Restricted case access

api/roleAccess/index.ts

@@ -21,7 +21,8 @@ import {
 import { getEmail, getJudicialUsersFromApi, getUserName, mapRoleCategory } from './exclusionService';
 import { CaseRoleRequestPayload } from './models/caseRoleRequestPayload';
 import { release2ContentType } from './models/release2ContentType';
-import { getSubstantiveRoles } from './roleAssignmentService';
+import { Role } from './models/roleType';
+import { getAllRoles, getSubstantiveRoles } from './roleAssignmentService';
 
 const baseRoleAccessUrl = getConfigValue(SERVICES_ROLE_ASSIGNMENT_API_PATH);
 const SUPPORTED_ROLE_CATEGORIES = ['LEGAL_OPERATIONS', 'JUDICIAL', 'CTSC', 'ADMIN'];
@@ -55,7 +56,7 @@ export async function getRolesByCaseId(req: EnhancedRequest, res: Response, next
   }
 }
 
-export async function getAccessRolesByCaseId(req: EnhancedRequest, res: Response, next: NextFunction): Promise<Response> {
+export async function getAccessRoles(req: EnhancedRequest, res: Response, next: NextFunction): Promise<Response> {
   const requestPayload = getAccessRolesRequestPayload(req.body.caseId, req.body.jurisdiction, req.body.caseType);
   const basePath = getConfigValue(SERVICES_ROLE_ASSIGNMENT_API_PATH);
   const fullPath = `${basePath}/am/role-assignments/query`;
@@ -73,6 +74,34 @@ export async function getAccessRolesByCaseId(req: EnhancedRequest, res: Response
   }
 }
 
+export async function getAccessRolesByCaseId(req: EnhancedRequest, res: Response, next: NextFunction): Promise<Response> {
+  const requestPayload = getAccessRolesRequestPayloadForCaseId(req.body.caseId);
+  const basePath = getConfigValue(SERVICES_ROLE_ASSIGNMENT_API_PATH);
+  const fullPath = `${basePath}/am/role-assignments/query`;
+  const headers = setHeaders(req, release2ContentType);
+  try {
+    const response: AxiosResponse = await http.post(fullPath, requestPayload, { headers });
+    const finalRoles: CaseRole[] = mapResponseToCaseRoles(
+      response.data.roleAssignmentResponse,
+      req.body.assignmentId,
+      req
+    );
+    if (finalRoles) {
+      const rolesResponse = await getAllRoles(req);
+      const roles = (rolesResponse.data as Role[]);
+      finalRoles?.forEach((finalRole) => {
+        const role = roles?.find((role) => role.name === finalRole.roleName);
+        if (role) {
+          finalRole.roleName = role.label;
+        }
+      });
+    }
+    return res.status(response.status).send(finalRoles);
+  } catch (error) {
+    next(error);
+  }
+}
+
 export async function getJudicialUsers(req: EnhancedRequest, res: Response, next: NextFunction): Promise<Response> {
   const userIds = req.body.userIds;
   // Ensures there are no errors when no userIds are provided
@@ -330,6 +359,18 @@ export function getAccessRolesRequestPayload(caseId: string,
   };
 }
 
+export function getAccessRolesRequestPayloadForCaseId(caseId: string): CaseRoleRequestPayload {
+  return {
+    queryRequests: [
+      {
+        attributes: {
+          caseId: [caseId]
+        }
+      }
+    ]
+  };
+}
+
 // instances of specific reason appearing as JSON from toolkit versions - this enables both possibilities
 export function getSpecificReason(note: string): string {
   if (note.charAt(0) !== '{') {

api/roleAccess/routes.ts

@@ -5,6 +5,7 @@ import {
   confirmAllocateRole,
   createSpecificAccessApprovalRole,
   deleteRoleByCaseAndRoleId,
+  getAccessRoles,
   getAccessRolesByCaseId,
   getJudicialUsers,
   getMyAccessNewCount,
@@ -27,7 +28,8 @@ router.post('/allocate-role/delete', deleteRoleByCaseAndRoleId);
 
 router.post('/allocate-role/valid-roles', getPossibleRoles);
 router.post('/roles/post', getRolesByCaseId);
-router.post('/roles/access-get', getAccessRolesByCaseId);
+router.post('/roles/access-get', getAccessRoles);
+router.post('/roles/access-get-by-caseId', getAccessRolesByCaseId);
 router.post('/roles/getJudicialUsers', getJudicialUsers);
 
 router.get('/roles/get-my-access-new-count', getMyAccessNewCount);

