Role search now returns IsRestricted (#20)

Altinn · Nov 22, 2024 · e73b4ea · e73b4ea
1 parent 37804f5
commit e73b4ea
Show file tree

Hide file tree

Showing 7 changed files with 136 additions and 14 deletions.
diff --git a/src/oed-authz/Controllers/AuthorizationController.cs b/src/oed-authz/Controllers/AuthorizationController.cs
@@ -123,7 +123,8 @@ private async Task<RolesSearchResponseDto> HandleRequest(RolesSearchRequestDto r
                     EstateSsn = pipRoleAssignment.EstateSsn,
                     RecipientSsn = pipRoleAssignment.RecipientSsn,
                     Role = pipRoleAssignment.RoleCode,
-                    Created = pipRoleAssignment.Created
+                    Created = pipRoleAssignment.Created,
+                    IsRestricted = pipRoleAssignment.IsRestricted
                 }).ToList();
 
         var rolesSearchResponseDto = new RolesSearchResponseDto()

diff --git a/src/oed-authz/Models/Dto/RoleAssignmentDto.cs b/src/oed-authz/Models/Dto/RoleAssignmentDto.cs
@@ -6,4 +6,5 @@ public class RoleAssignmentDto
     public string RecipientSsn { get; set; } = null!;
     public string Role { get; set; } = null!;
     public DateTimeOffset Created { get; set; }
+    public bool IsRestricted { get; set; }
 }
diff --git a/src/oed-authz/Models/PipRoleAssignment.cs b/src/oed-authz/Models/PipRoleAssignment.cs
@@ -12,4 +12,5 @@ public class PipRoleAssignment
     public string RecipientSsn { get; init; } = string.Empty;
 
     public DateTimeOffset Created { get; set; }
+    public bool IsRestricted { get; set; }
 }
diff --git a/src/oed-authz/Services/PipService.cs b/src/oed-authz/Services/PipService.cs
@@ -1,5 +1,6 @@
 using oed_authz.Interfaces;
 using oed_authz.Models;
+using oed_authz.Settings;
 
 namespace oed_authz.Services;
 public class PipService(IRoleAssignmentsRepository repository) 
@@ -18,23 +19,30 @@ public async Task<PipResponse> HandlePipRequest(PipRequest pipRequest)
             throw new ArgumentException($"Invalid {nameof(pipRequest.RecipientSsn)}", nameof(pipRequest));
         }
 
+        // Fetch all roles for the estate and check if there are any assignments with the probate role
+        var estateRoleAssignments = await repository.GetRoleAssignmentsForEstate(pipRequest.EstateSsn);
+        var isProbateIssued = estateRoleAssignments.Any(ra => ra.RoleCode == Constants.ProbateRoleCode);
+
+        // Filter the role assignments based on the pipRequest
         var roleAssignments = pipRequest.RecipientSsn is not null
-            ? await repository.GetRoleAssignmentsForPerson(pipRequest.EstateSsn, pipRequest.RecipientSsn)
-            : await repository.GetRoleAssignmentsForEstate(pipRequest.EstateSsn);
+            ? estateRoleAssignments.Where(ra => ra.RecipientSsn == pipRequest.RecipientSsn)
+            : estateRoleAssignments;
 
-        return new PipResponse { 
+        return new PipResponse
+        {
             EstateSsn = pipRequest.EstateSsn,
             RoleAssignments = roleAssignments
-            .Select(result => new PipRoleAssignment
-            {
-                Id = result.Id,
-                EstateSsn = result.EstateSsn,
-                RoleCode = result.RoleCode,
-                Created = result.Created,
-                HeirSsn = result.HeirSsn,
-                RecipientSsn = result.RecipientSsn
-            })
-            .ToList()
+                .Select(result => new PipRoleAssignment
+                {
+                    Id = result.Id,
+                    EstateSsn = result.EstateSsn,
+                    RoleCode = result.RoleCode,
+                    Created = result.Created,
+                    HeirSsn = result.HeirSsn,
+                    RecipientSsn = result.RecipientSsn,
+                    IsRestricted = isProbateIssued && !Constants.ProbateAndProxyRoles.Contains(result.RoleCode)
+                })
+                .ToList()
         };
     }
 }
diff --git a/src/oed-authz/Settings/Constants.cs b/src/oed-authz/Settings/Constants.cs
@@ -22,5 +22,7 @@ public static class Constants
     public const string CollectiveProxyRoleCode = "urn:altinn:digitaltdodsbo:skiftefullmakt:kollektiv";
     public const string ProbateRoleCode = "urn:domstolene:digitaltdodsbo:skifteattest";
     public const string FormuesfullmaktRoleCode = "urn:domstolene:digitaltdodsbo:formuesfullmakt";
+
+    public static IReadOnlyCollection<string> ProbateAndProxyRoles => [ProbateRoleCode, IndividualProxyRoleCode, CollectiveProxyRoleCode];
 }
 
