ministryofjustice · garethCAS2 · Nov 28, 2024 · Nov 28, 2024 · Nov 28, 2024 · Nov 28, 2024
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -159,7 +159,14 @@ tasks.bootRun {
 }
 
 tasks.withType<Test> {
-  jvmArgs("--add-opens", "java.base/java.lang=ALL-UNNAMED", "--add-opens", "java.base/java.lang.reflect=ALL-UNNAMED", "--add-opens", "java.base/java.time=ALL-UNNAMED")
+  jvmArgs(
+    "--add-opens",
+    "java.base/java.lang=ALL-UNNAMED",
+    "--add-opens",
+    "java.base/java.lang.reflect=ALL-UNNAMED",
+    "--add-opens",
+    "java.base/java.time=ALL-UNNAMED",
+  )
 
   afterEvaluate {
     if (environment["CI"] != null) {
@@ -248,6 +255,14 @@ registerAdditionalOpenApiGenerateTask(
   useTags = true,
 )
 
+registerAdditionalOpenApiGenerateTask(
+  name = "openApiGenerateCas2bailNamespace",
+  ymlPath = "$rootDir/src/main/resources/static/codegen/built-cas2bail-api-spec.yml",
+  apiPackageName = "uk.gov.justice.digital.hmpps.approvedpremisesapi.api.cas2bail",
+  modelPackageName = "uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model",
+  apiSuffix = "Cas2bail",
+)
+
 registerAdditionalOpenApiGenerateTask(
   name = "openApiGenerateCas2Namespace",
   ymlPath = "$rootDir/src/main/resources/static/codegen/built-cas2-api-spec.yml",
@@ -327,6 +342,7 @@ tasks.register("openApiPreCompilation") {
       .readFileToString(file, "UTF-8")
       .replace("_shared.yml#/components", "#/components")
       .replace("cas1-schemas.yml#/components", "#/components")
+      .replace("cas2bail-schemas.yml#/components", "#/components")
     FileUtils.writeStringToFile(file, updatedContents, "UTF-8")
   }
 
@@ -379,6 +395,11 @@ tasks.register("openApiPreCompilation") {
     outputFileName = "built-cas2-api-spec.yml",
     inputSpec = "cas2-api.yml",
   )
+  buildSpecWithSharedComponentsAppended(
+    outputFileName = "built-cas2bail-api-spec.yml",
+    inputSpec = "cas2bail-api.yml",
+    inputSchemas = "cas2bail-schemas.yml",
+  )
   buildSpecWithSharedComponentsAppended(
     outputFileName = "built-cas3-api-spec.yml",
     inputSpec = "cas3-api.yml",
@@ -392,6 +413,7 @@ tasks.get("openApiGenerate").dependsOn(
   "openApiPreCompilation",
   "openApiGenerateCas1Namespace",
   "openApiGenerateCas2Namespace",
+  "openApiGenerateCas2bailNamespace",
   "openApiGenerateCas3Namespace",
 )
 

diff --git a/...ice/digital/hmpps/approvedpremisesapi/config/OAuth2ResourceServerSecurityConfiguration.kt b/...ice/digital/hmpps/approvedpremisesapi/config/OAuth2ResourceServerSecurityConfiguration.kt
@@ -74,6 +74,17 @@ class OAuth2ResourceServerSecurityConfiguration {
         authorize(HttpMethod.GET, "/cas2/reference-data/**", hasAnyRole("CAS2_ASSESSOR", "POM"))
         authorize(HttpMethod.GET, "/cas2/reports/**", hasRole("CAS2_MI"))
         authorize("/cas2/**", hasAnyAuthority("ROLE_POM", "ROLE_LICENCE_CA"))
+
+        authorize(HttpMethod.PUT, "/cas2bail/assessments/**", hasRole("CAS2_ASSESSOR"))
+        authorize(HttpMethod.GET, "/cas2bail/assessments/**", hasAnyRole("CAS2_ASSESSOR", "CAS2_ADMIN"))
+        authorize(HttpMethod.POST, "/cas2bail/assessments/*/status-updates", hasRole("CAS2_ASSESSOR"))
+        authorize(HttpMethod.POST, "/cas2bail/assessments/*/notes", hasAnyRole("LICENCE_CA", "POM", "CAS2_ASSESSOR"))
+        authorize(HttpMethod.GET, "/cas2bail/submissions/**", hasAnyRole("CAS2_ASSESSOR", "CAS2_ADMIN"))
+        authorize(HttpMethod.POST, "/cas2bail/submissions/*/status-updates", hasRole("CAS2_ASSESSOR"))
