From 2af28aed24a30c99de1882ce66a46249f4f7f510 Mon Sep 17 00:00:00 2001
From: Ibrahim Munir-Zubair <ibrahimmunir14@gmail.com>
Date: Tue, 13 Jul 2021 10:51:01 +0100
Subject: [PATCH] HEEDLS-360 Disallow admin registration if centre has
 CentreManager admin

Also update tests; fix line endings
---
 .../DataServices/CentresDataService.cs        | 20 ++++-----
 .../Register/RegisterAdminControllerTests.cs  | 42 ++++++++++++++++---
 .../Register/RegisterAdminController.cs       |  7 +++-
 3 files changed, 52 insertions(+), 17 deletions(-)

diff --git a/DigitalLearningSolutions.Data/DataServices/CentresDataService.cs b/DigitalLearningSolutions.Data/DataServices/CentresDataService.cs
index b36a8f146c..0327d5d58e 100644
--- a/DigitalLearningSolutions.Data/DataServices/CentresDataService.cs
+++ b/DigitalLearningSolutions.Data/DataServices/CentresDataService.cs
@@ -243,16 +243,16 @@ FROM Centres
             return ipPrefixes ?? new string[0];
         }
 
-        public (bool autoRegistered, string? autoRegisterManagerEmail) GetCentreAutoRegisterValues(int centreId)
-        {
-            return connection.QueryFirstOrDefault<(bool, string?)>(
-                @"SELECT AutoRegistered, AutoRegisterManagerEmail
-                        FROM Centres
-                        WHERE CentreID = @centreId",
-                new { centreId }
-            );
-        }
-
+        public (bool autoRegistered, string? autoRegisterManagerEmail) GetCentreAutoRegisterValues(int centreId)
+        {
+            return connection.QueryFirstOrDefault<(bool, string?)>(
+                @"SELECT AutoRegistered, AutoRegisterManagerEmail
+                        FROM Centres
+                        WHERE CentreID = @centreId",
+                new { centreId }
+            );
+        }
+
         public IEnumerable<CentreRanking> GetCentreRanks(
             DateTime dateSince,
             int? regionId,
diff --git a/DigitalLearningSolutions.Web.Tests/Controllers/Register/RegisterAdminControllerTests.cs b/DigitalLearningSolutions.Web.Tests/Controllers/Register/RegisterAdminControllerTests.cs
index 87c643c07e..9e17a20231 100644
--- a/DigitalLearningSolutions.Web.Tests/Controllers/Register/RegisterAdminControllerTests.cs
+++ b/DigitalLearningSolutions.Web.Tests/Controllers/Register/RegisterAdminControllerTests.cs
@@ -1,5 +1,6 @@
 namespace DigitalLearningSolutions.Web.Tests.Controllers.Register
 {
+    using System.Collections.Generic;
     using DigitalLearningSolutions.Data.DataServices;
     using DigitalLearningSolutions.Data.Models.User;
     using DigitalLearningSolutions.Data.Services;
@@ -29,6 +30,7 @@ public void Setup()
             centresDataService = A.Fake<ICentresDataService>();
             cryptoService = A.Fake<ICryptoService>();
             jobGroupsDataService = A.Fake<IJobGroupsDataService>();
+            registrationService = A.Fake<IRegistrationService>();
             userDataService = A.Fake<IUserDataService>();
             controller = new RegisterAdminController(
                     centresDataService,
@@ -42,7 +44,7 @@ public void Setup()
         }
 
         [Test]
-        public void IndexGet_with_no_centreId_param_shows_error()
+        public void IndexGet_with_no_centreId_param_shows_notfound_error()
         {
             // When
             var result = controller.Index();
@@ -52,7 +54,7 @@ public void IndexGet_with_no_centreId_param_shows_error()
         }
 
         [Test]
-        public void IndexGet_with_invalid_centreId_param_shows_error()
+        public void IndexGet_with_invalid_centreId_param_shows_notfound_error()
         {
             // Given
             const int centreId = 7;
@@ -67,12 +69,13 @@ public void IndexGet_with_invalid_centreId_param_shows_error()
         }
 
         [Test]
-        public void IndexGet_with_centre_autoregistered_true_shows_error()
+        public void IndexGet_with_centre_autoregistered_true_shows_notfound_error()
         {
             // Given
             const int centreId = 7;
             A.CallTo(() => centresDataService.GetCentreName(centreId)).Returns("My centre");
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).Returns((true, "email@email"));
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).Returns(new List<AdminUser>());
 
             // When
             var result = controller.Index(centreId);
@@ -80,16 +83,18 @@ public void IndexGet_with_centre_autoregistered_true_shows_error()
             // Then
             A.CallTo(() => centresDataService.GetCentreName(centreId)).MustHaveHappened(1, Times.Exactly);
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).MustHaveHappened(1, Times.Exactly);
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).MustHaveHappened(1, Times.Exactly);
             result.Should().BeNotFoundResult();
         }
 
         [Test]
-        public void IndexGet_with_centre_autoregisteremail_null_shows_error()
+        public void IndexGet_with_centre_autoregisteremail_null_shows_notfound_error()
         {
             // Given
             const int centreId = 7;
             A.CallTo(() => centresDataService.GetCentreName(centreId)).Returns("Some centre");
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).Returns((false, null));
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).Returns(new List<AdminUser>());
 
