Update Altinn3 access handling and introduce OrganisasjonDTO

#deploy-altinn3-tilgang-service-prod #deploy-altinn3-tilgang-service

Refactored Altinn3 access services to return lists of authorized organizations instead of a boolean, leveraging the new `OrganisasjonDTO`. Updated AltinnConsumer logic to improve resource filtering and subunit traversal. Added `data-transfer-objects` library for DTO inclusion and adjusted related classes to support the new implementation.

Author: krharum

apps/altinn3-tilgang-service/build.gradle

@@ -12,6 +12,7 @@ sonarqube {
 dependencies {
     implementation "no.nav.testnav.libs:reactive-core"
     implementation "no.nav.testnav.libs:reactive-security"
+    implementation "no.nav.testnav.libs:data-transfer-objects"
 
     implementation "org.springframework.boot:spring-boot-starter-data-r2dbc"
     implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"

apps/altinn3-tilgang-service/settings.gradle

@@ -8,7 +8,7 @@ includeBuild "../../plugins/java"
 
 includeBuild '../../libs/reactive-core'
 includeBuild '../../libs/reactive-security'
-includeBuild '../../libs/vault'
+includeBuild '../../libs/data-transfer-objects'
 
 develocity {
     buildScan {

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java

@@ -28,6 +28,7 @@
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 
@@ -132,9 +133,11 @@ public Flux<AuthorizedPartyDTO> getAuthorizedParties(String ident) {
 
         return maskinportenConsumer.getAccessToken()
                 .flatMap(this::exchangeToken)
-                .flatMapMany(exchangeToken -> new GetAuthorizedPartiesCommand(webClient,
+                .flatMap(exchangeToken -> new GetAuthorizedPartiesCommand(webClient,
                         new AltinnAuthorizedPartiesRequestDTO(ident),
-                        exchangeToken).call());
+                        exchangeToken).call())
+                .map(Arrays::asList)
+                .flatMapIterable(list -> list);
     }
 
     private Mono<AltinnAccessListResponseDTO> getAccessListMembers() {

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java

@@ -8,32 +8,32 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.web.reactive.function.client.WebClient;
-import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
 
 import java.util.concurrent.Callable;
 
 @Slf4j
 @RequiredArgsConstructor
-public class GetAuthorizedPartiesCommand implements Callable<Flux<AuthorizedPartyDTO>> {
+public class GetAuthorizedPartiesCommand implements Callable<Mono<AuthorizedPartyDTO[]>> {
 
-    private static final String ALTINN_URL = "/resourceregistry/accessmanagement/api/v1/resourceowner/authorizedparties";
+    private static final String ALTINN_URL = "/accessmanagement/api/v1/resourceowner/authorizedparties";
 
     private final WebClient webClient;
     private final AltinnAuthorizedPartiesRequestDTO request;
     private final String token;
 
     @Override
-    public Flux<AuthorizedPartyDTO> call() {
+    public Mono<AuthorizedPartyDTO[]> call() {
 
-        log.info("Spøøring om bruker {}", request);
+        log.info("Spørring på bruker {}", request);
         return webClient
                 .post()
                 .uri(builder -> builder.path(ALTINN_URL).build())
                 .header(HttpHeaders.AUTHORIZATION, "Bearer " + token)
                 .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
                 .bodyValue(request)
                 .retrieve()
-                .bodyToFlux(AuthorizedPartyDTO.class)
+                .bodyToMono(AuthorizedPartyDTO[].class)
                 .doOnError(WebClientFilter::logErrorMessage);
     }
 }

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java

@@ -5,16 +5,37 @@
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+import java.util.ArrayList;
 import java.util.List;
 
+import static java.util.Objects.isNull;
+
 @Data
 @Builder
 @NoArgsConstructor
 @AllArgsConstructor
 public class AuthorizedPartyDTO {
 
