Add the ACL skeleton (Application/Infrastructure/Api per §9) and failing xUnit tests for the single operation: AclService.OpenZaakAsync must default-fill bronorganisatie, verantwoordelijkeOrganisatie, startdatum (clock) and vertrouwelijkheidaanduiding and delegate to the gateway; the OpenZaakGateway must POST the zaak to OpenZaak with a Bearer JWT and the default-filled body. Implementations throw NotImplementedException — red. Also add ADR-0003 (default-fill strategy). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
45 lines
2.2 KiB
Markdown
45 lines
2.2 KiB
Markdown
# ADR-0003: ACL default-fill strategy
|
|
|
|
- **Status:** Accepted
|
|
- **Date:** 2026-06-04
|
|
- **Deciders:** Respellion engineering
|
|
- **Relates to:** S-04 (#5); builds on ADR-0001 (loose coupling)
|
|
|
|
## Context
|
|
|
|
The ACL is the only code that talks to ZGW APIs (ADR-0001 / CLAUDE.md §8.1). When the
|
|
domain asks it to "open a zaak", the domain payload is intentionally free of ZGW
|
|
specifics — it carries domain facts (e.g. the registrant's BSN), not OpenZaak fields. But
|
|
OpenZaak's `POST /zaken` requires ZGW-mandatory fields: `bronorganisatie`,
|
|
`verantwoordelijkeOrganisatie`, `startdatum`, `vertrouwelijkheidaanduiding`, and a
|
|
`zaaktype` URL. Something has to supply those, and it must not leak into the domain.
|
|
|
|
## Decision
|
|
|
|
**The ACL default-fills the ZGW-mandatory zaak fields; the domain never sees them.**
|
|
|
|
- `bronorganisatie`, `verantwoordelijkeOrganisatie`, `vertrouwelijkheidaanduiding`, and the
|
|
`zaaktype` URL come from **ACL configuration** (`AclDefaults` options) — not hardcoded,
|
|
not from the domain. This keeps them operationally manageable (the beheer portal will
|
|
edit them in S-15) and environment-specific (the seeded BIG zaaktype URL differs per env).
|
|
- `startdatum` is derived from an injected **clock** (today's date), so it is
|
|
deterministic in tests.
|
|
- The mapping from domain payload → ZGW `ZaakRequest` lives entirely inside the ACL
|
|
(`Application` builds the request from payload + defaults; `Infrastructure` serialises and
|
|
POSTs it). No other service constructs ZGW payloads or URLs.
|
|
|
|
## Consequences
|
|
|
|
- **Positive:** the domain stays ZGW-agnostic; ZGW knowledge is in one named place; defaults
|
|
are config (testable, env-specific, later editable via the beheer portal).
|
|
- **Cost:** the ACL must be configured per environment (the seeded zaaktype URL, the
|
|
organisation RSINs). Missing/invalid config fails fast at the ACL boundary.
|
|
- **Follow-ups:** mapping the BSN onto the zaak (eigenschap/rol), status transitions, and
|
|
documents are explicitly out of scope for S-04 and get their own slices.
|
|
|
|
## Alternatives considered
|
|
|
|
- **Defaults in the domain payload** — rejected: leaks ZGW concerns into the domain,
|
|
violating ADR-0001.
|
|
- **Hardcoded defaults in code** — rejected: not env-specific, not operationally editable.
|