+        authorize(HttpMethod.GET, "/cas2bail/reference-data/**", hasAnyRole("CAS2_ASSESSOR", "POM"))
+        authorize(HttpMethod.GET, "/cas2bail/reports/**", hasRole("CAS2_MI"))
+        authorize("/cas2bail/**", hasAnyAuthority("ROLE_POM", "ROLE_LICENCE_CA"))
+
         authorize(HttpMethod.GET, "/cas3-api.yml", permitAll)
         authorize(HttpMethod.GET, "/subject-access-request", hasAnyRole("SAR_DATA_ACCESS"))
         authorize(anyRequest, hasAuthority("ROLE_PROBATION"))

diff --git a/...ce/digital/hmpps/approvedpremisesapi/controller/cas2bail/Cas2BailApplicationController.kt b/...ce/digital/hmpps/approvedpremisesapi/controller/cas2bail/Cas2BailApplicationController.kt
@@ -0,0 +1,182 @@
+package uk.gov.justice.digital.hmpps.approvedpremisesapi.controller.cas2bail
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import jakarta.transaction.Transactional
+import org.springframework.http.ResponseEntity
+import org.springframework.stereotype.Service
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.cas2bail.ApplicationsCas2bailDelegate
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.Application
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.NewApplication
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.SortDirection
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.UpdateApplication
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.jpa.entity.cas2bail.Cas2BailApplicationEntity
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.jpa.entity.cas2bail.Cas2BailApplicationSummaryEntity
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.BadRequestProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.ConflictProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.ForbiddenProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.NotFoundProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.results.AuthorisableActionResult
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.results.ValidatableActionResult
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.NomisUserService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.cas2.OffenderService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.cas2bail.Cas2BailApplicationService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.transformer.cas2bail.Cas2BailApplicationsTransformer
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.util.PageCriteria
+import java.net.URI
+import java.util.UUID
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.Cas2ApplicationSummary as ModelCas2ApplicationSummary
+
+@Service(
+  "Cas2BailApplicationsController",
+)
+class Cas2BailApplicationController(
+  private val cas2BailApplicationService: Cas2BailApplicationService,
+  private val cas2BailApplicationsTransformer: Cas2BailApplicationsTransformer,
+  private val objectMapper: ObjectMapper,
+  private val offenderService: OffenderService,
+  private val userService: NomisUserService,
+) : ApplicationsCas2bailDelegate {
+
+  override fun applicationsGet(
+    isSubmitted: Boolean?,
+    page: Int?,
+    prisonCode: String?,
+  ): ResponseEntity<List<ModelCas2ApplicationSummary>> {
+    /*This gets a NomisUser. Toby and Gareth discussed creating a third user service
+   * The third user service will return a Cas2BailUser. That user will have two nullable fields/properties
+   * 1. DeliusUser
+   * 2. NomisUser
+   * We discussed using transformers if we need any specific data about the user eg their name.
