Merge pull request #500 from navikt/Tc-541_rydde-poao-tilgang-bryter

Tc 541 rydde poao tilgang bryter
navikt · Jan 31, 2024 · db325e6 · db325e6
2 parents 5e64dea + 9b674cb
commit db325e6
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 22 deletions.
diff --git a/src/main/java/no/nav/veilarbvedtaksstotte/service/AuthService.kt b/src/main/java/no/nav/veilarbvedtaksstotte/service/AuthService.kt
@@ -25,7 +25,6 @@ import no.nav.poao_tilgang.client.PoaoTilgangClient
 import no.nav.poao_tilgang.client.TilgangType
 import no.nav.veilarbvedtaksstotte.domain.AuthKontekst
 import no.nav.veilarbvedtaksstotte.domain.vedtak.Vedtak
-import no.nav.veilarbvedtaksstotte.utils.POAO_TILGANG_ENABLED
 import org.slf4j.LoggerFactory
 import org.springframework.http.HttpStatus
 import org.springframework.stereotype.Service
@@ -76,13 +75,11 @@ class AuthService(
         val harVeilederTilgangTilPerson =
             veilarbPep.harVeilederTilgangTilPerson(NavIdent.of(innloggetVeilederIdent), ActionId.WRITE, aktorId)
 
-        if(unleashService.isEnabled(POAO_TILGANG_ENABLED)) {
             poaoTilgangClient.evaluatePolicy(
                 NavAnsattTilgangTilEksternBrukerPolicyInput(
                     hentInnloggetVeilederUUID(), TilgangType.SKRIVE, fnr.get()
                 )
             ).getOrThrow()
-        }
 
         if (!harVeilederTilgangTilPerson) {
             throw ResponseStatusException(HttpStatus.FORBIDDEN)
@@ -198,13 +195,11 @@ class AuthService(
         val harVeilederTilgangTilEnhet =
             veilarbPep.harVeilederTilgangTilEnhet(NavIdent.of(innloggetVeilederIdent), enhet)
 
-        if (unleashService.isEnabled(POAO_TILGANG_ENABLED)){
             poaoTilgangClient.evaluatePolicy(
                 NavAnsattTilgangTilNavEnhetPolicyInput(
                     hentInnloggetVeilederUUID(), enhet.get()
                 )
             ).getOrThrow()
-        }
 
         if (!harVeilederTilgangTilEnhet) {
             throw ResponseStatusException(HttpStatus.FORBIDDEN)

diff --git a/src/main/java/no/nav/veilarbvedtaksstotte/utils/UnleashUtils.kt b/src/main/java/no/nav/veilarbvedtaksstotte/utils/UnleashUtils.kt
@@ -1,4 +1,3 @@
 package no.nav.veilarbvedtaksstotte.utils
 
 const val KAFKA_KONSUMERING_SKRUDD_AV = "veilarbvedtaksstotte.kafka-konsumering-skrudd-av"
-const val POAO_TILGANG_ENABLED = "veilarbvedtaksstotte.poao-tilgang-enabled"
diff --git a/src/test/java/no/nav/veilarbvedtaksstotte/service/AuthServiceTest.kt b/src/test/java/no/nav/veilarbvedtaksstotte/service/AuthServiceTest.kt
@@ -17,7 +17,6 @@ import no.nav.poao_tilgang.client.Decision
 import no.nav.poao_tilgang.client.NavAnsattTilgangTilNavEnhetPolicyInput
 import no.nav.poao_tilgang.client.PoaoTilgangClient
 import no.nav.poao_tilgang.client.api.ApiResult
-import no.nav.veilarbvedtaksstotte.utils.POAO_TILGANG_ENABLED
 import no.nav.veilarbvedtaksstotte.utils.TestData
 import no.nav.veilarbvedtaksstotte.utils.TestUtils.assertThrowsWithMessage
 import no.nav.veilarbvedtaksstotte.utils.TestUtils.readTestResourceFile
@@ -58,6 +57,9 @@ class AuthServiceTest {
                 any(), any(), any()
             )
         ).thenReturn(true)
+        whenever(
+            poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
+        ).thenReturn(ApiResult.success(Decision.Permit))
         withContext(UserRole.INTERN) { authService.sjekkTilgangTilBruker(TestData.TEST_FNR) }
     }
 
@@ -84,6 +86,9 @@ class AuthServiceTest {
                 any(), any(), any()
             )
         ).thenReturn(false)
+        whenever(
+            poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
+        ).thenReturn(ApiResult.success(Decision.Deny("","")))
         withContext(UserRole.INTERN) {
             assertThrowsWithMessage<ResponseStatusException>("403 FORBIDDEN") {
                 authService.sjekkTilgangTilBruker(TestData.TEST_FNR)
@@ -93,9 +98,6 @@ class AuthServiceTest {
 
     @Test
     fun sjekkTilgangTilBruker__skal_bruke_poao_tilgang_hvis_toggle_er_pa() {
-        `when`(
-            unleashService.isEnabled(POAO_TILGANG_ENABLED)
-        ).thenReturn(true)
         `when`(
             pep.harVeilederTilgangTilPerson(any(), any(), any())
         ).thenReturn(true)
@@ -110,9 +112,6 @@ class AuthServiceTest {
 
     //@Test
     fun sjekkTilgangTilBruker__skal_kaste_exception_hvis_poao_tilgang_gir_decision_deny() {
-        `when`(
-            unleashService.isEnabled(POAO_TILGANG_ENABLED)
-        ).thenReturn(true)
         whenever(
             poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
         ).thenReturn(ApiResult.success(Decision.Deny("","")))
@@ -126,9 +125,6 @@ class AuthServiceTest {
 
