Merge pull request #140 from companieshouse/feature/implement_get_checkout_item_endpoint

Implement get checkout item endpoint

Author: dlgroves-ch

src/main/java/uk/gov/companieshouse/orders/api/controller/OrderController.java

@@ -53,6 +53,7 @@ public class OrderController {
             "${uk.gov.companieshouse.orders.api.orders}/{" + ORDER_ID_PATH_VARIABLE + "}";
 
     public static final String GET_ORDER_ITEM_URI = "/orders/{id}/items/{itemId}";
+    public static final String GET_CHECKOUT_ITEM_URI = "/checkouts/{id}/items/{itemId}";
 
     /** <code>${uk.gov.companieshouse.orders.api.checkouts}/{id}</code> */
     public static final String GET_CHECKOUT_URI =
@@ -101,6 +102,21 @@ public ResponseEntity<Item> getOrderItem(final @PathVariable("id") String orderI
         return ResponseEntity.ok().body(item);
     }
 
+    @GetMapping(GET_CHECKOUT_ITEM_URI)
+    public ResponseEntity<Item> getCheckoutItem(final @PathVariable("id") String checkoutId,
+            final @PathVariable("itemId") String itemId,
+            final @RequestHeader(REQUEST_ID_HEADER_NAME) String requestId) {
+        Map<String, Object> logMap = createLogMapWithRequestId(requestId);
+        logIfNotNull(logMap, LoggingUtils.ORDER_ID, checkoutId);
+        logIfNotNull(logMap, LoggingUtils.ITEM_ID, itemId);
+        LOGGER.info("Retrieving checkout item", logMap);
+        final Item item = this.checkoutService.getCheckoutItem(checkoutId, itemId)
+                                 .orElseThrow(ResourceNotFoundException::new);
+        logMap.put(LoggingUtils.STATUS, HttpStatus.OK);
+        LOGGER.info("Checkout item found and returned", logMap);
+        return ResponseEntity.ok().body(item);
+    }
+
     @GetMapping(GET_CHECKOUT_URI)
     public ResponseEntity<CheckoutData> getCheckout(final @PathVariable(CHECKOUT_ID_PATH_VARIABLE) String id,
                                                     final @RequestHeader(REQUEST_ID_HEADER_NAME) String requestId) {

src/main/java/uk/gov/companieshouse/orders/api/interceptor/RequestUris.java

@@ -1,6 +1,7 @@
 package uk.gov.companieshouse.orders.api.interceptor;
 
 import static uk.gov.companieshouse.orders.api.controller.BasketController.*;
+import static uk.gov.companieshouse.orders.api.controller.OrderController.GET_CHECKOUT_ITEM_URI;
 import static uk.gov.companieshouse.orders.api.controller.OrderController.GET_CHECKOUT_URI;
 import static uk.gov.companieshouse.orders.api.controller.OrderController.GET_ORDER_ITEM_URI;
 import static uk.gov.companieshouse.orders.api.controller.OrderController.GET_ORDER_URI;
@@ -28,6 +29,7 @@ class RequestUris {
     static final String GET_ORDER_ITEM = "getOrderItem";
     static final String SEARCH = "searchCheckouts";
     static final String GET_CHECKOUT = "getCheckout";
+    static final String GET_CHECKOUT_ITEM = "getCheckoutItem";
     static final String POST_REPROCESS_ORDER = "postReprocessOrder";
     static final String GET_BASKET_LINKS = "getBasketLinks";
     static final String REMOVE_BASKET_ITEM = "putRemoveBasketItem";
@@ -49,6 +51,8 @@ class RequestUris {
     private String searchUri;
     @Value(GET_CHECKOUT_URI)
     private String getCheckoutUri;
+    @Value(GET_CHECKOUT_ITEM_URI)
+    private String getCheckoutItemUri;
     @Value(PATCH_PAYMENT_DETAILS_URI)
     private String patchPaymentDetailsUri;
     @Value(POST_REPROCESS_ORDER_URI)
@@ -120,6 +124,12 @@ List<RequestMappingInfo> requestMappingInfoList() {
                 .mappingName(GET_ORDER_ITEM)
                 .build());
 
+        knownRequests.add(RequestMappingInfo
+                .paths(getCheckoutItemUri)
+                .methods(RequestMethod.GET)
+                .mappingName(GET_CHECKOUT_ITEM)
+                .build());
+
         knownRequests.add(RequestMappingInfo
                 .paths(getCheckoutUri)
                 .methods(RequestMethod.GET)

src/main/java/uk/gov/companieshouse/orders/api/interceptor/UserAuthenticationInterceptor.java

