Merge pull request #347 from nl-portal/feature/implement-filter-machtingdienst

Feature/implement filter machtingsdienst

Author: flinden68

app/src/main/resources/config/application.yml

@@ -170,6 +170,8 @@ nl-portal:
                   allowedMethods: "*"
         endpoints:
             unsecured: /api/public/**
+        machtingsdienst:
+            #resource-url: classpath:machtigingsdiensten.json
     product:
         product-type-url: http://host.docker.internal:8011/api/v1/objecttypes/972e92ce-b964-4ca8-ad4d-ddc43dd7b244
         product-instantie-type-url: http://host.docker.internal:8011/api/v1/objecttypes/3e852115-277a-4570-873a-9a64be3aeb34

app/src/main/resources/machtigingsdiensten.json

@@ -0,0 +1,12 @@
+[
+  {
+    "uuid":"dd95bdee-c493-4757-bae3-fe0a5b5063f8",
+    "naam":"Uitvoeren WMO-dienstverlening",
+    "zaakTypes": [
+      "dd95bdee-c493-4757-bae3-fe0a5b5063f8"
+    ],
+    "taakTypes": [
+      "RMWA"
+    ]
+  }
+]

build.gradle.kts

@@ -46,7 +46,7 @@ plugins {
 
     id("org.jetbrains.dokka")
 
-    id("org.owasp.dependencycheck") version "11.1.1"
+    id("org.owasp.dependencycheck") version "12.0.0"
 
     `maven-publish`
     `signing`

payment/build.gradle.kts

@@ -23,7 +23,7 @@ dependencies {
     api(project(":graphql"))
     api(project(":zgw:taak"))
 
-    api("commons-codec", "commons-codec", "1.17.1")
+    api("commons-codec", "commons-codec", "1.17.2")
     testImplementation(project(":zgw:common-ground-authentication-test"))
     testImplementation("org.springframework.boot", "spring-boot-starter-test")
     testImplementation("org.assertj", "assertj-core")

product/src/main/kotlin/nl/nlportal/product/autoconfiguration/ProductAutoConfiguration.kt

@@ -15,6 +15,7 @@
  */
 package nl.nlportal.product.autoconfiguration
 
+import nl.nlportal.commonground.authentication.AuthenticationMachtigingsDienstService
 import nl.nlportal.core.ssl.ClientSslContextResolver
 import nl.nlportal.product.client.DmnClient
 import nl.nlportal.product.client.DmnConfig
@@ -58,6 +59,7 @@ class ProductAutoConfiguration {
         taakObjectConfig: TaakObjectConfig,
         objectsApiTaskConfig: TaakObjectConfig,
         dmnClient: DmnClient,
+        authenticationMachtigingsDienstService: AuthenticationMachtigingsDienstService,
     ): ProductService {
         return ProductService(
             productConfig,
@@ -66,6 +68,7 @@ class ProductAutoConfiguration {
             taakObjectConfig,
             objectsApiTaskConfig,
             dmnClient,
+            authenticationMachtigingsDienstService,
         )
     }
 

product/src/main/kotlin/nl/nlportal/product/graphql/ProductQuery.kt

@@ -86,7 +86,7 @@ class ProductQuery(
         dfe: DataFetchingEnvironment,
         productTypeId: UUID? = null,
         productName: String,
-        pageSize: Int? = 20,
+        pageSize: Int? = null,
         isOpen: Boolean? = null,
     ): List<Zaak> {
         return productService.getProductZaken(

product/src/main/kotlin/nl/nlportal/product/service/ProductService.kt

@@ -17,6 +17,7 @@ package nl.nlportal.product.service
 
 import com.fasterxml.jackson.databind.node.ObjectNode
 import mu.KotlinLogging
+import nl.nlportal.commonground.authentication.AuthenticationMachtigingsDienstService
 import nl.nlportal.commonground.authentication.CommonGroundAuthentication
 import nl.nlportal.core.util.Mapper
 import nl.nlportal.product.client.DmnClient
@@ -50,6 +51,7 @@ class ProductService(
     val taakObjectConfig: TaakObjectConfig,
     val objectsApiTaskConfig: TaakObjectConfig,
     val dmnClient: DmnClient,
+    val authenticationMachtigingsDienstService: AuthenticationMachtigingsDienstService,
 ) {
     suspend fun getProduct(
         authentication: CommonGroundAuthentication,
@@ -154,17 +156,30 @@ class ProductService(
             return emptyList()
         }
 
