diff --git a/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/ProfessionalInternalUserFunctionalTest.java b/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/ProfessionalInternalUserFunctionalTest.java index 82c1179593..c52ff324ec 100644 --- a/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/ProfessionalInternalUserFunctionalTest.java +++ b/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/ProfessionalInternalUserFunctionalTest.java @@ -154,6 +154,7 @@ public void setUpTestData() { roles.add(puiCaseManager); roles.add(puiOrgManager); roles.add(puiFinanceManager); + roles.add(hmctsAdmin); idamOpenIdClient.createUser(roles, invitedUserEmail, "firstName", "lastName"); } @@ -622,7 +623,7 @@ void updateOrgMfaShouldReturn403WhenToggledOff() { log.info("updateOrgMFAShouldReturn403 :: END"); } - public void updateOrgStatusScenarios() { + public void updateOrgStatusScenarios() { updateOrgStatusShouldBeSuccess(); } @@ -785,7 +786,7 @@ void findOrganisationsWithPaginationShouldReturnSuccess() { log.info("findOrganisationsWithPaginationShouldReturnSuccess :: STARTED"); professionalApiClient.createOrganisation(); Map organisations = professionalApiClient - .retrieveAllOrganisationsWithPagination(hmctsAdmin, "1", "2"); + .retrieveAllOrganisationsWithPagination(hmctsAdmin, "1", "2"); assertThat(organisations).isNotNull().hasSize(2); @@ -1231,4 +1232,70 @@ private static List> sortByValue(final List (String) map.get(key))) .collect(Collectors.toList()); } + + @Test + @DisplayName("Delete PBA for existing Organisation Forbidden") + @SuppressWarnings("checkstyle:AbbreviationAsWordInName") + void deletePbaOfExistingOrganisationShouldBeForbiddenWhenLDOff() { + log.info("deletePbaOfExistingOrganisationShouldBeForbiddenWhenLDOff :: STARTED"); + + PbaRequest deletePbaRequest = new PbaRequest(); + deletePbaRequest.setPaymentAccounts(Set.of("PBA0000021", "PBA0000022", "PBA0000023")); + + professionalApiClient.deletePaymentAccountsOfOrganisationInternal(deletePbaRequest, + professionalApiClient.getMultipleAuthHeadersWithGivenRole("pui-user-manager"), + intActiveOrgId,FORBIDDEN); + + log.info("deletePbaOfExistingOrganisationShouldBeForbiddenWhenLDOff :: END"); + } + + + @Test + @DisplayName("Delete PBA for existing Organisation") + void deletePbaOfExistingOrganisationShouldBeSuccess() { + log.info("deletePbaOfExistingOrganisationShouldBeSuccess :: STARTED"); + superUserEmail = generateRandomEmail(); + invitedUserEmail = generateRandomEmail(); + organisationCreationRequest = createOrganisationRequest() + .superUser(aUserCreationRequest() + .firstName("firstName") + .lastName("lastName") + .email(superUserEmail) + .build()) + .build(); + intActiveOrgId = createAndUpdateOrganisationToActive(hmctsAdmin, organisationCreationRequest); + + List roles = new ArrayList<>(); + roles.add(puiCaseManager); + roles.add(puiOrgManager); + roles.add(puiFinanceManager); + roles.add(hmctsAdmin); + Map userResponse = idamOpenIdClient.createUser(roles, invitedUserEmail, + "firstName", "lastName"); + String activeUserId = (String) userResponse.get("userIdentifier"); + + UserProfileUpdatedData userProfileUpdatedData = new UserProfileUpdatedData(); + userProfileUpdatedData.setIdamStatus("ACTIVE"); + userProfileUpdatedData.setEmail(invitedUserEmail); + userProfileUpdatedData.setFirstName("firstName"); + userProfileUpdatedData.setLastName("lastName"); + Map modifiedUserResponse = professionalApiClient + .modifyUserToExistingUserForPrdAdmin(HttpStatus.OK, userProfileUpdatedData, intActiveOrgId, + activeUserId); + + PbaRequest deletePbaRequest = new PbaRequest(); + deletePbaRequest.setPaymentAccounts(organisationCreationRequest.getPaymentAccount()); + + professionalApiClient.deletePaymentAccountsOfOrganisationInternal(deletePbaRequest, + professionalApiClient.getMultipleAuthHeadersInternal(),intActiveOrgId, NO_CONTENT); + + JsonPath jsonPath = professionalApiClient.retrieveOrganisationDetails(intActiveOrgId, hmctsAdmin, OK); + assertThat(jsonPath).isNotNull(); + var paymentAccounts = (List) jsonPath.get("paymentAccount"); + + assertThat(paymentAccounts).isEmpty(); + log.info("deletePbaOfExistingOrganisationShouldBeSuccess :: END"); + } + } + diff --git a/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/client/ProfessionalApiClient.java