTest { private static final CaseStateDefinition CASE_STATE_3_1 = newState().withId(STATE_ID_3_1).build(); private static final CaseStateDefinition CASE_STATE_3_2 = newState().withId(STATE_ID_3_2).build(); private static final CaseEventDefinition CASE_EVENT_1_1 = newCaseEvent().withId(EVENT_ID_1_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(false) + .delete(false) .build()) .build(); private static final CaseEventDefinition CASE_EVENT_1_3 = newCaseEvent().withId(EVENT_ID_1_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(true) + .delete(false) .build()) .build(); + private static final CaseEventDefinition CASE_EVENT_2_3 = newCaseEvent().withId(EVENT_ID_2_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(false) + .delete(false) .build()) .build(); + private static final CaseEventDefinition CASE_EVENT_3_1 = newCaseEvent().withId(EVENT_ID_3_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(false) + .delete(false) .build()) .build(); + private static final CaseEventDefinition CASE_EVENT_3_2 = newCaseEvent().withId(EVENT_ID_3_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(true) + .delete(false) .build()) .build(); + private static final CaseEventDefinition CASE_EVENT_3_3 = newCaseEvent().withId(EVENT_ID_3_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(false) + .delete(false) .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_1_1 = newCaseField().withId(CASE_FIELD_ID_1_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(false) + .update(false) + .delete(false) .build()) .build(); + private static final CaseFieldDefinition CASE_FIELD_1_2 = newCaseField().withId(CASE_FIELD_ID_1_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(false) + .delete(false) .build()) .build(); + private static final CaseFieldDefinition CASE_FIELD_1_3 = newCaseField().withId(CASE_FIELD_ID_1_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(false) + .update(false) + .delete(false) .build()) .build(); + private static final CaseFieldDefinition CASE_FIELD_2_3 = newCaseField().withId(CASE_FIELD_ID_2_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(false) + .delete(false) .build()) .build(); + private static final CaseFieldDefinition CASE_FIELD_3_1 = newCaseField().withId(CASE_FIELD_ID_3_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(true) + .delete(false) .build()) .build(); + private static final CaseFieldDefinition CASE_FIELD_3_2 = newCaseField().withId(CASE_FIELD_ID_3_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(false) + .update(true) + .delete(false) .build()) .build(); + private static final CaseFieldDefinition CASE_FIELD_3_3 = newCaseField().withId(CASE_FIELD_ID_3_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(false) + .delete(false) .build()) .build(); @@ -189,17 +231,17 @@ void setUp() { testCaseTypeDefinition1 = newCaseType() .withId(CASE_TYPE_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .withState(CASE_STATE_1_1) .withState(CASE_STATE_1_2) .withEvent(CASE_EVENT_1_1) .withEvent(newCaseEvent() .withId(EVENT_ID_1_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .withEvent(CASE_EVENT_1_3) @@ -210,35 +252,35 @@ void setUp() { testCaseTypeDefinition2 = newCaseType() .withId(CASE_TYPE_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .withState(CASE_STATE_2_1) .withState(CASE_STATE_2_2) .withEvent(newCaseEvent() .withId(EVENT_ID_2_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withEvent(newCaseEvent().withId(EVENT_ID_2_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withEvent(CASE_EVENT_2_3) .withField(newCaseField().withId(CASE_FIELD_ID_2_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withField(newCaseField().withId(CASE_FIELD_ID_2_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .withField(CASE_FIELD_2_3) @@ -246,11 +288,11 @@ void setUp() { testCaseTypeDefinition3 = newCaseType() .withId(CASE_TYPE_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(true) .build()) .withState(CASE_STATE_3_1) .withState(CASE_STATE_3_2) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionsOperationTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionsOperationTest.java index 244401ad16..75716ebb31 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionsOperationTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseTypeDefinitionsOperationTest.java @@ -11,6 +11,7 @@ import org.mockito.Mock; import org.mockito.MockitoAnnotations; import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.AccessProfile; +import uk.gov.hmcts.ccd.domain.model.definition.AccessControlList; import uk.gov.hmcts.ccd.domain.model.definition.CaseEventDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseFieldDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseStateDefinition; @@ -34,7 +35,6 @@ import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_CREATE; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_READ; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_UPDATE; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseEventBuilder.newCaseEvent; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseStateBuilder.newState; @@ -83,97 +83,97 @@ class AuthorisedGetCaseTypeDefinitionsOperationTest { private static final CaseStateDefinition CASE_STATE_3_1 = newState().withId(STATE_ID_3_1).build(); private static final CaseStateDefinition CASE_STATE_3_2 = newState().withId(STATE_ID_3_2).build(); private static final CaseEventDefinition CASE_EVENT_1_1 = newCaseEvent().withId(EVENT_ID_1_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .build()) .build(); private static final CaseEventDefinition CASE_EVENT_1_2 = newCaseEvent().withId(EVENT_ID_1_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) + .read(true) + .build()) .build(); private static final CaseEventDefinition CASE_EVENT_1_3 = newCaseEvent().withId(EVENT_ID_1_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) + .read(true) + .build()) .build(); private static final CaseEventDefinition CASE_EVENT_2_3 = newCaseEvent().withId(EVENT_ID_2_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .build()) .build(); private static final CaseEventDefinition CASE_EVENT_3_1 = newCaseEvent().withId(EVENT_ID_3_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .build()) .build(); private static final CaseEventDefinition CASE_EVENT_3_2 = newCaseEvent().withId(EVENT_ID_3_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) + .read(true) + .build()) .build(); private static final CaseEventDefinition CASE_EVENT_3_3 = newCaseEvent().withId(EVENT_ID_3_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_1_1 = newCaseField().withId(CASE_FIELD_ID_1_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_1_2 = newCaseField().withId(CASE_FIELD_ID_1_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_1_3 = newCaseField().withId(CASE_FIELD_ID_1_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_2_3 = newCaseField().withId(CASE_FIELD_ID_2_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_3_1 = newCaseField().withId(CASE_FIELD_ID_3_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) + .read(true) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_3_2 = newCaseField().withId(CASE_FIELD_ID_3_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) - .withCreate(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) + .create(true) + .build()) .build(); private static final CaseFieldDefinition CASE_FIELD_3_3 = newCaseField().withId(CASE_FIELD_ID_3_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .build()) .build(); @@ -197,19 +197,19 @@ void setUp() { MockitoAnnotations.initMocks(this); testCaseType1 = newCaseType() - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .build()) .withState(CASE_STATE_1_1) .withState(CASE_STATE_1_2) .withEvent(CASE_EVENT_1_1) .withEvent(newCaseEvent() - .withId(EVENT_ID_1_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .build()) - .build()) + .withId(EVENT_ID_1_2) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .build()) + .build()) .withEvent(CASE_EVENT_1_3) .withField(CASE_FIELD_1_1) .withField(CASE_FIELD_1_2) @@ -218,48 +218,48 @@ void setUp() { .build(); testCaseType2 = newCaseType() - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .build()) .withState(CASE_STATE_2_1) .withState(CASE_STATE_2_2) .withEvent(newCaseEvent() - .withId(EVENT_ID_2_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .build()) - .build()) + .withId(EVENT_ID_2_1) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .build()) + .build()) .withEvent(newCaseEvent().withId(EVENT_ID_2_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .build()) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .build()) + .build()) .withEvent(CASE_EVENT_2_3) .withField(newCaseField().withId(CASE_FIELD_ID_2_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .build()) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .build()) + .build()) .withField(newCaseField().withId(CASE_FIELD_ID_2_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .build()) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .build()) + .build()) .withField(CASE_FIELD_2_3) .withId(CASE_TYPE_ID) .build(); testCaseType3 = newCaseType() - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .withUpdate(true) - .build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) + .update(true) + .build()) .withState(CASE_STATE_3_1) .withState(CASE_STATE_3_2) .withEvent(CASE_EVENT_3_1) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseViewOperationTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseViewOperationTest.java index e738399f05..a16fa183dc 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseViewOperationTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/AuthorisedGetCaseViewOperationTest.java @@ -58,7 +58,6 @@ import static org.mockito.Mockito.when; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_READ; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_UPDATE; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseDetailsBuilder.newCaseDetails; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseEventBuilder.newCaseEvent; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseTypeBuilder.newCaseType; @@ -97,10 +96,10 @@ class AuthorisedGetCaseViewOperationTest { .withJurisdictionId(JURISDICTION_ID) .withName(JURISDICTION_ID) .build(); - private static final AccessControlList acl1 = anAcl().withRole("caseworker-sscs") - .withCreate(true).withRead(true).withUpdate(true).withDelete(true).build(); - private static final AccessControlList acl2 = anAcl().withRole("caseworker-sscs-clerk") - .withCreate(false).withRead(true).withUpdate(false).withDelete(false).build(); + private static final AccessControlList acl1 = AccessControlList.builder().accessProfile("caseworker-sscs") + .create(true).read(true).update(true).delete(true).build(); + private static final AccessControlList acl2 = AccessControlList.builder().accessProfile("caseworker-sscs-clerk") + .create(false).read(true).update(false).delete(false).build(); private static final CaseTypeDefinition TEST_CASE_TYPE = newCaseType() .withId(CASE_TYPE_ID) .withJurisdiction(jurisdiction) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchResultViewGeneratorTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchResultViewGeneratorTest.java index 93df73b01e..4541211684 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchResultViewGeneratorTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchResultViewGeneratorTest.java @@ -25,6 +25,7 @@ import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.AccessProfile; import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.CaseAccessMetadata; import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.enums.GrantType; +import uk.gov.hmcts.ccd.domain.model.definition.AccessControlList; import uk.gov.hmcts.ccd.domain.model.definition.CaseDetails; import uk.gov.hmcts.ccd.domain.model.definition.CaseFieldDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; @@ -67,7 +68,6 @@ import static uk.gov.hmcts.ccd.domain.service.aggregated.SearchResultUtil.SearchResultBuilder.searchResult; import static uk.gov.hmcts.ccd.domain.service.aggregated.SearchResultUtil.buildData; import static uk.gov.hmcts.ccd.domain.service.aggregated.SearchResultUtil.buildSearchResultField; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseTypeBuilder.newCaseType; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.ComplexACLBuilder.aComplexACL; @@ -196,44 +196,44 @@ void setUp() throws IOException { .withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) .withSC(SECURITY_CLASSIFICATION.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); final CaseFieldDefinition motherName = newCaseField().withId(MOTHER_NAME) .withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) .withSC(SECURITY_CLASSIFICATION.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); final CaseFieldDefinition addressLine1 = newCaseField().withId(ADDRESS_LINE_1) .withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) .withSC(SECURITY_CLASSIFICATION.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); final CaseFieldDefinition postCode = newCaseField().withId(POSTCODE) .withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) .withSC(SECURITY_CLASSIFICATION.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); final FieldTypeDefinition addressFieldTypeDefinition = aFieldType().withId(FAMILY_ADDRESS).withType(COMPLEX) .withComplexField(addressLine1).withComplexField(postCode).build(); final CaseFieldDefinition familyAddress = newCaseField().withId(FAMILY_ADDRESS).withFieldType(addressFieldTypeDefinition) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) - .build()).build(); + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) + .build()).build(); final FieldTypeDefinition familyDetailsFieldTypeDefinition = aFieldType().withId(FAMILY).withType(COMPLEX) @@ -249,36 +249,36 @@ void setUp() throws IOException { .