+   *
+   * In the Cas2BailApplicationEntity the created_by field would be of type Cas2BailUser
+   * */
+    val user = userService.getUserForRequest()
+
+    prisonCode?.let { if (prisonCode != user.activeCaseloadId) throw ForbiddenProblem() }
+
+    val pageCriteria = PageCriteria("createdAt", SortDirection.desc, page)
+
+    val (applications, metadata) = cas2BailApplicationService.getCas2BailApplications(prisonCode, isSubmitted, user, pageCriteria)
+
+    return ResponseEntity.ok().headers(
+      metadata?.toHeaders(),
+    ).body(getPersonNamesAndTransformToSummaries(applications))
+  }
+
+  override fun applicationsApplicationIdGet(applicationId: UUID): ResponseEntity<Application> {
+    val user = userService.getUserForRequest()
+
+    val application = when (
+      val applicationResult = cas2BailApplicationService
+        .getCas2BailApplicationForUser(
+          applicationId,
+          user,
+        )
+
+    ) {
+      is AuthorisableActionResult.NotFound -> null
+      is AuthorisableActionResult.Unauthorised -> throw ForbiddenProblem()
+      is AuthorisableActionResult.Success -> applicationResult.entity
+    }
+
+    if (application != null) {
+      return ResponseEntity.ok(getPersonDetailAndTransform(application))
+    }
+    throw NotFoundProblem(applicationId, "Application")
+  }
+
+  @Transactional
+  override fun applicationsPost(body: NewApplication): ResponseEntity<Application> {
+    val user = userService.getUserForRequest()
+
+    val personInfo = offenderService.getFullInfoForPersonOrThrow(body.crn)
+
+    val applicationResult = cas2BailApplicationService.createCas2BailApplication(
+      body.crn,
+      user,
+    )
+
+    val application = when (applicationResult) {
+      is ValidatableActionResult.GeneralValidationError -> throw BadRequestProblem(errorDetail = applicationResult.message)
+      is ValidatableActionResult.FieldValidationError -> throw BadRequestProblem(invalidParams = applicationResult.validationMessages)
+      is ValidatableActionResult.ConflictError -> throw ConflictProblem(id = applicationResult.conflictingEntityId, conflictReason = applicationResult.message)
+      is ValidatableActionResult.Success -> applicationResult.entity
+    }
+
+    return ResponseEntity
+      .created(URI.create("/cas2/applications/${application.id}"))
+      .body(cas2BailApplicationsTransformer.transformJpaToApi(application, personInfo))
+  }
+
+  @Transactional
+  override fun applicationsApplicationIdPut(
+    applicationId: UUID,
+    body: UpdateApplication,
+  ): ResponseEntity<Application> {
+    val user = userService.getUserForRequest()
+
+    val serializedData = objectMapper.writeValueAsString(body.data)
+
+    val applicationResult = cas2BailApplicationService.updateCas2BailApplication(
+      applicationId =
+      applicationId,
+      data = serializedData,
+      user,
+    )
+
+    val validationResult = when (applicationResult) {
+      is AuthorisableActionResult.NotFound -> throw NotFoundProblem(applicationId, "Application")
+      is AuthorisableActionResult.Unauthorised -> throw ForbiddenProblem()
+      is AuthorisableActionResult.Success -> applicationResult.entity
+    }
+
+    val updatedApplication = when (validationResult) {
+      is ValidatableActionResult.GeneralValidationError -> throw BadRequestProblem(errorDetail = validationResult.message)
+      is ValidatableActionResult.FieldValidationError -> throw BadRequestProblem(invalidParams = validationResult.validationMessages)
+      is ValidatableActionResult.ConflictError -> throw ConflictProblem(id = validationResult.conflictingEntityId, conflictReason = validationResult.message)
+      is ValidatableActionResult.Success -> validationResult.entity
+    }
+
+    return ResponseEntity.ok(getPersonDetailAndTransform(updatedApplication))
+  }
+
+  @Transactional
+  override fun applicationsApplicationIdAbandonPut(applicationId: UUID): ResponseEntity<Unit> {
