Add ProfileApiClient.safeguarding_flags

chrisroos · chrisroos · commit e6c11184f97f · 2024-07-03T11:17:33.000+01:00
TODO: What to do with BYPASS_OAUTH?

To list the Safeguarding flags for the user associated with the access
token.
diff --git a/lib/profile_api_client.rb b/lib/profile_api_client.rb
@@ -198,6 +198,18 @@ def delete_school_student(token:, student_id:, organisation_id:)
       response.deep_symbolize_keys
     end
 
+    def safeguarding_flags(token:)
+      response = connection.get('/api/v1/safeguarding-flags') do |request|
+        apply_default_headers(request, token)
+      end
+
+      unless response.status == 200
+        raise "Safeguarding flags cannot be retrieved from Profile API. HTTP response code: #{response.status}"
+      end
+
+      JSON.parse(response.body)
+    end
+
     private
 
     def connection
diff --git a/spec/lib/profile_api_client_spec.rb b/spec/lib/profile_api_client_spec.rb
@@ -3,17 +3,21 @@
 require 'rails_helper'
 
 RSpec.describe ProfileApiClient do
+  let(:api_url) { 'http://example.com' }
+  let(:api_key) { 'api-key' }
+  let(:token) { SecureRandom.uuid }
+
+  before do
+    allow(ENV).to receive(:fetch).with('IDENTITY_URL').and_return(api_url)
+    allow(ENV).to receive(:fetch).with('PROFILE_API_KEY').and_return(api_key)
+  end
+
   describe '.create_school' do
-    let(:api_url) { 'http://example.com' }
-    let(:api_key) { 'api-key' }
-    let(:token) { SecureRandom.uuid }
     let(:school) { build(:school, id: SecureRandom.uuid, code: SecureRandom.uuid) }
     let(:create_school_url) { "#{api_url}/api/v1/schools" }
 
     before do
       stub_request(:post, create_school_url).to_return(status: 201, body: '{}')
-      allow(ENV).to receive(:fetch).with('IDENTITY_URL').and_return(api_url)
-      allow(ENV).to receive(:fetch).with('PROFILE_API_KEY').and_return(api_key)
     end
 
     it 'makes a request to the profile api host' do
@@ -90,4 +94,75 @@ def create_school
       described_class.create_school(token:, school:)
     end
   end
+
+  describe '.safeguarding_flags' do
+    let(:list_safeguarding_flags_url) { "#{api_url}/api/v1/safeguarding-flags" }
+
+    before do
+      stub_request(:get, list_safeguarding_flags_url).to_return(status: 200, body: '[]')
+    end
+
+    it 'makes a request to the profile api host' do
+      list_safeguarding_flags
+      expect(WebMock).to have_requested(:get, list_safeguarding_flags_url)
+    end
+
+    it 'includes token in the authorization request header' do
+      list_safeguarding_flags
+      expect(WebMock).to have_requested(:get, list_safeguarding_flags_url).with(headers: { authorization: "Bearer #{token}" })
+    end
+
+    it 'includes the profile api key in the x-api-key request header' do
+      list_safeguarding_flags
+      expect(WebMock).to have_requested(:get, list_safeguarding_flags_url).with(headers: { 'x-api-key' => api_key })
+    end
+
+    it 'sets content-type of request to json' do
+      list_safeguarding_flags
+      expect(WebMock).to have_requested(:get, list_safeguarding_flags_url).with(headers: { 'content-type' => 'application/json' })
+    end
+
+    it 'sets accept header to json' do
+      list_safeguarding_flags
+      expect(WebMock).to have_requested(:get, list_safeguarding_flags_url).with(headers: { 'accept' => 'application/json' })
+    end
+
+    # rubocop:disable RSpec/ExampleLength
+    it 'returns list of safeguarding flags if successful' do
+      flags = [
+        {
+          'id' => '7ac79585-e187-4d2f-bf0c-a1cbe72ecc9a',
+          'userId' => '583ba872-b16e-46e1-9f7d-df89d267550d',
+          'flag' => 'school:owner',
+          'isActive' => 'true',
+          'createdAt' => '2024-07-01T12:49:18.926Z',
+          'updatedAt' => '2024-07-01T12:49:18.926Z'
+        }
+      ]
+      stub_request(:get, list_safeguarding_flags_url)
+        .to_return(status: 200, body: flags.to_json)
+      expect(list_safeguarding_flags).to eq(flags)
+    end
+    # rubocop:enable RSpec/ExampleLength
+
+    it 'raises exception if anything other than a 200 status code is returned' do
+      stub_request(:get, list_safeguarding_flags_url)
+        .to_return(status: 201)
+
+      expect { list_safeguarding_flags }.to raise_error(RuntimeError)
+    end
+
+    it 'includes details of underlying response when exception is raised' do
+      stub_request(:get, list_safeguarding_flags_url)
+        .to_return(status: 401)
+
+      expect { list_safeguarding_flags }.to raise_error('Safeguarding flags cannot be retrieved from Profile API. HTTP response code: 401')
+    end
+
+    private
+
+    def list_safeguarding_flags
+      described_class.safeguarding_flags(token:)
+    end
+  end
 end
