From e9e714db416d3acc795868e1db73d2bfc1fdc644 Mon Sep 17 00:00:00 2001
From: Ola Alstad <OALST@equinor.com>
Date: Tue, 3 Dec 2024 10:10:13 +0100
Subject: [PATCH] Add oauth with role on workflow endpoints

---
 api/Controllers/Models/Role.cs          | 6 ++++++
 api/Controllers/WorkflowsControlller.cs | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/api/Controllers/Models/Role.cs b/api/Controllers/Models/Role.cs
index ff50b19..518426b 100644
--- a/api/Controllers/Models/Role.cs
+++ b/api/Controllers/Models/Role.cs
@@ -5,6 +5,7 @@ public class Role
     private const string ReadOnlyRole = "Role.ReadOnly";
     private const string UserRole = "Role.User";
     private const string AdminRole = "Role.Admin";
+    private const string WorkflowStatusWriteRole = "WorkflowStatus.Write";
 
     /// <summary>
     /// The user must be an admin
@@ -25,4 +26,9 @@ public class Role
     public const string Any = $"{ReadOnlyRole}, {UserRole}, {Admin}";
 
     public const string InspectionDataRead = "InspectionData.Read";
+
+    /// <summary>
+    /// Role required to update workflow statuses
+    /// </summary>
+    public const string WorkflowStatusWrite = WorkflowStatusWriteRole;
 }
diff --git a/api/Controllers/WorkflowsControlller.cs b/api/Controllers/WorkflowsControlller.cs
index 8c5d60b..ac97029 100644
--- a/api/Controllers/WorkflowsControlller.cs
+++ b/api/Controllers/WorkflowsControlller.cs
@@ -27,7 +27,7 @@ public class WorkflowsController(IInspectionDataService inspectionDataService) :
     /// Updates status of inspection data to started
     /// </summary>
     [HttpPut]
-    [AllowAnonymous] // TODO: Implement role for notifying and machine-to-machine oauth
+    [Authorize(Roles = Role.WorkflowStatusWrite)]
     [Route("notify-workflow-started")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -45,7 +45,7 @@ public async Task<ActionResult<InspectionDataResponse>> WorkflowStarted([FromBod
     /// Updates status of inspection data to exit with success or failure
     /// </summary>
     [HttpPut]
-    [AllowAnonymous] // TODO: Implement role for notifying and machine-to-machine oauth
+    [Authorize(Roles = Role.WorkflowStatusWrite)]
     [Route("notify-workflow-exited")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]