+    val user = userService.getUserForRequest()
+
+    val validationResult = when (val applicationResult = cas2BailApplicationService.abandonCas2BailApplication(applicationId, user)) {
+      is AuthorisableActionResult.NotFound -> throw NotFoundProblem(applicationId, "Application")
+      is AuthorisableActionResult.Unauthorised -> throw ForbiddenProblem()
+      is AuthorisableActionResult.Success -> applicationResult.entity
+    }
+
+    when (validationResult) {
+      is ValidatableActionResult.GeneralValidationError -> throw BadRequestProblem(errorDetail = validationResult.message)
+      is ValidatableActionResult.FieldValidationError -> throw BadRequestProblem(invalidParams = validationResult.validationMessages)
+      is ValidatableActionResult.ConflictError -> throw ConflictProblem(id = validationResult.conflictingEntityId, conflictReason = validationResult.message)
+      is ValidatableActionResult.Success -> validationResult.entity
+    }
+
+    return ResponseEntity.ok(Unit)
+  }
+
+  private fun getPersonNamesAndTransformToSummaries(
+    applicationSummaries: List<Cas2BailApplicationSummaryEntity>,
+  ): List<ModelCas2ApplicationSummary> {
+    val crns = applicationSummaries.map { it.crn }
+
+    val personNamesMap = offenderService.getMapOfPersonNamesAndCrns(crns)
+
+    return applicationSummaries.map { application ->
+      cas2BailApplicationsTransformer.transformJpaSummaryToSummary(application, personNamesMap[application.crn]!!)
+    }
+  }
+
+  private fun getPersonDetailAndTransform(
+    application: Cas2BailApplicationEntity,
+  ): Application {
+    val personInfo = offenderService.getFullInfoForPersonOrThrow(application.crn)
+
+    return cas2BailApplicationsTransformer.transformJpaToApi(application, personInfo)
+  }
+}
diff --git a/...ce/digital/hmpps/approvedpremisesapi/controller/cas2bail/Cas2BailAssessmentsController.kt b/...ce/digital/hmpps/approvedpremisesapi/controller/cas2bail/Cas2BailAssessmentsController.kt
@@ -0,0 +1,115 @@
+package uk.gov.justice.digital.hmpps.approvedpremisesapi.controller.cas2bail
+
+import org.springframework.http.HttpStatus
+import org.springframework.http.ResponseEntity
+import org.springframework.stereotype.Service
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.cas2bail.AssessmentsCas2bailDelegate
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.Cas2ApplicationNote
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.Cas2Assessment
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.Cas2AssessmentStatusUpdate
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.NewCas2ApplicationNote
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.api.model.UpdateCas2Assessment
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.jpa.entity.Cas2ApplicationNoteEntity
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.ConflictProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.ForbiddenProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.problem.NotFoundProblem
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.results.CasResult
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.ExternalUserService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.cas2bail.Cas2BailApplicationNoteService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.cas2bail.Cas2BailAssessmentService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.service.cas2bail.Cas2BailStatusUpdateService
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.transformer.cas2.ApplicationNotesTransformer
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.transformer.cas2bail.Cas2BailAssessmentsTransformer
+import uk.gov.justice.digital.hmpps.approvedpremisesapi.util.extractEntityFromCasResult
+import java.net.URI
+import java.util.UUID
+
+@Service("Cas2BailAssessmentsController")
+class Cas2BailAssessmentsController(
+  private val cas2BailAssessmentService: Cas2BailAssessmentService,
