From 006737277db450bb2df0e44493b7cd72d8718f39 Mon Sep 17 00:00:00 2001
From: AnuragNagpure <145100366+AnuragNagpure@users.noreply.github.com>
Date: Wed, 16 Oct 2024 12:08:56 +0530
Subject: [PATCH] feat(check): add OPERATOR and confirmed status check (#1075)

* Additional checks for OPERATOR and confirmed status added for endpoint `GET: /api/registration/documents/{documentId}`
----------
Refs: #1070
Reviewed-By: Phil Schneider <info@philschneider.de>
---
 .../Repositories/DocumentRepository.cs        |  4 +-
 .../Repositories/IDocumentRepository.cs       |  2 +-
 .../RegistrationBusinessLogic.cs              |  7 ++-
 .../DocumentRepositoryTests.cs                | 51 +++++++++++++++++++
 .../RegistrationBusinessLogicTest.cs          | 23 +++++++--
 5 files changed, 80 insertions(+), 7 deletions(-)

diff --git a/src/portalbackend/PortalBackend.DBAccess/Repositories/DocumentRepository.cs b/src/portalbackend/PortalBackend.DBAccess/Repositories/DocumentRepository.cs
index be47ec475d..96861eae4b 100644
--- a/src/portalbackend/PortalBackend.DBAccess/Repositories/DocumentRepository.cs
+++ b/src/portalbackend/PortalBackend.DBAccess/Repositories/DocumentRepository.cs
@@ -82,10 +82,10 @@ public Document CreateDocument(string documentName, byte[] documentContent, byte
             .SingleOrDefaultAsync();
 
     /// <inheritdoc />
-    public Task<(Guid DocumentId, bool IsSameUser)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId) =>
+    public Task<(Guid DocumentId, bool IsSameUser, bool IsRoleOperator, bool IsStatusConfirmed)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId) =>
         dbContext.Documents
             .Where(x => x.Id == documentId)
-            .Select(x => new ValueTuple<Guid, bool>(x.Id, x.CompanyUserId == companyUserId))
+            .Select(x => new ValueTuple<Guid, bool, bool, bool>(x.Id, x.CompanyUserId == companyUserId, x.CompanyUser!.Identity!.Company!.CompanyAssignedRoles.Any(x => x.CompanyRoleId == CompanyRoleId.OPERATOR), x.CompanyUser.Identity.Company.CompanyApplications.Any(x => x.ApplicationStatusId == CompanyApplicationStatusId.CONFIRMED)))
             .SingleOrDefaultAsync();
 
     /// <inheritdoc />
diff --git a/src/portalbackend/PortalBackend.DBAccess/Repositories/IDocumentRepository.cs b/src/portalbackend/PortalBackend.DBAccess/Repositories/IDocumentRepository.cs
index 9337874f11..e9f2457aa2 100644
--- a/src/portalbackend/PortalBackend.DBAccess/Repositories/IDocumentRepository.cs
+++ b/src/portalbackend/PortalBackend.DBAccess/Repositories/IDocumentRepository.cs
@@ -65,7 +65,7 @@ public interface IDocumentRepository
     /// <param name="documentId">id of the document the user id should be selected for</param>
     /// <param name="companyUserId"></param>
     /// <returns>Returns the user id if a document is found for the given id, otherwise null</returns>
-    Task<(Guid DocumentId, bool IsSameUser)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId);
+    Task<(Guid DocumentId, bool IsSameUser, bool IsRoleOperator, bool IsStatusConfirmed)> GetDocumentIdWithCompanyUserCheckAsync(Guid documentId, Guid companyUserId);
 
     /// <summary>
     /// Get the document data and checks if the user 
diff --git a/src/registration/Registration.Service/BusinessLogic/RegistrationBusinessLogic.cs b/src/registration/Registration.Service/BusinessLogic/RegistrationBusinessLogic.cs
index 8bfac441db..a09dd3c680 100644
--- a/src/registration/Registration.Service/BusinessLogic/RegistrationBusinessLogic.cs
+++ b/src/registration/Registration.Service/BusinessLogic/RegistrationBusinessLogic.cs
@@ -168,11 +168,16 @@ public async Task UploadDocumentAsync(Guid applicationId, IFormFile document, Do
             throw new NotFoundException($"document {documentId} does not exist.");
         }
 
-        if (!documentDetails.IsSameUser)
+        if (!documentDetails.IsSameUser && !documentDetails.IsRoleOperator)
         {
             throw new ForbiddenException($"The user is not permitted to access document {documentId}.");
         }
 
+        if (documentDetails.IsStatusConfirmed)
+        {
+            throw new ForbiddenException($"Documents not accessible as onboarding process finished {documentId}.");
+        }
+
         var document = await documentRepository.GetDocumentByIdAsync(documentId).ConfigureAwait(ConfigureAwaitOptions.None);
         if (document is null)
         {
diff --git a/tests/portalbackend/PortalBackend.DBAccess.Tests/DocumentRepositoryTests.cs b/tests/portalbackend/PortalBackend.DBAccess.Tests/DocumentRepositoryTests.cs
index 38036ab129..5620cb3c5f 100644
--- a/tests/portalbackend/PortalBackend.DBAccess.Tests/DocumentRepositoryTests.cs
+++ b/tests/portalbackend/PortalBackend.DBAccess.Tests/DocumentRepositoryTests.cs
@@ -174,6 +174,57 @@ public async Task GetDocumentDataAndIsCompanyUserAsync_WithNotExistingDocument_R
 
