Skip to content

Commit

Permalink
Fikser tilgang for rollene veileder og beslutter (#411)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tnarland
tnarland authored Oct 26, 2023
1 parent e49e649 commit 67a0f89
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 3 deletions.
9 changes: 8 additions & 1 deletion src/main/kotlin/no/nav/familie/ba/infotrygd/service/TilgangskontrollService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ import org.springframework.web.server.ResponseStatusException
@Service
class TilgangskontrollService(
private val tokenValidationContextHolder: TokenValidationContextHolder,
@Value("\${TEAMFAMILIE_VEILEDER_GROUP_ID}") private val veilederGroupId: String,
@Value("\${TEAMFAMILIE_SAKSBEHANDLER_GROUP_ID}") private val saksbehandlerGroupId: String,
@Value("\${TEAMFAMILIE_BESLUTTER_GROUP_ID}") private val beslutterGroupId: String,
@Value("\${TEAMFAMILIE_FORVALTNING_GROUP_ID}") private val forvalterGroupId: String
) {
val secureLogger = LoggerFactory.getLogger("secureLogger")
Expand All @@ -24,7 +26,12 @@ class TilgangskontrollService(

secureLogger.info("Roller: $roles")
secureLogger.info("Grupper: $groups")
if (!(roles.contains(ACCESS_AS_APPLICATION_ROLE) || groups.contains(saksbehandlerGroupId) || groups.contains(forvalterGroupId))) {
if (!(roles.contains(ACCESS_AS_APPLICATION_ROLE) ||
groups.contains(veilederGroupId) ||
groups.contains(saksbehandlerGroupId) ||
groups.contains(beslutterGroupId) ||
groups.contains(forvalterGroupId))
) {
throw ResponseStatusException(HttpStatus.FORBIDDEN, "Bruker har ikke tilgang til å kalle tjenesten!")
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/application-prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ AUTHORIZATION_URL: https://login.microsoftonline.com/navno.onmicrosoft.com/oauth
TOKEN_URL: https://login.microsoftonline.com/navno.onmicrosoft.com/oauth2/v2.0/token

TEAMFAMILIE_FORVALTNING_GROUP_ID: "3d718ae5-f25e-47a4-b4b3-084a97604c1d"

TEAMFAMILIE_VEILEDER_GROUP_ID: "199c2b39-e535-4ae8-ac59-8ccbee7991ae" # VEILEDER_ROLLE
TEAMFAMILIE_SAKSBEHANDLER_GROUP_ID: "847e3d72-9dc1-41c3-80ff-f5d4acdd5d46" # SAKSBEHANDLER_ROLLE
TEAMFAMILIE_BESLUTTER_GROUP_ID: "7a271f87-39fb-468b-a9ee-6cf3c070f548" # BESLUTTER_ROLLE
2 changes: 1 addition & 1 deletion src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,6 @@ TOKEN_URL: https://login.microsoftonline.com/navq.onmicrosoft.com/oauth2/v2.0/to
API_SCOPE: api://${AZURE_APP_CLIENT_ID}/.default

TEAMFAMILIE_FORVALTNING_GROUP_ID: "928636f4-fd0d-4149-978e-a6fb68bb19de"

TEAMFAMILIE_VEILEDER_GROUP_ID: "93a26831-9866-4410-927b-74ff51a9107c" # VEILEDER_ROLLE
TEAMFAMILIE_SAKSBEHANDLER_GROUP_ID: "d21e00a4-969d-4b28-8782-dc818abfae65" # SAKSBEHANDLER_ROLLE
TEAMFAMILIE_BESLUTTER_GROUP_ID: "9449c153-5a1e-44a7-84c6-7cc7a8867233" # BESLUTTER_ROLLE

0 comments on commit 67a0f89

Please sign in to comment.