All checks were successful
## What & why
Second half of **S-12c** (behandel-portal backend), completing the decision path per **ADR-0013**:
- **Domain:** `BeoordeelRegistratie` now, after applying the decision (aggregate + ACL for approval), **completes the open Flowable `Beoordelen` task** for that registration (found by registrationId) with the besluit, so the workflow advances. No open task → the decision still stands (completes nothing); idempotent.
- **BFF:** `POST /behandel/registrations/{id}/decide` behind the medewerker/`behandelaar` policy, forwarding `goedkeuren`/`afwijzen` to the domain. Validates the besluit vocabulary (400 on unknown) without troubling the domain.
Behavior: decide is **401** without a token, **403** without the role, **400** for an unknown besluit, **204** (forwarded) for a behandelaar.
This completes the behandel backend. **S-12d** (the Angular behandel-portal + Playwright e2e) closes umbrella #13 and retires the temporary `/approve`.
## Definition of Done
- [x] Linked issue: #13 (umbrella, `refs`)
- [x] Tests first; red → green per layer
- [x] Unit + acceptance green (`make unit`): domain 79, bff 27, acceptance 9 (acl/event-subscriber unaffected)
- [x] Beoordeling acceptance scenario asserts task completion (goedkeuren + afwijzen)
- [x] openapi.json + api-client regenerated (drift guard passes)
- [x] Mutation ≥ break(90): **domain 100%, bff 100%**
- [ ] CI green (pending)
Part of #13.
Reviewed-on: #86
115 lines
3.9 KiB
C#
115 lines
3.9 KiB
C#
using System.Net;
|
|
using System.Net.Http.Headers;
|
|
using System.Net.Http.Json;
|
|
using Bff.Api;
|
|
|
|
namespace Bff.Tests;
|
|
|
|
/// <summary>
|
|
/// The behandel werkbak endpoint (S-12c): reached only with a medewerker-realm token that carries the
|
|
/// <c>behandelaar</c> role. A missing token is 401; an authenticated medewerker without the role is
|
|
/// 403; a behandelaar gets the werkbak (staff view, incl. bsn).
|
|
/// </summary>
|
|
public class BehandelEndpointTests
|
|
{
|
|
private static HttpRequestMessage Werkbak(string? bearer)
|
|
{
|
|
var request = new HttpRequestMessage(HttpMethod.Get, "/behandel/werkbak");
|
|
if (bearer is not null)
|
|
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer);
|
|
return request;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_the_werkbak_without_a_token()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Werkbak(bearer: null));
|
|
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_a_medewerker_without_the_behandelaar_role()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Werkbak(TestTokens.Medewerker("teamlead")));
|
|
|
|
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Serves_the_werkbak_to_a_behandelaar()
|
|
{
|
|
using var factory = new BffFactory();
|
|
factory.Domain.Werkbak.Add(new WerkbakItem("reg-1", "123456782", "InBehandeling"));
|
|
|
|
var response = await factory.CreateClient().SendAsync(Werkbak(TestTokens.Medewerker("behandelaar")));
|
|
|
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
|
var items = await response.Content.ReadFromJsonAsync<List<WerkbakItem>>();
|
|
var item = Assert.Single(items!);
|
|
Assert.Equal("reg-1", item.RegistrationId);
|
|
Assert.Equal("123456782", item.Bsn);
|
|
}
|
|
|
|
private static HttpRequestMessage Decide(string? bearer, string id = "reg-1", string besluit = "goedkeuren")
|
|
{
|
|
var request = new HttpRequestMessage(HttpMethod.Post, $"/behandel/registrations/{id}/decide")
|
|
{
|
|
Content = JsonContent.Create(new { besluit }),
|
|
};
|
|
if (bearer is not null)
|
|
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", bearer);
|
|
return request;
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_a_decision_without_a_token()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Decide(bearer: null));
|
|
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
Assert.Null(factory.Domain.Decided);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_a_decision_from_a_medewerker_without_the_behandelaar_role()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient().SendAsync(Decide(TestTokens.Medewerker("teamlead")));
|
|
|
|
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
|
|
Assert.Null(factory.Domain.Decided);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Forwards_a_behandelaar_decision_to_the_domain()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient()
|
|
.SendAsync(Decide(TestTokens.Medewerker("behandelaar"), id: "reg-42", besluit: "afwijzen"));
|
|
|
|
Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
|
|
Assert.Equal(("reg-42", "afwijzen"), factory.Domain.Decided);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Rejects_an_unknown_besluit_without_calling_the_domain()
|
|
{
|
|
using var factory = new BffFactory();
|
|
|
|
var response = await factory.CreateClient()
|
|
.SendAsync(Decide(TestTokens.Medewerker("behandelaar"), besluit: "misschien"));
|
|
|
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
|
Assert.Null(factory.Domain.Decided);
|
|
}
|
|
}
|