PO-828: Check authorisation for GET Draft Account endpoint

src/integrationTest/java/uk/gov/hmcts/opal/controllers/DraftAccountControllerIntegrationTest.java

@@ -1,11 +1,13 @@
 package uk.gov.hmcts.opal.controllers;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.persistence.EntityNotFoundException;
 import jakarta.persistence.QueryTimeoutException;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.mockito.Mockito;
 import org.mockito.stubbing.OngoingStubbing;
 import org.postgresql.util.PSQLException;
 import org.postgresql.util.PSQLState;
@@ -102,6 +104,7 @@ void testGetDraftAccountById_success() throws Exception {
         DraftAccountEntity draftAccountEntity = createDraftAccountEntity();
 
         when(draftAccountService.getDraftAccount(1L)).thenReturn(draftAccountEntity);
+        when(userStateService.checkForAuthorisedUser(any())).thenReturn(allPermissionsUser());
 
         MvcResult result = mockMvc.perform(get(URL_BASE + "/1")
                             .header("authorization", "Bearer some_value"))
@@ -121,12 +124,57 @@ void testGetDraftAccountById_success() throws Exception {
         assertTrue(jsonSchemaValidationService.isValid(body, GET_DRAFT_ACCOUNT_RESPONSE));
     }
 
+    @Test
+    void testGetDraftAccountById_trap403Response_wrongPermission() throws Exception {
+        DraftAccountEntity entity = createDraftAccountEntity();
+        when(draftAccountService.getDraftAccount(2L)).thenReturn(entity);
+
+        UserState userState = permissionUser((short)007, Permissions.COLLECTION_ORDER);
+        when(userStateService.checkForAuthorisedUser(any())).thenReturn(userState);
+
+        mockMvc.perform(
+                get(URL_BASE + "/2")
+                    .header("authorization", "Bearer some_value"))
+            .andExpect(status().isForbidden())
+            .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+            .andExpect(jsonPath("$.error").value("Forbidden"))
+            .andExpect(jsonPath("$.message").value(
+                "For user null, [CREATE_MANAGE_DRAFT_ACCOUNTS, CHECK_VALIDATE_DRAFT_ACCOUNTS] "
+                    + "permission(s) are not enabled for the user."));
+    }
+
+    @Test
+    void testGetDraftAccountById_trap403Response_wrongBusinessUnit() throws Exception {
+        DraftAccountEntity entity = createDraftAccountEntity();
+        when(draftAccountService.getDraftAccount(2L)).thenReturn(entity);
+
+        UserState userState = permissionUser((short)005, Permissions.DRAFT_ACCOUNT_PERMISSIONS);
+        when(userStateService.checkForAuthorisedUser(any())).thenReturn(userState);
+
+        mockMvc.perform(
+                get(URL_BASE + "/2")
+                    .header("authorization", "Bearer some_value"))
+            .andExpect(status().isForbidden())
+            .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+            .andExpect(jsonPath("$.error").value("Forbidden"))
+            .andExpect(jsonPath("$.message").value(
+                "For user null, [CREATE_MANAGE_DRAFT_ACCOUNTS, CHECK_VALIDATE_DRAFT_ACCOUNTS] "
+                    + "permission(s) are not enabled in business unit: 7"));
+    }
+
     @Test
     void testGetDraftAccountById_trap404Response() throws Exception {
-        when(draftAccountService.getDraftAccount(2L)).thenReturn(null);
+        DraftAccountEntity entity = Mockito.mock(DraftAccountEntity.class);
+        when(entity.getBusinessUnit()).thenThrow(new EntityNotFoundException());
 
-        mockMvc.perform(get(URL_BASE + "/2").header("authorization", "Bearer some_value"))
-            .andExpect(status().isNotFound());
+        when(draftAccountService.getDraftAccount(2L)).thenReturn(entity);
+        when(userStateService.checkForAuthorisedUser(any())).thenReturn(allPermissionsUser());
+
+        mockMvc.perform(
+            get(URL_BASE + "/2")
+                .header("authorization", "Bearer some_value"))
+            .andExpect(status().isNotFound())
+        ;
     }
 
     @Test
@@ -535,7 +583,7 @@ void testPostDraftAccount_trap403Response_noPermission() throws Exception {
             .andExpect(content().contentType(MediaType.APPLICATION_JSON))
             .andExpect(jsonPath("$.error").value("Forbidden"))
             .andExpect(jsonPath("$.message").value(
-                "For user null, [CREATE_MANAGE_DRAFT_ACCOUNTS] permission(s) are not allowed for the user."))
+                "For user null, [CREATE_MANAGE_DRAFT_ACCOUNTS] permission(s) are not enabled for the user."))
             .andReturn();
 
         String body = result.getResponse().getContentAsString();
@@ -559,7 +607,7 @@ void testPostDraftAccount_trap403Response_wrongPermission() throws Exception {
             .andExpect(content().contentType(MediaType.APPLICATION_JSON))
             .andExpect(jsonPath("$.error").value("Forbidden"))
             .andExpect(jsonPath("$.message").value(
-                "For user null, [CREATE_MANAGE_DRAFT_ACCOUNTS] permission(s) are not allowed for the user."))
+                "For user null, [CREATE_MANAGE_DRAFT_ACCOUNTS] permission(s) are not enabled for the user."))
             .andReturn();
 
         String body = result.getResponse().getContentAsString();
@@ -801,7 +849,9 @@ void methodsShouldReturn404WhenResourceNotFound(HttpMethod method, String fullPa
         when(userStateService.checkForAuthorisedUser(any())).thenReturn(allPermissionsUser());
 
         // For GET return null
-        when(draftAccountService.getDraftAccount(nonExistentId)).thenReturn(null);
+        DraftAccountEntity entity = Mockito.mock(DraftAccountEntity.class);
+        when(entity.getBusinessUnit()).thenThrow(new EntityNotFoundException());
+        when(draftAccountService.getDraftAccount(nonExistentId)).thenReturn(entity);
 
         // For PUT, throw EntityNotFoundException
         when(draftAccountService.replaceDraftAccount(eq(nonExistentId), any(ReplaceDraftAccountRequestDto.class)))