@@ -61,6 +61,7 @@ private boolean checkAuthenticated(HttpServletRequest request, HttpServletRespon
                 return securityManager.checkIdentity() || hasAuthenticatedClient(request, response);
             case GET_CHECKOUT:
             case SEARCH:
+            case GET_CHECKOUT_ITEM:
                 return securityManager.checkIdentity();
             case PATCH_PAYMENT_DETAILS:
             case POST_REPROCESS_ORDER:

src/main/java/uk/gov/companieshouse/orders/api/interceptor/UserAuthorisationInterceptor.java

@@ -10,6 +10,7 @@
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.CHECKOUT_BASKET;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_BASKET_LINKS;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_CHECKOUT;
+import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_CHECKOUT_ITEM;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_ORDER;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_ORDER_ITEM;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_PAYMENT_DETAILS;
@@ -91,6 +92,7 @@ private boolean checkAuthorised(HttpServletRequest request, HttpServletResponse
             case GET_ORDER_ITEM:
                 return securityManager.checkPermission() || getRequestClientIsAuthorised(request, response, this::getOrderUserIsResourceOwner);
             case SEARCH:
+            case GET_CHECKOUT_ITEM:
                 return securityManager.checkPermission();
             case PATCH_PAYMENT_DETAILS:
             case POST_REPROCESS_ORDER:

src/main/java/uk/gov/companieshouse/orders/api/service/CheckoutService.java

@@ -144,4 +144,13 @@ public Checkout saveCheckout(final Checkout updatedCheckout) {
         updatedCheckout.getData().setEtag(etagGeneratorService.generateEtag());
         return checkoutRepository.save(updatedCheckout);
     }
+
+    public Optional<Item> getCheckoutItem(String orderId, String itemId) {
+        Optional<Checkout> order = getCheckoutById(orderId);
+        return order.flatMap(o -> o.getData()
+                                   .getItems()
+                                   .stream()
+                                   .filter(item -> item.getId().equals(itemId))
+                                   .findFirst());
+    }
 }

src/test/java/uk/gov/companieshouse/orders/api/controller/OrderControllerIntegrationTest.java

@@ -562,6 +562,67 @@ void getOrderItemReturnsNotFoundIfNoMatchingItemID() throws Exception {
                .andExpect(status().isNotFound());
     }
 
+    @DisplayName("Get a checkout item")
+    @Test
+    void getCheckoutItem() throws Exception {
+        final Checkout preexistingCheckout = new Checkout();
+        preexistingCheckout.setId(CHECKOUT_ID);
+        preexistingCheckout.setUserId(ERIC_IDENTITY_VALUE);
+        final CheckoutData checkoutData = new CheckoutData();
+        preexistingCheckout.setData(checkoutData);
+        checkoutData.setReference(ORDER_REFERENCE);
+        checkoutData.setTotalOrderCost("100");
+        Item expectedItem = StubHelper.getOrderItem("CCD-123456-123456", "item#certified-copy",
+                "12345678");
+        checkoutData.setItems(Arrays.asList(
+                StubHelper.getOrderItem("MID-123456-123456", "item#missing-image-delivery",
+                        "12345678"),
+                expectedItem,
+                StubHelper.getOrderItem("CRT-123456-123456", "item#certificate",
+                        "12345678")));
+        checkoutRepository.save(preexistingCheckout);
+
+        mockMvc.perform(get("/checkouts/"+CHECKOUT_ID+"/items/CCD-123456-123456")
+                       .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)
+                       .header(ERIC_IDENTITY_TYPE, API_KEY_IDENTITY_TYPE)
+                       .header(ERIC_AUTHORISED_KEY_PRIVILEGES, INTERNAL_USER_ROLE)
+                       .header(ERIC_IDENTITY_HEADER_NAME, ERIC_IDENTITY_VALUE)
+                       .header(ERIC_AUTHORISED_TOKEN_PERMISSIONS, String.format(TOKEN_PERMISSION_VALUE, Permission.Value.READ))
+                       .contentType(MediaType.APPLICATION_JSON))
+               .andExpect(status().isOk())
+               .andExpect(content().json(mapper.writeValueAsString(expectedItem)));
+    }
+
+    @DisplayName("Get checkout item returns HTTP 404 Not Found if no matching item ID")
+    @Test
+    void getCheckoutItemReturnsNotFoundIfNoMatchingItemID() throws Exception {
+        final Checkout preexistingOrder = new Checkout();
+        preexistingOrder.setId(ORDER_ID);
+        preexistingOrder.setUserId(ERIC_IDENTITY_VALUE);
+        final CheckoutData orderData = new CheckoutData();
+        preexistingOrder.setData(orderData);
+        orderData.setReference(ORDER_REFERENCE);
+        orderData.setTotalOrderCost("100");
+        Item expectedItem = StubHelper.getOrderItem("CCD-123456-123456", "item#certified-copy",
+                "12345678");
+        orderData.setItems(Arrays.asList(
+                StubHelper.getOrderItem("MID-123456-123456", "item#missing-image-delivery",
+                        "12345678"),
+                expectedItem,
+                StubHelper.getOrderItem("CRT-123456-123456", "item#certificate",
+                        "12345678")));
+        checkoutRepository.save(preexistingOrder);
+
+        mockMvc.perform(get("/checkouts/"+ORDER_ID+"/items/NONEXISTENT")
+                       .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)
+                       .header(ERIC_IDENTITY_TYPE, API_KEY_IDENTITY_TYPE)
+                       .header(ERIC_AUTHORISED_KEY_PRIVILEGES, INTERNAL_USER_ROLE)
+                       .header(ERIC_IDENTITY_HEADER_NAME, ERIC_IDENTITY_VALUE)
+                       .header(ERIC_AUTHORISED_TOKEN_PERMISSIONS, String.format(TOKEN_PERMISSION_VALUE, Permission.Value.READ))
+                       .contentType(MediaType.APPLICATION_JSON))
+               .andExpect(status().isNotFound());
+    }
+
     private MockHttpServletRequestBuilder reprocessOrderWithRequiredCredentials() {
         return post("/orders/" + ORDER_ID + "/reprocess")
                         .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)