             // When
             var result = controller.Index(centreId);
@@ -97,16 +102,18 @@ public void IndexGet_with_centre_autoregisteremail_null_shows_error()
             // Then
             A.CallTo(() => centresDataService.GetCentreName(centreId)).MustHaveHappened(1, Times.Exactly);
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).MustHaveHappened(1, Times.Exactly);
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).MustHaveHappened(1, Times.Exactly);
             result.Should().BeNotFoundResult();
         }
 
         [Test]
-        public void IndexGet_with_centre_autoregisteremail_empty_shows_error()
+        public void IndexGet_with_centre_autoregisteremail_empty_shows_notfound_error()
         {
             // Given
             const int centreId = 7;
             A.CallTo(() => centresDataService.GetCentreName(centreId)).Returns("Some centre");
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).Returns((false, string.Empty));
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).Returns(new List<AdminUser>());
 
             // When
             var result = controller.Index(centreId);
@@ -114,6 +121,29 @@ public void IndexGet_with_centre_autoregisteremail_empty_shows_error()
             // Then
             A.CallTo(() => centresDataService.GetCentreName(centreId)).MustHaveHappened(1, Times.Exactly);
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).MustHaveHappened(1, Times.Exactly);
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).MustHaveHappened(1, Times.Exactly);
+            result.Should().BeNotFoundResult();
+        }
+
+        [Test]
+        public void IndexGet_with_centre_with_active_centre_manager_shows_notfound_error()
+        {
+            // Given
+            const int centreId = 7;
+            A.CallTo(() => centresDataService.GetCentreName(centreId)).Returns("Some centre");
+            A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).Returns((false, "email@email"));
+
+            var centreManagerAdmin = new AdminUser { CentreId = centreId, IsCentreManager = true };
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId))
+                .Returns(new List<AdminUser> { centreManagerAdmin });
+
+            // When
+            var result = controller.Index(centreId);
+
+            // Then
+            A.CallTo(() => centresDataService.GetCentreName(centreId)).MustHaveHappened(1, Times.Exactly);
+            A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).MustHaveHappened(1, Times.Exactly);
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).MustHaveHappened(1, Times.Exactly);
             result.Should().BeNotFoundResult();
         }
 
@@ -124,6 +154,7 @@ public void IndexGet_with_allowed_admin_registration_sets_data_correctly()
             const int centreId = 7;
             A.CallTo(() => centresDataService.GetCentreName(centreId)).Returns("Some centre");
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).Returns((false, "email@email"));
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).Returns(new List<AdminUser>());
 
             // When
             var result = controller.Index(centreId);
@@ -131,6 +162,7 @@ public void IndexGet_with_allowed_admin_registration_sets_data_correctly()
             // Then
             A.CallTo(() => centresDataService.GetCentreName(centreId)).MustHaveHappened(1, Times.Exactly);
             A.CallTo(() => centresDataService.GetCentreAutoRegisterValues(centreId)).MustHaveHappened(1, Times.Exactly);
+            A.CallTo(() => userDataService.GetAdminUsersByCentreId(centreId)).MustHaveHappened(1, Times.Exactly);
             var data = controller.TempData.Peek<RegistrationData>()!;
             data.Centre.Should().Be(centreId);
             result.Should().BeRedirectToActionResult().WithActionName("PersonalInformation");
diff --git a/DigitalLearningSolutions.Web/Controllers/Register/RegisterAdminController.cs b/DigitalLearningSolutions.Web/Controllers/Register/RegisterAdminController.cs
index 832ab5eeed..2c407e42f2 100644
--- a/DigitalLearningSolutions.Web/Controllers/Register/RegisterAdminController.cs
+++ b/DigitalLearningSolutions.Web/Controllers/Register/RegisterAdminController.cs
@@ -1,6 +1,7 @@
 namespace DigitalLearningSolutions.Web.Controllers
 {
     using System;
+    using System.Linq;
     using DigitalLearningSolutions.Data.DataServices;
     using DigitalLearningSolutions.Data.Services;
     using DigitalLearningSolutions.Web.Extensions;
@@ -168,7 +169,7 @@ public IActionResult Summary(SummaryViewModel model)
             {
                 return new StatusCodeResult(500);
             }
-            
+
             var registrationModel = RegistrationMappingHelper.MapToRegistrationModel(data);
             registrationService.RegisterCentreManager(registrationModel);
 
@@ -188,8 +189,10 @@ private bool IsRegisterAdminAllowed(int centreId)
                 return false;
             }
 
+            var adminUsers = userDataService.GetAdminUsersByCentreId(centreId);
+            var hasCentreManagerAdmin = adminUsers.Any(user => user.IsCentreManager);
             var (autoRegistered, autoRegisterManagerEmail) = centresDataService.GetCentreAutoRegisterValues(centreId);
-            return !autoRegistered && !string.IsNullOrWhiteSpace(autoRegisterManagerEmail);
+            return !hasCentreManagerAdmin && !autoRegistered && !string.IsNullOrWhiteSpace(autoRegisterManagerEmail);
         }
 
         private void SetAdminRegistrationData(int centreId)