+        // val zaakTypes = mutableSetOf<UUID>()
+        val zaakTypes = productType.zaaktypen
         val request =
             zakenApiClient.zoeken()
                 .search()
                 .page(pageNumber)
                 .withAuthentication(authentication)
-                .ofZaakTypes(productType.zaaktypen.map { it })
         pageSize?.let { request.pageSize(it) }
         isOpen?.let {
             request.isOpen(isOpen)
         }
 
+        /*authenticationMachtigingsDienstService.zaakTypes(authentication)?.let {
+            zaakTypes.addAll(it)
+        }*/
+
+        if (!authenticationMachtigingsDienstService.isAllowedZaakTypes(authentication, zaakTypes)) {
+            return emptyList()
+        }
+
+        if (zaakTypes.isNotEmpty()) {
+            request.ofZaakTypes(zaakTypes.toList())
+        }
+
         authentication.getVestigingsNummer()?.let {
             request.ofVestigingsNummer(it)
         }
@@ -346,12 +361,16 @@ class ProductService(
         pageSize: Int,
     ): List<TaakV2> {
         val objectSearchParameters =
-            listOf(
+            mutableListOf(
                 ObjectSearchParameter("identificatie__type", Comparator.EQUAL_TO, authentication.userType),
                 ObjectSearchParameter("identificatie__value", Comparator.EQUAL_TO, authentication.userId),
                 ObjectSearchParameter("status", Comparator.EQUAL_TO, "open"),
             )
 
+        authenticationMachtigingsDienstService.taakTypes(authentication)?.let {
+            objectSearchParameters.add(ObjectSearchParameter("eigenaar", Comparator.IN_LIST, it.joinToString("|")))
+        }
+
         return getObjectsApiObjectResultPage<TaakObjectV2>(
             objectsApiTaskConfig.typeUrlV2,
             objectSearchParameters,

product/src/test/kotlin/nl/nlportal/product/graphql/ProductQueryIT.kt

@@ -15,6 +15,7 @@
  */
 package nl.nlportal.product.graphql
 
+import nl.nlportal.commonground.authentication.WithBedrijfUser
 import nl.nlportal.commonground.authentication.WithBurgerUser
 import nl.nlportal.product.TestHelper
 import nl.nlportal.product.TestHelper.verifyOnlyDataExists
@@ -197,6 +198,24 @@ internal class ProductQueryIT(
             .jsonPath("$basePath[0].omschrijving").isEqualTo("Lopende zaak")
     }
 
+    @Test
+    @WithBedrijfUser(
+        kvkNummer = "569312863",
+        machtigingsDienst = "dd95bdee-c493-4757-bae3-fe0a5b5063f8",
+    )
+    fun getProductZakenTestBedrijf() {
+        val basePath = "$.data.getProductZaken"
+
+        testClient.post()
+            .uri("/graphql")
+            .accept(MediaType.APPLICATION_JSON)
+            .contentType(MediaType("application", "graphql"))
+            .bodyValue(graphqlGetProductZaken)
+            .exchange()
+            .verifyOnlyDataExists(basePath)
+            .jsonPath("$basePath[0].omschrijving").isEqualTo("Lopende zaak")
+    }
+
     @Test
     @WithBurgerUser("569312863")
     fun getProductZakenTestBurgerNoZaakTypes() {
@@ -293,6 +312,26 @@ internal class ProductQueryIT(
             .jsonPath("$basePath[0].titel").isEqualTo("Taak linked to Zaak")
     }
 
+    @Test
+    @WithBedrijfUser(
+        kvkNummer = "569312863",
+        machtigingsDienst = "dd95bdee-c493-4757-bae3-fe0a5b5063f8",
+    )
+    fun getProductTakenTestBedrijf() {
+        val basePath = "$.data.getProductTaken"
+
+        testClient.post()
+            .uri("/graphql")
+            .accept(MediaType.APPLICATION_JSON)
+            .contentType(MediaType("application", "graphql"))
+            .bodyValue(graphqlGetProductTaken)
+            .exchange()
+            .verifyOnlyDataExists(basePath)
+            .jsonPath("$basePath.size()").isEqualTo(2)
+            .jsonPath("$basePath[0].id").isEqualTo("2d725c07-2f26-4705-8637-438a42b5ac2d")
+            .jsonPath("$basePath[0].titel").isEqualTo("Taak linked to Zaak")
+    }
+
     @Test
     @WithBurgerUser("569312864")
     fun getProductTakenTestBurgerNoTaken() {

product/src/test/resources/config/application.yml

@@ -61,6 +61,10 @@ nl-portal:
     prefill:
         type-url: http://host.docker.internal:8011/api/v1/objecttypes/3e852115-277a-4570-873a-9a64be3aeb37
         remove-objects: true
+    security:
+        machtingsdienst:
+            resource-url: classpath:machtigingsdiensten.json
+
 