src/test/java/uk/gov/companieshouse/orders/api/interceptor/RequestMapperTests.java

@@ -14,6 +14,7 @@
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.BASKET;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.CHECKOUT_BASKET;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_CHECKOUT;
+import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_CHECKOUT_ITEM;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_ORDER;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_ORDER_ITEM;
 import static uk.gov.companieshouse.orders.api.interceptor.RequestUris.GET_PAYMENT_DETAILS;
@@ -208,6 +209,19 @@ void appendItemToBasket() {
         assertThat(actual, is(APPEND_BASKET_ITEM));
     }
 
+    @Test
+    @DisplayName("Return mapping for getCheckoutItem endpoint")
+    void getCheckoutItem() {
+        // given
+        givenRequest(GET, "/checkouts/{checkoutId}/items/{itemId}");
+
+        // when
+        String actual = requestMapperUnderTest.getRequestMapping(request).getName();
+
+        // then
+        assertThat(actual, is(GET_CHECKOUT_ITEM));
+    }
+
     /**
      * Sets up request givens.
      * @param method the HTTP request method

src/test/java/uk/gov/companieshouse/orders/api/interceptor/UserAuthenticationInterceptorTests.java

@@ -392,15 +392,17 @@ private static Stream<Arguments> authenticatedRequestFixtures() {
         return Stream.of(arguments("preHandle accepts get checkout request that has authenticated API headers", "/checkouts/1234"),
                 arguments("preHandle accepts get order request that has authenticated API headers", "/orders/1234"),
                 arguments("preHandle accepts get order item request that has authenticated API headers", "/orders/1234/items/5678"),
-                arguments("preHandle accepts get payment details request that has authenticated API headers", "/basket/checkouts/1234/payment"));
+                arguments("preHandle accepts get payment details request that has authenticated "
+                        + "API headers", "/basket/checkouts/1234/payment"));
     }
 
     private static Stream<Arguments> unauthenticatedRequestFixtures() {
         return Stream.of(arguments("preHandle rejects get payment details request that lacks required headers", "/basket/checkouts/1234/payment"),
                 arguments("preHandle rejects get basket request that lacks required headers", "/basket"),
                 arguments("preHandle rejects get order request that lacks required headers", "/orders/1234"),
                 arguments("preHandle rejects get order item request that lacks required headers", "/orders/1234/items/5678"),
-                arguments("preHandle rejects get basket links request that lacks requires headers", "/basket/links"));
+                arguments("preHandle rejects get basket links request that lacks requires "
+                        + "headers", "/basket/links"));
     }
 
     private static Stream<Arguments> signedInPostRequestFixtures() {
@@ -422,6 +424,11 @@ private static Stream<Arguments> hasAdminAuthenticationFixtures() {
         return Stream.of(arguments("Authentication for orders/search endpoint succeeds if caller identity is valid", "/checkouts/search", true),
                 arguments("Authentication for orders/search endpoint fails if caller identity is invalid", "/checkouts/search", false),
                 arguments("Authentication for get order item endpoint succeeds if caller identity is valid", "/orders/1234/items/5678", true),
-                arguments("Authentication for get order item endpoint fails if caller identity is invalid", "/orders/1234/items/5678", false));
+                arguments("Authentication for get order item endpoint fails if caller identity is"
+                        + " invalid", "/orders/1234/items/5678", false),
+                arguments("Authentication for get checkout item endpoint succeeds if caller "
+                        + "identity is valid", "/checkouts/1234/items/5678", true),
+                arguments("Authentication for get checkout item endpoint fails if caller identity "
+                        + "is invalid", "/checkouts/1234/items/5678", false));
     }
 }

src/test/java/uk/gov/companieshouse/orders/api/interceptor/UserAuthorisationInterceptorTests.java

