Skip to content

Commit

Permalink
[#2863] When retrieving eHerkenning-cases, filter on either vestiging…
Browse files Browse the repository at this point in the history 
…snummer or rsin/kvk, but not both
  • Loading branch information
@alextreme
alextreme committed Nov 15, 2024
1 parent 5e660ba commit 4f5cf5d
Show file tree
Hide file tree
Showing 4 changed files with 148 additions and 88 deletions.
28 changes: 15 additions & 13 deletions src/open_inwoner/cms/cases/views/mixins.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,11 @@ class CaseAccessMixin(AccessMixin):

def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated:
logger.debug("CaseAccessMixin - permission denied: user not authenticated")
logger.info("CaseAccessMixin - permission denied: user not authenticated")
return self.handle_no_permission()

if not request.user.bsn and not request.user.kvk:
logger.debug(
logger.info(
"CaseAccessMixin - permission denied: user doesn't have a bsn or kvk number"
)
return self.handle_no_permission()
Expand All @@ -71,8 +71,8 @@ def dispatch(self, request, *args, **kwargs):
if not client.fetch_roles_for_case_and_bsn(
self.case.url, request.user.bsn
):
logger.debug(
f"CaseAccessMixin - permission denied: no role for the case {self.case.url}"
logger.info(
f"CaseAccessMixin - permission denied via bsn: no role for the case {self.case.url}"
)
return self.handle_no_permission()
elif request.user.kvk:
Expand All @@ -88,16 +88,18 @@ def dispatch(self, request, *args, **kwargs):
self.case.url, vestigingsnummer
)
):
logger.debug(
f"CaseAccessMixin - permission denied: no role for the case {self.case.url}"
logger.info(
f"CaseAccessMixin - permission denied via vestigingsnummer: no role for the case {self.case.url}"
)
return self.handle_no_permission()

if not client.fetch_roles_for_case_and_kvk_or_rsin(
self.case.url, identifier
if (identifier and not vestigingsnummer and
not client.fetch_roles_for_case_and_kvk_or_rsin(
self.case.url, identifier
)
):
logger.debug(
f"CaseAccessMixin - permission denied: no role for the case {self.case.url}"
logger.info(
f"CaseAccessMixin - permission denied via kvk/rsin: no role for the case {self.case.url}"
)
return self.handle_no_permission()

Expand All @@ -107,14 +109,14 @@ def dispatch(self, request, *args, **kwargs):
self.case.zaaktype
)
if not self.case.zaaktype:
logger.debug(
logger.info(
f"CaseAccessMixin - permission denied: no case type for case {self.case.url}"
)
return self.handle_no_permission()

# check if case + case-type are visible
if not is_zaak_visible(self.case):
logger.debug(
logger.info(
f"CaseAccessMixin - permission denied: case {self.case.url} is not visible"
)
return self.handle_no_permission()
Expand All @@ -135,7 +137,7 @@ def dispatch(self, request, *args, **kwargs):
and not request.user.bsn
and not request.user.kvk
):
logger.debug(
logger.info(
"OuterCaseAccessMixin - permission denied: user doesn't have a bsn or kvk number"
)
return self.handle_no_permission()
Expand Down
1 change: 0 additions & 1 deletion src/open_inwoner/cms/products/tests/test_plugin_categories.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -665,7 +665,6 @@ def test_categories_based_on_cases_for_eherkenning_user_with_vestigingsnummer(
furl(f"{ZAKEN_ROOT}zaken")
.add(
{
"rol__betrokkeneIdentificatie__nietNatuurlijkPersoon__innNnpId": identifier,
"maximaleVertrouwelijkheidaanduiding": VertrouwelijkheidsAanduidingen.beperkt_openbaar,
"rol__betrokkeneIdentificatie__vestiging__vestigingsNummer": "1234",
}
Expand Down
29 changes: 19 additions & 10 deletions src/open_inwoner/openzaak/clients.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,14 +79,18 @@ def fetch_cases(
return self.fetch_cases_by_bsn(
user_bsn, max_requests=max_requests, identificatie=identificatie
)

if vestigingsnummer:
return self.fetch_cases_for_company(
max_requests=max_requests,
zaak_identificatie=identificatie,
vestigingsnummer=vestigingsnummer,
)
if user_kvk or user_rsin:
user_kvk_or_rsin = user_rsin if user_rsin else user_kvk
return self.fetch_cases_by_kvk_or_rsin(
user_kvk_or_rsin,
return self.fetch_cases_for_company(
kvk_or_rsin=user_kvk_or_rsin,
max_requests=max_requests,
zaak_identificatie=identificatie,
vestigingsnummer=vestigingsnummer,
)
return []

