From b5e791eaf5527ce4de39df5476029d690ea516c7 Mon Sep 17 00:00:00 2001 From: Sergei Maertens Date: Wed, 3 Jul 2024 12:27:14 +0200 Subject: [PATCH] :sparkles: [#3967] Add 'auth_context_branch_number' static variable For eherkenning authentication, this will contain the branch number that the employee is authenticated/authorized for. --- docs/manual/forms/variables.rst | 7 ++- .../static_variables/static_variables.py | 15 +++++ .../tests/test_static_variables.py | 59 +++++++++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) diff --git a/docs/manual/forms/variables.rst b/docs/manual/forms/variables.rst index a053861c04..5d7c58989f 100644 --- a/docs/manual/forms/variables.rst +++ b/docs/manual/forms/variables.rst @@ -112,7 +112,8 @@ authenticatiecontextdatamodel_. De structuur is als volgt: "authorizee": { "legalSubject": { "identifierType": "string", - "identifier": "string" + "identifier": "string", + "branchNumber": "string" }, "actingSubject": { "identifierType": "string", @@ -169,6 +170,10 @@ De onderdelen van deze structuur worden ook als individuele variabelen aangebode Identificatie van de (wettelijke) vertegenwoordiger. Leeg indien het formulier zonder inloggen gestart is. +``auth_context_branch_number`` + Vestigingsnummer waarvoor de medewerker ingelogd is. Leeg indien het geen + eHerkenning-login betreft. + ``auth_context_acting_subject_identifier_type`` In de praktijk zal de waarde altijd ``opaque`` of leeg zijn. Geeft aan hoe de identificatie van de handelende persoon ("de persoon aan de knoppen") diff --git a/src/openforms/authentication/static_variables/static_variables.py b/src/openforms/authentication/static_variables/static_variables.py index 07fd98019f..f9d9fa9b4d 100644 --- a/src/openforms/authentication/static_variables/static_variables.py +++ b/src/openforms/authentication/static_variables/static_variables.py @@ -192,6 +192,21 @@ def get_initial_value(self, submission: Submission | None = None) -> str: return auth_context["authorizee"]["legalSubject"]["identifier"] +@register_static_variable("auth_context_branch_number") +class AuthContextBranchNumber(BaseStaticVariable): + name = _("Authentication context data: branch number") + data_type = FormVariableDataTypes.string + + def get_initial_value(self, submission: Submission | None = None) -> str: + if submission is None or not submission.is_authenticated: + return "" + auth_context = submission.auth_info.to_auth_context_data() + if auth_context["source"] != "eherkenning": + return "" + legal_subject = auth_context["authorizee"]["legalSubject"] + return legal_subject.get("branchNumber", "") + + @register_static_variable("auth_context_acting_subject_identifier_type") class AuthContextActingSubjectIdentifierType(BaseStaticVariable): name = _("Authentication context data: authorizee, acting subject identifier type") diff --git a/src/openforms/authentication/tests/test_static_variables.py b/src/openforms/authentication/tests/test_static_variables.py index 8c693ed5a5..f6020c5616 100644 --- a/src/openforms/authentication/tests/test_static_variables.py +++ b/src/openforms/authentication/tests/test_static_variables.py @@ -77,3 +77,62 @@ def test_language_code_variable(self): } self.assertEqual(static_data["language_code"], "nl") + + def test_branch_number_variable(self): + cases = ( + ( + AuthInfoFactory.create( + is_digid=True, + legal_subject_service_restriction="foo", + ), + "", + ), + ( + AuthInfoFactory.create( + is_digid_machtigen=True, + legal_subject_service_restriction="foo", + ), + "", + ), + ( + AuthInfoFactory.create( + is_eh=True, + legal_subject_service_restriction="123456789012", + ), + "123456789012", + ), + ( + AuthInfoFactory.create( + is_eh_bewindvoering=True, + legal_subject_service_restriction="123456789012", + ), + "123456789012", + ), + ( + AuthInfoFactory.create( + is_eh=True, + legal_subject_service_restriction="", + ), + "", + ), + ( + AuthInfoFactory.create( + is_eh_bewindvoering=True, + legal_subject_service_restriction="", + ), + "", + ), + ) + for auth_info, expected in cases: + with self.subTest( + attribute=auth_info.attribute, + service_restriction=auth_info.legal_subject_service_restriction, + ): + static_data = { + variable.key: variable.initial_value + for variable in get_static_variables( + submission=auth_info.submission + ) + } + + self.assertEqual(static_data["auth_context_branch_number"], expected)