Remove StaffAdminrole from Idam (#716)

* Remove StaffAdminrole from Idam

* Remove StaffAdminrole from Idam

* Remove StaffAdminrole from Idam

* Integration Test Case

* checkstyle fix

* Functional Test

* Add more assertions

* New Functional Test case to delete role in idam directly

* New Functional Test case to delete role in idam directly

* New Functional Test case to delete role in idam directly

* New Functional Test case to delete role in idam directly

* New Functional Test case to delete role in idam directly

* New Functional Test case to delete role in idam directly

src/functionalTest/java/uk/gov/hmcts/reform/cwrdapi/StaffRefUpdateProfileFunctionalTest.java

@@ -29,8 +29,10 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static uk.gov.hmcts.reform.cwrdapi.util.FeatureToggleConditionExtension.getToggledOffMessage;
 
 @ComponentScan("uk.gov.hmcts.reform.cwrdapi")
@@ -311,6 +313,150 @@ void updateStaffProfileDifferentThanUserPresentInUserProfileAndIdamAndFlags() th
     }
 
 
+    @Test
+    @ToggleEnable(mapKey = UPDATE_STAFF_PROFILE, withFeature = true)
+    @ExtendWith(FeatureToggleConditionExtension.class)
+    void updateStaffProfileDelStaffAdminRoleWhenStaffAdminIsFalse() throws JsonProcessingException {
+
+        StaffProfileCreationRequest staffRequest = caseWorkerApiClient
+                .createStaffProfileCreationRequest();
+        staffRequest.setStaffAdmin(true);
+        //Step 1: create user in IDM for active status
+        List<String> userRoles = List.of(ROLE_CWD_ADMIN,ROLE_STAFF_ADMIN);
+        Map<String, String> users =  idamOpenIdClient.createUser(userRoles,staffRequest.getEmailId(),
+                staffRequest.getFirstName(),staffRequest.getFirstName());
+        //Step 2: create user in UP
+        UserProfileCreationRequest userProfileRequest = caseWorkerApiClient.createUserProfileRequest(staffRequest);
+        createUserProfileFromUp(userProfileRequest);
+
+        Response response = caseWorkerApiClient.createStaffUserProfileWithOutIdm(staffRequest);
+
+        //Verify idam profile roles has staff admin
+        StaffProfileCreationResponse staffProfileCreationResponse =
+                response.getBody().as(StaffProfileCreationResponse.class);
+        String cwId = staffProfileCreationResponse.getCaseWorkerId();
+        var idamResponse = idamOpenIdClient.getUserByUserID(cwId);
+        assertEquals(staffRequest.getEmailId(), idamResponse.get("email"));
+        assertTrue(((List)idamResponse.get("roles")).contains(ROLE_STAFF_ADMIN));
+        assertTrue(((List)idamResponse.get("roles")).contains(CWD_USER));
+
+        //Step 3: create user in SRD with staff admin false
+        staffRequest.setStaffAdmin(false);
+        response = caseWorkerApiClient.updateStaffUserProfile(staffRequest);
+        assertThat(response).isNotNull();
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK.value());
+
+        //Step 4: Retrieve the user in SRD
+        Response fetchResponse = caseWorkerApiClient.getMultipleAuthHeadersInternal(ROLE_CWD_SYSTEM_USER)
+                .body(UserRequest.builder().userIds(List.of(cwId)).build())
+                .post("/refdata/case-worker/users/fetchUsersById/")
+                .andReturn();
+        fetchResponse.then()
+                .assertThat()
+                .statusCode(200);
+
+        List<uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile> fetchedList =
+                Arrays.asList(fetchResponse.getBody().as(
+                        uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile[].class));
+        assertEquals(1, fetchedList.size());
+        uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile caseWorkerProfile = fetchedList.get(0);
+
+        // validate Idam user doesn't have staff admin role
+        idamResponse = idamOpenIdClient.getUserByUserID(cwId);
+        assertEquals(caseWorkerProfile.getId(), idamResponse.get("id"));
+        assertEquals(caseWorkerProfile.getFirstName(), idamResponse.get("forename"));
+        assertEquals(caseWorkerProfile.getLastName(), idamResponse.get("surname"));
+        assertEquals(caseWorkerProfile.getOfficialEmail(), idamResponse.get("email"));
+        assertFalse(((List)idamResponse.get("roles")).contains(ROLE_STAFF_ADMIN));
+        assertFalse(((List)idamResponse.get("roles")).isEmpty());
+        assertTrue(((List)idamResponse.get("roles")).contains(CWD_USER));
+
+        idamOpenIdClient.getcwdAdminOpenIdToken("cwd-admin");
+        UserProfileResponse upResponse = getUserProfileFromUp(caseWorkerProfile.getOfficialEmail());
+        assertEquals(caseWorkerProfile.getId(), upResponse.getIdamId());
+        assertEquals(caseWorkerProfile.getFirstName(), upResponse.getFirstName());
+        assertEquals(caseWorkerProfile.getLastName(), upResponse.getLastName());