Expand Down Expand Up @@ -142,36 +146,41 @@ def fetch_cases_by_bsn(
"{self.base_url}:cases:{kvk_or_rsin}:{vestigingsnummer}:{max_requests}:{zaak_identificatie}",
timeout=settings.CACHE_ZGW_ZAKEN_TIMEOUT,
)
def fetch_cases_by_kvk_or_rsin(
def fetch_cases_for_company(
self,
kvk_or_rsin: str | None,
kvk_or_rsin: str | None = None,
max_requests: int | None = 4,
zaak_identificatie: str | None = None,
vestigingsnummer: str | None = None,
) -> list[Zaak]:
"""
retrieve cases for particular company with allowed confidentiality level
:param kvk_or_rsin: - used to filter the cases by a KVK number or RSIN (configured via OpenZaakConfig)
:param max_requests: - used to limit the number of requests to list_zaken resource.
:param zaak_identificatie: - used to filter the cases by a unique Zaak identification number
:param vestigingsnummer: - used to filter the cases by a vestigingsnummer
"""
if not kvk_or_rsin:
return []

config = OpenZaakConfig.get_solo()

params = {
"rol__betrokkeneIdentificatie__nietNatuurlijkPersoon__innNnpId": kvk_or_rsin,
"maximaleVertrouwelijkheidaanduiding": config.zaak_max_confidentiality,
}

if vestigingsnummer:
params.update(
{
"rol__betrokkeneIdentificatie__vestiging__vestigingsNummer": vestigingsnummer,
}
)
elif kvk_or_rsin:
params.update(
{
"rol__betrokkeneIdentificatie__nietNatuurlijkPersoon__innNnpId": kvk_or_rsin,
}
)
else:
return []

if zaak_identificatie:
params.update({"identificatie": zaak_identificatie})
Expand Down
178 changes: 114 additions & 64 deletions src/open_inwoner/openzaak/tests/test_cases.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,6 @@ def _setUpMocks(self, m):
furl(f"{self.zaken_root}zaken")
.add(
{
"rol__betrokkeneIdentificatie__nietNatuurlijkPersoon__innNnpId": identifier,
"maximaleVertrouwelijkheidaanduiding": VertrouwelijkheidsAanduidingen.beperkt_openbaar,
"rol__betrokkeneIdentificatie__vestiging__vestigingsNummer": "1234",
}
Expand Down Expand Up @@ -778,7 +777,7 @@ def test_list_cases_for_eherkenning_user(self, m):
)

@set_kvk_branch_number_in_session("1234")
def test_list_cases_for_eherkenning_user_with_vestigingsnummer(self, m):
def test_list_cases_for_kvk_user_with_vestigingsnummer(self, m):
"""
If a KVK_BRANCH_NUMBER that is different from the KVK number is specified,
additional filtering by vestiging should be applied when retrieving zaken
Expand All @@ -788,73 +787,124 @@ def test_list_cases_for_eherkenning_user_with_vestigingsnummer(self, m):

self.client.force_login(user=self.eherkenning_user)

for fetch_eherkenning_zaken_with_rsin in [True, False]:
with self.subTest(
fetch_eherkenning_zaken_with_rsin=fetch_eherkenning_zaken_with_rsin
):
self.config.fetch_eherkenning_zaken_with_rsin = (
fetch_eherkenning_zaken_with_rsin
)
self.config.save()
self.config.fetch_eherkenning_zaken_with_rsin = False
self.config.save()

m.reset_mock()
m.reset_mock()

response = self.client.get(self.inner_url, HTTP_HX_REQUEST="true")
response = self.client.get(self.inner_url, HTTP_HX_REQUEST="true")