@@ -454,6 +454,29 @@ void appendBasketItem() {
         thenRequestIsAccepted();
     }
 
+    @Test
+    @DisplayName("Authorisation for get checkout item endpoint succeeds if caller is has correct "
+            + "permissions")
+    void getCheckoutItemValidAuthorisation() {
+        when(securityManager.checkPermission()).thenReturn(true);
+        givenRequest(GET, "/checkouts/1234/items/1234");
+
+        boolean actual = interceptorUnderTest.preHandle(request, response, handler);
+
+        assertThat(actual, is(true));
+    }
+
+    @DisplayName("Authentication for get checkout item endpoint false if caller has incorrect permissions")
+    @Test
+    void getCheckoutItemInvalidAuthorisation() {
+        when(securityManager.checkPermission()).thenReturn(false);
+        givenRequest(GET, "/checkouts/1234/items/1234");
+
+        boolean actual = interceptorUnderTest.preHandle(request, response, handler);
+
+        assertThat(actual, is(false));
+    }
+
     /**
      * Sets up request givens.
      * @param method the HTTP request method

src/test/java/uk/gov/companieshouse/orders/api/service/CheckoutServiceTest.java

@@ -9,14 +9,18 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
+import static uk.gov.companieshouse.orders.api.util.TestConstants.CHECKOUT_ID;
 import static uk.gov.companieshouse.orders.api.util.TestConstants.ERIC_AUTHORISED_USER_VALUE;
 import static uk.gov.companieshouse.orders.api.util.TestConstants.ERIC_IDENTITY_VALUE;
 
 import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
@@ -114,6 +118,9 @@ public class CheckoutServiceTest {
     @Mock
     private Page<Checkout> pages;
 
+    @Mock
+    private Item midItem, certifiedCopyItem, certificateItem;
+
     @Captor
     ArgumentCaptor<Checkout> checkoutCaptor;
 
@@ -375,6 +382,55 @@ void searchCheckoutsLimitsSearchResults() {
         assertThat(actual.getOrderSummaries().size(), is(1));
     }
 
+    @Test
+    @DisplayName("Fetch order item")
+    void getCheckoutItem() {
+        // given
+        when(checkoutResult.getData()).thenReturn(checkoutData);
+        when(checkoutData.getItems()).thenReturn(
+                Arrays.asList(midItem, certifiedCopyItem, certificateItem));
+        when(midItem.getId()).thenReturn("MID-123456-123456");
+        when(certifiedCopyItem.getId()).thenReturn("CCD-123456-123456");
+        when(checkoutRepository.findById(CHECKOUT_ID)).thenReturn(Optional.of(checkoutResult));
+
+        // when
+        Optional<Item> actual = serviceUnderTest.getCheckoutItem(CHECKOUT_ID, "CCD-123456-123456");
+
+        // then
+        Assertions.assertEquals(certifiedCopyItem, actual.get());
+    }
+
+    @Test
+    @DisplayName("Fetch order item returns Optional.empty if no matching item found")
+    void getCheckoutItemReturnsEmptyOptionalIfNoMatchingItemFound() {
+        // given
+        when(checkoutResult.getData()).thenReturn(checkoutData);
+        when(checkoutData.getItems()).thenReturn(Arrays.asList(midItem, certifiedCopyItem, certificateItem));
+        when(midItem.getId()).thenReturn("MID-123456-123456");
+        when(certifiedCopyItem.getId()).thenReturn("CCD-123456-123456");
+        when(certificateItem.getId()).thenReturn("CRT-123456-123456");
+        when(checkoutRepository.findById(CHECKOUT_ID)).thenReturn(Optional.of(checkoutResult));
+
+        // when
+        Optional<Item> actual = serviceUnderTest.getCheckoutItem(CHECKOUT_ID, "UNKNOWN");
+
+        // then
+        Assertions.assertEquals(Optional.empty(), actual);
+    }
+
+    @Test
+    @DisplayName("Fetch order item returns Optional.empty if no matching order found")
+    void getCheckoutItemReturnsEmptyOptionalIfNoMatchingOrderFound() {
+        // given
+        when(checkoutRepository.findById(CHECKOUT_ID)).thenReturn(Optional.empty());
+
+        // when
+        Optional<Item> actual = serviceUnderTest.getCheckoutItem(CHECKOUT_ID, "UNKNOWN");
+
+        // then
+        Assertions.assertEquals(Optional.empty(), actual);
+    }
+
     /**
      * @return the captured {@link Checkout}.
      */