NRL-2015 decide whether to use v2 perimssions based on presence of a v2 permissions file. No longer decide based on missing v1 headers. In order to lookup v2 permissions file we need v2 headers though

anjalitrace2-nhs · anjalitrace2-nhs · commit e49fd0e33858 · 2026-03-19T17:50:12.000Z
diff --git a/layer/nrlf/core/decorators.py b/layer/nrlf/core/decorators.py
@@ -19,14 +19,13 @@
 from nrlf.core.codes import SpineErrorConcept
 from nrlf.core.config import Config
 from nrlf.core.constants import (
-    CLIENT_RP_DETAILS,
-    CONNECTION_METADATA,
     NHSD_CORRELATION_ID_HEADER,
     PERMISSION_ALLOW_ALL_POINTER_TYPES,
     X_CORRELATION_ID_HEADER,
     X_REQUEST_ID_HEADER,
     AccessControls,
     PointerTypes,
+    V2Headers,
 )
 from nrlf.core.dynamodb.repository import DocumentPointerRepository
 from nrlf.core.errors import OperationOutcomeError, ParseError
@@ -145,17 +144,18 @@ def wrapper(*args, **kwargs) -> Dict[str, Any]:
 RepositoryType = Union[Type[DocumentPointerRepository], None]
 
 
-def _use_v2_permissions_model(headers: Dict[str, str]) -> bool:
+def _use_v2_permissions_model(headers: Dict[str, str], path: str) -> bool:
     case_insensitive_headers = {key.lower(): value for key, value in headers.items()}
 
-    v1_headers_provided = (
-        CLIENT_RP_DETAILS in case_insensitive_headers.keys()
-        and CONNECTION_METADATA in case_insensitive_headers.keys()
+    v2_headers_provided = (
+        V2Headers.NHSD_END_USER_ORGANISATION_ODS in case_insensitive_headers.keys()
+        and V2Headers.NHSD_NRL_APP_ID in case_insensitive_headers.keys()
     )
-    if v1_headers_provided:
+    if not v2_headers_provided:
         return False
 
-    v2_permissions_configured = get_pointer_permissions_v2() != {}
+    metadata = parse_headers(headers, use_v2_permissions=True)
+    v2_permissions_configured = get_pointer_permissions_v2(metadata, path) != {}
 
     return v2_permissions_configured
 
@@ -195,7 +195,7 @@ def _load_v2_connection_metadata(headers: Dict[str, str], path: str):
 def load_connection_metadata(headers: Dict[str, str], config: Config, path=""):
     logger.log(LogReference.HANDLER002, headers=headers)
 
-    if _use_v2_permissions_model(headers):
+    if _use_v2_permissions_model(headers, path):
         return _load_v2_connection_metadata(headers, path)
 
     metadata = parse_headers(headers, use_v2_permissions=False)
diff --git a/layer/nrlf/core/tests/test_decorators.py b/layer/nrlf/core/tests/test_decorators.py
@@ -816,8 +816,12 @@ def test_request_load_connection_metadata_with_no_permission_lookup_or_file():
 
 @pytest.mark.parametrize("headers_missing_from_request", missing_headers)
 def test_request_load_connection_with_missing_headers_gets_v2_permissions(
-    headers_missing_from_request,
+    headers_missing_from_request, mocker
 ):
+    mocker.patch(
+        "nrlf.core.decorators.get_pointer_permissions_v2",
+        return_value={"types": ["http://snomed.info/sct|736253001"]},
+    )
     headers = create_headers(
         additional_headers={
             V2Headers.NHSD_END_USER_ORGANISATION_ODS: "Y05868",
@@ -848,6 +852,38 @@ def _create_v2_headers() -> dict:
     return headers
 
 
+def test_load_connection_metadata_gets_v1_permissions_when_v2_permission_file_missing(
+    mocker,
+):
+    v1_permissions = [
+        "http://snomed.info/sct|749001000000101",
+        "https://nicip.nhs.uk|MAULR",
+    ]
+    mocker.patch(
+        "nrlf.core.decorators.parse_permissions_file",
+        return_value=v1_permissions,
+    )
+    mocker.patch(
+        "nrlf.core.decorators.get_pointer_permissions_v2",
+        return_value={},
+    )
+
+    v1_plus_v2_headers = create_headers(
+        additional_headers={
+            V2Headers.NHSD_END_USER_ORGANISATION_ODS: "Y05868",
+            V2Headers.NHSD_NRL_APP_ID: "Y05868-TestApp-12345678",
+        }
+    )
+
+    expected_metadata = load_connection_metadata(
+        headers=v1_plus_v2_headers, config=Config(), path="/producer/DocumentReference"
+    )
+
+    assert expected_metadata.pointer_types == v1_permissions
+    assert expected_metadata.ods_code == "Y05868"
+    assert expected_metadata.nrl_app_id == "Y05868-TestApp-12345678"
+
+
 def test_load_v2_connection_metadata_allow_all_types(mocker: MockerFixture):
     mocker.patch(
         "nrlf.core.decorators.get_pointer_permissions_v2",