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(FAMILY_DETAILS).withFieldType(familyDetailsFieldTypeDefinition) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()) .withComplexACL(aComplexACL() - .withListElementCode("Line1") - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) - .withUpdate(false) + .listElementCode("Line1") + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) + .update(false) .build()) .build()) .withSecurityClassification(SecurityClassification.PUBLIC) @@ -289,16 +289,16 @@ void setUp() throws IOException { .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_4).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_5).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -445,30 +445,30 @@ void shouldBuildHeaderFieldsForPermittedRoles() { .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_4) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_5) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -542,31 +542,31 @@ void shouldBuildHeaderFieldsWithNoDuplicateColumnsForMultiplePermittedRoles() { .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) - .build()).build()) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) + .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_4) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) - .build()).build()) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) + .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_5) .withCaseTypeId(CASE_TYPE_ID_1) - .withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) - .build()).build()) + .withFieldType(textFieldType()).withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) + .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); when(caseTypeService.getCaseType(eq(CASE_TYPE_ID_1))).thenReturn(caseTypeDefinition); @@ -647,7 +647,7 @@ void shouldNotBuildResultsWithCaseAccessMetadataByDefault() { () -> verify(caseDataAccessControl, never()).generateAccessMetadata(anyString()) ); } - + @Test void shouldBuildResultsWithCaseAccessMetadataWhenEnabled() { when(applicationParams.getInternalSearchCaseAccessMetadataEnabled()).thenReturn(true); @@ -725,9 +725,10 @@ void shouldNotNotReturnHeaderFieldsWhenNoNestedElementFoundForPath() { .build(); CaseTypeDefinition caseTypeWithoutCaseFieldDefinition = newCaseType().withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) - .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()).withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC).build(); when(searchResultDefinitionService.getSearchResultDefinition(any(), any(), any())).thenReturn(searchResult); diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java index 17457e18a5..77bacfc52e 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java @@ -18,6 +18,7 @@ import uk.gov.hmcts.ccd.data.casedetails.SecurityClassification; import uk.gov.hmcts.ccd.data.user.UserRepository; import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.AccessProfile; +import uk.gov.hmcts.ccd.domain.model.definition.AccessControlList; import uk.gov.hmcts.ccd.domain.model.definition.CaseFieldDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; import uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition; @@ -40,7 +41,6 @@ import static uk.gov.hmcts.ccd.domain.service.aggregated.SearchResultUtil.SearchResultBuilder.searchResult; import static uk.gov.hmcts.ccd.domain.service.aggregated.SearchResultUtil.buildData; import static uk.gov.hmcts.ccd.domain.service.aggregated.SearchResultUtil.buildSearchResultField; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseTypeBuilder.newCaseType; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.FieldTypeBuilder.aFieldType; @@ -128,25 +128,24 @@ void setUp() throws IOException { .withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); - when(caseTypeService.getCaseType(eq(CASE_TYPE_ID_1))).thenReturn(caseTypeDefinition1); SearchResultDefinition caseType1SearchResult = searchResult() @@ -173,23 +172,23 @@ void shouldReturnTrueForFilterResultsBySearchResultsDefinition() { .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -207,21 +206,21 @@ void shouldReturnTrueForFilterResultsBySearchResultsDefinitionWhenUseCaseIsNull( .withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -239,21 +238,21 @@ void shouldReturnFalseForFilterResultsBySearchResultsDefinition() { .withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -272,9 +271,9 @@ void shouldReturnTrueForFilterFieldByAuthorisationAccessOnField() { .withFieldType(textFieldType()) .withCaseTypeId(CASE_TYPE_ID_1) .withSC(SECURITY_CLASSIFICATION.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); mockAccessProfiles(); @@ -286,9 +285,9 @@ void shouldReturnFalseForFilterFieldByAuthorisationAccessOnField() { final CaseFieldDefinition postCode = newCaseField().withId(POSTCODE) .withFieldType(textFieldType()) .withSC(SECURITY_CLASSIFICATION.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); mockAccessProfiles(ROLE_IN_USER_ROLE_2); @@ -301,30 +300,30 @@ void shouldReturnTrueForFilterResultsBySecurityClassification() { final CaseFieldDefinition caseFieldDefinition1 = newCaseField().withId(CASE_FIELD_1) .withFieldType(textFieldType()) .withSC(SecurityClassification.PRIVATE.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); CaseTypeDefinition caseTypeDefinition1 = newCaseType() .withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -339,30 +338,30 @@ void shouldReturnFalseForFilterResultsBySecurityClassification() { final CaseFieldDefinition caseFieldDefinition1 = newCaseField().withId(CASE_FIELD_1) .withFieldType(textFieldType()) .withSC(SecurityClassification.PUBLIC.name()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build(); CaseTypeDefinition caseTypeDefinition1 = newCaseType() .withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControlTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControlTest.java index 43bd04279e..12839199f0 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControlTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/DefaultCaseDataAccessControlTest.java @@ -85,7 +85,6 @@ import static org.mockito.Mockito.verifyNoInteractions; import static org.mockito.Mockito.when; import static uk.gov.hmcts.ccd.data.caseaccess.GlobalCaseRole.CREATOR; -import static uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.RoleAssignment.builder; import static uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.enums.GrantType.BASIC; import static uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.enums.GrantType.CHALLENGED; import static uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.enums.GrantType.SPECIFIC; @@ -920,9 +919,9 @@ void shouldNotGrantAccessToAccessLevelAllCreator() { } private List createAccessControlList() { - AccessControlList accessControlList = new AccessControlList(); - accessControlList.setAccessProfile(ROLE_NAME_1); - + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile(ROLE_NAME_1) + .build(); return Lists.newArrayList(accessControlList); } @@ -938,7 +937,7 @@ private List createFilteringResults(Map roleName private RoleAssignment createRoleAssignmentAndRoleMatchingResult(String roleName, String grantType) { - return builder() + return RoleAssignment.builder() .roleName(roleName) .actorId(ACTOR_ID_1) .grantType(grantType) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/PseudoRoleToAccessProfileGeneratorTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/PseudoRoleToAccessProfileGeneratorTest.java index 6e2ac26192..001f210874 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/PseudoRoleToAccessProfileGeneratorTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/casedataaccesscontrol/PseudoRoleToAccessProfileGeneratorTest.java @@ -144,10 +144,10 @@ private CaseFieldDefinition createCaseField(List acls, List caseEventDefinitions = Arrays.asList(event1, event2, event3); @@ -110,21 +110,21 @@ void doNotFilterCaseViewTriggersWhenACLsMatch() { void filterCaseViewTriggersWhenCreateACLIsMissing() { final CaseEventDefinition event1 = newCaseEvent() .withId(EVENT_ID_1) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()).build(); final CaseEventDefinition event2 = newCaseEvent() .withId(EVENT_ID_2) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES_2) + .create(true) .build()).build(); final CaseEventDefinition event3 = newCaseEvent() .withId(EVENT_ID_3) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()).build(); final List caseEventDefinitions = Arrays.asList(event1, event2, event3); @@ -147,16 +147,16 @@ void filterCaseFieldsUserHasAccess() { final CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId("Name") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .build()) .withField(newCaseField() .withId("Surname") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -198,16 +198,16 @@ void filterCaseFieldsUserHasNoAccess() { final CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId("Name") - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() .withId("Surname") - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -247,9 +247,9 @@ void filterCaseFieldsWithNoDefinition() { final CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId("Surname") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -298,9 +298,9 @@ void filterComplexCaseFieldChildrenByCreateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .build()) .withField(newCaseField() @@ -309,37 +309,37 @@ void filterComplexCaseFieldChildrenByCreateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .withField(newCaseField() .withId("BornAddress") .withFieldType(getAddressFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .withComplexACL(aComplexACL() - .withListElementCode("Name") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Name") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .withComplexACL(aComplexACL() - .withListElementCode("Address") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Address") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .withComplexACL(aComplexACL() - .withListElementCode("Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .withComplexACL(aComplexACL() - .withListElementCode("Address.PostCode") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Address.PostCode") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -406,45 +406,45 @@ void filterComplexCaseFieldChildrenByCreateAccess() { @DisplayName("Should filter child fields of a collection caseField if UPDATE ACL is missing for child fields") void filterCollectionCaseFieldChildrenByUpdateAccess() { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -456,9 +456,9 @@ void filterCollectionCaseFieldChildrenByUpdateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .build()) .withField(newCaseField() @@ -467,9 +467,9 @@ void filterCollectionCaseFieldChildrenByUpdateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .update(true) .build()) .build()) .build(); @@ -582,45 +582,45 @@ void filterCollectionCaseFieldChildrenByUpdateAccess() { + " - alternate") void filterCollectionCaseFieldChildrenByUpdateAccessAlternate() { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build() )); @@ -632,9 +632,9 @@ void filterCollectionCaseFieldChildrenByUpdateAccessAlternate() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .build()) .withField(newCaseField() @@ -643,9 +643,9 @@ void filterCollectionCaseFieldChildrenByUpdateAccessAlternate() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .update(true) .build()) .build()) .build(); @@ -707,95 +707,95 @@ void filterCollectionCaseFieldChildrenByUpdateAccessAlternate() { @DisplayName("Should filter child fields of a collection caseField if CREATE ACL is missing for child fields") void filterCollectionCaseFieldChildrenByCreateAccess() { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornCity") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornCity") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornCountry") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("BirthInfo.BornCountry") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Name") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("BirthInfo.BornAddress.Name") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address.Country") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress.Address.Country") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes.Txt") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Notes.Txt") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("Notes.Tags") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes.Tags") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes.Tags.Tag") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes.Tags.Tag") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build() )); @@ -807,9 +807,9 @@ void filterCollectionCaseFieldChildrenByCreateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .build()) .withField(newCaseField() @@ -818,9 +818,9 @@ void filterCollectionCaseFieldChildrenByCreateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -1085,95 +1085,95 @@ void filterCollectionCaseFieldChildrenByCreateAccess() { @DisplayName("Should filter all when filtered for UPDATE but ACLs are for CREATE") void