PP-13030: Return users by role (#2659)

* PP-13030: Return users by role

Add a `role` query parameter to `GET
/v1/api/services/{serviceExternalId}/users` so users with specific roles can be
returned.

.secrets.baseline

@@ -75,6 +75,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -142,28 +146,28 @@
         "filename": "openapi/adminusers_spec.yaml",
         "hashed_secret": "1976a945a8d2733655e4b2453bd49fb59cb7ba19",
         "is_verified": false,
-        "line_number": 665
+        "line_number": 679
       },
       {
         "type": "Hex High Entropy String",
         "filename": "openapi/adminusers_spec.yaml",
         "hashed_secret": "a31519136d26754afeb0df49b5f066f387091f88",
         "is_verified": false,
-        "line_number": 699
+        "line_number": 713
       },
       {
         "type": "Secret Keyword",
         "filename": "openapi/adminusers_spec.yaml",
         "hashed_secret": "0ea7458942ab65e0a340cf4fd28ca00d93c494f3",
         "is_verified": false,
-        "line_number": 798
+        "line_number": 812
       },
       {
         "type": "Hex High Entropy String",
         "filename": "openapi/adminusers_spec.yaml",
         "hashed_secret": "3660e32cde5fccc8d1e4521d0c831c2012388720",
         "is_verified": false,
-        "line_number": 1251
+        "line_number": 1265
       }
     ],
     "src/main/java/uk/gov/pay/adminusers/model/CreateUserRequest.java": [
@@ -256,14 +260,14 @@
         "filename": "src/main/java/uk/gov/pay/adminusers/resources/ServiceResource.java",
         "hashed_secret": "614770647df3ab100b871bfc0d20e72c8625a5c4",
         "is_verified": false,
-        "line_number": 143
+        "line_number": 144
       },
       {
         "type": "Hex High Entropy String",
         "filename": "src/main/java/uk/gov/pay/adminusers/resources/ServiceResource.java",
         "hashed_secret": "1976a945a8d2733655e4b2453bd49fb59cb7ba19",
         "is_verified": false,
-        "line_number": 369
+        "line_number": 373
       }
     ],
     "src/main/java/uk/gov/pay/adminusers/resources/ToolboxEndpointResource.java": [
@@ -462,5 +466,5 @@
       }
     ]
   },
-  "generated_at": "2024-09-11T11:29:22Z"
+  "generated_at": "2024-09-12T14:23:21Z"
 }

openapi/adminusers_spec.yaml

@@ -637,6 +637,17 @@ paths:
         required: true
         schema:
           type: string
+      - in: query
+        name: role
+        schema:
+          type: string
+          enum:
+          - admin
+          - view-and-refund
+          - view-only
+          - view-and-initiate-moto
+          - view-refund-and-initiate-moto
+          - super-admin
       responses:
         "200":
           content:
@@ -646,6 +657,9 @@ paths:
                 items:
                   $ref: '#/components/schemas/User'
           description: OK
+        "400":
+          description: "If query parameter 'role' is not one of [admin, view-and-refund,\
+            \ view-only, view-and-initiate-moto, view-refund-and-initiate-moto, super-admin]"
         "404":
           description: Not found
       summary: Find users of a service

src/main/java/uk/gov/pay/adminusers/model/RoleName.java

@@ -19,7 +19,7 @@ public enum RoleName {
     @JsonProperty("view-and-initiate-moto") VIEW_AND_INITIATE_MOTO("view-and-initiate-moto"),
     @JsonProperty("view-refund-and-initiate-moto") VIEW_REFUND_AND_INITIATE_MOTO("view-refund-and-initiate-moto"),
     @JsonProperty("super-admin") SUPER_ADMIN("super-admin");
-
+    
     private final String name;
 
     private static final Map<String, RoleName> roleNames = Arrays.stream(RoleName.values())

src/main/java/uk/gov/pay/adminusers/persistence/dao/UserDao.java

@@ -2,12 +2,14 @@
 
 import com.google.inject.Provider;
 import com.google.inject.persist.Transactional;
+import uk.gov.pay.adminusers.model.RoleName;
 import uk.gov.pay.adminusers.persistence.entity.ServiceRoleEntity;
 import uk.gov.pay.adminusers.persistence.entity.UserEntity;
 