-    private String personId;
+    private String name;
     private String organizationNumber;
+    private String unitType;
     private List<String> authorizedResources;
+    private List<AuthorizedPartyDTO> subunits;
+
+    public List<String> getAuthorizedResources() {
+
+        if (isNull(authorizedResources)) {
+            authorizedResources = new ArrayList<>();
+        }
+        return authorizedResources;
+    }
+
+    public List<AuthorizedPartyDTO> getSubunits() {
+
+        if (isNull(subunits)) {
+            subunits = new ArrayList<>();
+        }
+        return subunits;
+    }
 }
 

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java

@@ -10,5 +10,4 @@
 public class PersonRequest {
 
     private String ident;
-    private String orgnummer;
 }

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java

@@ -3,11 +3,12 @@
 import lombok.RequiredArgsConstructor;
 import no.nav.testnav.altinn3tilgangservice.domain.PersonRequest;
 import no.nav.testnav.altinn3tilgangservice.service.AltinnBrukerTilgangService;
+import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import reactor.core.publisher.Mono;
+import reactor.core.publisher.Flux;
 
 @RestController
 @RequestMapping("/api/v1/brukertilgang")
@@ -17,8 +18,8 @@ public class AltinnBrukerTilgangController {
     private final AltinnBrukerTilgangService brukerTilgangService;
 
     @PostMapping
-    public Mono<Boolean> harDollyTilgang(@RequestBody PersonRequest personRequest) {
+    public Flux<OrganisasjonDTO> getOrgMedDollyTilgang(@RequestBody PersonRequest personRequest) {
 
-        return brukerTilgangService.harDollyTilgang(personRequest);
+        return brukerTilgangService.getOrgsMedDollyTilgang(personRequest);
     }
 }

apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java

@@ -3,23 +3,48 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer;
+import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO;
 import no.nav.testnav.altinn3tilgangservice.domain.PersonRequest;
+import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO;
 import org.springframework.stereotype.Service;
+import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Stream;
+
 @Slf4j
 @Service
 @RequiredArgsConstructor
 public class AltinnBrukerTilgangService {
 
+    private static final String DOLLY_RESOURCE = "nav_dolly_tilgang-samarbeidspartnere";
     private final AltinnConsumer altinnConsumer;
 
-    public Mono<Boolean> harDollyTilgang(PersonRequest personRequest) {
+    public Flux<OrganisasjonDTO> getOrgsMedDollyTilgang(PersonRequest personRequest) {
 
         return altinnConsumer.getAuthorizedParties(personRequest.getIdent())
-                .doOnNext(party -> log.info("AuthorizedParty {}", party))
-                .filter(party -> party.getOrganizationNumber().equals(personRequest.getOrgnummer()))
-                .filter(part -> part.getAuthorizedResources().contains("dolly"))
-                .reduce(Boolean.FALSE, (a, b) -> Boolean.TRUE);
+                .flatMap(authorizedParty -> getUnitsAndSubunits(new ArrayList<>(), authorizedParty))
+                .flatMap(Flux::fromIterable);
+    }
+
+    private Mono<List<OrganisasjonDTO>> getUnitsAndSubunits(List<OrganisasjonDTO> organisasjoner,
+                                                      AuthorizedPartyDTO authorizedParties) {
+
+        organisasjoner.addAll(Stream.of(authorizedParties)
+                .filter(part -> part.getAuthorizedResources().contains(DOLLY_RESOURCE))
+                .map(part -> OrganisasjonDTO.builder()
+                        .navn(part.getName())
+                        .organisasjonsnummer(part.getOrganizationNumber())
+                        .organisasjonsform(part.getUnitType())
+                        .build())
+                        .toList());
+
+        if (!authorizedParties.getSubunits().isEmpty()) {
+            authorizedParties.getSubunits()
+                            .forEach(subunit -> getUnitsAndSubunits(organisasjoner, subunit));
+        }
+        return Mono.just(organisasjoner);
     }
 }

libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java

@@ -0,0 +1,17 @@
+package no.nav.testnav.libs.dto.altinn3.v1;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class OrganisasjonDTO {
+
+        private String navn;
+        private String organisasjonsnummer;
+        private String organisasjonsform;
+}