filterAllByUpdateAccessWhenAllAccessIsOnCreate() { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornCity") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornCity") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornCountry") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("BirthInfo.BornCountry") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Name") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("BirthInfo.BornAddress.Name") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address.Country") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("BirthInfo.BornAddress.Address.Country") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes.Txt") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Notes.Txt") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("Notes.Tags") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes.Tags") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes.Tags.Tag") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes.Tags.Tag") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build() )); @@ -1185,9 +1185,9 @@ void filterAllByUpdateAccessWhenAllAccessIsOnCreate() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .build()) .withField(newCaseField() @@ -1196,9 +1196,9 @@ void filterAllByUpdateAccessWhenAllAccessIsOnCreate() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -1254,9 +1254,9 @@ void leaveComplexCaseFieldWithPredefinedChildrenByUpdateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .build()) .withField(newCaseField() @@ -1265,9 +1265,9 @@ void leaveComplexCaseFieldWithPredefinedChildrenByUpdateAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .withField(newCaseField() @@ -1276,9 +1276,9 @@ void leaveComplexCaseFieldWithPredefinedChildrenByUpdateAccess() { .withId(PREDEFINED_COMPLEX_ADDRESS_UK) .withType("Complex") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -1336,9 +1336,9 @@ void filterComplexCaseFieldChildrenByUpdateAccessWhenAllAccessIsOnCreate() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build()) .build()) .withField(newCaseField() @@ -1347,9 +1347,9 @@ void filterComplexCaseFieldChildrenByUpdateAccessWhenAllAccessIsOnCreate() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .withField(newCaseField() @@ -1358,9 +1358,9 @@ void filterComplexCaseFieldChildrenByUpdateAccessWhenAllAccessIsOnCreate() { .withId(PREDEFINED_COMPLEX_ADDRESS_UK) .withType("Complex") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(false) .build()) .build()) .build(); @@ -1425,21 +1425,21 @@ void updateCollectionDisplayContextParameterWhenFieldHasCreateDeleteRoles() { .withId("G339483948") .withType(COLLECTION) .build()) - .withACL(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withDelete(true) - .withUpdate(false) + .withACL(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .delete(true) + .update(false) .build()) .build(); caseViewField1.getFieldTypeDefinition().setCollectionFieldTypeDefinition(getPersonFieldType()); caseViewField1.getFieldTypeDefinition().getChildren().stream() .filter(e -> e.getId().equals("Addresses")).findFirst() - .get().setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withDelete(true) - .withUpdate(false) + .get().setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .delete(true) + .update(false) .build())); CaseUpdateViewEvent caseEventTrigger = newCaseUpdateViewEvent() @@ -1489,11 +1489,11 @@ void updateCollectionDisplayContextParameterWhenFieldHasUpdateRole() { .withId("G339483948") .withType(COLLECTION) .build()) - .withACL(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withDelete(false) - .withUpdate(true) + .withACL(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .delete(false) + .update(true) .build()) .build(); caseViewField1.getFieldTypeDefinition().setCollectionFieldTypeDefinition(getPersonFieldType()); @@ -1530,11 +1530,11 @@ void updateCollectionDisplayContextParameterWhenFieldHasNoCreateDeleteUpdateRole .withId("G339483948") .withType(COLLECTION) .build()) - .withACL(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withDelete(false) - .withUpdate(false) + .withACL(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .delete(false) + .update(false) .build()) .build(); caseViewField1.getFieldTypeDefinition().setCollectionFieldTypeDefinition(getPersonFieldType()); @@ -1576,9 +1576,9 @@ void doNotFilterCaseFieldsIfUserHasAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); final CaseFieldDefinition caseField2 = newCaseField() @@ -1587,9 +1587,9 @@ void doNotFilterCaseFieldsIfUserHasAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); final CaseFieldDefinition caseField3 = newCaseField() @@ -1598,9 +1598,9 @@ void doNotFilterCaseFieldsIfUserHasAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); List caseFieldDefinitions = Arrays.asList(caseField1, caseField2, caseField3); @@ -1624,9 +1624,9 @@ void filterCaseFieldsByUserAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); final CaseFieldDefinition caseField2 = newCaseField() @@ -1635,9 +1635,9 @@ void filterCaseFieldsByUserAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); final CaseFieldDefinition caseField3 = newCaseField() @@ -1646,9 +1646,9 @@ void filterCaseFieldsByUserAccess() { .withId("Text") .withType("Text") .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .read(true) .build()) .build(); List caseFieldDefinitions = Arrays.asList(caseField1, caseField2, caseField3); @@ -1671,40 +1671,40 @@ class FilterCaseFieldsByAccessCompoundFieldTests { @DisplayName("Should filter sub fields of caseFields based on Complex ACLs on READ") void filterCaseFieldsUserHasReadAccess() { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("FirstName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("FirstName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withRead(false) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .read(false) .build() )); people.propagateACLsToNestedFields(); @@ -1734,40 +1734,40 @@ void filterCaseFieldsUserHasReadAccess() { @DisplayName("Should filter sub fields of caseFields based on Complex ACLs on UPDATE") void filterCaseFieldsUserHasUpdateAccess() { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("FirstName") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("FirstName") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build() )); people.propagateACLsToNestedFields(); diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AccessControlServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AccessControlServiceTest.java index 854360d4e7..255b6e3581 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AccessControlServiceTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AccessControlServiceTest.java @@ -72,7 +72,6 @@ import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.CAN_UPDATE; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.NO_ROLE_FOUND; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlService.extractAccessProfileNames; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AuditEventBuilder.anAuditEvent; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseEventBuilder.newCaseEvent; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; @@ -274,11 +273,13 @@ void shouldNotGrantAccessToStateForUserWithMissingRole() { CaseTypeDefinition caseType = newCaseType() .withState(newState() .withId(STATE_ID1) - .withAcl(anAcl().withRole(ROLE_NOT_IN_USER_ROLES).withCreate(true).withRead(true).build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES).create(true).read(true).build()) .build()) .withState(newState() .withId(STATE_ID2) - .withAcl(anAcl().withRole(ROLE_NOT_IN_USER_ROLES).withCreate(true).withRead(true).build()) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES).create(true).read(true).build()) .build()) .build(); @@ -310,11 +311,11 @@ void shouldNotGrantAccessToStateIfRelevantAclNotGrantingAccess() { CaseTypeDefinition caseType = newCaseType() .withState(newState() .withId(STATE_ID1) - .withAcl(anAcl().withRole(ROLE_IN_USER_ROLES).build()) + .withAcl(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).build()) .build()) .withState(newState() .withId(STATE_ID2) - .withAcl(anAcl().withRole(ROLE_IN_USER_ROLES_2).build()) + .withAcl(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES_2).build()) .build()) .build(); @@ -334,11 +335,11 @@ void shouldGrantAccessToStateWithAclMatching() { CaseTypeDefinition caseType = newCaseType() .withState(newState() .withId(STATE_ID1) - .withAcl(anAcl().withRole(ROLE_IN_USER_ROLES).withCreate(true).build()) + .withAcl(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).create(true).build()) .build()) .withState(newState() .withId(STATE_ID2) - .withAcl(anAcl().withRole(ROLE_IN_USER_ROLES_2).withCreate(true).build()) + .withAcl(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES_2).create(true).build()) .build()) .build(); @@ -366,15 +367,15 @@ void shouldNotGrantAccessToStateIfStateIsNotPresentInDefinition() { void shouldFilterStatesAccordingToACLs() { CaseStateDefinition caseState1 = newState() .withId(STATE_ID1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); CaseStateDefinition caseState2 = newState() .withId(STATE_ID2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build(); CaseTypeDefinition caseTypeDefinition = newCaseType() @@ -396,20 +397,20 @@ void shouldFilterStatesAccordingToACLs() { void shouldFilterOutStatesWhenNoMatchingACLSs() { CaseStateDefinition caseState1 = newState() .withId(STATE_ID1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build(); CaseStateDefinition caseState2 = newState() .withId(STATE_ID2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build(); CaseStateDefinition caseState3 = newState() .withId("Some State") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build(); CaseTypeDefinition caseTypeDefinition = newCaseType() @@ -461,10 +462,10 @@ void shouldNotGrantAccessToFieldsForUserWithMissingRole() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) + .read(true) .build()) .build()) .build(); @@ -501,21 +502,21 @@ void shouldNotGrantAccessToFieldsIfRelevantAclNotGrantingAccess() throws IOExcep CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() .withId("Addresses2") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) .build()) .build()) .build(); @@ -540,11 +541,11 @@ void shouldNotGrantAccessToNullValue() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -568,22 +569,22 @@ void shouldGrantAccessToFieldsWithAclMatching() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() .withId("Addresses2") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -664,9 +665,9 @@ void shouldGrantAccessToTextValueType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -690,8 +691,8 @@ void shouldNotGrantAccessToEmptyTextType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -720,9 +721,9 @@ void shouldGrantAccessToCollectionType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -768,8 +769,8 @@ void shouldNotGrantCreateAccessToCollectionTypeIfEmpty() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -798,9 +799,9 @@ void shouldGrantAccessToComplexType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -827,8 +828,8 @@ void shouldNotGrantAccessToComplexTypeIfEmpty() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -887,11 +888,11 @@ void shouldNotGrantAccessToFieldsIfFieldIsMissingRelevantAclForUpdate() throws I .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) + .read(true) + .update(true) .build()) .build()) .build(); @@ -907,11 +908,11 @@ void shouldNotGrantAccessToFieldsIfFieldIsMissingRelevantAclForCreate() throws I CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) + .read(true) + .update(true) .build()) .build()) .build(); @@ -928,10 +929,10 @@ void shouldNotGrantAccessToFieldIfRelevantAclNotGrantingAccessForUpdate() throws .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) .build()) .build()) .build(); @@ -947,10 +948,10 @@ void shouldNotGrantAccessToFieldIfRelevantAclNotGrantingAccessForCreate() throws CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) + .update(true) .build()) .build()) .build(); @@ -967,8 +968,8 @@ void shouldNotGrantAccessToFieldWithNullValueForUpdate() throws IOException { .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -984,8 +985,8 @@ void shouldNotGrantAccessToFieldWithNullValueForCreate() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1001,11 +1002,11 @@ void shouldNotGrantAccessToFieldWithAclAccessGrantedAndFieldNameNotMatchingForUp CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .build()) .build(); @@ -1029,12 +1030,12 @@ void shouldNotGrantAccessToFieldWithAclAccessNotGrantedForCollectionOfDocuments( .build()) .build()) .withOrder(1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withUpdate(false) - .withDelete(false) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .update(false) + .delete(false) + .read(true) .build()) .build()) .build(); @@ -1095,11 +1096,11 @@ void shouldNotGrantAccessToFieldWithAclAccessGrantedAndFieldNameNotMatchingForCr CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .build()) .build(); @@ -1116,9 +1117,9 @@ void shouldGrantAccessToFieldWithAclMatchingForUpdate() throws IOException { .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -1134,9 +1135,9 @@ void shouldGrantAccessToFieldWithAclMatchingForCreate() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -1152,8 +1153,8 @@ void shouldNotNeedToGrantAccessToFieldIfNoChangeInValue() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1170,32 +1171,32 @@ void shouldGrantAccessToFieldsIfAllFieldsHaveAccessGranted() throws IOException .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() .withId("FirstName") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .withField(newCaseField() .withId("LastName") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .withField(newCaseField() .withId("Mobile") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -1216,31 +1217,31 @@ void shouldNotGrantAccessToFieldsIfOneFieldDoesNotHaveAccessGranted() throws IOE .