same policy for GET order endpoints

src/Altinn.Notifications/Controllers/EmailNotificationOrdersController.cs

@@ -22,6 +22,7 @@ namespace Altinn.Notifications.Controllers;
 /// </summary>
 [Route("notifications/api/v1/orders/email")]
 [ApiController]
+[Authorize(Policy = AuthorizationConstants.POLICY_CREATE_SCOPE_OR_PLATFORM_ACCESS)]
 [SwaggerResponse(401, "Caller is unauthorized")]
 [SwaggerResponse(403, "Caller is not authorized to access the requested resource")]
 
@@ -45,7 +46,6 @@ public EmailNotificationOrdersController(IValidator<EmailNotificationOrderReques
     /// The system will also attempt to verify that it will be possible to fulfill the order.
     /// </summary>
     /// <returns>The id of the registered notification order</returns>
-    [Authorize(Policy = AuthorizationConstants.POLICY_CREATE_SCOPE_OR_PLATFORM_ACCESS)]
     [HttpPost]
     [Consumes("application/json")]
     [Produces("application/json")]

src/Altinn.Notifications/Controllers/OrdersController.cs

@@ -1,4 +1,5 @@
-using Altinn.Notifications.Core.Services.Interfaces;
+using Altinn.Notifications.Configuration;
+using Altinn.Notifications.Core.Services.Interfaces;
 using Altinn.Notifications.Extensions;
 using Altinn.Notifications.Mappers;
 using Altinn.Notifications.Models;
@@ -16,7 +17,7 @@ namespace Altinn.Notifications.Controllers;
 /// </summary>
 [Route("notifications/api/v1/orders")]
 [ApiController]
-[Authorize]
+[Authorize(Policy = AuthorizationConstants.POLICY_CREATE_SCOPE_OR_PLATFORM_ACCESS)]
 [SwaggerResponse(401, "Caller is unauthorized")]
 [SwaggerResponse(403, "Caller is not authorized to access the requested resource")]
 public class OrdersController : ControllerBase

test/Altinn.Notifications.IntegrationTests/Altinn.Notifications.IntegrationTests.csproj

@@ -8,6 +8,10 @@
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 
+  <ItemGroup>
+    <None Remove="Notifications\OrdersController\OrdersControllerTests.cs~RFd44ed4.TMP" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="coverlet.collector" Version="6.0.0" />

test/Altinn.Notifications.IntegrationTests/Notifications/OrdersController/GetByIdTests.cs

@@ -42,7 +42,7 @@ public async Task GetById_NoMatchInDb_ReturnsNotFound()
         string uri = $"{_basePath}/{Guid.NewGuid()}";
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);
 
@@ -86,7 +86,7 @@ public async Task GetById_SingleMatchInDb_ReturnsOk()
         string uri = $"{_basePath}/{persistedOrder.Id}";
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);
 

test/Altinn.Notifications.IntegrationTests/Notifications/OrdersController/GetBySendersRefTests.cs

@@ -41,7 +41,7 @@ public async Task GetBySendersRef_NoMatchInDb_ReturnsOK_EmptyList()
         string sendersReference = $"{_sendersRefBase}-{Guid.NewGuid()}";
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         string uri = $"{_basePath}?sendersReference={sendersReference}";
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);
@@ -65,7 +65,7 @@ public async Task GetBySendersRef_SingleMatchInDb_ReturnsOk_SingleElementInlList
         NotificationOrder persistedOrder = await PostgreUtil.PopulateDBWithOrder(sendersReference: sendersReference);
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         string uri = $"{_basePath}?sendersReference={sendersReference}";
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);
@@ -92,7 +92,7 @@ public async Task GetBySendersRef_MultipleMatchInDb_ReturnsOk_MultipleElementInl
         await PostgreUtil.PopulateDBWithOrder(sendersReference: sendersReference);
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         string uri = $"{_basePath}?sendersReference={sendersReference}";
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);

test/Altinn.Notifications.IntegrationTests/Notifications/OrdersController/GetWithStatusById.cs

@@ -41,7 +41,7 @@ public async Task GetWithStatusById_NoMatchInDb_ReturnsNotFound()
         string uri = $"{_basePath}/{Guid.NewGuid()}/status";
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);
 
@@ -91,7 +91,7 @@ public async Task GetWithStatusById_SingleMatchInDbAndOneEmail_ReturnsOk()
         string uri = $"{_basePath}/{persistedOrder.Id}/status";
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);
 
@@ -130,7 +130,7 @@ public async Task GetWithStatusById_SingleMatchInDb_ReturnsOk()
         string uri = $"{_basePath}/{persistedOrder.Id}/status";
 
         HttpClient client = GetTestClient();
-        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd"));
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", PrincipalUtil.GetOrgToken("ttd", scope: "altinn:notifications.create"));
 
         HttpRequestMessage httpRequestMessage = new(HttpMethod.Get, uri);