+        assertEquals(caseWorkerProfile.getOfficialEmail(), upResponse.getEmail());
+        assertFalse(upResponse.getRoles().contains(ROLE_STAFF_ADMIN));
+        assertFalse((upResponse.getRoles()).isEmpty());
+        assertTrue(upResponse.getRoles().contains(CWD_USER));
+
+    }
+
+    @Test
+    @ToggleEnable(mapKey = UPDATE_STAFF_PROFILE, withFeature = true)
+    @ExtendWith(FeatureToggleConditionExtension.class)
+    void updateStaffProfileDelStaffAdminRoleDirectlyFromIdamAndStaffAdminIsTrue() throws JsonProcessingException {
+
+        StaffProfileCreationRequest staffRequest = caseWorkerApiClient
+                .createStaffProfileCreationRequest();
+        staffRequest.setStaffAdmin(true);
+        //Step 1: create user in IDM for active status
+        List<String> userRoles = List.of(ROLE_CWD_ADMIN,ROLE_STAFF_ADMIN);
+        Map<String, String> users =  idamOpenIdClient.createUser(userRoles,staffRequest.getEmailId(),
+                staffRequest.getFirstName(),staffRequest.getFirstName());
+        //Step 2: create user in UP
+        UserProfileCreationRequest userProfileRequest = caseWorkerApiClient.createUserProfileRequest(staffRequest);
+        createUserProfileFromUp(userProfileRequest);
+
+        Response response = caseWorkerApiClient.createStaffUserProfileWithOutIdm(staffRequest);
+
+        //Verify idam profile roles has staff admin
+        StaffProfileCreationResponse staffProfileCreationResponse =
+                response.getBody().as(StaffProfileCreationResponse.class);
+        String cwId = staffProfileCreationResponse.getCaseWorkerId();
+        var idamResponse = idamOpenIdClient.getUserByUserID(cwId);
+        assertEquals(staffRequest.getEmailId(), idamResponse.get("email"));
+        assertTrue(((List)idamResponse.get("roles")).contains(ROLE_STAFF_ADMIN));
+        assertTrue(((List)idamResponse.get("roles")).contains(CWD_USER));
+
+        idamOpenIdClient.deleteRoleByUserIdNRoleName(cwId,ROLE_STAFF_ADMIN);
+        idamResponse = idamOpenIdClient.getUserByUserID(cwId);
+        assertEquals(staffRequest.getEmailId(), idamResponse.get("email"));
+        assertFalse(((List)idamResponse.get("roles")).contains(ROLE_STAFF_ADMIN));
+        assertTrue(((List)idamResponse.get("roles")).contains(CWD_USER));
+
+        //Step 3: create user in SRD with staff admin false
+        response = caseWorkerApiClient.updateStaffUserProfile(staffRequest);
+        assertThat(response).isNotNull();
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK.value());
+
+        //Step 4: Retrieve the user in SRD
+        Response fetchResponse = caseWorkerApiClient.getMultipleAuthHeadersInternal(ROLE_CWD_SYSTEM_USER)
+                .body(UserRequest.builder().userIds(List.of(cwId)).build())
+                .post("/refdata/case-worker/users/fetchUsersById/")
+                .andReturn();
+        fetchResponse.then()
+                .assertThat()
+                .statusCode(200);
+
+        List<uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile> fetchedList =
+                Arrays.asList(fetchResponse.getBody().as(
+                        uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile[].class));
+        assertEquals(1, fetchedList.size());
+        uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile caseWorkerProfile = fetchedList.get(0);
+
+        // validate Idam user doesn't have staff admin role
+        idamResponse = idamOpenIdClient.getUserByUserID(cwId);
+        assertEquals(caseWorkerProfile.getId(), idamResponse.get("id"));
+        assertEquals(caseWorkerProfile.getFirstName(), idamResponse.get("forename"));
+        assertEquals(caseWorkerProfile.getLastName(), idamResponse.get("surname"));
+        assertEquals(caseWorkerProfile.getOfficialEmail(), idamResponse.get("email"));
+        assertTrue(((List)idamResponse.get("roles")).contains(ROLE_STAFF_ADMIN));
+        assertFalse(((List)idamResponse.get("roles")).isEmpty());
+        assertTrue(((List)idamResponse.get("roles")).contains(CWD_USER));
+
+        idamOpenIdClient.getcwdAdminOpenIdToken("cwd-admin");
+        UserProfileResponse upResponse = getUserProfileFromUp(caseWorkerProfile.getOfficialEmail());
+        assertEquals(caseWorkerProfile.getId(), upResponse.getIdamId());
+        assertEquals(caseWorkerProfile.getFirstName(), upResponse.getFirstName());
+        assertEquals(caseWorkerProfile.getLastName(), upResponse.getLastName());
+        assertEquals(caseWorkerProfile.getOfficialEmail(), upResponse.getEmail());
+        assertTrue(upResponse.getRoles().contains(ROLE_STAFF_ADMIN));
+        assertFalse((upResponse.getRoles()).isEmpty());
+        assertTrue(upResponse.getRoles().contains(CWD_USER));
+    }
+
     @Test
     @ToggleEnable(mapKey = UPDATE_STAFF_PROFILE, withFeature = true)
     @ExtendWith(FeatureToggleConditionExtension.class)