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() .withId("FirstName") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .withField(newCaseField() .withId("LastName") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .withField(newCaseField() .withId("Mobile") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -1262,23 +1263,23 @@ void shouldNotGrantAccessToFieldsIfOneFieldDoesNotHaveAcls() throws IOException .withField(newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() .withId("FirstName") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .withField(newCaseField() .withId("LastName") .withFieldType(aFieldType().withType(TEXT).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1321,9 +1322,8 @@ void shouldNotGrantAccessToEventForUserWithMissingRole() { final CaseTypeDefinition caseType = new CaseTypeDefinition(); CaseEventDefinition eventDefinition = new CaseEventDefinition(); eventDefinition.setId(EVENT_ID); - AccessControlList accessControlList = new AccessControlList(); - accessControlList.setAccessProfile(ROLE_NOT_IN_USER_ROLES); - accessControlList.setCreate(true); + AccessControlList accessControlList = + new AccessControlList(ROLE_NOT_IN_USER_ROLES, true, false, false,false); List accessControlLists = newArrayList(accessControlList); eventDefinition.setAccessControlLists(accessControlLists); caseType.setEvents(singletonList(eventDefinition)); @@ -1355,8 +1355,8 @@ void shouldNotGrantAccessToEventIfRelevantAclNotGrantingAccess() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1376,8 +1376,8 @@ void shouldNotGrantAccessToNullValue() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1397,9 +1397,9 @@ void shouldNotGrantAccessWithEventNameNotMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -1432,13 +1432,13 @@ void shouldGrantAccessToEventWithAclMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -1476,9 +1476,9 @@ void shouldNotGrantAccessToCaseForUserWithMissingRole() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -1496,8 +1496,8 @@ void shouldNotGrantAccessToCaseForUserWithMissingRole() { void shouldNotGrantAccessToCaseIfRelevantAclNotGrantingAccess() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1538,12 +1538,12 @@ void shouldNotGrantAccessToCaseIfCaseTypeIsNull() { @DisplayName("Should grant access to case with acl matching") void shouldGrantAccessToCaseWithAclMatching() { final CaseTypeDefinition caseType = newCaseType() - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build(); @@ -1589,9 +1589,9 @@ void shouldNotReturnFieldForUserWithMissingRole() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1616,8 +1616,8 @@ void shouldNotGrantAccessToFieldsIfRelevantAclNotGrantingAccess() throws IOExcep CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1642,11 +1642,11 @@ void shouldNotReturnDataWithAclFalseAndNullValue() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1671,12 +1671,12 @@ void shouldNotReturnDataWithAclTrueAndFieldNameNotMatching() throws IOException CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1701,12 +1701,12 @@ void shouldReturnDataWithAclTrueAndNullValue() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1731,12 +1731,12 @@ void shouldReturnDataWithAclTrueAndEmptyValue() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1761,12 +1761,12 @@ void shouldGrantAccessToFieldsWithAclMatching() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1796,8 +1796,8 @@ void shouldNotGrantAccessToEmptyTextType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -1822,16 +1822,16 @@ void shouldReturnDataWithNullAndEmptyValuesOnRootLevel() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withField(newCaseField() .withId("Addresses2") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1867,9 +1867,9 @@ void shouldGrantAccessToCollectionType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -1915,30 +1915,30 @@ void shouldGrantAccessToCollectionType() throws IOException { @DisplayName("Should return data if field and children have ACLs") void shouldGrantAccessToCollectionTypeChildren() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(singletonList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + people.setAccessControlLists(singletonList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("FirstName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("FirstName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(false) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(false) .build(), aComplexACL() - .withListElementCode(ADDRESSES) - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode(ADDRESSES) + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build() )); @@ -1974,65 +1974,65 @@ void shouldGrantAccessToCollectionTypeChildren() throws IOException { @DisplayName("Should filter data when child doesnot have ACLs") void shouldfilterDataWhenChildDoesnotHaveACL() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(singletonList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + people.setAccessControlLists(singletonList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("FirstName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("FirstName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(false) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(false) .build(), aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornCity") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo.BornCity") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo.BornAddress") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo.BornAddress.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode(ADDRESSES) - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode(ADDRESSES) + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Name") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Addresses.Name") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withRead(false) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .read(false) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Notes.Txt") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Notes.Txt") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build() )); @@ -2081,65 +2081,65 @@ void shouldFilterDataForMissingNodeAndReturnRemainingData() throws IOException { logger.addAppender(listAppender); final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(singletonList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + people.setAccessControlLists(singletonList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("FirstName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("FirstName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("LastName") - .withRole(ROLE_IN_USER_ROLES) - .withRead(false) + .listElementCode("LastName") + .accessProfile(ROLE_IN_USER_ROLES) + .read(false) .build(), aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornCity") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo.BornCity") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo.BornAddress") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("BirthInfo.BornAddress.Address") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("BirthInfo.BornAddress.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode(ADDRESSES) - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode(ADDRESSES) + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Name") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Addresses.Name") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address") - .withRole(ROLE_IN_USER_ROLES) - .withRead(false) + .listElementCode("Addresses.Address") + .accessProfile(ROLE_IN_USER_ROLES) + .read(false) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build(), aComplexACL() - .withListElementCode("Notes.Txt") - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .listElementCode("Notes.Txt") + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build() )); @@ -2162,8 +2162,8 @@ void shouldFilterDataForMissingNodeAndReturnRemainingData() throws IOException { () -> assertThat(jsonNode.get("People").get(1).get(VALUE).get("FirstName").textValue(), is("Andrew"))); List logsList = listAppender.list; - assertEquals("Can not find field with caseFieldId=BirthInfo, " - + "accessControlList=[ACL{accessProfile='caseworker-probate-loa1', crud=R}]", + assertEquals("Can not find field with caseFieldId=BirthInfo, accessControlList=[" + + "ACL{accessProfile='caseworker-probate-loa1', crud=R}, listElementCode='BirthInfo']", logsList.get(0).getFormattedMessage()); logger.detachAndStopAllAppenders(); @@ -2175,23 +2175,23 @@ void shouldReturnDataWithNullAndEmptyValuesOnRootLevel() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withField(newCaseField() .withId("Addresses2") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withField(newCaseField() .withId("Addresses3") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -2261,8 +2261,8 @@ void shouldNotGrantAccessToCollectionTypeIfEmpty() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -2292,9 +2292,9 @@ void shouldGrantAccessToComplexType() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -2322,16 +2322,16 @@ void shouldReturnDataWithNullAndEmptyValuesOnRootLevel() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .withField(newCaseField() .withId("Addresses2") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -2363,8 +2363,8 @@ void shouldNotGrantAccessToComplexTypeIfEmpty() throws IOException { CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -2448,9 +2448,9 @@ void shouldNotReturnEventForUserWithMissingRole() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -2470,8 +2470,8 @@ void shouldNotReturnEventIfRelevantAclNotGrantingAccess() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -2491,9 +2491,9 @@ void shouldNotReturnEventIfRelevantAclGrantingAccessAndEventNameNotMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -2513,9 +2513,9 @@ void shouldReturnEventWithAclMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -2536,17 +2536,17 @@ void shouldReturnEventWithAclMatchingFromGroup() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .read(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES_2) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES_2) + .read(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build()) .build(); @@ -2565,32 +2565,32 @@ void shouldReturnEventWithAclMatchingFromGroup() { void shouldReturnEventsWithAclsMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent().withId(EVENT_ID_WITH_ACCESS) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITHOUT_ACCESS) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITHOUT_ACCESS_2) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .read(true) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITH_ACCESS_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .read(true) .build()) .build()) .build(); @@ -2819,11 +2819,11 @@ void shouldSetReadonlyFlagIfRelevantAclMissingButHasReadAccessWithMultipartyFix( .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) + .read(true) .build()) .build()) .build(); @@ -3089,24 +3089,24 @@ void shouldRemoveComplexParentWithChildrenIfRelevantAclMissingWithMultipartyFix( .build()) .build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) + .read(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withUpdate(false) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -3157,24 +3157,24 @@ void shouldRemoveMultipleComplexParentWithChildrenIfRelevantAclMissingWithMultip .build()) .build()) .withId("ResidenceAddress") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) + .read(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withUpdate(false) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .withField(newCaseField() @@ -3200,24 +3200,24 @@ void shouldRemoveMultipleComplexParentWithChildrenIfRelevantAclMissingWithMultip .build()) .build()) .withId("OfficeAddress") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) + .read(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withUpdate(false) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -3317,23 +3317,23 @@ void shouldNotSetReadonlyFlagForComplexChildrenIfRelevantAclIsThere() { .build()) .build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -3387,23 +3387,23 @@ void shouldSetReadonlyFlagForComplexChildrenIfRelevantAclIsMissing() { .build()) .build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .build()) .build(); @@ -3514,27 +3514,27 @@ void shouldSetReadonlyFlagForCollectionChildrenIfRelevantAclMissing() { .build()) .build()) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(ADDRESSES) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode(ADDRESSES) + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode("Addresses.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode("Addresses.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .build()) .build(); @@ -3594,27 +3594,27 @@ void shouldSetReadonlyFlagForCollectionChildrenIfRelevantAclMissingWithMultiPart .build()) .build()) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode(ADDRESSES) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode(ADDRESSES) + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode("Addresses.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .withComplexACL( aComplexACL() - .withListElementCode("Addresses.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build()) .build()) .build(); @@ -3666,27 +3666,27 @@ void shouldNotSetReadonlyFlagForCollectionChildrenIfRelevantAclIsThere() { .build()) .build()) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(ADDRESSES) - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode(ADDRESSES) + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode("Addresses.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode("Addresses.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -3728,8 +3728,8 @@ void shouldSetReadonlyFlagIfRelevantAclNotGrantingAccess() { .