diff --git a/test/oed-authz.UnitTests/Controllers/AuthorizationControllerTests.cs b/test/oed-authz.UnitTests/Controllers/AuthorizationControllerTests.cs
@@ -0,0 +1,71 @@
+using oed_authz.Controllers;
+using FakeItEasy;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc;
+using oed_authz.Interfaces;
+using oed_authz.Models;
+using oed_authz.Models.Dto;
+using oed_authz.Settings;
+
+namespace oed_authz.UnitTests.Controllers
+{
+    public class AuthorizationControllerTests
+    {
+        private readonly IPolicyInformationPointService _fakePipService = A.Fake<IPolicyInformationPointService>();
+        private readonly IProxyManagementService _fakeProxyManagementService = A.Fake<IProxyManagementService>();
+
+        public AuthorizationControllerTests()
+        {
+            A.CallTo(() => _fakePipService.HandlePipRequest(A<PipRequest>._))
+                .ReturnsLazily((call) =>
+                {
+                    var pipRequest = call.Arguments.Get<PipRequest>("pipRequest")!;
+                    return Task.FromResult(new PipResponse
+                    {
+                        EstateSsn = pipRequest.EstateSsn,
+                        RoleAssignments =
+                        [
+                            new PipRoleAssignment
+                            {
+                                EstateSsn = pipRequest.EstateSsn,
+                                Id = 100,
+                                RecipientSsn = "12345678901",
+                                RoleCode = Constants.ProbateRoleCode,
+                                Created = DateTimeOffset.UtcNow
+                            },
+                            new PipRoleAssignment
+                            {
+                                EstateSsn = pipRequest.EstateSsn,
+                                Id = 100,
+                                RecipientSsn = "12345678902",
+                                RoleCode = Constants.FormuesfullmaktRoleCode,
+                                Created = DateTimeOffset.UtcNow,
+                                IsRestricted = true
+                            }
+                        ]
+                    });
+                });
+        }
+
+        [Fact]
+        public async Task GetRoles_IsRestrictedAreMappepCorrectlyInResponse()
+        {   
+            // Arrange
+            var sut = new AuthorizationController(_fakePipService, _fakeProxyManagementService);
+
+            // Act
+            var mvcResult = await sut.GetRoles(new RolesSearchRequestDto { EstateSsn = "11111111111" });
+
+            // Assert
+            mvcResult.Result.Should().BeOfType<OkObjectResult>();
+            var okResult = mvcResult.Result as OkObjectResult;
+            okResult?.Value.Should().NotBeNull();
+            var response = okResult!.Value as RolesSearchResponseDto;
+            response.Should().NotBeNull();
+
+            response!.RoleAssignments.Should().HaveCount(2);
+            response.RoleAssignments.Should().ContainSingle(ra => ra.IsRestricted == false).Which.RecipientSsn.Should().Be("12345678901");
+            response.RoleAssignments.Should().ContainSingle(ra => ra.IsRestricted == true).Which.RecipientSsn.Should().Be("12345678902");
+        }
+    }
+}
diff --git a/test/oed-authz.UnitTests/Services/PipServiceTests.cs b/test/oed-authz.UnitTests/Services/PipServiceTests.cs
@@ -139,4 +139,42 @@ await act.Should()
                 e.ParamName == "pipRequest");
     }
 
+    [Fact]
+    public async Task HandlePipRequest_When_ProbateIsIssued_And_SomeHeirsDoNotHaveProbateRole_Should_ReturnResultWithIsRestricted()
+    {
+        // Arrange
+        A.CallTo(() => _fakeRepository.GetRoleAssignmentsForEstate(A<string>._))
+            .ReturnsLazily((call) =>
+            {
+                var estateSsn = call.Arguments.Get<string>("estateSsn")!;
+                var factory = new RoleAssignmentFactory(estateSsn);
+
+                return Task.FromResult(new List<RoleAssignment>
+                {
+                    factory.ProbateRole("12345678900"),
+                    factory.ProbateRole("12345678901"),
+                    factory.ProbateRole("12345678902"),
+                    factory.FormuesfulmaktRole("12345678903"),
+                    factory.IndividualProxyRole("12345678902", "12345678900"),
+                    factory.CollectiveProxyRole("98765432100"),
+                });
+            });
+
+        var pipRequest = new PipRequest
+        {
+            EstateSsn = "11111111111"!
+        };
+
+        var sut = new PipService(_fakeRepository);
+
+        // Act
+        var result = await sut.HandlePipRequest(pipRequest);
+
+        // Assert
+        result.RoleAssignments.Should().HaveCount(6);
+        result.RoleAssignments
+            .Should().ContainSingle(ra => ra.IsRestricted == true)
+            .Which.RecipientSsn.Should().Be("12345678903");
+    }
+
 }