hmcts · akikrahman1 · Sep 16, 2024 · Sep 13, 2024 · Sep 16, 2024
diff --git a/src/integration-test/java/uk/gov/hmcts/juror/api/TestUtil.java b/src/integration-test/java/uk/gov/hmcts/juror/api/TestUtil.java
@@ -99,6 +99,7 @@ public static String mintBureauJwt(final BureauJwtPayload payload,
         claimsMap.put("staff", payload.getStaff());
 
         claimsMap.put("roles", payload.getRoles());
+        claimsMap.put("permissions", payload.getPermissions());
         claimsMap.put("userType", payload.getUserType());
         claimsMap.put("activeUserType", payload.getActiveUserType() == null
             ? payload.getUserType() : payload.getActiveUserType());

diff --git a/...ration-test/java/uk/gov/hmcts/juror/api/moj/controller/AuthenticationControllerITest.java b/...ration-test/java/uk/gov/hmcts/juror/api/moj/controller/AuthenticationControllerITest.java
@@ -227,7 +227,7 @@ private void responseValidator(JwtDto response,
                 assertThat(claims.getIssuedAt()).isAfter(new Date(clock.millis() - 60_000));
 
                 assertThat(claims)
-                    .hasSize(13)
+                    .hasSize(14)
                     .containsEntry("owner", expectedJwtClaims.getOwner())
                     .containsEntry("email", expectedJwtClaims.getEmail())
                     .containsEntry("locCode", expectedJwtClaims.getLocCode())
@@ -241,7 +241,8 @@ private void responseValidator(JwtDto response,
                         "courts", expectedJwtClaims.getStaff().getCourts()
                     ))
                     .containsEntry("roles", expectedJwtClaims.getRoles()
-                        .stream().map(Enum::name).toList());
+                        .stream().map(Enum::name).toList())
+                    .containsEntry("permissions", List.of());
             }
 
             @Test

diff --git a/...tegration-test/java/uk/gov/hmcts/juror/api/moj/controller/JurorRecordControllerITest.java b/...tegration-test/java/uk/gov/hmcts/juror/api/moj/controller/JurorRecordControllerITest.java
@@ -34,6 +34,7 @@
 import uk.gov.hmcts.juror.api.moj.controller.request.FilterableJurorDetailsRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorAddressDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorCreateRequestDto;
+import uk.gov.hmcts.juror.api.moj.controller.request.JurorManualCreationRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorNameDetailsDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorNotesRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorNumberAndPoolNumberDto;
@@ -75,11 +76,13 @@
 import uk.gov.hmcts.juror.api.moj.domain.JurorPool;
 import uk.gov.hmcts.juror.api.moj.domain.PaginatedList;
 import uk.gov.hmcts.juror.api.moj.domain.PendingJuror;
+import uk.gov.hmcts.juror.api.moj.domain.Permission;
 import uk.gov.hmcts.juror.api.moj.domain.PoliceCheck;
 import uk.gov.hmcts.juror.api.moj.domain.PoolHistory;
 import uk.gov.hmcts.juror.api.moj.domain.PoolRequest;
 import uk.gov.hmcts.juror.api.moj.domain.Role;
 import uk.gov.hmcts.juror.api.moj.domain.SortMethod;
+import uk.gov.hmcts.juror.api.moj.domain.User;
 import uk.gov.hmcts.juror.api.moj.domain.UserType;
 import uk.gov.hmcts.juror.api.moj.domain.jurorresponse.DigitalResponse;
 import uk.gov.hmcts.juror.api.moj.domain.jurorresponse.PaperResponse;
@@ -118,9 +121,11 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Objects;
+import java.util.Set;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -5324,6 +5329,174 @@ void markJurorAsRespondedBureauJurorNotFound() throws Exception {
 
