From 67a0f89fd94a0e66fd99989cc714390e0872ed87 Mon Sep 17 00:00:00 2001 From: tnarland <47184872+tnarland@users.noreply.github.com> Date: Thu, 26 Oct 2023 12:06:34 +0200 Subject: [PATCH] Fikser tilgang for rollene veileder og beslutter (#411) --- .../ba/infotrygd/service/TilgangskontrollService.kt | 9 ++++++++- src/main/resources/application-prod.yml | 2 +- src/main/resources/application.yml | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/main/kotlin/no/nav/familie/ba/infotrygd/service/TilgangskontrollService.kt b/src/main/kotlin/no/nav/familie/ba/infotrygd/service/TilgangskontrollService.kt index 8ce86c85..00b98433 100644 --- a/src/main/kotlin/no/nav/familie/ba/infotrygd/service/TilgangskontrollService.kt +++ b/src/main/kotlin/no/nav/familie/ba/infotrygd/service/TilgangskontrollService.kt @@ -9,7 +9,9 @@ import org.springframework.web.server.ResponseStatusException @Service class TilgangskontrollService( private val tokenValidationContextHolder: TokenValidationContextHolder, + @Value("\${TEAMFAMILIE_VEILEDER_GROUP_ID}") private val veilederGroupId: String, @Value("\${TEAMFAMILIE_SAKSBEHANDLER_GROUP_ID}") private val saksbehandlerGroupId: String, + @Value("\${TEAMFAMILIE_BESLUTTER_GROUP_ID}") private val beslutterGroupId: String, @Value("\${TEAMFAMILIE_FORVALTNING_GROUP_ID}") private val forvalterGroupId: String ) { val secureLogger = LoggerFactory.getLogger("secureLogger") @@ -24,7 +26,12 @@ class TilgangskontrollService( secureLogger.info("Roller: $roles") secureLogger.info("Grupper: $groups") - if (!(roles.contains(ACCESS_AS_APPLICATION_ROLE) || groups.contains(saksbehandlerGroupId) || groups.contains(forvalterGroupId))) { + if (!(roles.contains(ACCESS_AS_APPLICATION_ROLE) || + groups.contains(veilederGroupId) || + groups.contains(saksbehandlerGroupId) || + groups.contains(beslutterGroupId) || + groups.contains(forvalterGroupId)) + ) { throw ResponseStatusException(HttpStatus.FORBIDDEN, "Bruker har ikke tilgang til å kalle tjenesten!") } } diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 4bc6b729..d15bfb29 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -3,6 +3,6 @@ AUTHORIZATION_URL: https://login.microsoftonline.com/navno.onmicrosoft.com/oauth TOKEN_URL: https://login.microsoftonline.com/navno.onmicrosoft.com/oauth2/v2.0/token TEAMFAMILIE_FORVALTNING_GROUP_ID: "3d718ae5-f25e-47a4-b4b3-084a97604c1d" - +TEAMFAMILIE_VEILEDER_GROUP_ID: "199c2b39-e535-4ae8-ac59-8ccbee7991ae" # VEILEDER_ROLLE TEAMFAMILIE_SAKSBEHANDLER_GROUP_ID: "847e3d72-9dc1-41c3-80ff-f5d4acdd5d46" # SAKSBEHANDLER_ROLLE TEAMFAMILIE_BESLUTTER_GROUP_ID: "7a271f87-39fb-468b-a9ee-6cf3c070f548" # BESLUTTER_ROLLE \ No newline at end of file diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 8d1a1b95..5d28caf2 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -57,6 +57,6 @@ TOKEN_URL: https://login.microsoftonline.com/navq.onmicrosoft.com/oauth2/v2.0/to API_SCOPE: api://${AZURE_APP_CLIENT_ID}/.default TEAMFAMILIE_FORVALTNING_GROUP_ID: "928636f4-fd0d-4149-978e-a6fb68bb19de" - +TEAMFAMILIE_VEILEDER_GROUP_ID: "93a26831-9866-4410-927b-74ff51a9107c" # VEILEDER_ROLLE TEAMFAMILIE_SAKSBEHANDLER_GROUP_ID: "d21e00a4-969d-4b28-8782-dc818abfae65" # SAKSBEHANDLER_ROLLE TEAMFAMILIE_BESLUTTER_GROUP_ID: "9449c153-5a1e-44a7-84c6-7cc7a8867233" # BESLUTTER_ROLLE \ No newline at end of file