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.Query;
+import javax.persistence.TypedQuery;
 import java.time.Instant;
 import java.util.AbstractMap.SimpleEntry;
 import java.util.List;
@@ -93,17 +95,37 @@ public Optional<UserEntity> findByEmail(String email) {
                 .getResultList().stream().findFirst();
     }
 
-    public List<UserEntity> findByServiceId(Integer serviceId) {
+    public List<UserEntity> findByServiceId(Integer serviceId, RoleName roleName) {
 
-        String query = "SELECT s FROM ServiceRoleEntity s " +
-                "WHERE s.service.id = :serviceId ORDER BY s.user.email";
+        String query = "SELECT s FROM ServiceRoleEntity s ";
+
+        if (roleName != null) {
+            query += " LEFT JOIN RoleEntity re ON s.role = re ";
+        }
 
-        return entityManager.get()
+        query += " WHERE s.service.id = :serviceId ";
+
+        if (roleName != null) {
+            query += " AND re.roleName = :roleName ";
+        }
+
+        query += " ORDER BY s.user.email";
+
+        TypedQuery<ServiceRoleEntity> typedQuery = entityManager.get()
                 .createQuery(query, ServiceRoleEntity.class)
-                .setParameter("serviceId", serviceId)
-                .getResultList().stream()
+                .setParameter("serviceId", serviceId);
+
+        if (roleName != null) {
+            typedQuery.setParameter("roleName", roleName);
+        }
+
+        return typedQuery.getResultList().stream()
                 .map(ServiceRoleEntity::getUser)
-                .collect(toUnmodifiableList());
+                .toList();
+    }
+
+    public List<UserEntity> findByServiceId(Integer serviceId) {
+        return findByServiceId(serviceId, null);
     }
 
     public int deleteUsersNotAssociatedWithAnyService(Instant deleteRecordsBeforeDate) {

src/main/java/uk/gov/pay/adminusers/resources/ServiceResource.java

@@ -15,6 +15,7 @@
 import uk.gov.pay.adminusers.exception.ServiceNotFoundException;
 import uk.gov.pay.adminusers.model.CreateServiceRequest;
 import uk.gov.pay.adminusers.model.GovUkPayAgreement;
+import uk.gov.pay.adminusers.model.RoleName;
 import uk.gov.pay.adminusers.model.SearchServicesResponse;
 import uk.gov.pay.adminusers.model.Service;
 import uk.gov.pay.adminusers.model.ServiceSearchRequest;
@@ -333,14 +334,17 @@ public Response updateServiceMerchantDetails(@Parameter(example = "7d19aff33f894
             responses = {
                     @ApiResponse(responseCode = "200", description = "OK",
                             content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
+                    @ApiResponse(responseCode = "400", description = "If query parameter 'role' is not one of [admin, " +
+                            "view-and-refund, view-only, view-and-initiate-moto, view-refund-and-initiate-moto, super-admin]"),
                     @ApiResponse(responseCode = "404", description = "Not found")
             }
     )
-    public Response findUsersByServiceId(@PathParam("serviceExternalId") String serviceExternalId) {
+    public Response findUsersByServiceId(@PathParam("serviceExternalId") String serviceExternalId, 
+                                         @QueryParam("role") RoleName role) {
         return serviceDao.findByExternalId(serviceExternalId)
                 .map(serviceEntity ->
                         Response.status(200).entity(
-                                userDao.findByServiceId(serviceEntity.getId())
+                                userDao.findByServiceId(serviceEntity.getId(), role)
                                         .stream()
                                         .map(UserEntity::toUser)
                                         .map(linksBuilder::decorate)