ADD: new azure group for PVO

Co-authored-by: andregroseth <[email protected]>

apps/backend/nais/backend-dev-gcp-vars.yaml

@@ -22,5 +22,7 @@ env:
     value: bf05a29f-6f80-4da1-b419-22c802fd41e7
   - name: AZURE_CLIENT_GROUPS_KRAVEIER
     value: d99d875c-c028-46a4-94bc-a87a633b3eee
+  - name: AZURE_CLIENT_GROUPS_PVO
+    value: 1e0cb856-a8ba-4294-aab3-8162e3ebe1ea
   - name: CLIENT_BEGREPSKATALOG_FRONTEND_URL
     value: https://begrepskatalog.intern.nav.no/begrep

apps/backend/nais/backend-prod-gcp-vars.yaml

@@ -19,5 +19,7 @@ env:
     value: bf05a29f-6f80-4da1-b419-22c802fd41e7
   - name: AZURE_CLIENT_GROUPS_KRAVEIER
     value: d99d875c-c028-46a4-94bc-a87a633b3eee
+  - name: AZURE_CLIENT_GROUPS_PVO
+    value: 1e0cb856-a8ba-4294-aab3-8162e3ebe1ea
   - name: CLIENT_BEGREPSKATALOG_FRONTEND_URL
     value: https://begrepskatalog.intern.nav.no/begrep

apps/backend/src/main/java/no/nav/data/common/security/RoleSupport.java

@@ -46,6 +46,9 @@ private AppRole roleFor(String group) {
         if (securityProperties.getKraveierGroups().contains(group)) {
             return AppRole.KRAVEIER;
         }
+        if (securityProperties.getPvoGroups().contains(group)) {
+            return AppRole.PERSONVERNOMBUD;
+        }
         // for future - add team -> system roles here
         return null;
     }

apps/backend/src/main/java/no/nav/data/common/security/SecurityProperties.java

@@ -21,6 +21,7 @@ public class SecurityProperties {
     private List<String> writeGroups;
     private List<String> adminGroups;
     private List<String> kraveierGroups;
+    private List<String> pvoGroups;
     private List<String> redirectUris;
     private String env;
     private List<String> devEmailAllowList;

apps/backend/src/main/java/no/nav/data/common/security/SecurityUtils.java

@@ -34,6 +34,10 @@ public static boolean isKravEier() {
         return getCurrentUser().map(UserInfo::isKravEier).orElse(false);
     }
 
+    public  static boolean isPersonvernombud() {
+        return getCurrentUser().map(UserInfo::isPersonvernombud).orElse(false);
+    }
+
     public static boolean isUserOrAdmin(String ident) {
         return getCurrentIdent().equals(ident) || isAdmin();
     }

apps/backend/src/main/java/no/nav/data/common/security/azure/AzureUserInfo.java

@@ -86,6 +86,11 @@ public boolean isKravEier() {
         return groups.contains(AppRole.KRAVEIER.name()) || isAdmin();
     }
 
+    @Override
+    public boolean isPersonvernombud() {
+        return groups.contains(AppRole.PERSONVERNOMBUD.name()) || isAdmin();
+    }
+
     public UserInfoResponse toResponse() {
         return UserInfoResponse.builder()
                 .loggedIn(true)

apps/backend/src/main/java/no/nav/data/common/security/dto/AppRole.java

@@ -7,7 +7,8 @@ public enum AppRole {
     READ,
     WRITE,
     ADMIN,
-    KRAVEIER;
+    KRAVEIER,
+    PERSONVERNOMBUD;
 
     public static final String ROLE_PREFIX = "ROLE_";
 

apps/backend/src/main/java/no/nav/data/common/security/dto/UserInfo.java

@@ -24,5 +24,7 @@ public interface UserInfo {
 
     boolean isKravEier();
 
+    boolean isPersonvernombud();
+
     UserInfoResponse toResponse();
 }

apps/backend/src/main/resources/application-local.yml

@@ -30,3 +30,4 @@ AZURE_APP_CLIENT_SECRET: secret
 AZURE_CLIENT_GROUPS_ADMIN: bf05a29f-6f80-4da1-b419-22c802fd41e7
 AZURE_CLIENT_GROUPS: 2ee0ef50-718c-43d3-8c05-c839f2dc2490
 AZURE_CLIENT_GROUPS_KRAVEIER: d99d875c-c028-46a4-94bc-a87a633b3eee
+AZURE_CLIENT_GROUPS_PVO: 1e0cb856-a8ba-4294-aab3-8162e3ebe1ea

apps/backend/src/main/resources/application.yml

@@ -92,6 +92,7 @@ etterlev:
     enc-key: ${AZURE_TOKEN_ENC_KEY:tokenkey}
     env: ${NAIS_CLUSTER_NAME:local}
     kraveier-groups: ${AZURE_CLIENT_GROUPS_KRAVEIER:teamdatajegerne}
+    pvo-groups: ${AZURE_CLIENT_GROUPS_PVO:teamdatajegerne}
     redirectUris: http://localhost:3000
     write-groups: ${AZURE_CLIENT_GROUPS:teamdatajegerne}