NRL-1928 Remove unneeded config arg and custom code for testing.

anjalitrace2-nhs · anjalitrace2-nhs · commit 06762276a225 · 2026-02-27T15:11:35.000Z
diff --git a/layer/nrlf/core/authoriser.py b/layer/nrlf/core/authoriser.py
@@ -10,11 +10,14 @@
 from nrlf.core.logger import LogReference, logger
 from nrlf.core.model import ConnectionMetadata
 
+default_lookup_path = "/opt/python/nrlf_permissions"
 
-def get_pointer_permissions(
-    connection_metadata: ConnectionMetadata, config: Config, request_path: str
+
+def get_pointer_permissions_v2(
+    connection_metadata: ConnectionMetadata,
+    request_path: str,
+    lookup_path=default_lookup_path,
 ):
-    # This a good place for this?
     producer_or_consumer = (
         re.search("^/(producer|consumer)/", request_path).group().strip("/")
     )
@@ -25,10 +28,7 @@ def get_pointer_permissions(
     key = f"{producer_or_consumer}/{app_id}/{ods_code}.json"
     logger.log(LogReference.S3PERMISSIONS011, key=key)
 
-    file_path = f"/opt/python/nrlf_permissions/{key}"
-
-    if connection_metadata.is_test_event:
-        file_path = path.abspath(f"layer/test_permissions/v2/{key}")
+    file_path = f"{lookup_path}/{key}"
 
     pointer_permissions = {}
     try:
diff --git a/layer/nrlf/core/decorators.py b/layer/nrlf/core/decorators.py
@@ -12,7 +12,7 @@
 from pydantic import BaseModel
 
 from nrlf.core.authoriser import (
-    get_pointer_permissions,
+    get_pointer_permissions_v2,
     get_pointer_types,
     parse_permissions_file,
 )
@@ -143,7 +143,7 @@ def wrapper(*args, **kwargs) -> Dict[str, Any]:
 RepositoryType = Union[Type[DocumentPointerRepository], None]
 
 
-def _use_v2_permissions_model(headers: Dict[str, str], config: Config) -> bool:
+def _use_v2_permissions_model(headers: Dict[str, str]) -> bool:
     case_insensitive_headers = {key.lower(): value for key, value in headers.items()}
     # if either or both headers are missing
     return (
@@ -152,21 +152,14 @@ def _use_v2_permissions_model(headers: Dict[str, str], config: Config) -> bool:
     )
 
 
-def _load_v2_connection_metadata(headers: Dict[str, str], config: Config, path: str):
+def _load_v2_connection_metadata(headers: Dict[str, str], path: str):
     logger.log(LogReference.HANDLER004d)
     metadata = parse_headers(headers, use_v2_permissions=True)
 
-    if PERMISSION_ALLOW_ALL_POINTER_TYPES in metadata.nrl_permissions:
-        logger.log(LogReference.HANDLER004a)
-        metadata.pointer_types = PointerTypes.list()
-        return metadata
-
     logger.log(LogReference.HANDLER004e)
-    if not metadata.is_test_event:
-        logger.log(LogReference.HANDLER004)
-        pointer_permissions = get_pointer_permissions(metadata, config, path)
+    pointer_permissions = get_pointer_permissions_v2(metadata, path)
 
-        metadata.pointer_types = pointer_permissions.get("types", [])
+    metadata.pointer_types = pointer_permissions.get("types", [])
 
     logger.log(
         LogReference.HANDLER004f, pointer_types=metadata.pointer_types
@@ -177,8 +170,8 @@ def _load_v2_connection_metadata(headers: Dict[str, str], config: Config, path:
 
 def load_connection_metadata(headers: Dict[str, str], config: Config, path=""):
 
