Get active group from Authetication in security rule (#439)

* Get active group from Authetication in security rule

* Add auth to test

* Format

---------

Co-authored-by: Jorgen-5 <rlj@ssb.no>

Author: Jorgen-5

src/main/kotlin/no/ssb/metadata/vardef/security/VariableOwnerSecurityRule.kt

@@ -14,7 +14,6 @@ import io.micronaut.web.router.RouteAttributes
 import io.micronaut.web.router.RouteMatch
 import jakarta.inject.Singleton
 import no.ssb.metadata.vardef.constants.ACTIVE_GROUP
-import no.ssb.metadata.vardef.constants.LABID_ACTIVE_GROUP
 import no.ssb.metadata.vardef.constants.VARIABLE_DEFINITION_ID_PATH_VARIABLE
 import no.ssb.metadata.vardef.models.Owner
 import no.ssb.metadata.vardef.models.SavedVariableDefinition
@@ -118,11 +117,8 @@ class VariableOwnerSecurityRule(
             // The next call is blocking, so we need to run it on another thread
             .publishOn(Schedulers.boundedElastic())
             .map { definitionId ->
-                // Get active group from either query params or authentication claims
-                val activeGroup =
-                    request.parameters
-                        .getFirst(ACTIVE_GROUP)
-                        .orElseGet { authentication.attributes[LABID_ACTIVE_GROUP] as? String }
+                // Get active group from authentication attributes
+                val activeGroup = authentication.attributes[ACTIVE_GROUP] as String?
                 if (activeGroup == null) {
                     logger.info("No active group found in request or authentication claims. Request: $request")
                     return@map false

src/test/kotlin/no/ssb/metadata/vardef/controllers/validityperiods/CreateTests.kt

@@ -422,4 +422,29 @@ class CreateTests : BaseVardefTest() {
             .then()
             .statusCode(HttpStatus.BAD_REQUEST.code)
     }
+
+    @Test
+    fun `create new validity period with active group as paramater and labid token`(spec: RequestSpecification) {
+        spec
+            .given()
+            .contentType(ContentType.JSON)
+            .body(allMandatoryFieldsChanged())
+            .queryParam(ACTIVE_GROUP, "other-group-developers")
+            .`when`()
+            .post("/variable-definitions/${INCOME_TAX_VP1_P1.definitionId}/validity-periods")
+            .then()
+            .statusCode(201)
+        val lastPatchInSecondToLastValidityPeriod =
+            validityPeriods
+                .getAsMap(INCOME_TAX_VP1_P1.definitionId)
+                .let { it.values.elementAt(it.values.size - 2) }
+                ?.last()
+        val lastPatch = patches.latest(INCOME_TAX_VP1_P1.definitionId)
+        assertThat(
+            lastPatch.validUntil,
+        ).isNull()
+        assertThat(
+            lastPatchInSecondToLastValidityPeriod?.validUntil,
+        ).isEqualTo(lastPatch.validFrom.minusDays(1))
+    }
 }

src/test/kotlin/no/ssb/metadata/vardef/security/KeycloakTokenSupportTest.kt

@@ -16,7 +16,7 @@ import org.junit.jupiter.params.provider.MethodSource
 import java.util.stream.Stream
 
 @MicronautTest
-class KeycloakTokenSupportTest {
+class KeycloakTokenSupportTest : BaseVardefTest() {
     @ParameterizedTest
     @MethodSource("variableCreatorOperations")
     @MethodSource("variableOwnerOperations")
@@ -138,6 +138,8 @@ class KeycloakTokenSupportTest {
         }
         spec
             .given()
+            .auth()
+            .oauth2(JwtTokenHelper.jwtTokenSigned().parsedString)
             .queryParam(ACTIVE_GROUP, "play-foeniks-a-developers")
             .`when`()
             .request(method, path)