Support for custom button for executing app specific logic in a task

[tjololo]

Description

API part of issue Altinn/app-frontend-react#133

App developers have expressed the need for triggering custom logic when a user clicks a button in the app.
This can be for example fetching some data from a external api based on fields in the datamodel og generating other parts of the data based on already provided data.

Implementation principles

Custom buttons should call a api backend that in turn delegates the actual work to the app developers code.
Following our current design the custom logic will be customisable by implementing a interface and registering it with the DI system in the application and thereby making a good separation of our code and the app developers code.

In scope

• Access control - Custom buttons should be authorized the same ways as ActionButtons (buttons that control process flow)
• Make it possible to inform frontend what fields have changed in the datamodel, if any
• Make it possible to inform frontend if it should move to next/previous page
• Custom buttons and connected action should work for stateless apps

Out of scope

• Custom button in stateless apps

Additional Information

Questions needing answers

• Do backend need additional information from frontend, besides the action name of the button
• Endpoint url backend. Suggestion {org}/{appname}/instances/{instanceOwnerID}/{instanceID}/action how should we provide instanceOwnerPartyId and instanceId
• Should actions be connected to a process step or is that something the implementer needs to take into account? (authorization)

No response

[olemartinorg]

I wrote quite a bit in the frontend spec for this task just now, but I'll stop by to add my two cents to this as well:

Do backend need additional information from frontend, besides the action name of the button?
Yes, I would think you'd need the component ID of the button, and if used in a repeating group you should also have the indexes (i.e. 2,5 or [2,5] for the third row in the first repeating group and the sixth row in the second/nested repeating group). If the app developer wants to, they can use that information, but they wouldn't have to (the component ID would be the same regardless of the indexes).

Endpoint url backend. Suggestion {org}/{appname}/instances/{instanceOwnerID}/{instanceID}/action how should we provide instanceOwnerPartyId and instanceId
That would work for buttons marked as secure, but I would think a more generic endpoint should be used for non-secure buttons (which would also work in stateless apps). This could follow the model used for options/code lists.

[tjololo]

Available in v8.0.0-preview.11