[PRMT-72] Fix repository role bug by moving PCSE check to first (#635)

MohammadIqbalAD-NHS · web-flow · commit a570ed7fd7c4 · 2025-05-20T10:19:41.000+01:00
diff --git a/lambdas/services/login_service.py b/lambdas/services/login_service.py
@@ -165,6 +165,13 @@ def remove_used_state(self, state):
     def generate_repository_role(self, organisation: dict, smartcard_role: str):
         logger.info(f"Smartcard Role: {smartcard_role}")
 
+        if smartcard_role in self.token_handler_ssm_service.get_smartcard_role_pcse():
+            if self.has_pcse_org_ods_code(
+                organisation, self.token_handler_ssm_service.get_pcse_ods_code()
+            ):
+                logger.info("PCSE: smartcard ODS identified")
+                return RepositoryRole.PCSE
+
         if (
             smartcard_role
             in self.token_handler_ssm_service.get_smartcard_role_gp_admin()
@@ -179,13 +186,6 @@ def generate_repository_role(self, organisation: dict, smartcard_role: str):
             logger.info("GP Clinical: smartcard ODS identified")
             return RepositoryRole.GP_CLINICAL
 
-        if smartcard_role in self.token_handler_ssm_service.get_smartcard_role_pcse():
-            logger.info("PCSE: smartcard ODS identified")
-            if self.has_pcse_org_ods_code(
-                organisation, self.token_handler_ssm_service.get_pcse_ods_code()
-            ):
-                return RepositoryRole.PCSE
-
         logger.error(
             f"{LambdaError.LoginNoRole.to_str()}", {"Result": "Unsuccessful login"}
         )
diff --git a/lambdas/tests/unit/services/test_login_service.py b/lambdas/tests/unit/services/test_login_service.py
@@ -244,11 +244,13 @@ def test_generate_repository_role_gp_admin(set_env, mocker):
 
     mocker.patch.object(
         TokenHandlerSSMService,
-        "get_smartcard_role_gp_admin",
-        return_value=[user_role_code],
+        "get_smartcard_role_pcse",
+        return_value=["wrong_role_code"],
     )
     mocker.patch.object(
-        TokenHandlerSSMService, "get_gp_org_role_code", return_value=org_role_code
+        TokenHandlerSSMService,
+        "get_smartcard_role_gp_admin",
+        return_value=[user_role_code],
     )
 
     login_service = LoginService()
@@ -264,7 +266,11 @@ def test_generate_repository_role_gp_clinical(set_env, mocker):
     user_role_code = "role_code"
     org = {"org_ods_code": ods_code, "role_code": org_role_code}
     mocker.patch("services.login_service.OidcService")
-
+    mocker.patch.object(
+        TokenHandlerSSMService,
+        "get_smartcard_role_pcse",
+        return_value=["wrong_role_code"],
+    )
     mocker.patch.object(
         TokenHandlerSSMService,
         "get_smartcard_role_gp_admin",
@@ -275,9 +281,6 @@ def test_generate_repository_role_gp_clinical(set_env, mocker):
         "get_smartcard_role_gp_clinical",
         return_value=[user_role_code],
     )
-    mocker.patch.object(
-        TokenHandlerSSMService, "get_gp_org_role_code", return_value=org_role_code
-    )
 
     login_service = LoginService()
 
@@ -304,7 +307,7 @@ def test_generate_repository_role_pcse(set_env, mocker):
         return_value=["wrong_role_code"],
     )
     mocker.patch.object(
-        TokenHandlerSSMService, "get_smartcard_role_pcse", return_value=user_role_code
+        TokenHandlerSSMService, "get_smartcard_role_pcse", return_value=[user_role_code]
     )
     mocker.patch.object(
         TokenHandlerSSMService, "get_pcse_ods_code", return_value=ods_code
