fix permissions to fetch from supplier rather than ods_code

Akol125 · Akol125 · commit 24ee9d885138 · 2025-12-04T18:21:48.000Z
diff --git a/lambdas/filenameprocessor/src/file_name_processor.py b/lambdas/filenameprocessor/src/file_name_processor.py
@@ -107,8 +107,8 @@ def handle_unexpected_bucket_name(bucket_name: str, file_key: str) -> dict:
     config and overarching design"""
     try:
         if file_key.startswith(EXTENDED_ATTRIBUTES_FILE_PREFIX):
-            vaccine_type, supplier = validate_extended_attributes_file_key(file_key)
-            extended_attribute_identifier = f"{supplier}_{vaccine_type}"
+            vaccine_type, organisation_code = validate_extended_attributes_file_key(file_key)
+            extended_attribute_identifier = f"{organisation_code}_{vaccine_type}"
             logger.error(
                 "Unable to process file %s due to unexpected bucket name %s",
                 file_key,
@@ -249,8 +249,10 @@ def handle_extended_attributes_file(
 
     extended_attribute_identifier = None
     try:
-        vaccine_type, supplier = validate_extended_attributes_file_key(file_key)
-        extended_attribute_identifier = validate_permissions_for_extended_attributes_files(vaccine_type, supplier)
+        vaccine_type, organisation_code = validate_extended_attributes_file_key(file_key)
+        extended_attribute_identifier = validate_permissions_for_extended_attributes_files(
+            vaccine_type, organisation_code
+        )
 
         upsert_audit_table(
             message_id,
diff --git a/lambdas/filenameprocessor/src/supplier_permissions.py b/lambdas/filenameprocessor/src/supplier_permissions.py
@@ -2,7 +2,7 @@
 
 from common.clients import logger
 from constants import Operation
-from elasticache import get_supplier_permissions_from_cache
+from elasticache import get_supplier_permissions_from_cache, get_supplier_system_from_cache
 from models.errors import VaccineTypePermissionsError
 
 
@@ -22,7 +22,7 @@ def validate_vaccine_type_permissions(vaccine_type: str, supplier: str) -> list:
     return supplier_permissions
 
 
-def validate_permissions_for_extended_attributes_files(vaccine_type: str, supplier: str) -> str:
+def validate_permissions_for_extended_attributes_files(vaccine_type: str, ods_code: str) -> str:
     """
     Checks that the supplier has COVID vaccine type and its CUD permissions.
     Raises an exception if the supplier does not have at least one permission for the vaccine type.
@@ -32,6 +32,7 @@ def validate_permissions_for_extended_attributes_files(vaccine_type: str, suppli
         Operation.UPDATE,
         Operation.DELETE,
     }
+    supplier = get_supplier_system_from_cache(ods_code)
     supplier_permissions = get_supplier_permissions_from_cache(supplier)
     cached_operations = [
         permission.split(".")[1] for permission in supplier_permissions if permission.split(".")[0] == vaccine_type
@@ -41,4 +42,4 @@ def validate_permissions_for_extended_attributes_files(vaccine_type: str, suppli
         logger.error(error_message)
         raise VaccineTypePermissionsError(error_message)
 
-    return f"{supplier}_{vaccine_type}"
+    return f"{ods_code}_{vaccine_type}"
diff --git a/lambdas/filenameprocessor/tests/test_lambda_handler.py b/lambdas/filenameprocessor/tests/test_lambda_handler.py
@@ -478,6 +478,11 @@ def test_lambda_handler_extended_attributes_extension_checks(self, mock_get_redi
         s3_client.put_object(Bucket=BucketNames.SOURCE, Key=csv_key, Body=MOCK_EXTENDED_ATTRIBUTES_FILE_CONTENT)
         with (
             patch("file_name_processor.validate_permissions_for_extended_attributes_files", return_value="X8E5B_COVID"),
+            # Ensure EA DAT case passes permission validation by returning CUDS for X8E5B
+            patch(
+                "supplier_permissions.get_supplier_permissions_from_cache",
+                return_value=["COVID.CUDS"],
+            ),
             patch("file_name_processor.uuid4", return_value="EA_csv_id"),
             patch(
                 "file_name_processor.copy_file_to_external_bucket",
diff --git a/lambdas/filenameprocessor/tests/test_supplier_permissions.py b/lambdas/filenameprocessor/tests/test_supplier_permissions.py
@@ -69,18 +69,30 @@ def test_validate_vaccine_type_permissions(self):
 