src/functionalTest/java/uk/gov/hmcts/reform/cwrdapi/idam/IdamOpenIdClient.java

@@ -21,6 +21,8 @@
 @Slf4j
 public class IdamOpenIdClient extends IdamOpenId {
 
+    private static final String AUTHORIZATION_HEADER = "Authorization";
+
     public static String cwdStaffAdminUserToken;
 
     public IdamOpenIdClient(TestConfigProperties testConfig) {
@@ -41,6 +43,35 @@ public Map getUser(String idamId) {
         return generatedUserResponse.getBody().as(Map.class);
     }
 
+    public Map getUserByUserID(String idamId) {
+        log.info(":::: Get an User");
+
+        Response generatedUserResponse = RestAssured.given().relaxedHTTPSValidation()
+                .baseUri(testConfig.getIdamApiUrl())
+                .header(AUTHORIZATION_HEADER, "Bearer " + getOpenIdTokenByRoles(List.of(ROLE_STAFF_ADMIN)))
+                .get("/api/v1/users/" + idamId)
+                .andReturn();
+        if (generatedUserResponse.getStatusCode() == 404) {
+            log.info("SIDAM getUser response 404");
+        }
+        return generatedUserResponse.getBody().as(Map.class);
+    }
+
+    public void deleteRoleByUserIdNRoleName(String idamId, String roleName) {
+        log.info(":::: Delete a role By UserId and RoleName");
+
+        Response generatedUserResponse = RestAssured.given().relaxedHTTPSValidation()
+                .baseUri(testConfig.getIdamApiUrl())
+                .header(AUTHORIZATION_HEADER, "Bearer " + getOpenIdTokenByRoles(List.of(ROLE_STAFF_ADMIN)))
+                .delete("/api/v1/users/" + idamId + "/roles/" + roleName)
+                .andReturn();
+        if (generatedUserResponse.getStatusCode() == 404) {
+            log.info("SIDAM getUser response 404");
+        }
+
+    }
+
+
     public String getOpenIdTokenByRole(String role) {
         if (StringUtils.isNotEmpty(role)) {
             if (ROLE_CWD_ADMIN.equals(role)) {

src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/UpdateStaffReferenceProfileTest.java

@@ -18,6 +18,7 @@
 import uk.gov.hmcts.reform.cwrdapi.controllers.request.StaffProfileCreationRequest;
 import uk.gov.hmcts.reform.cwrdapi.controllers.request.StaffProfileRoleRequest;
 import uk.gov.hmcts.reform.cwrdapi.controllers.response.SearchStaffUserResponse;
+import uk.gov.hmcts.reform.cwrdapi.domain.CaseWorkerProfile;
 import uk.gov.hmcts.reform.cwrdapi.domain.StaffAudit;
 import uk.gov.hmcts.reform.cwrdapi.repository.CaseWorkerLocationRepository;
 import uk.gov.hmcts.reform.cwrdapi.repository.CaseWorkerProfileRepository;
@@ -360,6 +361,35 @@ void should_return_update_staff_user_with_status_code_400_duplicate_roles() thro
 