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -3757,8 +3757,8 @@ void shouldSetReadonlyFlagIfRelevantAclNotGrantingAccessWithMultiPartyFix() { .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) .build()) .build()) .build(); @@ -3784,9 +3784,9 @@ void shouldSetReadonlyFlagIfRelevantAclGrantingAccessAndEventNameNotMatching() { final CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -3818,9 +3818,9 @@ void shouldSetReadonlyFlagIfRelevantAclGrantingAccessAndEventNameNotMatchingWith final CaseTypeDefinition caseType = newCaseType() .withField(newCaseField() .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -3852,9 +3852,9 @@ void shouldNotSetReadonlyFlagIfAclMatching() { .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -3880,17 +3880,17 @@ void shouldNotSetReadonlyFlagIfAclMatchingInAclsGroup() { .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .update(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES_2) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES_2) + .update(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .build(); @@ -3917,34 +3917,34 @@ void shouldNotSetReadonlyFlagsIfAclsMatchingInCaseViewFieldsGroup() { .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build()) .build()) .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId("AddressesNoAccess") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) .build()) .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId("AddressesNoAccess2") - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) .build()) .build()) .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId("Addresses2") - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .update(true) .build()) .build()) .build(); @@ -4000,11 +4000,11 @@ private CaseTypeDefinition defaultCaseTypeDefinition() { .withField(newCaseField() .withFieldType(aFieldType().withType(TEXT).build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .build()) .build(); @@ -4031,11 +4031,11 @@ void shouldNotReturnCaseEventDefinitionForUserWithMissingRole() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) + .read(true) + .update(true) .build()) .build()) .build(); @@ -4052,11 +4052,11 @@ void shouldNotReturnCaseEventDefinitionIfRelevantAclNotGrantingAccess() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(true) .build()) .build()) .build(); @@ -4073,9 +4073,9 @@ void shouldReturnCaseEventDefinitionWithAclMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -4096,17 +4096,17 @@ void shouldReturnCaseEventDefinitionWithAclMatchingFromGroup() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES_2) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -4126,31 +4126,31 @@ void shouldReturnCaseEventDefinitionWithAclsMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID_WITH_ACCESS) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) .build()) .build()) .withEvent(newCaseEvent().withId(EVENT_ID_WITHOUT_ACCESS) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITHOUT_ACCESS_2) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITH_ACCESS_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -4176,11 +4176,11 @@ void shouldNotReturnCaseEventDefinitionForUserWithMissingRole() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) + .read(true) + .update(true) .build()) .build()) .build(); @@ -4197,11 +4197,11 @@ void shouldNotReturnCaseEventDefinitionIfRelevantAclNotGrantingAccess() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withRead(true) - .withUpdate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .read(true) + .update(true) .build()) .build()) .build(); @@ -4218,9 +4218,9 @@ void shouldReturnCaseEventDefinitionWithAclMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -4241,17 +4241,17 @@ void shouldReturnCaseEventDefinitionWithAclMatchingFromGroup() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES_2) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build()) .build(); @@ -4271,31 +4271,31 @@ void shouldReturnCaseEventDefinitionWithAclsMatching() { final CaseTypeDefinition caseType = newCaseType() .withEvent(newCaseEvent() .withId(EVENT_ID_WITH_ACCESS) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) .build()) .build()) .withEvent(newCaseEvent().withId(EVENT_ID_WITHOUT_ACCESS) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_3) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_3) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITHOUT_ACCESS_2) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .create(true) .build()) .build()) .withEvent(newCaseEvent() .withId(EVENT_ID_WITH_ACCESS_2) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES_2) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES_2) + .create(true) .build()) .build()) .build(); @@ -4379,9 +4379,9 @@ void setUp() throws IOException { addressField = newCaseField() .withId(ADDRESSES) .withFieldType(aFieldType().withType(COLLECTION).build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build()) .build(); addressField.getFieldTypeDefinition().setCollectionFieldTypeDefinition(getSimpleAddressFieldType()); @@ -4476,7 +4476,7 @@ void shouldGrantCreateAccessToCollectionTypeWOutId() throws IOException { @DisplayName("Should not allow creation of new items on collection") void shouldNotGrantCreateAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withCreate(false).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).create(false).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4493,7 +4493,7 @@ void shouldNotGrantCreateAccessToCollectionType() throws IOException { @DisplayName("Should allow update of items on collection") void shouldGrantUpdateAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withUpdate(true).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).update(true).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4509,8 +4509,8 @@ void shouldGrantUpdateAccessToCollectionType() throws IOException { @DisplayName("Should allow update of items on collection along with creation") void shouldGrantUpdateAndCreateAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withCreate(true) - .withUpdate(true).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).create(true) + .update(true).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4527,7 +4527,7 @@ void shouldGrantUpdateAndCreateAccessToCollectionType() throws IOException { @DisplayName("Should not allow update of items on collection") void shouldNotGrantUpdateAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withUpdate(false).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).update(false).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4543,7 +4543,7 @@ void shouldNotGrantUpdateAccessToCollectionType() throws IOException { @DisplayName("Should allow deletion of items on collection") void shouldGrantDeleteAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withDelete(true).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).delete(true).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4559,8 +4559,8 @@ void shouldGrantDeleteAccessToCollectionType() throws IOException { @DisplayName("Should allow deletion of items on collection along with creation") void shouldGrantDeleteAndCreateAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withCreate(true) - .withDelete(true).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).create(true) + .delete(true).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4576,7 +4576,7 @@ void shouldGrantDeleteAndCreateAccessToCollectionType() throws IOException { @DisplayName("Should not allow deletion of items on collection") void shouldNotGrantDeleteAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withDelete(false).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).delete(false).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4593,8 +4593,8 @@ void shouldNotGrantDeleteAccessToCollectionType() throws IOException { @DisplayName("Should allow creation, updating and deletion of items on collection") void shouldGrantUpdateDeleteAndCreateAccessToCollectionType() throws IOException { addressField.setAccessControlLists( - singletonList(anAcl().withRole(ROLE_IN_USER_ROLES).withCreate(true) - .withUpdate(true).withDelete(true).build())); + singletonList(AccessControlList.builder().accessProfile(ROLE_IN_USER_ROLES).create(true) + .update(true).delete(true).build())); caseType.getCaseFieldDefinitions().forEach(CaseFieldDefinition::propagateACLsToNestedFields); assertThat( @@ -4621,9 +4621,9 @@ void shouldGrantAccessWhenRoleHasReadPermissionForField() { .withFieldType(aFieldType() .withType(TEXT) .build()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .read(true) .build()) .build(); @@ -4647,9 +4647,9 @@ void shouldNotGrantAccessToCaseViewForUserWithMissingRole() { .withFieldType(aFieldType() .withType(TEXT) .build()) - .withAcl(anAcl() - .withRole(ROLE_NOT_IN_USER_ROLES) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_NOT_IN_USER_ROLES) + .read(true) .build()) .build(); @@ -4947,26 +4947,26 @@ private CaseTypeDefinition createCaseTypeWithTwoSubFields(String type) { .build()) .build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) + .read(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withUpdate(false) - .withRead(true) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .update(false) + .read(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withRead(true) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .read(true) .build()) .build()) .build(); @@ -5009,27 +5009,27 @@ private CaseTypeDefinition createCaseTypeWithThreeSubFields(String type) { .build()) .build()) .withId(ADDRESSES) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE1) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) - .withRead(true) + .listElementCode(LINE1) + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) + .read(true) .build()) .withComplexACL( aComplexACL() - .withListElementCode(LINE2) - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) - .withRead(false) + .listElementCode(LINE2) + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) + .read(false) .build()) .build()) .build(); diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlServiceTest.java index 60820f7e3b..d1e58a737b 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlServiceTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/AttributeBasedAccessControlServiceTest.java @@ -137,29 +137,25 @@ private Set createAccessProfiles(boolean readOnly, String... acce private List createAccessControlList(String... accessProfiles) { return Arrays.stream(accessProfiles) - .map(accessProfile -> { - AccessControlList accessControlList = new AccessControlList(); - accessControlList.setAccessProfile(accessProfile); - accessControlList.setCreate(true); - accessControlList.setDelete(true); - accessControlList.setRead(true); - accessControlList.setUpdate(true); - return accessControlList; - }) + .map(accessProfile -> AccessControlList.builder() + .accessProfile(accessProfile) + .create(true) + .read(true) + .update(true) + .delete(true) + .build()) .collect(Collectors.toList()); } private List createAccessControlListWithReadFalse(String... accessProfiles) { return Arrays.stream(accessProfiles) - .map(accessProfile -> { - AccessControlList accessControlList = new AccessControlList(); - accessControlList.setAccessProfile(accessProfile); - accessControlList.setCreate(true); - accessControlList.setDelete(true); - accessControlList.setRead(false); - accessControlList.setUpdate(true); - return accessControlList; - }) + .map(accessProfile -> AccessControlList.builder() + .accessProfile(accessProfile) + .create(true) + .delete(true) + .read(false) + .update(true) + .build()) .collect(Collectors.toList()); } } diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/CompoundAccessControlServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/CompoundAccessControlServiceTest.java index 155a7126fb..9149a1f649 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/CompoundAccessControlServiceTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/CompoundAccessControlServiceTest.java @@ -7,6 +7,7 @@ import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import uk.gov.hmcts.ccd.config.JacksonUtils; +import uk.gov.hmcts.ccd.domain.model.definition.AccessControlList; import uk.gov.hmcts.ccd.domain.model.definition.CaseFieldDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; @@ -32,7 +33,6 @@ import static uk.gov.hmcts.ccd.domain.service.common.AccessControlServiceTest.p2Start; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlServiceTest.person1; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlServiceTest.person2; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseTypeBuilder.newCaseType; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.ComplexACLBuilder.aComplexACL; @@ -308,20 +308,20 @@ class CompoundFieldCreateTests { @DisplayName("Should grant access if parent and children have ACLs") void shouldGrantAccessIfParentAndChildrenHaveAccess() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -341,9 +341,9 @@ void shouldGrantAccessIfParentAndChildrenHaveAccess() throws IOException { @DisplayName("Should grant access if parent and children have ACLs - inherited from parent") void shouldGrantAccessIfParentHasAccess() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -361,9 +361,9 @@ void shouldGrantAccessIfParentHasAccess() throws IOException { @DisplayName("Should be OK with empty fields") void shouldBeOKWithEmptyFields() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -381,20 +381,20 @@ void shouldBeOKWithEmptyFields() throws IOException { @DisplayName("Should grant access if parent and required children have ACLs") void shouldGrantAccessIfParentAndRequiredChildrenHaveAccess() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -412,14 +412,14 @@ void shouldGrantAccessIfParentAndRequiredChildrenHaveAccess() throws IOException @DisplayName("Should grant access to add new child if child has the required ACLs - existing data") void shouldGrantAccessToNewChildIfChildrenHasAccess() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -442,14 +442,14 @@ void shouldGrantAccessToNewChildIfChildrenHasAccess() throws IOException { @DisplayName("Should grant access to add new child if child has the required ACLs - fine grain ACL") void shouldGrantAccessToNewChildIfChildrenHasAccessFineGrained() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Notes.Tags") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes.Tags") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -473,14 +473,14 @@ void shouldGrantAccessToNewChildIfChildrenHasAccessFineGrained() throws IOExcept @DisplayName("Should deny access to add new child if child has the required ACLs - fine grain ACL") void shouldDenyAccessToNewChildIfChildrenHasAccessFineGrained() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Notes.Tags") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Notes.Tags") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -504,14 +504,14 @@ void shouldDenyAccessToNewChildIfChildrenHasAccessFineGrained() throws IOExcepti @DisplayName("Should deny access to add new child if child lacks the required ACLs - existing data") void shouldDenyAccessToNewChildIfChildrenHasAccess() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -534,20 +534,20 @@ void shouldDenyAccessToNewChildIfChildrenHasAccess() throws IOException { @DisplayName("Should deny access if a child does not have ACLs") void shouldDenyAccessIfParentAndChildrenHaveAccess() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build(), aComplexACL() - .withListElementCode("Notes") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + .listElementCode("Notes") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -571,9 +571,9 @@ class CompoundFieldUpdateTests { @DisplayName("Should grant access when nothing changes even when U doesn't exist") void shouldGrantAccessWhenNoUpdates() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -590,9 +590,9 @@ void shouldGrantAccessWhenNoUpdates() throws IOException { @DisplayName("Should grant access when child field updated and U exists- name change") void shouldGrantAccessWhenChildFieldUpdatedAndACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -611,9 +611,9 @@ void shouldGrantAccessWhenChildFieldUpdatedAndACLExists() throws IOException { @DisplayName("Should deny access for child field updates when no U - name change") void shouldDenyAccessWhenChildFieldUpdatedAndNoACL() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -632,10 +632,10 @@ void shouldDenyAccessWhenChildFieldUpdatedAndNoACL() throws IOException { @DisplayName("Should grant access when child field updated and U exists - address.line1 change") void shouldGrantAccessWhenChildFieldUpdatedAndACLInheritedFromParent() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -657,10 +657,10 @@ void shouldGrantAccessWhenChildFieldUpdatedAndACLInheritedFromParent() throws IO @DisplayName("Should grant access when a child is updated and U exist - multiple address.line1 change") void shouldGrantAccessWhenAChildFieldUpdatedAndACLExist() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -685,15 +685,15 @@ void shouldGrantAccessWhenAChildFieldUpdatedAndACLExist() throws IOException { @DisplayName("Should deny access when a child is updated and U doesn't exist - multiple address.line1 change") void shouldDenyAccessWhenChildUpdatedAndNoACL() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -719,17 +719,17 @@ void shouldDenyAccessWhenChildUpdatedAndNoACL() throws IOException { + "added") void shouldGrantAccessWhenChildNotUpdatedAndOnlyNewChildAdded() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(false) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -750,26 +750,26 @@ void shouldGrantAccessWhenChildNotUpdatedAndOnlyNewChildAdded() throws IOExcepti @DisplayName("Should grant access when a child is updated and U exist - fine grained ACL") void shouldGrantAccessWhenChildUpdatedAndFineGrainedACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -797,26 +797,26 @@ void shouldGrantAccessWhenChildUpdatedAndFineGrainedACLExists() throws IOExcepti + "fine grained ACL") void shouldGrantAccessWhenChildUpdatedFromNullAndFineGrainedACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -843,36 +843,36 @@ void shouldGrantAccessWhenChildUpdatedFromNullAndFineGrainedACLExists() throws I + "fine grained ACL") void shouldGrantAccessWhenChildUpdatedFromNullNodeAndFineGrainedACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.PostCode") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.PostCode") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Country") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Country") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -899,26 +899,26 @@ void shouldGrantAccessWhenChildUpdatedFromNullNodeAndFineGrainedACLExists() thro + "fine grained ACL") void shouldGrantAccessWhenChildUpdatedToNullAndFineGrainedACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -945,26 +945,26 @@ void shouldGrantAccessWhenChildUpdatedToNullAndFineGrainedACLExists() throws IOE + "value - fine grained ACL") void shouldDenyAccessWhenChildUpdatedFromNullAndFineGrainedACLDoesNotExist() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -992,26 +992,26 @@ void shouldDenyAccessWhenChildUpdatedFromNullAndFineGrainedACLDoesNotExist() thr + "value - fine grained ACL") void shouldDenyAccessWhenChildUpdatedToNullAndFineGrainedACLDoesNotExist() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build() )); @@ -1038,26 +1038,26 @@ void shouldDenyAccessWhenChildUpdatedToNullAndFineGrainedACLDoesNotExist() throw + "READONLY case") void shouldGrantAccessWhenChildIsNotUpdatedAndNullValueSent() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build() )); @@ -1080,26 +1080,26 @@ void shouldGrantAccessWhenChildIsNotUpdatedAndNullValueSent() throws IOException + "line1/2 changes") void shouldDenyAccessWhenChildUpdatedAndNoFineGrainedACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) - .withUpdate(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) + .update(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line1") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + .listElementCode("Addresses.Address.Line1") + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build(), aComplexACL() - .withListElementCode("Addresses.Address.Line2") - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + .listElementCode("Addresses.Address.Line2") + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build() )); @@ -1135,12 +1135,12 @@ void shouldNotGrantAccessToFieldWithAclAccessNotGrantedForCollectionOfDocuments( .build()) .build()) .withOrder(1) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) - .withUpdate(false) - .withDelete(false) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) + .update(false) + .delete(false) + .read(true) .build()) .build()) .build(); @@ -1206,9 +1206,9 @@ class CompoundFieldDeleteTests { @DisplayName("Should grant access when a root node is deleted and D exists") void shouldGrantAccessWhenRootDeletedAndACLExist() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1225,9 +1225,9 @@ void shouldGrantAccessWhenRootDeletedAndACLExist() throws IOException { @DisplayName("Should deny access when a root node is deleted and No D") void shouldDenyAccessWhenRootDeletedAndNoACL() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(false) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1244,9 +1244,9 @@ void shouldDenyAccessWhenRootDeletedAndNoACL() throws IOException { @DisplayName("Should grant access when a child node is deleted and D exists") void shouldGrantAccessWhenChildDeletedAndACLExist() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1267,9 +1267,9 @@ void shouldGrantAccessWhenChildDeletedAndACLExist() throws IOException { @DisplayName("Should deny access when a child node is deleted and No D") void shouldDenyAccessWhenChildDeletedAndNoACLExist() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(false) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1290,15 +1290,15 @@ void shouldDenyAccessWhenChildDeletedAndNoACLExist() throws IOException { @DisplayName("Should deny access when a child node is deleted and No D - fine grained ACL") void shouldDenyAccessWhenChildDeletedAndNoACLExistForChildField() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("Addresses") - .withRole(ROLE_IN_USER_ROLES) - .withDelete(false) + .listElementCode("Addresses") + .accessProfile(ROLE_IN_USER_ROLES) + .delete(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1319,14 +1319,14 @@ void shouldDenyAccessWhenChildDeletedAndNoACLExistForChildField() throws IOExcep @DisplayName("Should grant access to add new child if child has the required ACLs - whole node deleted") void shouldGrantAccessToNewChildIfChildrenHasAccessFineGrained() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Notes.Tags") - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + .listElementCode("Notes.Tags") + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1350,14 +1350,14 @@ void shouldGrantAccessToNewChildIfChildrenHasAccessFineGrained() throws IOExcept @DisplayName("Should deny access to add new child if child has the required ACLs - whole node deleted") void shouldDenyAccessToNewChildIfChildrenHasAccessFineGrained() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); people.setComplexACLs(asList(aComplexACL() - .withListElementCode("Notes.Tags") - .withRole(ROLE_IN_USER_ROLES) - .withDelete(false) + .listElementCode("Notes.Tags") + .accessProfile(ROLE_IN_USER_ROLES) + .delete(false) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1387,9 +1387,9 @@ class CompoundFieldComplexUnderCollectionFieldTests { + " node deleted") void shouldGrantAccessWhenNestedComplexChildDeletedAndDeleteACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1411,15 +1411,15 @@ void shouldGrantAccessWhenNestedComplexChildDeletedAndDeleteACLExists() throws I + "grained ACLs - whole node deleted") void shouldGrantAccessWhenNestedComplexChildDeletedAndFineGrainedDeleteACLExists() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); people.setComplexACLs(asList( aComplexACL() - .withListElementCode("BirthInfo") - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + .listElementCode("BirthInfo") + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1440,9 +1440,9 @@ void shouldGrantAccessWhenNestedComplexChildDeletedAndFineGrainedDeleteACLExists @DisplayName("Should be OK with empty nested complex child in new data") void shouldBeOKWithEmptyNestedComplexFieldInNewData() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1463,9 +1463,9 @@ void shouldBeOKWithEmptyNestedComplexFieldInNewData() throws IOException { @DisplayName("Should be OK with empty nested complex child in existing data") void shouldBeOKWithEmptyNestedComplexFieldInExistingData() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1486,9 +1486,9 @@ void shouldBeOKWithEmptyNestedComplexFieldInExistingData() throws IOException { @DisplayName("Should be OK with null nested complex child in new data") void shouldBeOKWithNullNestedComplexFieldInNewData() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1509,9 +1509,9 @@ void shouldBeOKWithNullNestedComplexFieldInNewData() throws IOException { @DisplayName("Should be OK with null nested complex child in existing data") void shouldBeOKWithNullNestedComplexFieldInExistingData() throws IOException { final CaseFieldDefinition people = getPeopleCollectionFieldDefinition(); - people.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + people.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); final CaseTypeDefinition caseTypeDefinition = newCaseType().withField(people).build(); @@ -1685,9 +1685,9 @@ void setup() { @Test @DisplayName("Should grant access to add completely new child if child has the required ACLs") void shouldGrantAccessToNewChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1705,9 +1705,9 @@ void shouldGrantAccessToNewChildIfChildrenHasAccess() throws IOException { @Test @DisplayName("Should grant access to add multiple completely new children if child has the required ACLs") void shouldGrantAccessToMultipleNewChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1725,9 +1725,9 @@ void shouldGrantAccessToMultipleNewChildIfChildrenHasAccess() throws IOException @Test @DisplayName("Should grant access to add new child to existing ones if child has the required ACLs") void shouldGrantAccessToAddingNewChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(true) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(true) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1747,9 +1747,9 @@ void shouldGrantAccessToAddingNewChildIfChildrenHasAccess() throws IOException { @Test @DisplayName("Should deny access to add new child if child has the no ACLs") void shouldDenyAccessToNewChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1768,9 +1768,9 @@ void shouldDenyAccessToNewChildIfChildrenHasAccess() throws IOException { @Test @DisplayName("Should deny access to add new child to existing ones if child has the required ACLs") void shouldDenyAccessToAddingNewChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withCreate(false) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .create(false) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1790,9 +1790,9 @@ void shouldDenyAccessToAddingNewChildIfChildrenHasAccess() throws IOException { @Test @DisplayName("Should grant access to update child if child has the required ACLs") void shouldGrantAccessToUpdateChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(true) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(true) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1812,9 +1812,9 @@ void shouldGrantAccessToUpdateChildIfChildrenHasAccess() throws IOException { @Test @DisplayName("Should deny access to update child if child has no ACLs") void shouldDenyAccessToUpdateChildIfChildrenHasNoAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withUpdate(false) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .update(false) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1834,9 +1834,9 @@ void shouldDenyAccessToUpdateChildIfChildrenHasNoAccess() throws IOException { @Test @DisplayName("Should grant access to delete a child if child has the required ACLs") void shouldGrantAccessToDeleteChildIfChildrenHasAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(true) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(true) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> @@ -1856,9 +1856,9 @@ void shouldGrantAccessToDeleteChildIfChildrenHasAccess() throws IOException { @Test @DisplayName("Should deny access to delete child if child has no ACLs") void shouldDenyAccessToDeleteChildIfChildrenHasNoAccess() throws IOException { - note.setAccessControlLists(asList(anAcl() - .withRole(ROLE_IN_USER_ROLES) - .withDelete(false) + note.setAccessControlLists(asList(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLES) + .delete(false) .build())); caseTypeDefinition.getCaseFieldDefinitions().stream().forEach(caseField -> diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/TestBuildersUtil.