Skip to content

Commit

Permalink
AM-2794: Action dev review comments
Browse files Browse the repository at this point in the history
  • Loading branch information
Tom Elliott authored and Tom Elliott committed Jun 12, 2023
1 parent c1e0c18 commit 7fde3b0
Show file tree
Hide file tree
Showing 6 changed files with 233 additions and 34 deletions.
86 changes: 81 additions & 5 deletions src/functionalTest/resources/features/F-011/F-011.feature
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,22 @@ Feature: F-011 : Create Specific Role Assignments
Given an appropriate test context as detailed in the test data source

@S-210
@FeatureToggle(RAS:iac_specific_1_0=on)
@FeatureToggle(RAS:iac_specific_1_0=on) @FeatureToggle(RAS:iac_specific_1_1=off)
Scenario: must successfully create specific access requested role for judiciary
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
And a successful call [to create org role assignments for actors & requester] as in [S-210_Org_Role_Creation],
When a request is prepared with appropriate values,
And the request [contains specific-access-legal-ops case requested role assignment],
And it is submitted to call the [Create Role Assignments] operation of [Role Assignments Service],
Then a positive response is received,
And the response has all other details as expected.
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments],
And a successful call [to delete role assignments just created above] as in [S-210_DeleteDataForRoleAssignmentsForOrgRoles],
And a successful call [to delete role assignments just created above] as in [S-210_DeleteDataForRoleAssignmentsForRequestedRole].

@S-210.v1_1
@FeatureToggle(RAS:iac_specific_1_1=on)
Scenario: must successfully create specific access requested role for judiciary
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
Expand All @@ -20,7 +35,22 @@ Feature: F-011 : Create Specific Role Assignments
And a successful call [to delete role assignments just created above] as in [S-210_DeleteDataForRoleAssignmentsForRequestedRole].

@S-212
@FeatureToggle(RAS:iac_specific_1_0=on)
@FeatureToggle(RAS:iac_specific_1_0=on) @FeatureToggle(RAS:iac_specific_1_1=off)
Scenario: must successfully create specific access denied by requester
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
And a successful call [to create org role assignments for actors & requester] as in [S-212_Org_Role_Creation],
And a successful call [to create role assignments for requested role] as in [S-212_Access_Requested],
When a request is prepared with appropriate values,
And the request [contains specific-access-judiciary case denied role assignment],
And it is submitted to call the [Create Role Assignments] operation of [Role Assignments Service],
Then a positive response is received,
And the response has all other details as expected.
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments],
And a successful call [to delete role assignments just created above] as in [S-212_DeleteDataForRoleAssignmentsForOrgRoles].

@S-212.v1_1
@FeatureToggle(RAS:iac_specific_1_1=on)
Scenario: must successfully create specific access denied by requester
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
Expand All @@ -32,10 +62,25 @@ Feature: F-011 : Create Specific Role Assignments
Then a positive response is received,
And the response has all other details as expected.
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments],
And a successful call [to delete role assignments just created above] as in [S-212_DeleteDataForRoleAssignmentsForOrgRoles],
And a successful call [to delete role assignments just created above] as in [S-212_DeleteDataForRoleAssignmentsForOrgRoles].

@S-231
@FeatureToggle(RAS:iac_specific_1_0=on)
@FeatureToggle(RAS:iac_specific_1_0=on) @FeatureToggle(RAS:iac_specific_1_1=off)
Scenario: must successfully create specific access granted role for CIVIL judiciary
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
And a successful call [to create org role assignments for actors & requester] as in [S-231_Org_Role_Creation],
And a successful call [to create role assignments for requested role] as in [S-231_Access_Requested],
When a request is prepared with appropriate values,
And the request [contains specific-access-judiciary case granted role assignment],
And it is submitted to call the [Create Role Assignments] operation of [Role Assignments Service],
Then a positive response is received,
And the response has all other details as expected.
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments],
And a successful call [to delete role assignments just created above] as in [S-231_DeleteDataForRoleAssignmentsForOrgRoles].

@S-231.v1_1
@FeatureToggle(RAS:iac_specific_1_1=on)
Scenario: must successfully create specific access granted role for CIVIL judiciary
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
Expand All @@ -50,7 +95,7 @@ Feature: F-011 : Create Specific Role Assignments
And a successful call [to delete role assignments just created above] as in [S-231_DeleteDataForRoleAssignmentsForOrgRoles].

@S-232
@FeatureToggle(RAS:iac_specific_1_0=on)
@FeatureToggle(RAS:iac_specific_1_0=on) @FeatureToggle(RAS:iac_specific_1_1=off)
Scenario: must successfully create specific access denied role for PRIVATELAW admin
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
Expand All @@ -64,3 +109,34 @@ Feature: F-011 : Create Specific Role Assignments
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments],
And a successful call [to delete role assignments just created above] as in [S-232_DeleteDataForRoleAssignmentsForOrgRoles],
And a successful call [to delete role assignments just created above] as in [S-232_DeleteDataForRoleAssignmentsForDeniedRole].