api/test/pact/pact-tests/rolesAccess/getAccessRolesByCaseId.spec.ts

@@ -0,0 +1,143 @@
+import { expect } from 'chai';
+import * as config from 'config';
+import * as sinon from 'sinon';
+import { mockReq, mockRes } from 'sinon-express-mock';
+import { PactTestSetup } from '../settings/provider.mock';
+import { getAccessManagementServiceAPIOverrides } from '../utils/configOverride';
+import { requireReloaded } from '../utils/moduleUtil';
+
+const { Matchers } = require('@pact-foundation/pact');
+const { somethingLike } = Matchers;
+const pactSetUp = new PactTestSetup({ provider: 'am_roleAssignment_queryAssignment', port: 8000 });
+
+const caseId = '12345';
+
+describe.skip('getAccessRolesByCaseId - access management service, query role assignments', () => {
+  const REQUEST_BODY = {
+    queryRequests: [
+      {
+        attributes: {
+          caseId: [somethingLike('12345')]
+        }
+      }
+    ]
+  };
+  const RESPONSE_BODY = {
+    roleAssignmentResponse: [
+      {
+        id: somethingLike('b83acc2f-6720-4cf9-a1f8-52367c35963d'),
+        actorIdType: somethingLike('IDAM'),
+        actorId: somethingLike('271ebdd4-f757-492d-b57f-101b8e47c90e'),
+        roleType: somethingLike('CASE'),
+        roleName: somethingLike('case-manager'),
+        classification: somethingLike('PUBLIC'),
+        grantType: somethingLike('SPECIFIC'),
+        roleCategory: somethingLike('LEGAL_OPERATIONS'),
+        readOnly: somethingLike(false),
+        beginTime: somethingLike('2022-09-15T23:00:00Z'),
+        created: somethingLike('2022-09-16T13:06:44.295367Z'),
+        attributes: {
+          substantive: somethingLike('Y'),
+          caseId: somethingLike('1546883526751282'),
+          jurisdiction: somethingLike('IA'),
+          caseType: somethingLike('Asylum')
+        }
+      }
+    ]
+  };
+
+  describe('post /am/role-assignments/query', () => {
+    const sandbox: sinon.SinonSandbox = sinon.createSandbox();
+    let next;
+
+    beforeEach(() => {
+      next = sandbox.spy();
+    });
+
+    before(async () => {
+      await pactSetUp.provider.setup();
+      const interaction = {
+        state: 'A list of role assignments for the search query',
+        uponReceiving: 'query role assignments for caseId',
+        withRequest: {
+          method: 'POST',
+          path: '/am/role-assignments/query',
+          headers: {
+            'Authorization': 'Bearer someAuthorizationToken',
+            'ServiceAuthorization': 'Bearer someServiceAuthorizationToken',
+            'content-type': 'application/vnd.uk.gov.hmcts.role-assignment-service.post-assignment-query-request+json;charset=UTF-8;version=2.0'
+          },
+          body: REQUEST_BODY
+        },
+        willRespondWith: {
+          status: 200,
+          headers: {
+            'content-type': 'application/vnd.uk.gov.hmcts.role-assignment-service.post-assignment-query-request+json;charset=UTF-8;version=2.0'
+          },
+          body: RESPONSE_BODY
+        }
+      };
+      // @ts-ignore
+      pactSetUp.provider.addInteraction(interaction);
+    });
+
+    afterEach(() => {
+      sandbox.restore();
+      sinon.reset();
+    });
+
+    it('returns the correct response', async () => {
+      const configValues = getAccessManagementServiceAPIOverrides(pactSetUp.provider.mockService.baseUrl);
+      sandbox.stub(config, 'get').callsFake((prop) => {
+        return configValues[prop];
+      });
+
+      const { getAccessRolesByCaseId } = requireReloaded('../../../../roleAccess/index');
+
+      const req = mockReq({
+        headers: {
+          'Authorization': 'Bearer someAuthorizationToken',
+          'ServiceAuthorization': 'Bearer someServiceAuthorizationToken',
+          'content-type': 'application/vnd.uk.gov.hmcts.role-assignment-service.post-assignment-query-request+json;charset=UTF-8;version=2.0'
+        },
+        body: {
+          caseId: caseId
+        }
+
+      });
+      let returnedResponse = null;
+      const response = mockRes();
+      response.send = (ret) => {
+        returnedResponse = ret;
+      };
+
+      try {
+        await getAccessRolesByCaseId(req, response, next);
+        assertResponses(returnedResponse);
+        pactSetUp.provider.verify();
+        pactSetUp.provider.finalize();
+      } catch (err) {
+        pactSetUp.provider.verify();
+        pactSetUp.provider.finalize();
+        throw new Error(err);
+      }
+    });
+  });
+});
+
+function assertResponses(dto: any) {
+  expect(dto.length).to.be.equal(1);
+  expect(dto[0].actions[0].id).to.be.equal('reallocate');
+  expect(dto[0].actions[0].title).to.be.equal('Reallocate');
+  expect(dto[0].actorId).to.be.equal('271ebdd4-f757-492d-b57f-101b8e47c90e');
+  expect(dto[0].end).to.be.equal(null);
+  expect(dto[0].id).to.be.equal('b83acc2f-6720-4cf9-a1f8-52367c35963d');
+  expect(dto[0].roleId).to.be.equal(null);
+  expect(dto[0].location).to.be.equal(null);
+  expect(dto[0].roleCategory).to.be.equal('LEGAL_OPERATIONS');
+  expect(dto[0].roleName).to.be.equal('case-manager');
+  expect(dto[0].start).to.be.equal('2022-09-15T23:00:00Z');
+  expect(dto[0].created).to.be.equal('2022-09-16T13:06:44.295367Z');
+  expect(dto[0].notes).to.be.equal('No reason for case access given');
+  expect(dto[0].requestedRole).to.be.equal(null);
+}