     }
 
+    @Nested
+    @DisplayName("POST " + CreateManualJurorRecord.URL)
+    class CreateManualJurorRecord {
+
+        private static final String URL = BASE_URL + "/create-juror-manual";
+
+        @Test
+        @Sql({"/db/mod/truncate.sql", "/db/JurorRecordController_createManualJurorRecord.sql"})
+        void createManualJurorRecordPoolHappyPath() throws Exception {
+            String poolNumber = "415220502";
+            JurorManualCreationRequestDto requestDto = JurorManualCreationRequestDto.builder()
+                .poolNumber(poolNumber)
+                .locationCode("415")
+                .title("Mr")
+                .firstName("John")
+                .lastName("Smith")
+                    .address(JurorAddressDto.builder()
+                            .lineOne("1 High Street")
+                            .lineTwo("Test")
+                            .lineThree("Test")
+                            .town("Chester")
+                            .county("Test")
+                            .postcode("CH1 2AB")
+                    .build())
+                .primaryPhone("01234567890")
+                .emailAddress("test@test.com")
+                .notes("A manually created juror")
+                .build();
+
+            Set<Role> roles = new HashSet<>();
+            roles.add(Role.MANAGER);
+            Set<Permission> permissions = new HashSet<>();
+            permissions.add(Permission.CREATE_JUROR);
+            User user = User.builder()
+                .username("BUREAU_USER")
+                .roles(roles)
+                .permissions(permissions)
+                .build();
+
+            BureauJwtPayload bureauJwtPayload = new BureauJwtPayload(user, UserType.BUREAU, "400",
+                Collections.singletonList(CourtLocation.builder()
+                    .locCode("400")
+                    .name("Bureau")
+                    .owner("400")
+                    .build()));
+
+            httpHeaders.set(HttpHeaders.AUTHORIZATION, mintBureauJwt(bureauJwtPayload));
+
+            ResponseEntity<?> response =
+                restTemplate.exchange(new RequestEntity<>(requestDto, httpHeaders, POST,
+                    URI.create(URL)), String.class);
+
+            assertThat(response.getStatusCode())
+                .as("Expect the HTTP POST request to be CREATED")
+                .isEqualTo(HttpStatus.CREATED);
+
+            validateCreatedJuror(poolNumber);
+        }
+
+        private void validateCreatedJuror(String poolNumber) {
+            // expect this to be the first juror manually created for court 415
+            Juror juror = jurorRepository.findByJurorNumber("041500001");
+            assertThat(juror).isNotNull();
+
+            JurorPool jurorPool = jurorPoolRepository.findByJurorJurorNumberAndPoolPoolNumber(juror.getJurorNumber(),
+                poolNumber);
+            assertThat(jurorPool).isNotNull();
+            assertThat(jurorPool.getStatus().getStatus()).isEqualTo(IJurorStatus.SUMMONED);
+
+            List<JurorHistory> jurorHistory = jurorHistoryRepository.findByJurorNumberOrderById(juror.getJurorNumber());
+            assertThat(jurorHistory).isNotEmpty();
+            assertThat(jurorHistory.get(0).getHistoryCode()).isEqualTo(HistoryCodeMod.PRINT_SUMMONS);
+
+            List<BulkPrintData> letters = bulkPrintDataRepository.findByJurorNo(juror.getJurorNumber());
+            assertThat(letters).isNotEmpty();
+            BulkPrintData bulkPrintData = letters.get(0);
+            assertThat(bulkPrintData.getJurorNo()).isEqualTo(juror.getJurorNumber());
+            assertThat(bulkPrintData.getFormAttribute().getFormType()).isEqualTo(FormCode.ENG_SUMMONS.getCode());
+        }
+
+
+        @Test
+        void createManualJurorRecordBureauManagerNoCreateForbidden() throws Exception {
+            String poolNumber = "415220502";
+            JurorManualCreationRequestDto requestDto = JurorManualCreationRequestDto.builder()
+                .poolNumber(poolNumber)
+                .locationCode("415")
+                .title("Mr")
+                .firstName("John")
+                .lastName("Smith")
+                .address(JurorAddressDto.builder()
+                    .lineOne("1 High Street")
+                    .lineTwo("Test")
+                    .lineThree("Test")
+                    .town("Chester")
+                    .county("Test")
+                    .postcode("CH1 2AB")
+                    .build())
+                .primaryPhone("01234567890")
+                .emailAddress("test@test.com")
+                .notes("A manually created juror")
+                .build();
+
+            Set<Role> roles = new HashSet<>();
+            roles.add(Role.MANAGER);
+            Set<Permission> permissions = new HashSet<>();
+            User user = User.builder()
+                .username("BUREAU2")
+                .roles(roles)
+                .permissions(permissions)
+                .build();
+
+            BureauJwtPayload bureauJwtPayload = new BureauJwtPayload(user, UserType.BUREAU, "400",
+                Collections.singletonList(CourtLocation.builder()
+                    .locCode("400")
+                    .name("Bureau")
+                    .owner("400")
+                    .build()));
+
+            httpHeaders.set(HttpHeaders.AUTHORIZATION, mintBureauJwt(bureauJwtPayload));
+
+            ResponseEntity<?> response =
+                restTemplate.exchange(new RequestEntity<>(requestDto, httpHeaders, POST,
+                    URI.create(URL)), String.class);
+
+            assertThat(response.getStatusCode())
+                .as("Expect the HTTP POST request to be FORBIDDEN")
+                .isEqualTo(HttpStatus.FORBIDDEN);
+
+        }
+
+        @Test
+        void createManualJurorRecordCourtUserForbidden() throws Exception {
+            String poolNumber = "415220502";
+            JurorManualCreationRequestDto requestDto = JurorManualCreationRequestDto.builder()
+                .poolNumber(poolNumber)
+                .locationCode("415")
+                .title("Mr")
+                .firstName("John")
+                .lastName("Smith")
+                .address(JurorAddressDto.builder()
+                    .lineOne("1 High Street")
+                    .lineTwo("Test")
+                    .lineThree("Test")
+                    .town("Chester")
+                    .county("Test")
+                    .postcode("CH1 2AB")
+                    .build())
+                .primaryPhone("01234567890")
+                .emailAddress("test@test.com")
+                .notes("A manually created juror")
+                .build();
+
+            httpHeaders.set(HttpHeaders.AUTHORIZATION,  initCourtsJwt("415", Collections.singletonList("415"),
+                UserType.COURT));
+
+            ResponseEntity<?> response =
+                restTemplate.exchange(new RequestEntity<>(requestDto, httpHeaders, POST,
+                    URI.create(URL)), String.class);
+
+            assertThat(response.getStatusCode())
+                .as("Expect the HTTP POST request to be FORBIDDEN")
+                .isEqualTo(HttpStatus.FORBIDDEN);
+
+        }
+
+    }
+
     @Nested
     @DisplayName("Search for Juror records")
     @Sql({"/db/mod/truncate.sql", "/db/JurorRecordController_searchForJurorRecords.sql"})