     }
 
+    @Test
+    void should_return_update_staff_user_with_status_code_200_del_roles() throws Exception {
+        StaffProfileCreationRequest request = caseWorkerReferenceDataClient.createStaffProfileCreationRequest();
+        request.setFirstName("prashanth");
+        request.setLastName("rao");
+        userProfilePostUserWireMockForStaffProfile(HttpStatus.CREATED);
+        userProfileGetUserWireMock("ACTIVE", "[\"Senior Legal Caseworker\"]");
+
+        Map<String, Object> createResponse = caseworkerReferenceDataClient.createStaffProfile(request,ROLE_STAFF_ADMIN);
+
+        request.setStaffAdmin(false);
+
+        modifyUserRoles();
+        Map<String, Object> resendResponse = caseworkerReferenceDataClient.updateStaffProfile(request,ROLE_STAFF_ADMIN);
+        Map createBody = (Map)createResponse.get("body");
+
+        assertThat(resendResponse).isNotNull();
+        assertThat(resendResponse.get("http_status")).isEqualTo("200 OK");
+        Map resendResponseBody = (Map) resendResponse.get("body");
+        assertEquals(createBody.get("case_worker_id"), resendResponseBody.get("case_worker_id"));
+
+        List<CaseWorkerProfile> caseWorkerProfiles = caseWorkerProfileRepository.findAll();
+        assertThat(caseWorkerProfiles.size()).isEqualTo(1);
+        assertThat(caseWorkerProfiles.get(0).getUserAdmin()).isFalse();
+
+    }
+
+
+
     @Test
     void should_return_update_staff_user_with_status_code_400_invalid_roles() throws Exception {
 

src/main/java/uk/gov/hmcts/reform/cwrdapi/client/domain/RoleDeletionResponse.java

@@ -0,0 +1,16 @@
+package uk.gov.hmcts.reform.cwrdapi.client.domain;
+
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@NoArgsConstructor
+public class RoleDeletionResponse {
+    private String roleName;
+    private String idamStatusCode;
+    private String idamMessage;
+
+}

src/main/java/uk/gov/hmcts/reform/cwrdapi/client/domain/UserProfileRolesResponse.java

@@ -6,13 +6,16 @@
 import lombok.NoArgsConstructor;
 import lombok.Setter;
 
+import java.util.List;
+
 @Getter
 @Setter
 @NoArgsConstructor
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class UserProfileRolesResponse {
     private RoleAdditionResponse roleAdditionResponse;
+    private List<RoleDeletionResponse> roleDeletionResponse;
     @JsonProperty("statusUpdateResponse")
     private AttributeResponse attributeResponse;
 }

src/main/java/uk/gov/hmcts/reform/cwrdapi/domain/UserProfileUpdatedData.java

@@ -10,7 +10,7 @@
 public class UserProfileUpdatedData {
 
     private String idamStatus;
-
+    private Set<RoleName> rolesDelete;
     private Set<RoleName> rolesAdd;
     private String firstName;
     private String lastName;

src/main/java/uk/gov/hmcts/reform/cwrdapi/service/impl/StaffRefDataServiceImpl.java

@@ -959,7 +959,7 @@ && nonNull(profileResponse.getIdamStatus())) {
         }
         var hasNameChanged = !cwrProfileRequest.getFirstName().equals(userProfileResponse.getFirstName())
                 || !cwrProfileRequest.getLastName().equals(userProfileResponse.getLastName());
-        if (isNotEmpty(mergedRoles) || hasNameChanged) {
+        if (isNotEmpty(mergedRoles) || hasNameChanged || !cwrProfileRequest.isStaffAdmin()) {
             return updateMismatchedDatatoUP(cwrProfileRequest, idamId, mergedRoles, hasNameChanged);
         }
 
@@ -976,6 +976,10 @@ private boolean updateMismatchedDatatoUP(StaffProfileCreationRequest cwrProfileR
                     .rolesAdd(mergedRoles);
         }
 