package.json

@@ -88,7 +88,7 @@
     "@angular/platform-browser-dynamic": "^11.2.14",
     "@angular/router": "^11.2.14",
     "@edium/fsm": "^2.1.2",
-    "@hmcts/ccd-case-ui-toolkit": "6.19.15",
+    "@hmcts/ccd-case-ui-toolkit": "6.19.15-restricted-case-access",
     "@hmcts/ccpay-web-component": "5.2.8",
     "@hmcts/frontend": "0.0.50-alpha",
     "@hmcts/media-viewer": "2.9.5",

src/app/app.constants.ts

@@ -14,6 +14,7 @@ const featureNames = {
   booking: 'mc-booking-active',
   mcHearingsFeature: 'mc-hearings-jurisdictions',
   excludedRolesForCaseTabs: 'mc-excluded-roles-case-tabs',
+  enableRestrictedCaseAccess: 'enable-restricted-case-access',
   enableCaseFileViewVersion1_1: 'enable-case-file-view-version-1-1'
 };
 

src/app/services/ccd-config/ccd-case.config.ts

@@ -55,6 +55,13 @@ export class AppConfig extends AbstractAppConfig {
       }
     });
 
+    this.featureToggleService.getValue(AppConstants.FEATURE_NAMES.enableRestrictedCaseAccess, false).subscribe({
+      next: (val) => this.config = {
+        ...this.config,
+        enable_restricted_case_access: val
+      }
+    });
+
     this.featureToggleService.getValue(AppConstants.FEATURE_NAMES.enableCaseFileViewVersion1_1, false).subscribe({
       next: (val) => this.config = {
         ...this.config,
@@ -243,6 +250,10 @@ export class AppConfig extends AbstractAppConfig {
     return this.config.case_data_store_api_url;
   }
 
+  public getEnableRestrictedCaseAccessConfig(): boolean {
+    return this.config.enable_restricted_case_access;
+  }
+
   public getEnableCaseFileViewVersion1_1(): boolean {
     return this.config.enable_case_file_view_version_1_1;
   }

src/cases/case-feature.routes.ts

@@ -1,24 +1,25 @@
 import { ModuleWithProviders } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
-import { CaseResolver, editorRouting, viewerRouting as caseViewRouting } from '@hmcts/ccd-case-ui-toolkit';
+import { CaseResolver, viewerRouting as caseViewRouting, editorRouting } from '@hmcts/ccd-case-ui-toolkit';
 import {
   CaseCreateSubmitComponent,
   CaseDetailsHomeComponent,
   CaseFilterComponent,
   CaseHearingsComponent,
   CaseHomeComponent,
   CaseListComponent,
-  CasesCreateComponent,
   CaseShareCompleteComponent,
   CaseShareComponent,
-  CaseShareConfirmComponent
+  CaseShareConfirmComponent,
+  CasesCreateComponent
 } from './containers';
 import { CaseLoaderComponent } from './containers/case-loader/case-loader.component';
 import { CaseSearchComponent } from './containers/case-search/case-search.component';
 import { CaseViewerContainerComponent } from './containers/case-viewer-container/case-viewer-container.component';
-import { RolesAndAccessContainerComponent
-} from './containers/roles-and-access-container/roles-and-access-container.component';
+import { RestrictedCaseAccessContainerComponent } from './containers/restricted-case-access-container/restricted-case-access-container.component';
+import { RolesAndAccessContainerComponent } from './containers/roles-and-access-container/roles-and-access-container.component';
 import { TasksContainerComponent } from './containers/tasks-container/tasks-container.component';
+import { RestrictedCaseAccessGuard } from './guards/restricted-case-access-guard';
 import { ActivityResolver } from './resolvers/activity.resolver';
 import { CreateCaseEventTriggerResolver } from './resolvers/create-case-event-trigger.resolver';
 