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/TestBuildersUtil.java index 668027ce70..e2998f5529 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/TestBuildersUtil.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/TestBuildersUtil.java @@ -704,90 +704,53 @@ public CaseStateDefinition build() { } } - public static class AccessControlListBuilder { - private final AccessControlList accessControlList; - - private AccessControlListBuilder() { - this.accessControlList = new AccessControlList(); - } - - public static AccessControlListBuilder anAcl() { - return new AccessControlListBuilder(); - } - - public AccessControlListBuilder withRole(String role) { - this.accessControlList.setAccessProfile(role); - return this; - } - - public AccessControlListBuilder withCreate(boolean create) { - this.accessControlList.setCreate(create); - return this; - } - - public AccessControlListBuilder withDelete(boolean delete) { - this.accessControlList.setDelete(delete); - return this; - } - - public AccessControlListBuilder withUpdate(boolean update) { - this.accessControlList.setUpdate(update); - return this; - } - - public AccessControlListBuilder withRead(boolean read) { - this.accessControlList.setRead(read); - return this; - } - - public AccessControlList build() { - return accessControlList; - } - } - public static class ComplexACLBuilder { - private final ComplexACL complexACL; + private String listElementCode; + private String role; + private boolean create; + private boolean delete; + private boolean update; + private boolean read; private ComplexACLBuilder() { - this.complexACL = new ComplexACL(); } public static ComplexACLBuilder aComplexACL() { return new ComplexACLBuilder(); } - public ComplexACLBuilder withListElementCode(String code) { - this.complexACL.setListElementCode(code); + public ComplexACLBuilder listElementCode(String code) { + this.listElementCode = code; return this; } - public ComplexACLBuilder withRole(String role) { - this.complexACL.setAccessProfile(role); + public ComplexACLBuilder accessProfile(String role) { + this.role = role; return this; } - public ComplexACLBuilder withCreate(boolean create) { - this.complexACL.setCreate(create); + public ComplexACLBuilder create(boolean create) { + this.create = create; return this; } - public ComplexACLBuilder withDelete(boolean delete) { - this.complexACL.setDelete(delete); + public ComplexACLBuilder delete(boolean delete) { + this.delete = delete; return this; } - public ComplexACLBuilder withUpdate(boolean update) { - this.complexACL.setUpdate(update); + public ComplexACLBuilder update(boolean update) { + this.update = update; return this; } - public ComplexACLBuilder withRead(boolean read) { - this.complexACL.setRead(read); + public ComplexACLBuilder read(boolean read) { + this.read = read; return this; } public ComplexACL build() { - return complexACL; + return new ComplexACL(role, create, read, update, delete, listElementCode); } } diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/globalsearch/GlobalSearchParserTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/globalsearch/GlobalSearchParserTest.java index 7e93d5e611..e0ad1644dc 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/globalsearch/GlobalSearchParserTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/globalsearch/GlobalSearchParserTest.java @@ -11,6 +11,7 @@ import uk.gov.hmcts.ccd.config.JacksonUtils; import uk.gov.hmcts.ccd.data.casedetails.SecurityClassification; import uk.gov.hmcts.ccd.domain.model.casedataaccesscontrol.AccessProfile; +import uk.gov.hmcts.ccd.domain.model.definition.AccessControlList; import uk.gov.hmcts.ccd.domain.model.definition.CaseDetails; import uk.gov.hmcts.ccd.domain.model.definition.CaseFieldDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; @@ -37,7 +38,6 @@ import static org.mockito.Mockito.when; import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.COMPLEX; import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.TEXT; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseDetailsBuilder.newCaseDetails; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseTypeBuilder.newCaseType; @@ -94,9 +94,9 @@ void setUp() { caseTypeDefinition1 = newCaseType() .withCaseTypeId(CASE_TYPE_ID_1) .withJurisdiction(jurisdiction) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()) .withField(newCaseField().withId("caseManagementLocation") .withSC(SecurityClassification.PUBLIC.name()) @@ -112,15 +112,15 @@ void setUp() { .build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -128,9 +128,9 @@ void setUp() { caseTypeDefinition2 = newCaseType() .withCaseTypeId(CASE_TYPE_ID_2) .withJurisdiction(jurisdiction) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(false) .build()) .withField(newCaseField().withId("caseManagementLocation") .withSC(SecurityClassification.PUBLIC.name()) @@ -146,15 +146,15 @@ void setUp() { .build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -162,9 +162,9 @@ void setUp() { caseTypeDefinition3 = newCaseType() .withCaseTypeId(CASE_TYPE_ID_3) .withJurisdiction(jurisdiction) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(false) .build()) .withField(newCaseField().withId("caseManagementLocation") .withSC(SecurityClassification.PUBLIC.name()) @@ -193,9 +193,9 @@ void setUp() { .build()) .withSecurityClassification(SecurityClassification.PUBLIC) .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(anAcl() - .withRole(ROLE_IN_USER_ROLE_1) - .withRead(true) + .withAcl(AccessControlList.builder() + .accessProfile(ROLE_IN_USER_ROLE_1) + .read(true) .build()).build()) .withSecurityClassification(SecurityClassification.PUBLIC) .build(); @@ -395,9 +395,9 @@ private CaseFieldDefinition complexField(String id, .withId(id) .withFieldType(fieldType(type)) .withSC(securityClassification.name()) - .withAcl(anAcl() - .withRole(user) - .withRead(readAccess) + .withAcl(AccessControlList.builder() + .accessProfile(user) + .read(readAccess) .build()) .build(); } From 07f9f447f655a9df474e49ee6f3e046415bcbb16 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Wed, 16 Jul 2025 09:38:32 +0100 Subject: [PATCH 07/10] fix conflicts --- .../CaseSearchesViewAccessControlTest.java | 78 ------------------- 1 file changed, 78 deletions(-) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java index 2567d1992b..4e90b83f2b 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/aggregated/CaseSearchesViewAccessControlTest.java @@ -293,84 +293,6 @@ void shouldReturnFalseForFilterFieldByAuthorisationAccessOnField() { assertFalse(classUnderTest.filterFieldByAuthorisationAccessOnField(postCode)); } - @Test - void shouldReturnTrueForFilterResultsBySecurityClassification() { - final CaseFieldDefinition caseFieldDefinition1 = newCaseField().withId(CASE_FIELD_1) - .withFieldType(textFieldType()) - .withSC(SecurityClassification.PRIVATE.name()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build(); - - CaseTypeDefinition caseTypeDefinition1 = newCaseType() - .withCaseTypeId(CASE_TYPE_ID_1) - .withJurisdiction(jurisdiction) - .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build()) - .withSecurityClassification(SecurityClassification.PUBLIC) - .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build()) - .withSecurityClassification(SecurityClassification.PUBLIC) - .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build()) - .withSecurityClassification(SecurityClassification.PUBLIC) - .build(); - - mockAccessProfiles(); - - assertTrue(classUnderTest.filterResultsBySecurityClassification(caseFieldDefinition1, caseTypeDefinition1)); - } - - @Test - void shouldReturnFalseForFilterResultsBySecurityClassification() { - final CaseFieldDefinition caseFieldDefinition1 = newCaseField().withId(CASE_FIELD_1) - .withFieldType(textFieldType()) - .withSC(SecurityClassification.PUBLIC.name()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build(); - - CaseTypeDefinition caseTypeDefinition1 = newCaseType() - .withCaseTypeId(CASE_TYPE_ID_1) - .withJurisdiction(jurisdiction) - .withField(newCaseField().withId(CASE_FIELD_1).withFieldType(textFieldType()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build()) - .withSecurityClassification(SecurityClassification.PUBLIC) - .withField(newCaseField().withId(CASE_FIELD_2).withFieldType(textFieldType()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build()) - .withSecurityClassification(SecurityClassification.PUBLIC) - .withField(newCaseField().withId(CASE_FIELD_3).withFieldType(textFieldType()) - .withAcl(AccessControlList.builder() - .accessProfile(ROLE_IN_USER_ROLE_1) - .read(true) - .build()).build()) - .withSecurityClassification(SecurityClassification.PUBLIC) - .build(); - - - mockAccessProfiles(); - when(securityClassificationService.userHasEnoughSecurityClassificationForField(any(), any(), any())) - .thenReturn(false); - assertFalse(classUnderTest.filterResultsBySecurityClassification(caseFieldDefinition1, caseTypeDefinition1)); - } - private void mockAccessProfiles() { mockAccessProfiles(ROLE_IN_USER_ROLE_1, ROLE_IN_USER_ROLE_2); } From 07fff46f759e21083001db896aa1c37db64aaf34 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Mon, 29 Dec 2025 16:07:52 +0000 Subject: [PATCH 08/10] fix: failing test cases in conditional field restoration tests --- .../common/ConditionalFieldRestorerTest.java | 79 ++++++++++--------- 1 file changed, 42 insertions(+), 37 deletions(-) diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/ConditionalFieldRestorerTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/ConditionalFieldRestorerTest.java index 52d600e489..6291160a79 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/common/ConditionalFieldRestorerTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/common/ConditionalFieldRestorerTest.java @@ -34,7 +34,6 @@ import static uk.gov.hmcts.ccd.domain.model.definition.FieldTypeDefinition.DOCUMENT; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlServiceTest.ACCESS_PROFILES; import static uk.gov.hmcts.ccd.domain.service.common.AccessControlServiceTest.getTagFieldDefinition; -import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.AccessControlListBuilder.anAcl; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseFieldBuilder.newCaseField; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.CaseTypeBuilder.newCaseType; import static uk.gov.hmcts.ccd.domain.service.common.TestBuildersUtil.FieldTypeBuilder.aFieldType; @@ -168,10 +167,11 @@ private CaseFieldDefinition noteWithoutCreateAndReadPermission() { } private CaseFieldDefinition noteWithCreatePermissionWithoutReadPermission() { - AccessControlList deletePermission = new AccessControlList(); - deletePermission.setAccessProfile("caseworker-probate-loa1"); - deletePermission.setCreate(true); - deletePermission.setRead(false); + AccessControlList deletePermission = AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .build(); CaseFieldDefinition note = newCaseField() .withId("Note") @@ -206,10 +206,11 @@ private CaseFieldDefinition tagWithoutCreateAndReadPermission() { } private CaseFieldDefinition tagsWithCreatePermissionWithoutReadPermission() { - AccessControlList controlList = new AccessControlList(); - controlList.setAccessProfile("caseworker-probate-loa1"); - controlList.setCreate(true); - controlList.setRead(false); + AccessControlList controlList = AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .build(); CaseFieldDefinition tags = getTagFieldDefinition(); tags.setAccessControlLists(List.of(controlList)); @@ -367,10 +368,11 @@ private CaseFieldDefinition noteWithNestedFieldsWithoutCreateAndReadPermission() } private CaseFieldDefinition noteWithNestedFieldsWithCreateAndWithoutReadPermission() { - AccessControlList controlList = new AccessControlList(); - controlList.setAccessProfile("caseworker-probate-loa1"); - controlList.setCreate(true); - controlList.setRead(false); + AccessControlList controlList = AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .build(); CaseFieldDefinition note = noteWithNestedFieldsWithoutCreateAndReadPermission(); note.setAccessControlLists(List.of(controlList)); @@ -461,10 +463,11 @@ private CaseFieldDefinition caseCategoryFieldWithoutCreateAndReadPermission() { } private CaseFieldDefinition caseCategoryFieldWithCreateWithoutReadPermission() { - AccessControlList accessControlList = new AccessControlList(); - accessControlList.setAccessProfile("caseworker-probate-loa1"); - accessControlList.setCreate(true); - accessControlList.setRead(false); + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .build(); CaseFieldDefinition caseCategory = caseCategoryFieldWithoutCreateAndReadPermission(); caseCategory.setAccessControlLists(List.of(accessControlList)); @@ -538,10 +541,11 @@ private CaseFieldDefinition generatedCaseDocumentsFieldWithoutCreateAndReadPermi } private CaseFieldDefinition generatedCaseDocumentsFieldWithCreateWithoutReadPermission() { - AccessControlList accessControlList = new AccessControlList(); - accessControlList.setAccessProfile("caseworker-probate-loa1"); - accessControlList.setCreate(true); - accessControlList.setRead(false); + AccessControlList accessControlList = AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .build(); CaseFieldDefinition document = generatedCaseDocumentsFieldWithoutCreateAndReadPermission(); document.setAccessControlLists(List.of(accessControlList)); @@ -2470,12 +2474,12 @@ void shouldAddMissingDocumentNodeToDocumentCollectionWithCreateWithoutRead() { .build()) .build()) .withOrder(1) - .withAcl(anAcl() - .withRole("caseworker-probate-loa1") - .withCreate(true) - .withUpdate(false) - .withDelete(false) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .update(false) + .delete(false) .build()) .build(); Map newData = getJsonMapNode(""" @@ -2579,12 +2583,12 @@ void shouldDoNothingWhenMissingDocumentSubFieldWithoutCreateWithoutRead() { .build()) .build()) .withOrder(1) - .withAcl(anAcl() - .withRole("caseworker-probate-loa1") - .withCreate(false) - .withUpdate(false) - .withDelete(false) - .withRead(false) + .withAcl(AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(false) + .read(false) + .update(false) + .delete(false) .build()) .build(); Map newData = getJsonMapNode(""" @@ -3958,10 +3962,11 @@ private CaseTypeDefinition caseDefinitionWithNestedList() { } private CaseTypeDefinition caseTypeDefinitionWithNestedListWithCreatePermissionWithoutReadPermission() { - AccessControlList controlList = new AccessControlList(); - controlList.setAccessProfile("caseworker-probate-loa1"); - controlList.setCreate(true); - controlList.setRead(false); + AccessControlList controlList = AccessControlList.builder() + .accessProfile("caseworker-probate-loa1") + .create(true) + .read(false) + .build(); CaseTypeDefinition caseTypeDefinition = caseDefinitionWithNestedList(); caseTypeDefinition.getCaseFieldDefinitions().getFirst().setAccessControlLists(List.of(controlList)); From 0d3f4e6af2add36aadddd528db7aa9c2d9e35a73 Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Tue, 30 Dec 2025 16:47:48 +0000 Subject: [PATCH 09/10] refactor: replace deprecated JWT methods with updated implementation and enhance token validation logic --- .../resources/application.properties | 2 +- .../uk/gov/hmcts/ccd/ApplicationParams.java | 8 ++++ .../service/callbacks/EventTokenService.java | 24 +++++------ src/main/resources/application.properties | 4 +- .../callbacks/EventTokenServiceTest.java | 40 ++++++++++++++----- .../endpoint/std/CaseDetailsEndpointIT.java | 1 - 6 files changed, 53 insertions(+), 26 deletions(-) diff --git a/src/contractTest/resources/application.properties b/src/contractTest/resources/application.properties index 33aff8980d..f34ec41090 100644 --- a/src/contractTest/resources/application.properties +++ b/src/contractTest/resources/application.properties @@ -56,7 +56,7 @@ ccd.user-profile.host=${USER_PROFILE_HOST:http://localhost:4453} case_document_am.url=${CASE_DOCUMENT_AM_URL:http://localhost:4455} ccd.case-document-am-api.attachDocumentEnabled=${CASE_DOCUMENT_AM_API_ATTACH_DOCUMENT_ENABLED:true} -ccd.token.secret=${DATA_STORE_TOKEN_SECRET:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA} +ccd.token.secret=${DATA_STORE_TOKEN_SECRET:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA} #callback timeouts - comma separated integers in seconds ccd.callback.retries=1,5,10 diff --git a/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java b/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java index 61570b7195..bcf297671f 100644 --- a/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java +++ b/src/main/java/uk/gov/hmcts/ccd/ApplicationParams.java @@ -406,6 +406,14 @@ public List getCallbackRetries() { return callbackRetries; } + public String getCaseDocumentAmUrl() { + return caseDocumentAmUrl; + } + + public boolean isDocumentSanitiserCaseDocAMEnable() { + return documentSanitiserCaseDocumentAMEnabled; + } + public String getDocumentURLPattern() { return documentURLPattern; } diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java index e4583f3a69..8aa392225b 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenService.java @@ -1,5 +1,6 @@ package uk.gov.hmcts.ccd.domain.service.callbacks; +import io.jsonwebtoken.JwtException; import uk.gov.hmcts.ccd.ApplicationParams; import uk.gov.hmcts.ccd.domain.model.callbacks.EventTokenProperties; import uk.gov.hmcts.ccd.domain.model.definition.CaseDetails; @@ -18,12 +19,9 @@ import com.google.common.collect.Maps; import io.jsonwebtoken.Claims; -import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.SignatureAlgorithm; -import io.jsonwebtoken.SignatureException; -import io.jsonwebtoken.impl.TextCodec; import io.jsonwebtoken.security.Keys; +import io.jsonwebtoken.io.Decoders; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -37,7 +35,7 @@ public class EventTokenService { } private final RandomKeyGenerator randomKeyGenerator; - private final String tokenSecret; + private final SecretKey secretKey; private final CaseService caseService; private final boolean isValidateTokenClaims; @@ -47,7 +45,8 @@ public EventTokenService(final RandomKeyGenerator randomKeyGenerator, final ApplicationParams applicationParams, final CaseService caseService) { this.randomKeyGenerator = randomKeyGenerator; - this.tokenSecret = applicationParams.getTokenSecret(); + byte[] keyBytes = Decoders.BASE64.decode(applicationParams.getTokenSecret()); + this.secretKey = Keys.hmacShaKeyFor(keyBytes); this.isValidateTokenClaims = applicationParams.isValidateTokenClaims(); this.caseService = caseService; } @@ -66,10 +65,10 @@ public String generateToken(final String uid, final JurisdictionDefinition jurisdictionDefinition, final CaseTypeDefinition caseTypeDefinition) { return Jwts.builder() - .setId(randomKeyGenerator.generate()) - .setSubject(uid) - .setIssuedAt(new Date()) - .signWith(SignatureAlgorithm.HS256, TextCodec.BASE64.encode(tokenSecret)) + .id(randomKeyGenerator.generate()) + .subject(uid) + .issuedAt(new Date()) + .signWith(secretKey) .claim(EventTokenProperties.CASE_ID, caseDetails.getId()) .claim(EventTokenProperties.EVENT_ID, event.getId()) .claim(EventTokenProperties.CASE_TYPE_ID, caseTypeDefinition.getId()) @@ -83,9 +82,8 @@ public String generateToken(final String uid, public EventTokenProperties parseToken(final String token) { try { - SecretKey key = Keys.hmacShaKeyFor(tokenSecret.getBytes()); final Claims claims = Jwts.parser() - .verifyWith(key) + .verifyWith(secretKey) .build() .parseSignedClaims(token) .getPayload(); @@ -101,7 +99,7 @@ public EventTokenProperties parseToken(final String token) { toString(claims.get(EventTokenProperties.ENTITY_VERSION)), toString(claims.get(EventTokenProperties.CASE_REVISION))); - } catch (ExpiredJwtException | SignatureException e) { + } catch (JwtException e) { throw new EventTokenException("Token is not valid: " + e.getMessage()); } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 46847c1396..f4e788d6dd 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,4 +1,4 @@ -server.port=4452 + server.port=4452 server.servlet.contextPath= server.compression.enabled=true @@ -71,7 +71,7 @@ case_document_am.url=${CASE_DOCUMENT_AM_URL:http://localhost:4455} ccd.case-document-am-api.attachDocumentEnabled=${CASE_DOCUMENT_AM_API_ATTACH_DOCUMENT_ENABLED:true} document.sanitiser.case-document-am-api.enabled=${DOCUMENT_SANITISER_CASE_DOC_AM_API_ENABLED:false} -ccd.token.secret=${DATA_STORE_TOKEN_SECRET:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA} +ccd.token.secret=${DATA_STORE_TOKEN_SECRET:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA} #callback timeouts - comma separated integers in seconds ccd.callback.retries=1,5,10 diff --git a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java index 0574bdba8d..29b959cdb3 100644 --- a/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java +++ b/src/test/java/uk/gov/hmcts/ccd/domain/service/callbacks/EventTokenServiceTest.java @@ -12,7 +12,6 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import uk.gov.hmcts.ccd.ApplicationParams; @@ -21,12 +20,14 @@ import uk.gov.hmcts.ccd.domain.model.definition.CaseEventDefinition; import uk.gov.hmcts.ccd.domain.model.definition.CaseTypeDefinition; import uk.gov.hmcts.ccd.domain.model.definition.JurisdictionDefinition; +import uk.gov.hmcts.ccd.domain.service.common.CaseService; import uk.gov.hmcts.ccd.endpoint.exceptions.BadRequestException; import uk.gov.hmcts.ccd.endpoint.exceptions.EventTokenException; +import uk.gov.hmcts.ccd.infrastructure.RandomKeyGenerator; class EventTokenServiceTest { - @InjectMocks + public static final String TEST_TOKEN_SECRET = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; private EventTokenService eventTokenService; @Mock @@ -44,6 +45,12 @@ class EventTokenServiceTest { @Mock private CaseTypeDefinition caseTypeDefinition; + @Mock + private RandomKeyGenerator randomKeyGenerator; + + @Mock + private CaseService caseService; + private String token; private String uid; private EventTokenProperties eventTokenProperties; @@ -54,11 +61,17 @@ class EventTokenServiceTest { @BeforeEach public void setUp() { openMocks = MockitoAnnotations.openMocks(this); + + when(applicationParams.getTokenSecret()) + .thenReturn(TEST_TOKEN_SECRET); + when(applicationParams.isValidateTokenClaims()).thenReturn(true); + + // Now construct the service with mocked dependencies + eventTokenService = new EventTokenService(randomKeyGenerator, applicationParams, caseService); + token = "token"; uid = "userId"; - when(applicationParams.getTokenSecret()).thenReturn("secretKey"); - eventTokenProperties = new EventTokenProperties( uid, "caseId", @@ -67,6 +80,7 @@ public void setUp() { "caseTypeId", "version", "caseState", + "1", "1" ); } @@ -116,6 +130,7 @@ public void testValidateToken_ValidTokenAllConditionsMetWithNullValues() { null, "version", "caseState", + "1", "1" ); @@ -143,6 +158,7 @@ public void testValidateToken_ValidTokenConditionMetWithNullEventId() { "caseTypeId", "version", "caseState", + "1", "1" ); @@ -170,6 +186,7 @@ public void testValidateToken_ValidTokenConditionMetWithNullCaseId() { "caseTypeId", "version", "caseState", + "1", "1" ); @@ -197,6 +214,7 @@ public void testValidateToken_ValidTokenConditionMetWithNullJurisdictionId() { "caseTypeId", "version", "caseState", + "1", "1" ); @@ -224,6 +242,7 @@ public void testValidateToken_ValidTokenConditionMetWithNullCaseTypeId() { null, "version", "caseState", + "1", "1" ); @@ -251,6 +270,7 @@ public void testValidateToken_ValidTokenConditionMetWithNullUid() { "caseTypeId", "version", "caseState", + "1", "1" ); @@ -331,9 +351,7 @@ public void testValidateToken_InvalidTokenConditionsCaseTypeIdNotMet() { @Test public void testValidateToken_InvalidTokenConditionsUidNotMet() { - when(applicationParams.isValidateTokenClaims()).thenReturn(true); - EventTokenService spyEventTokenService = spy(new EventTokenService(null, - applicationParams, null)); + EventTokenService spyEventTokenService = spy(eventTokenService); when(event.getId()).thenReturn("eventId"); when(caseDetails.getId()).thenReturn("caseId"); @@ -349,6 +367,8 @@ public void testValidateToken_InvalidTokenConditionsUidNotMet() { @Test public void testValidateToken_DoNothingWhenValidateClaimIsFalseForInvalidTokenConditionsUidNotMet() { + when(applicationParams.isValidateTokenClaims()).thenReturn(false); + EventTokenService spyEventTokenService = spy(new EventTokenService(null, applicationParams, null)); @@ -384,7 +404,8 @@ public void testValidateToken_NonNullEntityVersion() { "caseTypeId", "version", "caseState", - "2" + "2", + "1" ); doReturn(propertiesWithVersion).when(spyEventTokenService).parseToken(token); @@ -411,7 +432,8 @@ public void testValidateToken_NullEntityVersion() { "caseTypeId", "version", "caseState", - null + null, + "1" ); doReturn(propertiesWithVersion).when(spyEventTokenService).parseToken(token); diff --git a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java index 42d24263c8..d57a9e1505 100644 --- a/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java +++ b/src/test/java/uk/gov/hmcts/ccd/endpoint/std/CaseDetailsEndpointIT.java @@ -78,7 +78,6 @@ import static org.hamcrest.Matchers.hasProperty; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.in; -import static org.hamcrest.collection.IsIn.isIn; import static org.hamcrest.core.Every.everyItem; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; From e18aa793ff1b74f65edcad09f2620544c0ee5a4e Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Fri, 2 Jan 2026 12:55:25 +0000 Subject: [PATCH 10/10] combine ccd-6395 and ccd-4311 --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index f4e788d6dd..f1b26b6446 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,4 +1,4 @@ - server.port=4452 +server.port=4452 server.servlet.contextPath= server.compression.enabled=true