     #endregion
 
+    #region GetDocumentIdWithCompanyUserCheckAsync
+
+    [Fact]
+    public async Task GetDocumentIdWithCompanyUserCheckAsync_With_ReturnsExpected()
+    {
+        // Arrange
+        var (sut, _) = await CreateSut();
+
+        // Act
+        var result = await sut.GetDocumentIdWithCompanyUserCheckAsync(new Guid("00000000-0000-0000-0000-000000000001"), new("ac1cf001-7fbc-1f2f-817f-bce058020006"));
+
+        // Assert
+        result.Should().NotBe(default);
+        result.IsSameUser.Should().BeTrue();
+        result.IsRoleOperator.Should().BeTrue();
+        result.IsStatusConfirmed.Should().BeFalse();
+    }
+
+    [Fact]
+    public async Task GetDocumentIdWithCompanyUserCheckAsync_WithWrongUserData_ReturnsIsRoleOperatorFalse()
+    {
+        // Arrange
+        var (sut, _) = await CreateSut();
+
+        // Act
+        var result = await sut.GetDocumentIdWithCompanyUserCheckAsync(new Guid("5adbdf90-c6ef-47a5-b596-2f00a731c39a"), new("ac1cf001-7fbc-1f2f-817f-bce058019992"));
+
+        // Assert
+        result.Should().NotBe(default);
+        result.IsSameUser.Should().BeTrue();
+        result.IsRoleOperator.Should().BeFalse();
+    }
+
+    [Fact]
+    public async Task GetDocumentIdWithCompanyUserCheckAsync_WithCompanyApplicationIsStatusConfirmed()
+    {
+        // Arrange
+        var (sut, _) = await CreateSut();
+
+        // Act
+        var result = await sut.GetDocumentIdWithCompanyUserCheckAsync(new Guid("ec12dc7e-a8fa-4aa5-945a-f7e64be30841"), new("8b42e6de-7b59-4217-a63c-198e83d93776"));
+
+        // Assert
+        result.Should().NotBe(default);
+        result.IsSameUser.Should().BeTrue();
+        result.IsStatusConfirmed.Should().BeTrue();
+
+    }
+
+    #endregion
+
     #region GetDocumentDataAndIsCompanyUserAsync_ReturnsExpectedDocuments
 
     [Fact]
diff --git a/tests/registration/Registration.Service.Tests/BusinessLogic/RegistrationBusinessLogicTest.cs b/tests/registration/Registration.Service.Tests/BusinessLogic/RegistrationBusinessLogicTest.cs
index adcb010543..3e740c9464 100644
--- a/tests/registration/Registration.Service.Tests/BusinessLogic/RegistrationBusinessLogicTest.cs
+++ b/tests/registration/Registration.Service.Tests/BusinessLogic/RegistrationBusinessLogicTest.cs
@@ -2870,7 +2870,7 @@ public async Task GetDocumentAsync_WithValidData_ReturnsExpected()
         var documentId = Guid.NewGuid();
         var content = new byte[7];
         A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
-            .Returns((documentId, true));
+            .Returns((documentId, true, true, false));
         A.CallTo(() => _documentRepository.GetDocumentByIdAsync(documentId))
             .Returns(new Document(documentId, content, content, "test.pdf", MediaTypeId.PDF, DateTimeOffset.UtcNow, DocumentStatusId.LOCKED, DocumentTypeId.APP_CONTRACT));
         var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);
@@ -2890,7 +2890,7 @@ public async Task GetDocumentAsync_WithoutDocument_ThrowsNotFoundException()
         // Arrange
         var documentId = Guid.NewGuid();
         A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
-            .Returns((Guid.Empty, false));
+            .Returns((Guid.Empty, false, false, false));
         var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);
 
         // Act
@@ -2907,7 +2907,7 @@ public async Task GetDocumentAsync_WithWrongUser_ThrowsForbiddenException()
         // Arrange
         var documentId = Guid.NewGuid();
         A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
-            .Returns((documentId, false));
+            .Returns((documentId, false, false, false));
         var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);
 
         // Act
@@ -2918,6 +2918,23 @@ public async Task GetDocumentAsync_WithWrongUser_ThrowsForbiddenException()
         ex.Message.Should().Be($"The user is not permitted to access document {documentId}.");
     }
 
+    [Fact]
+    public async Task GetDocumentAsync_WithConfirmedApplicationStatus_ThrowsForbiddenException()
+    {
+        // Arrange
+        var documentId = Guid.NewGuid();
+        A.CallTo(() => _documentRepository.GetDocumentIdWithCompanyUserCheckAsync(documentId, _identity.IdentityId))
+            .Returns((documentId, true, true, true));
+        var sut = new RegistrationBusinessLogic(Options.Create(new RegistrationSettings()), null!, null!, null!, _portalRepositories, null!, _identityService, _dateTimeProvider, _mailingProcessCreation);
+
+        // Act
+        Task Act() => sut.GetDocumentContentAsync(documentId);
+
+        // Assert
+        var ex = await Assert.ThrowsAsync<ForbiddenException>(Act);
+        ex.Message.Should().Be($"Documents not accessible as onboarding process finished {documentId}.");
+    }
+
     #endregion
 
     #region SetInvitationStatus