GAP-2294: Fixing accessing other users accounts as an SA (#67)

src/main/java/gov/cabinetoffice/gap/adminbackend/controllers/SchemeController.java

@@ -5,6 +5,7 @@
 import gov.cabinetoffice.gap.adminbackend.dtos.schemes.SchemeDTO;
 import gov.cabinetoffice.gap.adminbackend.dtos.schemes.SchemePatchDTO;
 import gov.cabinetoffice.gap.adminbackend.dtos.schemes.SchemePostDTO;
+import gov.cabinetoffice.gap.adminbackend.entities.GrantAdmin;
 import gov.cabinetoffice.gap.adminbackend.services.ApplicationFormService;
 import gov.cabinetoffice.gap.adminbackend.services.GrantAdvertService;
 import gov.cabinetoffice.gap.adminbackend.services.SchemeService;
@@ -35,7 +36,9 @@
 import javax.transaction.Transactional;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
+import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
 
 @Tag(name = "Schemes", description = "API for handling grant schemes.")
 @RequestMapping("/schemes")
@@ -201,9 +204,13 @@ public ResponseEntity<String> updateGrantOwnership(@PathVariable final Integer s
     @PreAuthorize("hasRole('SUPER_ADMIN')")
     public ResponseEntity<List<SchemeDTO>> getAdminsSchemes(final @PathVariable String sub,
             final HttpServletRequest request) {
-        final Integer adminId = userService.getGrantAdminIdFromSub(sub);
-        List<SchemeDTO> schemes = this.schemeService.getAdminsSchemes(adminId);
-        return ResponseEntity.ok().body(schemes);
+        final Optional<GrantAdmin> grantAdmin = userService.getGrantAdminIdFromSub(sub);
+        if (grantAdmin.isPresent()) {
+            final Integer adminId = grantAdmin.get().getId();
+            List<SchemeDTO> schemes = this.schemeService.getAdminsSchemes(adminId);
+            return ResponseEntity.ok().body(schemes);
+        }
+        return ResponseEntity.ok().body(Collections.emptyList());
     }
 
 }

src/main/java/gov/cabinetoffice/gap/adminbackend/services/UserService.java

@@ -95,9 +95,8 @@ public int getGrantAdminIdFromUserServiceEmail(final String email, final String
         }
     }
 
-    public Integer getGrantAdminIdFromSub(final String sub) {
-        return grantAdminRepository.findByGapUserUserSub(sub)
-                .orElseThrow(() -> new NotFoundException("No grant admin found for sub: " + sub)).getId();
+    public Optional<GrantAdmin> getGrantAdminIdFromSub(final String sub) {
+        return grantAdminRepository.findByGapUserUserSub(sub);
     }
 
 }

src/test/java/gov/cabinetoffice/gap/adminbackend/controllers/SchemeControllerTest.java

@@ -4,6 +4,7 @@
 import gov.cabinetoffice.gap.adminbackend.dtos.CheckNewAdminEmailDto;
 import gov.cabinetoffice.gap.adminbackend.dtos.errors.GenericErrorDTO;
 import gov.cabinetoffice.gap.adminbackend.dtos.schemes.SchemePostDTO;
+import gov.cabinetoffice.gap.adminbackend.entities.GrantAdmin;
 import gov.cabinetoffice.gap.adminbackend.exceptions.SchemeEntityException;
 import gov.cabinetoffice.gap.adminbackend.mappers.ValidationErrorMapperImpl;
 import gov.cabinetoffice.gap.adminbackend.services.ApplicationFormService;
@@ -32,6 +33,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpSession;
 import java.util.Collections;
+import java.util.Optional;
 
 import static gov.cabinetoffice.gap.adminbackend.testdata.SchemeTestData.*;
 import static org.assertj.core.api.Assertions.assertThat;
@@ -377,7 +379,7 @@ class GetAdminsSchemes {
         @Test
         void HappyPath() throws Exception {
             when(schemeService.getAdminsSchemes(1)).thenReturn(SCHEME_DTOS_EXAMPLE);
-            when(userService.getGrantAdminIdFromSub("1")).thenReturn(1);
+            when(userService.getGrantAdminIdFromSub("1")).thenReturn(Optional.of(GrantAdmin.builder().id(1).build()));
 
             mockMvc.perform(get("/schemes/admin/1")).andExpect(status().isOk())
                     .andExpect(content().json(HelperUtils.asJsonString(SCHEME_DTOS_EXAMPLE)));