NRL-2015 Raise a better error when new permissions policy fails to validate

anjalitrace2-nhs · anjalitrace2-nhs · commit 680c5b067a9d · 2026-03-26T15:30:16.000Z
diff --git a/layer/nrlf/core/decorators.py b/layer/nrlf/core/decorators.py
@@ -9,7 +9,7 @@
     event_source,
 )
 from aws_lambda_powertools.utilities.typing import LambdaContext
-from pydantic import BaseModel
+from pydantic import BaseModel, ValidationError
 
 from nrlf.core.authoriser import (
     get_pointer_permissions_v2,
@@ -164,9 +164,27 @@ def v1_perms_stuff(metadata: ConnectionMetadata, config: Config):
 def v2_perms_stuff(metadata: ConnectionMetadata, path=""):
     pointer_permissions = get_pointer_permissions_v2(metadata, path)
 
-    metadata.nrl_permissions_policy = PermissionsPolicy.model_validate(
-        pointer_permissions
-    )
+    try:
+        metadata.nrl_permissions_policy = PermissionsPolicy.model_validate(
+            pointer_permissions
+        )
+    except ValidationError as err:
+        logger.log(
+            LogReference.HANDLER004e,
+            pointer_permissions=pointer_permissions,
+            path=path,
+            validation_errors=err.errors(),
+        )
+        raise OperationOutcomeError(
+            status_code="401",
+            severity="error",
+            code="invalid",
+            details=SpineErrorConcept.from_code("MISSING_OR_INVALID_HEADER"),
+            diagnostics=(
+                "Unable to parse metadata about the requesting application. "
+                "Contact the onboarding team."
+            ),
+        ) from None
 
     if (
         AccessControls.ALLOW_ALL_TYPES.value
diff --git a/layer/nrlf/core/log_references.py b/layer/nrlf/core/log_references.py
@@ -33,6 +33,7 @@ class LogReference(Enum):
     HANDLER004b = _Reference("INFO", "Parsing embedded permissions file")
     HANDLER004c = _Reference("INFO", "Parsed embedded permissions file")
     HANDLER004d = _Reference("INFO", "Using v2 permissions model")
+    HANDLER004e = _Reference("ERROR", "Unable to validate PermissionsPolicy")
     HANDLER005 = _Reference("WARN", "Rejecting request due to missing pointer types")
     HANDLER006 = _Reference("DEBUG", "Attempting to parse request parameters")
     HANDLER007 = _Reference("INFO", "Parsed request parameters")
diff --git a/layer/nrlf/core/tests/test_decorators.py b/layer/nrlf/core/tests/test_decorators.py
@@ -1004,6 +1004,29 @@ def test_load_v2_connection_metadata_missing_access_controls(mocker: MockerFixtu
     assert metadata.nrl_permissions_policy.types == specific_types
 
 
+def test_load_v2_connection_metadata_invalid_permissions_file(mocker: MockerFixture):
+    mocker.patch("nrlf.core.decorators.get_pointer_permissions_v2", return_value=[])
+
+    with pytest.raises(OperationOutcomeError) as err:
+        load_connection_metadata(
+            headers=_create_v2_headers(),
+            config=Config(),
+            path="/producer/DocumentReference",
+        )
+
+    assert err.value.status_code == "401"
+    assert err.value.operation_outcome.resourceType == "OperationOutcome"
+    assert err.value.operation_outcome.issue[0].severity == "error"
+    assert err.value.operation_outcome.issue[0].code == "invalid"
+    assert err.value.operation_outcome.issue[0].details == SpineErrorConcept.from_code(
+        "MISSING_OR_INVALID_HEADER"
+    )
+    assert (
+        err.value.operation_outcome.issue[0].diagnostics
+        == "Unable to parse metadata about the requesting application. Contact the onboarding team."
+    )
+
+
 def test_request_handler_with_custom_repository(mocker: MockerFixture):
     repository_mock = mocker.Mock()
 