+  private val cas2BailApplicationNoteService: Cas2BailApplicationNoteService,
+  private val cas2BailAssessmentsTransformer: Cas2BailAssessmentsTransformer,
+  private val applicationNotesTransformer: ApplicationNotesTransformer,
+  private val cas2BailStatusUpdateService: Cas2BailStatusUpdateService,
+  private val externalUserService: ExternalUserService,
+) : AssessmentsCas2bailDelegate {
+
+  override fun assessmentsAssessmentIdGet(assessmentId: UUID): ResponseEntity<Cas2Assessment> {
+    val assessment = when (
+      val assessmentResult = cas2BailAssessmentService.getAssessment(assessmentId)
+    ) {
+      is CasResult.NotFound -> throw NotFoundProblem(assessmentId, "Cas2BailAssessment")
+      is CasResult.Unauthorised -> throw ForbiddenProblem()
+      is CasResult.Success -> assessmentResult
+      is CasResult.ConflictError<*> -> throw ConflictProblem(assessmentId, "Cas2BailAssessment conflict by assessmentId")
+      is CasResult.FieldValidationError<*> -> CasResult.FieldValidationError(mapOf("$.reason" to "doesNotExist"))
+      is CasResult.GeneralValidationError<*> -> CasResult.GeneralValidationError("General Validation Error")
+    }
+
+    val cas2BailAssessmentEntity = extractEntityFromCasResult(assessment)
+    return ResponseEntity.ok(cas2BailAssessmentsTransformer.transformJpaToApiRepresentation(cas2BailAssessmentEntity))
+  }
+
+  override fun assessmentsAssessmentIdPut(
+    assessmentId: UUID,
+    updateCas2Assessment: UpdateCas2Assessment,
+  ): ResponseEntity<Cas2Assessment> {
+    val assessmentResult = cas2BailAssessmentService.updateAssessment(assessmentId, updateCas2Assessment)
+    when (assessmentResult) {
+      is CasResult.NotFound -> throw NotFoundProblem(assessmentId, "Assessment")
+      is CasResult.Unauthorised -> throw ForbiddenProblem()
+      is CasResult.Success -> assessmentResult
+      is CasResult.ConflictError<*> -> throw ConflictProblem(assessmentId, "Cas2BailAssessment conflict by assessmentId")
+      is CasResult.FieldValidationError<*> -> CasResult.FieldValidationError(mapOf("$.reason" to "doesNotExist"))
+      is CasResult.GeneralValidationError<*> -> CasResult.GeneralValidationError("General Validation Error")
+    }
+
+    val cas2BailAssessmentEntity = extractEntityFromCasResult(assessmentResult)
+    return ResponseEntity.ok(
+      cas2BailAssessmentsTransformer.transformJpaToApiRepresentation(cas2BailAssessmentEntity),
+    )
+  }
+
+  override fun assessmentsAssessmentIdStatusUpdatesPost(
+    assessmentId: UUID,
+    cas2AssessmentStatusUpdate: Cas2AssessmentStatusUpdate,
+  ): ResponseEntity<Unit> {
+    val result = cas2BailStatusUpdateService.createForAssessment(
+      assessmentId = assessmentId,
+      statusUpdate = cas2AssessmentStatusUpdate,
+      assessor = externalUserService.getUserForRequest(),
+    )
+
+    processAuthorisationFor(result)
+      .run { processValidation(result) }
+
+    return ResponseEntity(HttpStatus.CREATED)
+  }
+
+  override fun assessmentsAssessmentIdNotesPost(
+    assessmentId: UUID,
+    body: NewCas2ApplicationNote,
+  ): ResponseEntity<Cas2ApplicationNote> {
+    val noteResult = cas2BailApplicationNoteService.createAssessmentNote(assessmentId, body)
+
+    val validationResult = processAuthorisationFor(noteResult) as CasResult<Cas2ApplicationNote>
+
+    val note = processValidation(validationResult) as Cas2ApplicationNoteEntity
+
+    return ResponseEntity
+      .created(URI.create("/cas2/assessments/$assessmentId/notes/${note.id}"))
+      .body(
+        applicationNotesTransformer.transformJpaToApi(note),
+      )
+  }
+
+  private fun <EntityType> processAuthorisationFor(
+    result: CasResult<EntityType>,
+  ): Any? {
+    return extractEntityFromCasResult(result)
+  }
+
+  private fun <EntityType : Any> processValidation(casResult: CasResult<EntityType>): Any {
+    return extractEntityFromCasResult(casResult)
+  }
+}