diff --git a/src/integration-test/resources/db/JurorRecordController_createManualJurorRecord.sql b/src/integration-test/resources/db/JurorRecordController_createManualJurorRecord.sql
@@ -0,0 +1,15 @@
+insert into juror_mod.users(created_by, updated_by, username, name, email) values
+('BUREAU1', 'BUREAU1', 'BUREAU_USER', 'BUREAU_USER', 'BUREAU_USER@test.net'),
+('BUREAU1', 'BUREAU1', 'BUREAU2', 'BUREAU USER2', 'BUREAU2@test.net');
+
+INSERT INTO juror_mod.user_roles (username,"role") VALUES
+	 ('BUREAU_USER','MANAGER'),
+	 ('BUREAU2','MANAGER');
+
+INSERT INTO juror_mod.user_permissions (username,"permission") VALUES
+	 ('BUREAU_USER','CREATE_JUROR');
+
+-- create a pool record owned by Bureau
+INSERT INTO juror_mod.pool
+(pool_no, "owner", return_date, total_no_required, no_requested, pool_type, loc_code, new_request, last_update)
+VALUES ('415220502', '400', current_date + 10, 5, 5, 'CRO', '415', 'N', current_date - 1);
diff --git a/src/main/java/uk/gov/hmcts/juror/api/config/bureau/BureauJwtPayload.java b/src/main/java/uk/gov/hmcts/juror/api/config/bureau/BureauJwtPayload.java
@@ -163,6 +163,7 @@ public static BureauJwtPayload fromClaims(Claims claims) {
             .activeUserType(activeUserType)
             .staff(staff)
             .roles(roles)
+            .permissions(permissions)
             .userType(userType)
             .build();
     }

