Commit Graph

2 Commits

Author SHA1 Message Date
7887355ca3 docs(prd): add PRD-0002 — attribute-based access control (ABAC)
Specifies fine-grained, app-owned access control layered on the AD roles: capability
gating, data-scoping, field/PII-level, and step-up/SoD. Backend-authoritative (per
ADR-0001), UI mirrors decisions; extends ADR-0002. Privacy-by-design: data-minimized
decision DTOs, server-side PII redaction, audit, deny-by-default.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 12:33:12 +02:00
8c3f4c22ee Mijn aanvragen (A): backend Aanvraag store + lifecycle endpoints
Adds the backend-owned Aanvraag aggregate (PRD 0001, phase A) — the system of
record the dashboard will read. In-memory static store mirroring DocumentStore.

- ApplicationStore: create/get/list/draft-sync/cancel/submit; status COMPUTED ON
  READ (Mappers.ToStatusDto(now)) so auto-approval is pure timestamp arithmetic,
  no timers/jobs (ProcessingWindow = 8s).
- Endpoints: GET /applications, GET/POST/PUT/DELETE /applications/{id},
  POST /applications/{id}/submit.
- Lifecycle: registratie duo -> auto (Goedgekeurd after window), handmatig ->
  manual pending (no 422); herregistratie/intake 0 uren -> Afgewezen else auto.
  Cancel blocks submitted aanvragen (409, no withdrawal in scope).
- Old /registrations endpoint + RejectRegistratie 422 left intact (retire in E).
- ApplicationTests: lifecycle + auto-approve window boundary (pure). 54/54 green.

Also checks in the PRD (docs/prd/0001).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 11:35:19 +02:00