equinor · olaals · Dec 3, 2024
diff --git a/api/Controllers/Models/Role.cs b/api/Controllers/Models/Role.cs
@@ -5,6 +5,7 @@ public class Role
     private const string ReadOnlyRole = "Role.ReadOnly";
     private const string UserRole = "Role.User";
     private const string AdminRole = "Role.Admin";
+    private const string WorkflowStatusWriteRole = "WorkflowStatus.Write";
 
     /// <summary>
     /// The user must be an admin
@@ -25,4 +26,9 @@ public class Role
     public const string Any = $"{ReadOnlyRole}, {UserRole}, {Admin}";
 
     public const string InspectionDataRead = "InspectionData.Read";
+
+    /// <summary>
+    /// Role required to update workflow statuses
+    /// </summary>
+    public const string WorkflowStatusWrite = WorkflowStatusWriteRole;
 }
diff --git a/api/Controllers/WorkflowsControlller.cs b/api/Controllers/WorkflowsControlller.cs
@@ -27,7 +27,7 @@ public class WorkflowsController(IInspectionDataService inspectionDataService) :
     /// Updates status of inspection data to started
     /// </summary>
     [HttpPut]
-    [AllowAnonymous] // TODO: Implement role for notifying and machine-to-machine oauth
+    [Authorize(Roles = Role.WorkflowStatusWrite)]
     [Route("notify-workflow-started")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -45,7 +45,7 @@ public async Task<ActionResult<InspectionDataResponse>> WorkflowStarted([FromBod
     /// Updates status of inspection data to exit with success or failure
     /// </summary>
     [HttpPut]
-    [AllowAnonymous] // TODO: Implement role for notifying and machine-to-machine oauth
+    [Authorize(Roles = Role.WorkflowStatusWrite)]
     [Route("notify-workflow-exited")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]