[PRMP-1184] Adjust DocumentStatus endpoint auth

Author: adamwhitingnhs

lambdas/services/authoriser_service.py

@@ -121,9 +121,7 @@ def deny_access_policy(self, path, user_role, nhs_number: str = None):
                 deny_resource = False
 
             case "/DocumentStatus":
-                deny_resource = (
-                    not patient_access_is_allowed or is_user_gp_clinical or is_user_pcse
-                )
+                deny_resource = not patient_access_is_allowed
 
             case path if re.match(r"^/DocumentReview/[^/]+/[^/]+/Status$", path):
                 deny_resource = False

lambdas/tests/unit/services/test_authoriser_service.py

@@ -74,10 +74,8 @@ def mocked_decode_method(auth_token: str, *_args, **_kwargs):
     [
         "/DocumentManifest",
         "/DocumentDelete",
-        "/DocumentStatus",
         "/UploadState",
         "/VirusScan",
-
     ],
 )
 def test_deny_access_policy_returns_true_for_gp_clinical_on_paths(
@@ -92,7 +90,7 @@ def test_deny_access_policy_returns_true_for_gp_clinical_on_paths(
     assert actual == expected
 
 
-@pytest.mark.parametrize("test_path", ["/DocumentManifest", "/DocumentDelete", "Any"])
+@pytest.mark.parametrize("test_path", ["/DocumentManifest", "/DocumentDelete", "/DocumentStatus", "Any"])
 def test_deny_access_policy_returns_true_for_nhs_number_not_in_allowed(
     test_path,
     mock_auth_service: AuthoriserService,