@S-232.v1_1
@FeatureToggle(RAS:iac_specific_1_1=on)
Scenario: must successfully create specific access denied role for PRIVATELAW admin
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
And a successful call [to create org role assignments for actors & requester] as in [S-232_Org_Role_Creation],
And a successful call [to create role assignments for requested role] as in [S-232_Access_Requested],
When a request is prepared with appropriate values,
And the request [contains specific-access-admin case denied role assignment],
And it is submitted to call the [Create Role Assignments] operation of [Role Assignments Service],
Then a positive response is received,
And the response has all other details as expected.
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments],
And a successful call [to delete role assignments just created above] as in [S-232_DeleteDataForRoleAssignmentsForOrgRoles],
And a successful call [to delete role assignments just created above] as in [S-232_DeleteDataForRoleAssignmentsForDeniedRole].

@S-232.v1_1_rejection
@FeatureToggle(RAS:iac_specific_1_1=on)
Scenario: must receive a Reject response when begin date is in the future for specific access denied role for PRIVATELAW admin
Given a user with [an active IDAM profile with full permissions],
And a user [Befta1 - who is the actor for requested role],
And a successful call [to create org role assignments for actors & requester] as in [S-232_Org_Role_Creation],
And a successful call [to create role assignments for requested role] as in [S-232_Access_Requested],
When a request is prepared with appropriate values,
And the request [contains specific-access-admin case denied role assignment with begin date in the future],
And it is submitted to call the [Create Role Assignments] operation of [Role Assignments Service],
Then a negative response is received,
And the response has all other details as expected,
And a successful call [to delete role assignments just created above] as in [DeleteDataForRoleAssignments]
And a successful call [to delete role assignments just created above] as in [S-232_DeleteDataForRoleAssignmentsForOrgRoles].
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{
"title": "must receive a Reject response when begin date is in the future for specific access denied role for PRIVATELAW admin",
"_guid_": "S-232.v1_1_rejection",
"_extends_": "F-011_Test_Data_Base",
"specs": [
"Befta1 - who is the actor for requested role",
"contains specific-access-admin case denied role assignment with begin date in the future"
],

"request": {
"headers": {
"ServiceAuthorization": "${[scenarioContext][customValues][generateS2STokenForXui]}"
},
"body": {
"roleRequest": {
"assignerId": "${[scenarioContext][testData][users][invokingUser][id]}",
"reference": "1607103938250138/specific-access-admin/${[scenarioContext][testData][users][invokingUser][id]}",
"process" : "specific-access",
"replaceExisting" : true
},
"requestedRoles": [
{
"_extends_": "RequestedRole",
"roleType" : "CASE",
"grantType" : "BASIC",
"classification" : "RESTRICTED",
"attributes": {
"caseId": "1607103938250138",
"requestedRole":"specific-access-admin"
},
"roleName": "specific-access-requested",
"roleCategory": "ADMIN",
"actorId": "${[scenarioContext][testData][users][invokingUser][id]}",
"beginTime": "2025-12-01T00:00Z",
"endTime" : "2026-03-02T00:00Z",
"readOnly": true,
"notes" : [{
"userId": "${[scenarioContext][testData][users][invokingUser][id]}",
"time": "2022-01-01T00:00Z",
"comment": "Need Access to case number 1607103938250138 for a month"
}]
}
]
}
},

"expectedResponse": {
"responseCode": 422,
"responseMessage": "Unprocessable Entity",
"headers": {
"Content-Length": "[[ANYTHING_PRESENT]]",
"Content-Type": "application/json"
},
"body": {
"roleAssignmentResponse": {
"roleRequest": {
"_extends_": "ResponseRoleRequest",
"status": "REJECTED"
},
"requestedRoles": [
{
"_extends_": "ResponseRequestedRole",
"status": "REJECTED"
}
]
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,13 @@ import java.time.temporal.ChronoUnit;

/*
* All services: "specific-access-<roleCategory?>" case creation and leadership-judge as a assigner
* TODO: rule to be retired as part of AM-2824 once IAC_SPECIFIC_1_1 enabled in prod
*/

rule "civil_create_specific_access_case_role"
when
$f : FeatureFlag(status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_0.getValue())
$f1 : FeatureFlag(!status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_1.getValue())
$rq: Request(
// The assigner must be the current user.
assignerId == authenticatedUserId,
Expand Down Expand Up @@ -89,7 +91,6 @@ end;

/*
* All services: "specific-access-<roleCategory?>" case creation and leadership-judge as a assigner
* Added for CR:AM2794
*/

rule "civil_create_specific_access_case_role_v11"
Expand All @@ -116,6 +117,7 @@ when
attributes["caseId"] != null && $caseId : attributes["caseId"].asText(),
// Only applies to CIVIL.
attributes["jurisdiction"] == null || attributes["jurisdiction"].asText() == "CIVIL",
// extra check added for CR:AM2794 to ensure no future specific access requests
beginTime == null || !beginTime.isAfter(ZonedDateTime.now()))
$c: Case(
id == $caseId,
Expand Down
14 changes: 11 additions & 3 deletions src/main/resources/validationrules/core/specific-access-global.drl
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,12 @@ import java.time.temporal.ChronoUnit;

