chore: adding access check on getOppgave

navikt · Dec 2, 2024 · fe30817 · fe30817
1 parent e26c3c4
commit fe30817
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/main/kotlin/no/nav/sykdig/config/AadRestTemplateConfiguration.kt b/src/main/kotlin/no/nav/sykdig/config/AadRestTemplateConfiguration.kt
@@ -19,7 +19,6 @@ import org.springframework.http.client.ClientHttpRequestExecution
 import org.springframework.http.client.ClientHttpRequestInterceptor
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory
 import org.springframework.security.core.context.ReactiveSecurityContextHolder
-import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
 import org.springframework.stereotype.Component
 import org.springframework.web.client.RestTemplate
@@ -30,8 +29,8 @@ class SykDigTokenResolver : JwtBearerTokenResolver {
     val log = applog()
 
     override fun token(): String? {
-        val autentication = ReactiveSecurityContextHolder.getContext().block()?.authentication as JwtAuthenticationToken
-        return autentication.token.tokenValue
+        val authentication = ReactiveSecurityContextHolder.getContext().block()?.authentication as JwtAuthenticationToken
+        return authentication.token.tokenValue
     }
 }
 

diff --git a/...main/kotlin/no/nav/sykdig/digitalisering/papirsykmelding/api/NasjonalOppgaveController.kt b/...main/kotlin/no/nav/sykdig/digitalisering/papirsykmelding/api/NasjonalOppgaveController.kt
@@ -50,6 +50,7 @@ class NasjonalOppgaveController(
     }
 
     @GetMapping("/oppgave/{oppgaveid}")
+    @PreAuthorize("@oppgaveSecurityService.hasAccessToNasjonalOppgave(#oppgaveId)")
     @ResponseBody
     suspend fun getPapirsykmeldingManuellOppgave(
         @PathVariable oppgaveid: String,