b/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/client/ProfessionalApiClient.java index f9801c26d2..d968a51b43 100644 --- a/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/client/ProfessionalApiClient.java +++ b/src/functionalTest/java/uk/gov/hmcts/reform/professionalapi/client/ProfessionalApiClient.java @@ -1579,7 +1579,7 @@ private RequestSpecification getS2sTokenHeaders() { .header(SERVICE_HEADER, "Bearer " + s2sToken); } - private RequestSpecification getMultipleAuthHeadersInternal() { + public RequestSpecification getMultipleAuthHeadersInternal() { return getMultipleAuthHeaders(idamOpenIdClient.getcwdAdminOpenIdToken("prd-admin")); } @@ -1702,6 +1702,24 @@ public void deletePaymentAccountsOfOrganisation(PbaRequest deletePbaRequest, loggingComponentName, response.getStatusCode()); } + public void deletePaymentAccountsOfOrganisationInternal(PbaRequest deletePbaRequest, + RequestSpecification requestSpecification, + String organisationIdentifier, + HttpStatus expectedStatus) { + Response response = requestSpecification + .body(deletePbaRequest) + .delete("/refdata/internal/v1/organisations/pba/" + organisationIdentifier) + .andReturn(); + + response.then() + .assertThat() + .statusCode(expectedStatus.value()); + + log.info("{}:: Delete PBA of organisation status response: {}", + loggingComponentName, response.getStatusCode()); + } + + public Object findOrganisationsByPbaStatus(HttpStatus expectedStatus, PbaStatus pbaStatus) { Response response = getMultipleAuthHeadersInternal() diff --git a/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/SuperController.java b/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/SuperController.java index a579fcb27c..6ee8ad5ef3 100644 --- a/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/SuperController.java +++ b/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/SuperController.java @@ -430,8 +430,7 @@ protected ResponseEntity> retrieveAllOrgan var organisationMinimalInfoResponses = organisations.stream() - .map(organisation -> new OrganisationMinimalInfoResponse(organisation, address)) - .collect(Collectors.toList()); + .map(organisation -> new OrganisationMinimalInfoResponse(organisation, address)).toList(); return ResponseEntity.status(200).body(organisationMinimalInfoResponses); } diff --git a/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalController.java b/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalController.java index 769bef5fb6..cbc53ce830 100644 --- a/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalController.java +++ b/src/main/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalController.java @@ -58,6 +58,11 @@ import static org.apache.commons.lang3.BooleanUtils.isNotTrue; import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; +import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.DEL_ORG_PBA_NOTES_1; +import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.DEL_ORG_PBA_NOTES_2; +import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.DEL_ORG_PBA_NOTES_3; +import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.DEL_ORG_PBA_NOTES_4; +import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.DEL_ORG_PBA_NOTES_5; import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.ORGANISATION_IDENTIFIER_FORMAT_REGEX; import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.ORG_ID_VALIDATION_ERROR_MESSAGE; import static uk.gov.hmcts.reform.professionalapi.controller.constants.ProfessionalApiConstants.ORG_NOT_ACTIVE; @@ -697,6 +702,68 @@ public ResponseEntity retrieveOrganisationByUserId( return organisationService.retrieveOrganisationByUserId(userId); } + + + @Operation( + summary = "Deletes the provided list of payment accounts from the organisation (internal api).", + description = "IDAM Roles to access API :