-    if _use_v2_permissions_model(headers, config):
-        return _load_v2_connection_metadata(headers, config, path)
+    if _use_v2_permissions_model(headers):
+        return _load_v2_connection_metadata(headers, path)
 
     metadata = parse_headers(headers, use_v2_permissions=False)
     if PERMISSION_ALLOW_ALL_POINTER_TYPES in metadata.nrl_permissions:
diff --git a/layer/nrlf/core/request.py b/layer/nrlf/core/request.py
@@ -11,7 +11,6 @@
 from nrlf.core.model import ClientRpDetails, ConnectionMetadata
 
 
-# from consumer proxy code - producer has extra bits
 def _fetch_ods_app_id_headers(headers: dict[str, str]):
 
     case_insensitive_headers = {key.lower(): value for key, value in headers.items()}
@@ -23,7 +22,6 @@ def _fetch_ods_app_id_headers(headers: dict[str, str]):
             LogReference.HANDLER003a, headers_names=case_insensitive_headers.keys()
         )
 
-    # where should this come from now? soln: https://nhsd-confluence.digital.nhs.uk/spaces/clp/pages/1288189142/nrlf+access+permission+model#nrlf_access_permission_model-proposed_approach
     nrl_app_id = case_insensitive_headers.get("nhsd-nrl-app-id")
     if not nrl_app_id or len(nrl_app_id.strip()) == 0:
         logger.log(
diff --git a/layer/nrlf/core/tests/test_authoriser.py b/layer/nrlf/core/tests/test_authoriser.py
@@ -1,5 +1,4 @@
-from nrlf.core.authoriser import get_pointer_permissions, parse_permissions_file
-from nrlf.core.config import Config
+from nrlf.core.authoriser import get_pointer_permissions_v2, parse_permissions_file
 from nrlf.core.request import parse_headers
 from nrlf.tests.events import create_headers
 
@@ -20,15 +19,28 @@ def test_authoriser_parse_permission_file_with_permission_file():
     assert metadata_result == ["http://snomed.info/sct|736253001"]
 
 
-def test_authoriser_get_pointer_permissions_first_pass():
+v2_test_lookup_path = "layer/test_permissions/v2"
+
+
+def test_authoriser_get_v2_permissions_with_pointer_types():
     connection_metadata = parse_headers(
         create_headers(ods_code="ODS123", nrl_app_id="ODS123-app-id")
     )
 
-    result = get_pointer_permissions(
+    result = get_pointer_permissions_v2(
         connection_metadata=connection_metadata,
-        config=Config(AUTH_STORE="auth-store-i-promise"),
         request_path="/producer/DocumentReference/_search",
+        lookup_path=v2_test_lookup_path,
+    )
+
+    assert result.get("types") == ["http://snomed.info/sct|736253001"]
+
+
+def test_authoriser_parse_v2_permission_file_with_no_permission_file():
+    metadata_result = get_pointer_permissions_v2(
+        connection_metadata=parse_headers(create_headers(ods_code="NotFound")),
+        request_path="/consumer/_status",
+        lookup_path=v2_test_lookup_path,
     )
 
-    assert result == {"types": ["http://snomed.info/sct|736253001"]}
+    assert metadata_result == {}
diff --git a/layer/nrlf/core/tests/test_decorators.py b/layer/nrlf/core/tests/test_decorators.py
@@ -806,15 +806,12 @@ def test_request_load_connection_metadata_with_no_permission_lookup_or_file():
 
 
 missing_headers = [
-    # ["nhsd-connection-metadata"],
-    # ["nhsd-connection-metadata", "nhsd-client-rp-details"],
+    ["nhsd-connection-metadata"],
+    ["nhsd-connection-metadata", "nhsd-client-rp-details"],
     ["nhsd-client-rp-details"],
 ]
 
 
-# ????? RuntimeError: Credentials were refreshed, but the refreshed credentials are still expired.
-# now: botocore.exceptions.NoCredentialsError: Unable to locate credentials
-# TODO: Figure out mocking - avoid needing to use a test header
 @pytest.mark.parametrize("headers_missing_from_request", missing_headers)
 def test_request_load_connection_with_missing_headers_gets_v2_permissions(
     headers_missing_from_request,