diff --git a/src/main/java/uk/gov/hmcts/juror/api/moj/controller/JurorRecordController.java b/src/main/java/uk/gov/hmcts/juror/api/moj/controller/JurorRecordController.java
@@ -9,6 +9,7 @@
 import jakarta.validation.constraints.Size;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -29,13 +30,15 @@
 import uk.gov.hmcts.juror.api.bureau.controller.response.BureauJurorDetailDto;
 import uk.gov.hmcts.juror.api.config.bureau.BureauJwtAuthentication;
 import uk.gov.hmcts.juror.api.config.bureau.BureauJwtPayload;
+import uk.gov.hmcts.juror.api.config.security.IsBureauUser;
 import uk.gov.hmcts.juror.api.config.security.IsCourtUser;
 import uk.gov.hmcts.juror.api.config.security.IsSeniorCourtUser;
 import uk.gov.hmcts.juror.api.moj.controller.request.ConfirmIdentityDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.ContactLogRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.EditJurorRecordRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.FilterableJurorDetailsRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorCreateRequestDto;
+import uk.gov.hmcts.juror.api.moj.controller.request.JurorManualCreationRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorNameDetailsDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorNotesRequestDto;
 import uk.gov.hmcts.juror.api.moj.controller.request.JurorNumberAndPoolNumberDto;
@@ -62,6 +65,7 @@
 import uk.gov.hmcts.juror.api.moj.domain.FilterJurorRecord;
 import uk.gov.hmcts.juror.api.moj.domain.PaginatedList;
 import uk.gov.hmcts.juror.api.moj.domain.PendingJurorStatus;
+import uk.gov.hmcts.juror.api.moj.domain.Permission;
 import uk.gov.hmcts.juror.api.moj.enumeration.PendingJurorStatusEnum;
 import uk.gov.hmcts.juror.api.moj.exception.MojException;
 import uk.gov.hmcts.juror.api.moj.service.BulkService;
@@ -73,6 +77,7 @@
 
 @RestController
 @Validated
+@Slf4j
 @RequestMapping(value = "/api/v1/moj/juror-record", produces = MediaType.APPLICATION_JSON_VALUE)
 @Tag(name = "Juror Management")
 @RequiredArgsConstructor(onConstructor_ = {@Autowired})
@@ -502,4 +507,20 @@ public ResponseEntity<PaginatedList<FilterJurorRecord>> searchForJurorRecord(
         }
         return ResponseEntity.ok().body(jurorRecords);
     }
+
+    @PostMapping("/create-juror-manual")
+    @IsBureauUser
+    @Operation(summary = "Send a payload to manually create a Juror Record at the Bureau")
+    public ResponseEntity<Void> createJurorRecord(
+        @Valid @RequestBody JurorManualCreationRequestDto jurorCreationRequestDto) {
+
+        if (!SecurityUtil.isBureauManager() || !SecurityUtil.hasPermission(Permission.CREATE_JUROR)) {
+            log.error("User does not have permission to create juror");
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
+
+        jurorRecordService.createJurorManual(jurorCreationRequestDto);
+
+        return ResponseEntity.status(HttpStatus.CREATED).build();
+    }
 }