expected_cases = [
{
"uuid": mock.zaak_eherkenning1["uuid"],
"start_date": datetime.date.fromisoformat(
mock.zaak_eherkenning1["startdatum"]
),
"end_date": None,
"identification": mock.zaak_eherkenning1["identificatie"],
"description": mock.zaaktype["omschrijving"],
"current_status": mock.status_type_initial["omschrijving"],
"zaaktype_config": mock.zaaktype_config1,
"statustype_config": mock.zt_statustype_config1,
"case_type": "Zaak",
"api_group": self.api_groups[i],
}
for i, mock in enumerate(self.mocks)
]
self.assertListEqual(
response.context["cases"],
expected_cases,
)
for mock in self.mocks:
# don't show internal cases
self.assertNotContains(response, mock.zaak_intern["omschrijving"])
self.assertNotContains(response, mock.zaak_intern["identificatie"])
expected_cases = [
{
"uuid": mock.zaak_eherkenning1["uuid"],
"start_date": datetime.date.fromisoformat(
mock.zaak_eherkenning1["startdatum"]
),
"end_date": None,
"identification": mock.zaak_eherkenning1["identificatie"],
"description": mock.zaaktype["omschrijving"],
"current_status": mock.status_type_initial["omschrijving"],
"zaaktype_config": mock.zaaktype_config1,
"statustype_config": mock.zt_statustype_config1,
"case_type": "Zaak",
"api_group": self.api_groups[i],
}
for i, mock in enumerate(self.mocks)
]
self.assertListEqual(
response.context["cases"],
expected_cases,
)
for mock in self.mocks:
# don't show internal cases
self.assertNotContains(response, mock.zaak_intern["omschrijving"])
self.assertNotContains(response, mock.zaak_intern["identificatie"])

# check zaken request query parameters
for zaken_root in ("zaken.nl", "andere-zaken.nl"):
list_zaken_req = [
req
for req in m.request_history
if req.hostname == zaken_root and req.path == "/api/v1/zaken"
][0]
identifier = (
self.eherkenning_user.rsin
if fetch_eherkenning_zaken_with_rsin
else self.eherkenning_user.kvk
)
# check zaken request query parameters
for zaken_root in ("zaken.nl", "andere-zaken.nl"):
list_zaken_req = [
req
for req in m.request_history
if req.hostname == zaken_root and req.path == "/api/v1/zaken"
][0]

self.assertEqual(len(list_zaken_req.qs), 3)
self.assertEqual(
list_zaken_req.qs,
{
"rol__betrokkeneidentificatie__nietnatuurlijkpersoon__innnnpid": [
identifier
],
"maximalevertrouwelijkheidaanduiding": [
VertrouwelijkheidsAanduidingen.beperkt_openbaar
],
"rol__betrokkeneidentificatie__vestiging__vestigingsnummer": [
"1234"
],
},
)
self.assertEqual(len(list_zaken_req.qs), 2)
self.assertEqual(
list_zaken_req.qs,
{
"maximalevertrouwelijkheidaanduiding": [
VertrouwelijkheidsAanduidingen.beperkt_openbaar
],
"rol__betrokkeneidentificatie__vestiging__vestigingsnummer": [
"1234"
],
},
)

@set_kvk_branch_number_in_session("1234")
def test_list_cases_for_rsin_user_with_vestigingsnummer(self, m):
"""
If a KVK_BRANCH_NUMBER that is different from the RSIN number is specified,
cases should be filter by vestigingsnummber rather than rsin
"""
for mock in self.mocks:
mock._setUpMocks(m)

self.client.force_login(user=self.eherkenning_user)

self.config.fetch_eherkenning_zaken_with_rsin = True
self.config.save()

m.reset_mock()

response = self.client.get(self.inner_url, HTTP_HX_REQUEST="true")

expected_cases = [
{
"uuid": mock.zaak_eherkenning1["uuid"],
"start_date": datetime.date.fromisoformat(
mock.zaak_eherkenning1["startdatum"]
),
"end_date": None,
"identification": mock.zaak_eherkenning1["identificatie"],
"description": mock.zaaktype["omschrijving"],
"current_status": mock.status_type_initial["omschrijving"],
"zaaktype_config": mock.zaaktype_config1,
"statustype_config": mock.zt_statustype_config1,
"case_type": "Zaak",
"api_group": self.api_groups[i],
}
for i, mock in enumerate(self.mocks)
]
self.assertListEqual(
response.context["cases"],
expected_cases,
)
for mock in self.mocks:
# don't show internal cases
self.assertNotContains(response, mock.zaak_intern["omschrijving"])
self.assertNotContains(response, mock.zaak_intern["identificatie"])

# check zaken request query parameters
for zaken_root in ("zaken.nl", "andere-zaken.nl"):
list_zaken_req = [
req
for req in m.request_history
if req.hostname == zaken_root and req.path == "/api/v1/zaken"
][0]

self.assertEqual(len(list_zaken_req.qs), 2)
self.assertEqual(
list_zaken_req.qs,
{
"maximalevertrouwelijkheidaanduiding": [
VertrouwelijkheidsAanduidingen.beperkt_openbaar
],
"rol__betrokkeneidentificatie__vestiging__vestigingsnummer": [
"1234"
],
},
)

def test_list_cases_for_eherkenning_user_missing_rsin(self, m):
for mock in self.mocks:
Expand Down

0 comments on commit 4f5cf5d

Please sign in to comment.