[PRMT-260] ITOC users (PCSE persona) (#657)

Author: MohammadIqbalAD-NHS

lambdas/services/login_service.py

@@ -170,11 +170,16 @@ def generate_repository_role(
         logger.info(f"Smartcard Role: {smartcard_role}")
 
         if smartcard_role in self.token_handler_ssm_service.get_smartcard_role_pcse():
-            if self.has_pcse_org_ods_code(
+            if self.has_matching_org_ods_code(
                 organisation, self.token_handler_ssm_service.get_pcse_ods_code()
             ):
                 logger.info("PCSE: smartcard ODS identified")
                 return RepositoryRole.PCSE
+            elif self.has_matching_org_ods_code(
+                organisation, self.token_handler_ssm_service.get_itoc_ods_codes()
+            ):
+                logger.info("ITOC PCSE: smartcard ODS/role identified")
+                return RepositoryRole.PCSE
 
         if (
             smartcard_role
@@ -196,8 +201,16 @@ def generate_repository_role(
         raise LoginException(401, LambdaError.LoginNoRole)
 
     @staticmethod
-    def has_pcse_org_ods_code(organisation: dict, ods_code: str) -> bool:
-        return organisation["org_ods_code"].upper() == ods_code.upper()
+    def has_matching_org_ods_code(
+        organisation: dict, ods_code: str | list[str]
+    ) -> bool:
+        org_ods_code = organisation["org_ods_code"].upper()
+        codes = (
+            [ods_code.upper()]
+            if isinstance(ods_code, str)
+            else [code.upper() for code in ods_code]
+        )
+        return org_ods_code in codes
 
     def issue_auth_token(
         self,

lambdas/services/token_handler_ssm_service.py

@@ -121,11 +121,11 @@ def get_pcse_ods_code(self) -> str:
         )
         raise LoginException(500, LambdaError.LoginPcseOdsCode)
 
-    def get_itoc_ods_codes(self) -> str:
+    def get_itoc_ods_codes(self) -> list[str]:
         logger.info("starting ssm request to retrieve ITOC ODS codes")
         response = self.get_ssm_parameter(ITOC_ODS_CODES)
         if response:
-            return response
+            return response.split(",")
 
         logger.error(
             LambdaError.LoginItocOdsCodes.to_str(),

lambdas/tests/unit/services/test_login_service.py

@@ -297,20 +297,34 @@ def test_generate_repository_role_pcse(set_env, mocker):
     mocker.patch("services.login_service.OidcService")
 
     mocker.patch.object(
-        TokenHandlerSSMService,
-        "get_smartcard_role_gp_admin",
-        return_value=["wrong_role_code"],
+        TokenHandlerSSMService, "get_smartcard_role_pcse", return_value=[user_role_code]
     )
     mocker.patch.object(
-        TokenHandlerSSMService,
-        "get_smartcard_role_gp_clinical",
-        return_value=["wrong_role_code"],
+        TokenHandlerSSMService, "get_pcse_ods_code", return_value=ods_code
     )
+
+    login_service = LoginService()
+
+    expected = RepositoryRole.PCSE
+    actual = login_service.generate_repository_role(org, user_role_code)
+    assert expected == actual
+
+
+def test_generate_repository_role_pcse_itoc(set_env, mocker):
+    ods_code = "ods_code"
+    user_role_code = "role_code"
+    org_role_code = "org_role_code"
+    org = {"org_ods_code": ods_code, "role_code": org_role_code}
+    mocker.patch("services.login_service.OidcService")
+
     mocker.patch.object(
         TokenHandlerSSMService, "get_smartcard_role_pcse", return_value=[user_role_code]
     )
     mocker.patch.object(
-        TokenHandlerSSMService, "get_pcse_ods_code", return_value=ods_code
+        TokenHandlerSSMService, "get_pcse_ods_code", return_value="wrong_ods_code"
+    )
+    mocker.patch.object(
+        TokenHandlerSSMService, "get_itoc_ods_codes", return_value=ods_code
     )
 
     login_service = LoginService()
@@ -327,17 +341,17 @@ def test_generate_repository_role_no_role_raises_auth_error(set_env, mocker):
 
     mocker.patch.object(
         TokenHandlerSSMService,
-        "get_smartcard_role_gp_admin",
+        "get_smartcard_role_pcse",
         return_value=["wrong_role_code"],
     )
     mocker.patch.object(
         TokenHandlerSSMService,
-        "get_smartcard_role_gp_clinical",
+        "get_smartcard_role_gp_admin",
         return_value=["wrong_role_code"],
     )
     mocker.patch.object(
         TokenHandlerSSMService,
-        "get_smartcard_role_pcse",
+        "get_smartcard_role_gp_clinical",
         return_value=["wrong_role_code"],
     )
 

lambdas/tests/unit/services/test_token_handler_ssm_service.py

@@ -92,7 +92,7 @@
     "Parameter": {
         "Name": ITOC_ODS_CODES,
         "Type": "SecureString",
-        "Value": "R0012",
+        "Value": "R0012,R0120",
         "Version": 123,
         "Selector": "string",
         "SourceResult": "string",
@@ -286,7 +286,7 @@ def test_get_pcse_ods_code_raises_login_exception(mock_service, mock_ssm):
 
 def test_get_itoc_ods_codes(mock_service, mock_ssm):
     mock_ssm.get_parameter.return_value = MOCK_ITOC_ODS_CODE_RESPONSE
-    expected = "R0012"
+    expected = ["R0012", "R0120"]
 
     actual = mock_service.get_itoc_ods_codes()