     @Test
     fun sjekkTilgangTilEnhet__skal_bruke_poao_tilgang_hvis_toggle_er_pa() {
-        `when`(
-            unleashService.isEnabled(POAO_TILGANG_ENABLED)
-        ).thenReturn(true)
         `when`(
             pep.harVeilederTilgangTilEnhet(any(), any())
         ).thenReturn(true)
@@ -153,6 +149,9 @@ class AuthServiceTest {
                 any(), any(), any()
             )
         ).thenReturn(true)
+        whenever(
+            poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
+        ).thenReturn(ApiResult.success(Decision.Permit))
         `when`(pep.harVeilederTilgangTilEnhet(any(), any())).thenReturn(true)
         `when`(utrullingService.erUtrullet(EnhetId.of(TestData.TEST_OPPFOLGINGSENHET_ID))).thenReturn(true)
         withContext(UserRole.INTERN) { authService.sjekkTilgangTilBrukerOgEnhet(TestData.TEST_FNR) }
@@ -185,6 +184,9 @@ class AuthServiceTest {
             )
         ).thenReturn(false)
         `when`(pep.harVeilederTilgangTilEnhet(any(), any())).thenReturn(true)
+        whenever(
+            poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
+        ).thenReturn(ApiResult.success(Decision.Deny("","")))
         `when`(utrullingService.erUtrullet(EnhetId.of(TestData.TEST_OPPFOLGINGSENHET_ID))).thenReturn(true)
         withContext(UserRole.INTERN) {
             assertThrowsWithMessage<ResponseStatusException>("403 FORBIDDEN") {
@@ -201,6 +203,9 @@ class AuthServiceTest {
             )
         ).thenReturn(true)
         `when`(pep.harVeilederTilgangTilEnhet(any(), any())).thenReturn(false)
+        whenever(
+            poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
+        ).thenReturn(ApiResult.success(Decision.Deny("","")))
         `when`(utrullingService.erUtrullet(EnhetId.of(TestData.TEST_OPPFOLGINGSENHET_ID))).thenReturn(true)
         withContext(UserRole.INTERN) {
             assertThrowsWithMessage<ResponseStatusException>("403 FORBIDDEN") {
@@ -216,6 +221,9 @@ class AuthServiceTest {
                 any(), any(), any()
             )
         ).thenReturn(true)
+        whenever(
+            poaoTilgangClient.evaluatePolicy(org.mockito.kotlin.any())
+        ).thenReturn(ApiResult.success(Decision.Permit))
         `when`(pep.harVeilederTilgangTilEnhet(any(), any())).thenReturn(true)
         `when`(utrullingService.erUtrullet(EnhetId.of(TestData.TEST_OPPFOLGINGSENHET_ID))).thenReturn(false)
         withContext(UserRole.INTERN) {

diff --git a/src/test/java/no/nav/veilarbvedtaksstotte/service/VedtakServiceTest.java b/src/test/java/no/nav/veilarbvedtaksstotte/service/VedtakServiceTest.java
@@ -13,7 +13,9 @@
 import no.nav.common.types.identer.NavIdent;
 import no.nav.common.utils.Credentials;
 import no.nav.common.utils.fn.UnsafeRunnable;
+import no.nav.poao_tilgang.client.Decision;
 import no.nav.poao_tilgang.client.PoaoTilgangClient;
+import no.nav.poao_tilgang.client.api.ApiResult;
 import no.nav.veilarbvedtaksstotte.client.aiaBackend.*;
 import no.nav.veilarbvedtaksstotte.client.arena.VeilarbArenaOppfolging;
 import no.nav.veilarbvedtaksstotte.client.arena.VeilarbarenaClient;
@@ -49,12 +51,7 @@
 import org.junit.jupiter.api.Test;
 import org.springframework.web.server.ResponseStatusException;
 
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-import java.util.Map;
-import java.util.HashMap;
+import java.util.*;
 
 import static no.nav.veilarbvedtaksstotte.client.regoppslag.RegoppslagResponseDTO.AdresseType.NORSKPOSTADRESSE;
 import static no.nav.veilarbvedtaksstotte.utils.TestData.*;
@@ -149,6 +146,7 @@ public void setup() {
         reset(dokarkivClient);
         reset(vedtakHendelserService);
         doReturn(TEST_VEILEDER_IDENT).when(authService).getInnloggetVeilederIdent();
+        doReturn(UUID.randomUUID()).when(authService).hentInnloggetVeilederUUID();
         when(veilederService.hentEnhetNavn(TEST_OPPFOLGINGSENHET_ID)).thenReturn(TEST_OPPFOLGINGSENHET_NAVN);
         when(veilederService.hentVeileder(TEST_VEILEDER_IDENT)).thenReturn(new Veileder(TEST_VEILEDER_IDENT, TEST_VEILEDER_NAVN));
         when(veilederService.hentVeilederEllerNull(TEST_VEILEDER_IDENT)).thenReturn(Optional.of(new Veileder(TEST_VEILEDER_IDENT, TEST_VEILEDER_NAVN)));
@@ -174,6 +172,7 @@ public void setup() {
         when(enhetInfoService.utledEnhetKontaktinformasjon(EnhetId.of(TEST_OPPFOLGINGSENHET_ID)))
                 .thenReturn(new EnhetKontaktinformasjon(EnhetId.of(TEST_OPPFOLGINGSENHET_ID), new EnhetStedsadresse("","","","","",""), ""));
         when(pdfClient.genererPdf(any())).thenReturn(new byte[]{});
+        when(poaoTilgangClient.evaluatePolicy(any())).thenReturn(new ApiResult<>(null, Decision.Permit.INSTANCE));
     }
 
     @Test