Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get system register dto fix not visible #939

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Get system register dto fix not visible #939

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f801a30
check existing systemuser
simen-rekkedal Dec 6, 2024
15980e0
Merge branch 'main' of https://github.com/Altinn/altinn-authentication
simen-rekkedal Dec 12, 2024
20f43c7
protect not visible systems
simen-rekkedal Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion src/Authentication/Controllers/RequestSystemUserController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,14 @@
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using Altinn.Authentication.Core.Problems;
using Altinn.Authorization.ProblemDetails;
using Altinn.Platform.Authentication.Configuration;
using Altinn.Platform.Authentication.Core.Constants;
using Altinn.Platform.Authentication.Core.Models;
using Altinn.Platform.Authentication.Core.Models.Parties;
using Altinn.Platform.Authentication.Core.Models.SystemUsers;
using Altinn.Platform.Authentication.Core.RepositoryInterfaces;
using Altinn.Platform.Authentication.Helpers;
using Altinn.Platform.Authentication.Model;
using Altinn.Platform.Authentication.Services.Interfaces;
Expand All @@ -34,16 +36,19 @@ public class RequestSystemUserController : ControllerBase
{
private readonly IRequestSystemUser _requestSystemUser;
private readonly GeneralSettings _generalSettings;
private readonly ISystemUserRepository _systemUserRepository;

/// <summary>
/// Constructor
/// </summary>
public RequestSystemUserController(
IRequestSystemUser requestSystemUser,
IOptions<GeneralSettings> generalSettings)
IOptions<GeneralSettings> generalSettings,
ISystemUserRepository systemUserRepository)
{
_requestSystemUser = requestSystemUser;
_generalSettings = generalSettings.Value;
_systemUserRepository = systemUserRepository;
}

/// <summary>
Expand Down Expand Up @@ -91,6 +96,13 @@ public async Task<ActionResult<RequestSystemResponse>> CreateRequest([FromBody]
SystemId = createRequest.SystemId,
};

SystemUser? existing = await _systemUserRepository.GetSystemUserByExternalRequestId(externalRequestId);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we calling the repository directly? we usually route via the service

if (existing is not null)
{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we follow a different error pattern in other controllers if i remember

string message = $"SystemUser already exists with Id: {existing.Id}";
return Conflict(message);
}

// Check to see if the Request already exists
Result<RequestSystemResponse> response = await _requestSystemUser.GetRequestByExternalRef(externalRequestId, vendorOrgNo);
if (response.IsSuccess)
Expand Down
13 changes: 12 additions & 1 deletion src/Authentication/Controllers/SystemRegisterController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,11 @@ public async Task<ActionResult<List<RegisteredSystemDTO>>> GetListOfRegisteredSy

foreach (RegisteredSystem system in lista)
{
if (!system.IsVisible)
{
continue;
}

registeredSystemDTOs.Add(AuthenticationHelper.MapRegisteredSystemToRegisteredSystemDTO(system));
}

Expand All @@ -68,7 +73,7 @@ public async Task<ActionResult<RegisteredSystemDTO>> GetRegisteredSystemDto(stri
{
RegisteredSystem registeredSystem = await _systemRegisterService.GetRegisteredSystemInfo(systemId, cancellationToken);

if (registeredSystem == null)
if (registeredSystem == null || !registeredSystem.IsVisible)
Copy link
Contributor

@mgunnerud mgunnerud Dec 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will break the bff and frontend? For vendorrequest and change request, in GET, the request only contains the systemId. The bff uses this service (authentication/api/v1/systemregister/{systemId}) to load the system (for displaying orgno, vendorname, systemname).

An alternative solution for this is for backend to include the system object in GET vendorrequest and change request

{
return NotFound();
}
Expand Down Expand Up @@ -140,6 +145,12 @@ public async Task<ActionResult<SystemRegisterUpdateResult>> UpdateWholeRegistere
[HttpGet("{systemId}/rights")]
public async Task<ActionResult<List<Right>>> GetRightsForRegisteredSystem(string systemId, CancellationToken cancellationToken = default)
{
RegisteredSystem registerSystemResponse = await _systemRegisterService.GetRegisteredSystemInfo(systemId);
if (registerSystemResponse == null || !registerSystemResponse.IsVisible)
{
return NotFound();
}

List<Right> lista = await _systemRegisterService.GetRightsForRegisteredSystem(systemId, cancellationToken);
if (lista is null || lista.Count == 0)
{
Expand Down
Loading
Loading