- prd-admin", + security = { + @SecurityRequirement(name = "ServiceAuthorization"), + @SecurityRequirement(name = "Authorization") + } + ) + @ApiResponse( + responseCode = "204", + description = "Successfully deleted the list of payment accounts from the provided organisation.", + content = @Content + ) + @ApiResponse( + responseCode = "400", + description = DEL_ORG_PBA_NOTES_1 + DEL_ORG_PBA_NOTES_2 + DEL_ORG_PBA_NOTES_3 + + DEL_ORG_PBA_NOTES_4 + DEL_ORG_PBA_NOTES_5, + content = @Content + ) + @ApiResponse( + responseCode = "401", + description = "Unauthorized Error : " + + "The requested resource is restricted and requires authentication", + content = @Content + ) + @ApiResponse( + responseCode = "403", + description = "Forbidden Error: " + + "Access denied for either invalid permissions or user is pending", + content = @Content + ) + @ApiResponse( + responseCode = "404", + description = "Resource Not Found Error: The Organisation does not exist" + + " to delete Payment Accounts from", + content = @Content + ) + @ApiResponse( + responseCode = "500", + description = "Internal Server Error", + content = @Content + ) + + @DeleteMapping( + value = "/pba/{orgId}" + ) + @ResponseStatus(value = HttpStatus.NO_CONTENT) + @ResponseBody + @Secured("prd-admin") + public void deletePaymentAccountsForOrganisation( + @io.swagger.v3.oas.annotations.parameters.RequestBody(description = "deletePbaRequest") + @Valid @NotNull @RequestBody PbaRequest deletePbaRequest, + @PathVariable("orgId") @NotBlank String organisationIdentifier, + @Parameter(hidden = true) @UserId String userId) { + + deletePaymentAccountsOfGivenOrganisation(deletePbaRequest, organisationIdentifier, userId); + + } + + @Operation( summary = "Retrieves Organisations by Organisation Profile IDs", description = "**Bearer token not required to access API. Only a valid s2s token**", @@ -704,7 +771,6 @@ public ResponseEntity retrieveOrganisationByUserId( @SecurityRequirement(name = "ServiceAuthorization") } ) - @ApiResponse( responseCode = "200", description = "List of matching organisations", @@ -745,4 +811,6 @@ public ResponseEntity retrieveOrganisationsByProfileIds( .status(HttpStatus.OK) .body(response); } + + } diff --git a/src/test/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalControllerTest.java b/src/test/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalControllerTest.java index bfb9a7ca1c..3c6f6fd830 100644 --- a/src/test/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalControllerTest.java +++ b/src/test/java/uk/gov/hmcts/reform/professionalapi/controller/internal/OrganisationInternalControllerTest.java @@ -109,6 +109,9 @@ class OrganisationInternalControllerTest { private List prdEnumList; private ProfessionalUser professionalUser; + private OrganisationIdentifierValidatorImpl organisationIdentifierValidatorImplMock; + + private NewUserCreationRequest newUserCreationRequest; private UserProfileFeignClient userProfileFeignClient; private DeleteOrganisationResponse deleteOrganisationResponse; @@ -572,4 +575,43 @@ void testRetrieveOrgByPbaStatus() { .getOrganisationsByPbaStatus(pbaStatus.toString()); } + + @Test + void testDeletePaymentAccounts() { + PbaRequest deletePbaRequest = new PbaRequest(); + var accountsToDelete = new HashSet(); + accountsToDelete.add("PBA1234567"); + deletePbaRequest.setPaymentAccounts(accountsToDelete); + final List paymentAccounts = new ArrayList<>(); + paymentAccounts.add(new PaymentAccount()); + organisation.setPaymentAccounts(paymentAccounts); + when(organisationServiceMock.getOrganisationByOrgIdentifier(anyString())).thenReturn(organisation); + + String orgId = UUID.randomUUID().toString().substring(0, 7); + String userId = UUID.randomUUID().toString(); + organisationInternalController + .deletePaymentAccountsForOrganisation(deletePbaRequest, orgId, userId); + + verify(professionalUserServiceMock, times(1)) + .checkUserStatusIsActiveByUserId(anyString()); + verify(orgIdValidatorMock, times(1)) + .validateOrganisationIsActive(any(Organisation.class), any(HttpStatus.class)); + verify(paymentAccountServiceMock, times(1)) + .deletePaymentsOfOrganisation(any(PbaRequest.class), any(Organisation.class)); + + } + + + @Test + void test_deletePaymentAccounts_NoPaymentAccountsPassed() { + PbaRequest deletePbaRequest = new PbaRequest(); + var accountsToDelete = new HashSet(); + deletePbaRequest.setPaymentAccounts(accountsToDelete); + String orgId = UUID.randomUUID().toString().substring(0, 7); + String userId = UUID.randomUUID().toString(); + assertThrows(InvalidRequest.class,() -> + organisationInternalController + .deletePaymentAccountsForOrganisation(deletePbaRequest, orgId, userId)); + + } }