Add oauth with role on workflow endpoints

equinor · Dec 23, 2024 · 8627f8b · 8627f8b
1 parent bac8e68
commit 8627f8b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/api/Controllers/Models/Role.cs b/api/Controllers/Models/Role.cs
@@ -6,6 +6,7 @@ public class Role
     private const string UserRole = "Role.User";
     private const string AdminRole = "Role.Admin";
     public const string InspectionDataRead = "InspectionData.Read";
+    private const string WorkflowStatusWriteRole = "WorkflowStatus.Write";
 
     /// <summary>
     /// The user must be an admin
@@ -24,4 +25,8 @@ public class Role
     /// </para>
     /// </summary>
     public const string Any = $"{ReadOnlyRole}, {UserRole}, {Admin}, {InspectionDataRead}";
+    /// <summary>
+    /// Role required to update workflow statuses
+    /// </summary>
+    public const string WorkflowStatusWrite = WorkflowStatusWriteRole;
 }
diff --git a/api/Controllers/WorkflowsControlller.cs b/api/Controllers/WorkflowsControlller.cs
@@ -27,7 +27,7 @@ public class WorkflowsController(IInspectionDataService inspectionDataService) :
     /// Updates status of inspection data to started
     /// </summary>
     [HttpPut]
-    [AllowAnonymous] // TODO: Implement role for notifying and machine-to-machine oauth
+    [Authorize(Roles = Role.WorkflowStatusWrite)]
     [Route("notify-workflow-started")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -45,7 +45,7 @@ public async Task<ActionResult<InspectionDataResponse>> WorkflowStarted([FromBod
     /// Updates status of inspection data to exit with success or failure
     /// </summary>
     [HttpPut]
-    [AllowAnonymous] // TODO: Implement role for notifying and machine-to-machine oauth
+    [Authorize(Roles = Role.WorkflowStatusWrite)]
     [Route("notify-workflow-exited")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]