     def test_validate_permissions_for_extended_attributes_files_success(self):
         """Supplier with COVID CUD permissions should be accepted and identifier returned."""
-        with patch(
-            "supplier_permissions.get_supplier_permissions_from_cache",
-            return_value=["COVID.CUDS", "FLU.CRUDS"],
+        with (
+            patch(
+                "supplier_permissions.get_supplier_permissions_from_cache",
+                return_value=["COVID.CUDS", "FLU.CRUDS"],
+            ),
+            patch(
+                "supplier_permissions.get_supplier_system_from_cache",
+                return_value="X8E5B",
+            ),
         ):
             result = validate_permissions_for_extended_attributes_files("COVID", "X8E5B")
             self.assertEqual(result, "X8E5B_COVID")
 
     def test_validate_permissions_for_extended_attributes_files_fail_no_covid(self):
         """Supplier without any COVID permissions should raise VaccineTypePermissionsError."""
-        with patch(
-            "supplier_permissions.get_supplier_permissions_from_cache",
-            return_value=["FLU.CRUDS"],
+        with (
+            patch(
+                "supplier_permissions.get_supplier_permissions_from_cache",
+                return_value=["FLU.CRUDS"],
+            ),
+            patch(
+                "supplier_permissions.get_supplier_system_from_cache",
+                return_value="X8E5B",
+            ),
         ):
             with self.assertRaises(VaccineTypePermissionsError) as context:
                 validate_permissions_for_extended_attributes_files("COVID", "X8E5B")
@@ -103,9 +115,15 @@ def test_validate_permissions_for_extended_attributes_files_fail_partial_ops(sel
 
         for permissions in partial_permission_cases:
             with self.subTest(permissions=permissions):
-                with patch(
-                    "supplier_permissions.get_supplier_permissions_from_cache",
-                    return_value=permissions,
+                with (
+                    patch(
+                        "supplier_permissions.get_supplier_permissions_from_cache",
+                        return_value=permissions,
+                    ),
+                    patch(
+                        "supplier_permissions.get_supplier_system_from_cache",
+                        return_value="X8E5B",
+                    ),
                 ):
                     with self.assertRaises(VaccineTypePermissionsError) as context:
                         validate_permissions_for_extended_attributes_files("COVID", "X8E5B")
@@ -116,16 +134,28 @@ def test_validate_permissions_for_extended_attributes_files_fail_partial_ops(sel
 
     def test_validate_permissions_for_extended_attributes_files_multiple_entries(self):
         """Multiple COVID permission entries should pass only if the first matching COVID entry contains CUD."""
-        with patch(
-            "supplier_permissions.get_supplier_permissions_from_cache",
-            return_value=["COVID.CUDS", "COVID.C"],
+        with (
+            patch(
+                "supplier_permissions.get_supplier_permissions_from_cache",
+                return_value=["COVID.CUDS", "COVID.C"],
+            ),
+            patch(
+                "supplier_permissions.get_supplier_system_from_cache",
+                return_value="RAVS",
+            ),
         ):
             result = validate_permissions_for_extended_attributes_files("COVID", "RAVS")
             self.assertEqual(result, "RAVS_COVID")
 
-        with patch(
-            "supplier_permissions.get_supplier_permissions_from_cache",
-            return_value=["COVID.C", "COVID.CUDS"],
+        with (
+            patch(
+                "supplier_permissions.get_supplier_permissions_from_cache",
+                return_value=["COVID.C", "COVID.CUDS"],
+            ),
+            patch(
+                "supplier_permissions.get_supplier_system_from_cache",
+                return_value="RAVS",
+            ),
         ):
             with self.assertRaises(VaccineTypePermissionsError) as context:
                 validate_permissions_for_extended_attributes_files("COVID", "RAVS")
@@ -136,9 +166,15 @@ def test_validate_permissions_for_extended_attributes_files_multiple_entries(sel
 
     def test_validate_permissions_for_extended_attributes_files_crud_passes(self):
         """COVID.CRUD contains C, U, D letters and should be accepted by the current implementation."""
-        with patch(
-            "supplier_permissions.get_supplier_permissions_from_cache",
-            return_value=["COVID.CRUD"],
+        with (
+            patch(
+                "supplier_permissions.get_supplier_permissions_from_cache",
+                return_value=["COVID.CRUD"],
+            ),
+            patch(
+                "supplier_permissions.get_supplier_system_from_cache",
+                return_value="X8E5B",
+            ),
         ):
             result = validate_permissions_for_extended_attributes_files("COVID", "X8E5B")
             self.assertEqual(result, "X8E5B_COVID")