@@ -129,11 +130,18 @@ export const ROUTES: Routes = [
         data: {
           title: 'Case Details'
         }
+      },
+      {
+        path: 'restricted-case-access/:cid',
+        component: RestrictedCaseAccessContainerComponent,
+        canActivate: [RestrictedCaseAccessGuard],
+        data: {
+          title: 'Restricted case access'
+        }
       }
     ]
   }
 
 ];
 
 export const casesRouting: ModuleWithProviders<RouterModule> = RouterModule.forChild(ROUTES);
-

src/cases/cases.module.ts

@@ -69,6 +69,9 @@ import { CreateCaseEventTriggerResolver } from './resolvers/create-case-event-tr
 // from services
 import * as fromServices from './services';
 import { effects, reducers } from './store';
+import { RestrictedCaseAccessComponent } from './components/restricted-case-access/restricted-case-access.component';
+import { RestrictedCaseAccessContainerComponent } from './containers/restricted-case-access-container/restricted-case-access-container.component';
+import { RestrictedCaseAccessGuard } from './guards/restricted-case-access-guard';
 
 @NgModule({
   imports: [
@@ -134,7 +137,8 @@ import { effects, reducers } from './store';
     IsCompoundPipe,
     CcdCYAPageLabelFilterPipe,
     CaseFileViewService,
-    JurisdictionService
+    JurisdictionService,
+    RestrictedCaseAccessGuard
   ]
 })
 /**

src/cases/components/index.ts

@@ -4,6 +4,7 @@ import { AllocateARoleLinkComponent } from './allocate-a-role/allocate-a-role-li
 import { AlertComponent } from './case-alert/alert.component';
 import { CaseHearingsListComponent } from './case-hearings-list/case-hearings-list.component';
 import { CaseTaskComponent } from './case-task/case-task.component';
+import { RestrictedCaseAccessComponent } from './restricted-case-access/restricted-case-access.component';
 import { RoleAccessSectionComponent } from './role-access-section/role-access-section.component';
 import { RolesAndAccessComponent } from './roles-and-access/roles-and-access.component';
 import { TaskAlertBannerComponent } from './task-alert-banner/task-alert-banner.component';
@@ -17,12 +18,13 @@ export const components: any[] = [
   CaseTaskComponent,
   AllocateARoleLinkComponent,
   RoleAccessSectionComponent,
-  CaseHearingsListComponent
+  CaseHearingsListComponent,
+  RestrictedCaseAccessComponent
 ];
 
+export * from './allocate-a-role/allocate-a-role-link.component';
 export * from './case-alert/alert.component';
-export * from './task-alert-banner/task-alert-banner.component';
+export * from './case-hearings-list/case-hearings-list.component';
 export * from './case-task/case-task.component';
-export * from './allocate-a-role/allocate-a-role-link.component';
 export * from './role-access-section/role-access-section.component';
-export * from './case-hearings-list/case-hearings-list.component';
+export * from './task-alert-banner/task-alert-banner.component';

src/cases/components/restricted-case-access/restricted-case-access.component.html

@@ -0,0 +1,17 @@
+<h2 class="govuk-heading-m">{{ 'Users with access' | rpxTranslate }}</h2>
+<table class="govuk-table">
+  <thead class="govuk-table__head">
+    <tr class="govuk-table__row">
+      <th class="govuk-table__header govuk-table-column-header" scope="col">{{ 'User' | rpxTranslate }}</th>
+      <th class="govuk-table__header govuk-table-column-header" scope="col">{{ 'Case role' | rpxTranslate }}</th>
+      <th class="govuk-table__header govuk-table-column-actions" scope="col">{{ 'Email address' | rpxTranslate }}</th>
+    </tr>
+  </thead>
+  <tbody class="govuk-table__body">
+    <tr class="govuk-table__row" *ngFor="let case of restrictedCases">
+      <td class="govuk-table__cell">{{case.user}}</td>
+      <td class="govuk-table__cell">{{case.role}}</td>
+      <td class="govuk-table__cell">{{case.email}}</td>
+    </tr>
+  </tbody>
+</table>