+        if (!cwrProfileRequest.isStaffAdmin()) {
+            builder.rolesDelete(Set.of(new RoleName(ROLE_STAFF_ADMIN)));
+        }
+
         if (hasNameChanged) {
 
             builder
@@ -996,7 +1000,8 @@ public boolean isEachRoleUpdated(UserProfileUpdatedData userProfileUpdatedData,
             if (resultResponse.isPresent() && resultResponse.get() instanceof UserProfileRolesResponse
                     userProfileRolesResponse) {
                 if (nonNull(userProfileRolesResponse.getRoleAdditionResponse())
-                        || nonNull(userProfileRolesResponse.getAttributeResponse())) {
+                        || nonNull(userProfileRolesResponse.getAttributeResponse())
+                        || nonNull(userProfileRolesResponse.getRoleDeletionResponse())) {
                     isEachRoleUpdated = isRecordupdatedinUP(userProfileRolesResponse);
 
                 } else {

src/test/java/uk/gov/hmcts/reform/cwrdapi/service/impl/StaffRefDataUpdateStaffServiceImplTest.java

@@ -17,6 +17,7 @@
 import uk.gov.hmcts.reform.cwrdapi.client.domain.AttributeResponse;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.Role;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.RoleAdditionResponse;
+import uk.gov.hmcts.reform.cwrdapi.client.domain.RoleDeletionResponse;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.UserProfileResponse;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.UserProfileRolesResponse;
 import uk.gov.hmcts.reform.cwrdapi.controllers.advice.InvalidRequestException;
@@ -996,6 +997,57 @@ void test_updateUserRolesInIdamDataMistmatch() throws JsonProcessingException {
     }
 
 
+    @Test
+    void test_updateUserRolesInIdam_with_StaffAdminRoleDelete_Idam_Status_Active() throws JsonProcessingException {
+
+        UserProfileResponse userProfileResponse = new UserProfileResponse();
+        userProfileResponse.setIdamId("12345678");
+        List<String> roles = Arrays.asList("IdamRole1", "IdamRole4");
+        userProfileResponse.setIdamStatus(STATUS_ACTIVE);
+
+        userProfileResponse.setRoles(roles);
+        userProfileResponse.setFirstName("testFN");
+        userProfileResponse.setLastName("testLN");
+
+        when(userProfileFeignClient.getUserProfileWithRolesById(any()))
+                .thenReturn(Response.builder()
+                        .request(Request.create(Request.HttpMethod.POST, "", new HashMap<>(), Request.Body.empty(),
+                                null)).body(mapper.writeValueAsString(userProfileResponse),
+                                defaultCharset())
+                        .status(200).build());
+
+        UserProfileCreationResponse userProfileCreationResponse = new UserProfileCreationResponse();
+        userProfileCreationResponse.setIdamId("12345678");
+        userProfileCreationResponse.setIdamRegistrationResponse(1);
+
+        UserProfileRolesResponse userProfileRolesResponse = new UserProfileRolesResponse();
+        userProfileCreationResponse.setIdamId("12345678");
+        RoleDeletionResponse roleDeletionResponse = new RoleDeletionResponse();
+        roleDeletionResponse.setIdamStatusCode("201");
+        userProfileRolesResponse.setRoleDeletionResponse(List.of(roleDeletionResponse));
+        roleDeletionResponse.setIdamMessage("success");
+
+        when(userProfileFeignClient.modifyUserRoles(any(), any(), any()))
+                .thenReturn(Response.builder()
+                        .request(Request.create(Request.HttpMethod.POST, "", new HashMap<>(), Request.Body.empty(),
+                                null)).body(mapper.writeValueAsString(userProfileRolesResponse),
+                                defaultCharset())
+                        .status(200).build());
+
+        StaffProfileCreationRequest cwUiRequest =  getStaffProfileUpdateRequest();
+        cwUiRequest.setStaffAdmin(false);
+
+        staffProfileAuditService.saveStaffAudit(AuditStatus.FAILURE,IDAM_STATUS,
+                StringUtils.EMPTY,cwUiRequest,STAFF_PROFILE_UPDATE);
+
+
+        boolean updateUserRolesInIdam = staffRefDataServiceImpl
+                .updateUserRolesInIdam(cwUiRequest,caseWorkerProfile.getCaseWorkerId(),STAFF_PROFILE_UPDATE);
+        assertThat(updateUserRolesInIdam).isTrue();
+    }
+
+
+
     @Test
     void test_check_staff_profile_for_update() throws JsonProcessingException {