 spring:
     security:

product/src/test/resources/machtigingsdiensten.json

@@ -0,0 +1,14 @@
+[
+  {
+    "uuid":"dd95bdee-c493-4757-bae3-fe0a5b5063f8",
+    "naam":"Uitvoeren WMO-dienstverlening",
+    "zaakTypes": [
+      "dd95bdee-c493-4757-bae3-fe0a5b5063f8",
+      "7d9cd6c2-8147-46f2-9ae9-c67e8213c300"
+    ],
+    "taakTypes": [
+      "RMWA",
+      "WMO"
+    ]
+  }
+]

zgw/common-ground-authentication-test/src/main/kotlin/nl/nlportal/commonground/authentication/JwtBuilder.kt

@@ -95,6 +95,12 @@ class JwtBuilder {
         return this
     }
 
+    fun machtingDienstKvk(machtingDienst: String): JwtBuilder {
+        jwtBuilder.claim(MACHTIGINGSDIENST_KEY, machtingDienst)
+
+        return this
+    }
+
     fun buildJwt(): Jwt {
         if (this.aanvragerBsn == null && this.aanvragerKvk == null && this.aanvragerUid == null) {
             throw IllegalStateException("aanvrager needs to be set with either bsn or kvk")

zgw/common-ground-authentication-test/src/main/kotlin/nl/nlportal/commonground/authentication/WithBedrijfUser.kt

@@ -27,4 +27,5 @@ annotation class WithBedrijfUser(
     val gemachtigdeBsn: String = "",
     val gemachtigdeKvk: String = "",
     val vestigingsNummer: String = "",
+    val machtigingsDienst: String = "",
 )

zgw/common-ground-authentication-test/src/main/kotlin/nl/nlportal/commonground/authentication/WithBedrijfUserSecurityContextFactory.kt

@@ -33,6 +33,9 @@ class WithBedrijfUserSecurityContextFactory : WithSecurityContextFactory<WithBed
         if (!bedrijf.vestigingsNummer.isEmpty()) {
             builder.vestigingsNummerKvk(bedrijf.vestigingsNummer)
         }
+        if (!bedrijf.machtigingsDienst.isEmpty()) {
+            builder.machtingDienstKvk(bedrijf.machtigingsDienst)
+        }
         context.authentication = builder.buildBedrijfAuthentication()
 
         return context

zgw/common-ground-authentication/src/main/kotlin/nl/nlportal/commonground/authentication/AuthenticationConfiguration.kt

@@ -20,11 +20,22 @@ import org.springframework.boot.autoconfigure.AutoConfiguration
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.core.annotation.Order
+import org.springframework.core.io.ResourceLoader
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
 
-@EnableConfigurationProperties(KeycloakConfig::class)
+@EnableConfigurationProperties(KeycloakConfig::class, AuthenticationMachtigingsDienstConfig::class)
 @AutoConfiguration
 class AuthenticationConfiguration {
+    @Bean
+    fun authenticationMachtigingsDienstService(
+        authenticationMachtigingsDienstConfig: AuthenticationMachtigingsDienstConfig,
+        resourceLoader: ResourceLoader,
+    ): AuthenticationMachtigingsDienstService =
+        AuthenticationMachtigingsDienstService(
+            authenticationMachtigingsDienstConfig,
+            resourceLoader,
+        )
+
     @Order(value = 0)
     @Bean
     fun commonGroundAuthenticationConverter(

zgw/common-ground-authentication/src/main/kotlin/nl/nlportal/commonground/authentication/AuthenticationMachtigingsDienst.kt

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2015-2023 Ritense BV, the Netherlands.
+ *
+ * Licensed under EUPL, Version 1.2 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package nl.nlportal.commonground.authentication
+
+import java.util.UUID
+
+data class AuthenticationMachtigingsDienst(
+    val uuid: UUID,
+    val naam: String,
+    val zaakTypes: List<UUID> = listOf(),
+    val taakTypes: List<String> = listOf(),
+)

zgw/common-ground-authentication/src/main/kotlin/nl/nlportal/commonground/authentication/AuthenticationMachtigingsDienstConfig.kt

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2015-2023 Ritense BV, the Netherlands.
+ *
+ * Licensed under EUPL, Version 1.2 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package nl.nlportal.commonground.authentication
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+
+@ConfigurationProperties(prefix = "nl-portal.security.machtingsdienst")
+data class AuthenticationMachtigingsDienstConfig(
+    val resourceUrl: String? = null,
+)