/*
* All services: "specific-access-requested" case roles self creation user
* TODO: rule to be retired as part of AM-2824 once IAC_SPECIFIC_1_1 enabled in prod
*/
rule "create_specific_access_requested_case_role_for_self"
when
$f : FeatureFlag(status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_0.getValue())
$f1 : FeatureFlag(!status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_1.getValue())
$rq: Request(
// The assigner must be the current user.
assignerId == authenticatedUserId,
Expand Down Expand Up @@ -62,7 +64,7 @@ then
end;

/*
* All services: "specific-access-requested" case roles self creation user. added for CR:AM2794
* All services: "specific-access-requested" case roles self creation user
*/
rule "create_specific_access_requested_case_role_for_self_v11"
when
Expand All @@ -80,6 +82,7 @@ when
readOnly == true,
notes != null && notes.size > 0 && notes.toString().length() > 5, /* Make sure there is at least one note with content in it */
attributes["caseId"] != null && $caseId : attributes["caseId"].asText(),
// extra check added for CR:AM2794 to ensure no future specific access requests
beginTime == null || !beginTime.isAfter(ZonedDateTime.now()))
$c: Case(
id == $caseId)
Expand Down Expand Up @@ -152,10 +155,12 @@ end;

/*
* All services: "specific-access" case approval or denied roles
* TODO: rule to be retired as part of AM-2824 once IAC_SPECIFIC_1_1 enabled in prod
*/
rule "create_specific_access_granted_or_denied_case_role"
when
$f : FeatureFlag(status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_0.getValue())
$f1 : FeatureFlag(!status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_1.getValue())
$rq: Request(
clientId == "xui_webapp",
process == "specific-access",
Expand Down Expand Up @@ -188,7 +193,7 @@ then
end;

/*
* All services: "specific-access" case approval or denied roles. added for CR:AM2794
* All services: "specific-access" case approval or denied roles
*/
rule "create_specific_access_granted_or_denied_case_role_v11"
when
Expand All @@ -205,6 +210,7 @@ when
endTime != null,
notes != null && notes.size > 0 && notes.toString().length() > 5, /* Make sure there is at least one note with content in it */
attributes["caseId"] != null && $caseId : attributes["caseId"].asText(),
// extra check added for CR:AM2794 to ensure no future specific access requests
beginTime == null || !beginTime.isAfter(ZonedDateTime.now()))
$c: Case(
id == $caseId)
Expand Down Expand Up @@ -248,11 +254,13 @@ end;

/*
* All services: "specific-access-<roleCategory?>" case creation and specific_access_approver as a assigner
* TODO: rule to be retired as part of AM-2824 once IAC_SPECIFIC_1_1 enabled in prod
*/

rule "specific_access_approver_create_specific_access_case_role"
when
$f : FeatureFlag(status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_0.getValue())
$f1 : FeatureFlag(!status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_1.getValue())
$rq: Request(
// The assigner must be the current user.
assignerId == authenticatedUserId,
Expand Down Expand Up @@ -313,7 +321,6 @@ end;

/*
* All services: "specific-access-<roleCategory?>" case creation and specific_access_approver as a assigner
* Added for CR:AM2794
*/

rule "specific_access_approver_create_specific_access_case_role_v11"
Expand All @@ -340,6 +347,7 @@ when
// Add all the jurisdiction Ids of the on-boarded services
// Do we really need to constrain the jurisdiction here?
attributes["jurisdiction"] != null && $jurisdiction : attributes["jurisdiction"].asText() && attributes["jurisdiction"].asText() in ("IA","SSCS","CIVIL","PRIVATELAW","PUBLICLAW"),
// extra check added for CR:AM2794 to ensure no future specific access requests
beginTime == null || !beginTime.isAfter(ZonedDateTime.now()))
$c: Case(
id == $caseId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,13 @@ import java.time.temporal.ChronoUnit;

/*
* All services: "specific-access-<roleCategory?>" case creation and leadership-judge as a assigner
* TODO: rule to be retired as part of AM-2824 once IAC_SPECIFIC_1_1 enabled in prod
*/

rule "iac_create_specific_access_case_role"
when
$f : FeatureFlag(status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_0.getValue())
$f1 : FeatureFlag(!status && flagName == FeatureFlagEnum.IAC_SPECIFIC_1_1.getValue())
$rq: Request(
// The assigner must be the current user.
assignerId == authenticatedUserId,
Expand Down Expand Up @@ -81,7 +83,6 @@ end;

/*
* All services: "specific-access-<roleCategory?>" case creation and leadership-judge as a assigner
* Added for CR:AM2794
*/

rule "iac_create_specific_access_case_role_v11"
Expand All @@ -105,6 +106,7 @@ when
attributes["caseId"] != null && $caseId : attributes["caseId"].asText(),
// Only applies to IAC
attributes["jurisdiction"] == null || attributes["jurisdiction"].asText() == "IA",
// extra check added for CR:AM2794 to ensure no future specific access requests
beginTime == null || !beginTime.isAfter(ZonedDateTime.now()))
$c: Case(
id == $caseId,
Expand Down
Loading

0 comments on commit 7fde3b0

Please sign in to comment.