NRL-703 add perm check to upsert

Author: eesa456

api/producer/upsertDocumentReference/tests/test_upsert_document_reference.py

@@ -8,6 +8,7 @@
     _set_upsert_time_fields,
     handler,
 )
+from nrlf.core.constants import PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
 from nrlf.producer.fhir.r4.model import (
     DocumentReferenceRelatesTo,
@@ -603,6 +604,63 @@ def test_create_document_reference_invalid_relatesto_not_exists(repository):
     }
 
 
+@mock_aws
+@mock_repository
+def test_create_document_reference_invalid_relatesto_not_exists_still_creates_with_ignore_perm(
+    repository,
+):
+    doc_ref = load_document_reference("Y05868-736253002-Valid")
+    doc_ref.relatesTo = [
+        DocumentReferenceRelatesTo(
+            code="transforms",
+            target=Reference(
+                reference=None,
+                identifier=Identifier(value="Y05868-99999-99999-999999"),
+            ),
+        )
+    ]
+
+    event = create_test_api_gateway_event(
+        headers=create_headers(
+            nrl_permissions=[PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL]
+        ),
+        body=doc_ref.json(exclude_none=True),
+    )
+
+    result = handler(event, create_mock_context())
+    body = result.pop("body")
+
+    assert result == {
+        "statusCode": "201",
+        "headers": {
+            "Location": "/nrl-producer-api/FHIR/R4/DocumentReference/Y05868-99999-99999-999999"
+        },
+        "isBase64Encoded": False,
+    }
+
+    parsed_body = json.loads(body)
+
+    assert parsed_body == {
+        "resourceType": "OperationOutcome",
+        "issue": [
+            {
+                "severity": "information",
+                "code": "informational",
+                "details": {
+                    "coding": [
+                        {
+                            "code": "RESOURCE_CREATED",
+                            "display": "Resource created",
+                            "system": "https://fhir.nhs.uk/ValueSet/NRL-ResponseCode",
+                        }
+                    ]
+                },
+                "diagnostics": "The document has been created",
+            }
+        ],
+    }
+
+
 @mock_aws
 @mock_repository
 def test_create_document_reference_invalid_relatesto_nhs_number(

api/producer/upsertDocumentReference/upsert_document_reference.py

@@ -1,4 +1,7 @@
-from nrlf.core.constants import PERMISSION_AUDIT_DATES_FROM_PAYLOAD
+from nrlf.core.constants import (
+    PERMISSION_AUDIT_DATES_FROM_PAYLOAD,
+    PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL,
+)
 from nrlf.core.decorators import request_handler
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
 from nrlf.core.logger import LogReference, logger
@@ -105,6 +108,7 @@ def handler(
 
     if result.resource.relatesTo:
         logger.log(LogReference.PROUPSERT006, relatesTo=result.resource.relatesTo)
+        has_delete_target = True
 
         for idx, relates_to in enumerate(result.resource.relatesTo):
             if not (identifier := getattr(relates_to.target.identifier, "value", None)):
@@ -127,27 +131,39 @@ def handler(
                 )
 
             if not (existing_pointer := repository.get_by_id(identifier)):
-                logger.log(LogReference.PROUPSERT007c, related_identifier=identifier)
-                return SpineErrorResponse.BAD_REQUEST(
-                    diagnostics="The relatesTo target document does not exist",
-                    expression=f"relatesTo[{idx}].target.identifier.value",
-                )
-
-            if existing_pointer.nhs_number != core_model.nhs_number:
-                logger.log(LogReference.PROUPSERT007d, related_identifier=identifier)
-                return SpineErrorResponse.BAD_REQUEST(
-                    diagnostics="The relatesTo target document NHS number does not match the NHS number in the request",
-                    expression=f"relatesTo[{idx}].target.identifier.value",
-                )
-
-            if existing_pointer.type != core_model.type:
-                logger.log(LogReference.PROUPSERT007e, related_identifier=identifier)
-                return SpineErrorResponse.BAD_REQUEST(
-                    diagnostics="The relatesTo target document type does not match the type in the request",
-                    expression=f"relatesTo[{idx}].target.identifier.value",
-                )
-
-            if relates_to.code == "replaces":
+                if (
+                    PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL
+                    not in metadata.nrl_permissions
+                ):
+                    logger.log(
+                        LogReference.PROCREATE007c, related_identifier=identifier
+                    )
+                    return SpineErrorResponse.BAD_REQUEST(
+                        diagnostics="The relatesTo target document does not exist",
+                        expression=f"relatesTo[{idx}].target.identifier.value",
+                    )
+                has_delete_target = False
+
+            if has_delete_target:
+                if existing_pointer.nhs_number != core_model.nhs_number:
+                    logger.log(
+                        LogReference.PROUPSERT007d, related_identifier=identifier
+                    )
+                    return SpineErrorResponse.BAD_REQUEST(
+                        diagnostics="The relatesTo target document NHS number does not match the NHS number in the request",
+                        expression=f"relatesTo[{idx}].target.identifier.value",
+                    )
+
+                if existing_pointer.type != core_model.type:
+                    logger.log(
+                        LogReference.PROUPSERT007e, related_identifier=identifier
+                    )
+                    return SpineErrorResponse.BAD_REQUEST(
+                        diagnostics="The relatesTo target document type does not match the type in the request",
+                        expression=f"relatesTo[{idx}].target.identifier.value",
+                    )
+
+            if relates_to.code == "replaces" and has_delete_target:
                 logger.log(
                     LogReference.PROUPSERT008,
                     relates_to_code=relates_to.code,