Add the ACL skeleton (Application/Infrastructure/Api per §9) and failing xUnit tests for the single operation: AclService.OpenZaakAsync must default-fill bronorganisatie, verantwoordelijkeOrganisatie, startdatum (clock) and vertrouwelijkheidaanduiding and delegate to the gateway; the OpenZaakGateway must POST the zaak to OpenZaak with a Bearer JWT and the default-filled body. Implementations throw NotImplementedException — red. Also add ADR-0003 (default-fill strategy). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2.2 KiB
2.2 KiB
ADR-0003: ACL default-fill strategy
- Status: Accepted
- Date: 2026-06-04
- Deciders: Respellion engineering
- Relates to: S-04 (#5); builds on ADR-0001 (loose coupling)
Context
The ACL is the only code that talks to ZGW APIs (ADR-0001 / CLAUDE.md §8.1). When the
domain asks it to "open a zaak", the domain payload is intentionally free of ZGW
specifics — it carries domain facts (e.g. the registrant's BSN), not OpenZaak fields. But
OpenZaak's POST /zaken requires ZGW-mandatory fields: bronorganisatie,
verantwoordelijkeOrganisatie, startdatum, vertrouwelijkheidaanduiding, and a
zaaktype URL. Something has to supply those, and it must not leak into the domain.
Decision
The ACL default-fills the ZGW-mandatory zaak fields; the domain never sees them.
bronorganisatie,verantwoordelijkeOrganisatie,vertrouwelijkheidaanduiding, and thezaaktypeURL come from ACL configuration (AclDefaultsoptions) — not hardcoded, not from the domain. This keeps them operationally manageable (the beheer portal will edit them in S-15) and environment-specific (the seeded BIG zaaktype URL differs per env).startdatumis derived from an injected clock (today's date), so it is deterministic in tests.- The mapping from domain payload → ZGW
ZaakRequestlives entirely inside the ACL (Applicationbuilds the request from payload + defaults;Infrastructureserialises and POSTs it). No other service constructs ZGW payloads or URLs.
Consequences
- Positive: the domain stays ZGW-agnostic; ZGW knowledge is in one named place; defaults are config (testable, env-specific, later editable via the beheer portal).
- Cost: the ACL must be configured per environment (the seeded zaaktype URL, the organisation RSINs). Missing/invalid config fails fast at the ACL boundary.
- Follow-ups: mapping the BSN onto the zaak (eigenschap/rol), status transitions, and documents are explicitly out of scope for S-04 and get their own slices.
Alternatives considered
- Defaults in the domain payload — rejected: leaks ZGW concerns into the domain, violating ADR-0001.
- Hardcoded defaults in code — rejected: not env-specific, not operationally editable.