Mrc-5324 Update return values of Create/update/delete + add role/user-update endpoint

[absternator]

As per previious PR comments, we are no longer returning the x has been created . for creation and update we are returning to. For deletion returning nocontent

Also I have added another endpoint role/update-users... this is the opposite of the user/update-roles endpoint... found would be good to have both for the FE when doing mockups...These are both extracted into UserRoleService... this endpoint has added in this PR and not part of role.update PR as had more DTos and structure

[codecov]

Codecov Report

Attention: Patch coverage is 98.03922% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 94.29%. Comparing base (0b8e756) to head (bcb06dc).
Report is 18 commits behind head on main.

Files	Patch %	Lines
...pp/src/app/components/login/UpdatePasswordForm.tsx	94.73%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #68      +/-   ##
==========================================
+ Coverage   93.98%   94.29%   +0.30%     
==========================================
  Files          67       71       +4     
  Lines         532      578      +46     
  Branches      131      146      +15     
==========================================
+ Hits          500      545      +45     
- Misses         30       31       +1     
  Partials        2        2              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[EmmaLRussell]

Looks good, just some minor comments. 👍

[EmmaLRussell]

Since we're now returning the updated role on PUT of users, for consistency should do the same when PUT permissions. Similarly for any other PUTs.

[EmmaLRussell]

Response type here shouldn't need to be nullable I don't think? It isn't for create role.

[EmmaLRussell]

The Delete function above should have return type ResponseEntity<Unit> too - similarly any others which now return noContent

[EmmaLRussell]

Again, don't think this should need to be nullable?

[EmmaLRussell]

It feels a bit odd to concatenate the role names like this to fetch the roles, and then have to filter the returned role list for the add and remove. Feels like a bit of a false economy, when you could just make two calls to getRolesForUpdate and keep them separate all along.

[absternator]

the main reason for this is to save a db hit...if I called both separate that would hit db twice

[EmmaLRussell]

Do you need to do both of these? Shouldn't just one add the row to the link table? It's the user that you're saving in the calling method, so should just need to update the user entity?

[absternator]

you are correct updating the user entity is enough to persist data.... the updating of role is mainly so we can return the role back with correct users

[EmmaLRussell]

We might also want to consider adding a check that a user isn't attempting to remove themselves from the ADMIN role..

[absternator]

i feel like if they want to they should be able to 😄 ... eg. you give some ADMIN rights but want to retract that later

[EmmaLRussell]

In that case it wouldn't be them removing their own role...probably! Or maybe should make sure there's always at least one admin? Well, can add that later if we need to.

[EmmaLRussell]

Looks good - I still think it would be good to change deleteRole in RoleController to return a ResponseEntity<Unit>, though that wasn't done in this changeset.