From a4720f11f41a3aa7226757b95448b2da7834a7ba Mon Sep 17 00:00:00 2001 From: Martin Othamar Date: Thu, 12 Dec 2024 09:41:23 +0100 Subject: [PATCH] Update parties controller --- .../Controllers/AuthenticationController.cs | 13 +----- .../Controllers/PartiesController.cs | 46 +++++++++++++------ .../Internal/Auth/IAuthenticationContext.cs | 38 ++++++++++++--- 3 files changed, 66 insertions(+), 31 deletions(-) diff --git a/src/Altinn.App.Api/Controllers/AuthenticationController.cs b/src/Altinn.App.Api/Controllers/AuthenticationController.cs index 00f22c691..733f178c1 100644 --- a/src/Altinn.App.Api/Controllers/AuthenticationController.cs +++ b/src/Altinn.App.Api/Controllers/AuthenticationController.cs @@ -1,12 +1,9 @@ using System.Text.Json.Serialization; using Altinn.App.Core.Configuration; using Altinn.App.Core.Constants; -using Altinn.App.Core.Helpers; -using Altinn.App.Core.Internal.App; using Altinn.App.Core.Internal.Auth; using Altinn.Platform.Profile.Models; using Altinn.Platform.Register.Models; -using Altinn.Platform.Storage.Interface.Models; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; @@ -20,7 +17,6 @@ public class AuthenticationController : ControllerBase { private readonly IAuthenticationClient _authenticationClient; private readonly GeneralSettings _settings; - private readonly IAppMetadata _appMetadata; private readonly IAuthenticationContext _authenticationContext; /// @@ -29,13 +25,11 @@ public class AuthenticationController : ControllerBase public AuthenticationController( IAuthenticationClient authenticationClient, IOptions settings, - IAppMetadata appMetadata, IServiceProvider serviceProvider ) { _authenticationClient = authenticationClient; _settings = settings.Value; - _appMetadata = appMetadata; _authenticationContext = serviceProvider.GetRequiredService(); } @@ -50,8 +44,6 @@ public async Task GetCurrent() { var current = _authenticationContext.Current; - Application application = await _appMetadata.GetApplicationMetadata(); - CurrentAuthenticationBaseResponse response = current switch { AuthenticationInfo.Unauthenticated => new UnauthenticatedResponse(), @@ -61,10 +53,7 @@ AuthenticationInfo.User user when await user.LoadDetails(validateSelectedParty: Profile = details.Profile, Party = details.Reportee, Parties = details.Parties, - PartiesAllowedToInstantiate = InstantiationHelper.FilterPartiesByAllowedPartyTypes( - details.Parties, - application.PartyTypesAllowed - ), + PartiesAllowedToInstantiate = details.PartiesAllowedToInstantiate, }, AuthenticationInfo.Org org when await org.LoadDetails() is var details => new OrgResponse { diff --git a/src/Altinn.App.Api/Controllers/PartiesController.cs b/src/Altinn.App.Api/Controllers/PartiesController.cs index 36d7acc6a..33f571f38 100644 --- a/src/Altinn.App.Api/Controllers/PartiesController.cs +++ b/src/Altinn.App.Api/Controllers/PartiesController.cs @@ -28,6 +28,7 @@ public class PartiesController : ControllerBase private readonly IProfileClient _profileClient; private readonly GeneralSettings _settings; private readonly IAppMetadata _appMetadata; + private readonly IAuthenticationContext _authenticationContext; /// /// Initializes a new instance of the class @@ -37,7 +38,8 @@ public PartiesController( IProfileClient profileClient, IAltinnPartyClient altinnPartyClientClient, IOptions settings, - IAppMetadata appMetadata + IAppMetadata appMetadata, + IServiceProvider serviceProvider ) { _authorizationClient = authorizationClient; @@ -45,6 +47,7 @@ IAppMetadata appMetadata _profileClient = profileClient; _settings = settings.Value; _appMetadata = appMetadata; + _authenticationContext = serviceProvider.GetRequiredService(); } /// @@ -58,20 +61,37 @@ IAppMetadata appMetadata [HttpGet("{org}/{app}/api/v1/parties")] public async Task Get(string org, string app, bool allowedToInstantiateFilter = false) { - UserContext userContext = await _userHelper.GetUserContext(HttpContext); - List? partyList = await _authorizationClient.GetPartyList(userContext.UserId); - - if (allowedToInstantiateFilter) + var context = _authenticationContext.Current; + switch (context) { - Application application = await _appMetadata.GetApplicationMetadata(); - List validParties = InstantiationHelper.FilterPartiesByAllowedPartyTypes( - partyList, - application.PartyTypesAllowed - ); - return Ok(validParties); + case AuthenticationInfo.Unauthenticated: + return Unauthorized(); + case AuthenticationInfo.User user: + { + var details = await user.LoadDetails(validateSelectedParty: false); + return allowedToInstantiateFilter ? Ok(details.PartiesAllowedToInstantiate) : Ok(details.Parties); + } + case AuthenticationInfo.Org orgInfo: + { + var details = await orgInfo.LoadDetails(); + IReadOnlyList parties = [details.Party]; + return Ok(parties); + } + case AuthenticationInfo.ServiceOwner serviceOwner: + { + var details = await serviceOwner.LoadDetails(); + IReadOnlyList parties = [details.Party]; + return Ok(parties); + } + case AuthenticationInfo.SystemUser su: + { + var details = await su.LoadDetails(); + IReadOnlyList parties = [details.Party]; + return Ok(parties); + } + default: + throw new NotImplementedException(); } - - return Ok(partyList); } /// diff --git a/src/Altinn.App.Core/Internal/Auth/IAuthenticationContext.cs b/src/Altinn.App.Core/Internal/Auth/IAuthenticationContext.cs index 8f61db7c6..8b7c9b05b 100644 --- a/src/Altinn.App.Core/Internal/Auth/IAuthenticationContext.cs +++ b/src/Altinn.App.Core/Internal/Auth/IAuthenticationContext.cs @@ -2,6 +2,8 @@ using System.Text.Json; using System.Text.Json.Serialization; using Altinn.App.Core.Configuration; +using Altinn.App.Core.Helpers; +using Altinn.App.Core.Internal.App; using Altinn.App.Core.Internal.Profile; using Altinn.App.Core.Internal.Registers; using Altinn.App.Core.Models; @@ -72,6 +74,7 @@ public sealed record User : AuthenticationInfo private readonly Func> _lookupParty; private readonly Func?>> _getPartyList; private readonly Func> _validateSelectedParty; + private readonly Func> _getApplicationMetadata; internal User( int userId, @@ -82,7 +85,8 @@ internal User( Func> getUserProfile, Func> lookupParty, Func?>> getPartyList, - Func> validateSelectedParty + Func> validateSelectedParty, + Func> getApplicationMetadata ) : base(token) { @@ -94,6 +98,7 @@ internal User( _lookupParty = lookupParty; _getPartyList = getPartyList; _validateSelectedParty = validateSelectedParty; + _getApplicationMetadata = getApplicationMetadata; } /// @@ -103,12 +108,14 @@ internal User( /// Users profile /// True if the user represents itself /// List of parties the user can represent + /// List of parties the user can instantiate /// True if the user can represent the selected party. Only set if details were loaded with validateSelectedParty set to true public sealed record Details( Party Reportee, UserProfile Profile, bool RepresentsSelf, IReadOnlyList Parties, + IReadOnlyList PartiesAllowedToInstantiate, bool? CanRepresent = null ); @@ -149,7 +156,20 @@ await _getUserProfile(UserId) canRepresent = await _validateSelectedParty(UserId, PartyId); } - _extra = new Details(reportee, userProfile, representsSelf, parties, canRepresent); + var application = await _getApplicationMetadata(); + var partiesAllowedToInstantiate = InstantiationHelper.FilterPartiesByAllowedPartyTypes( + parties, + application.PartyTypesAllowed + ); + + _extra = new Details( + reportee, + userProfile, + representsSelf, + parties, + partiesAllowedToInstantiate, + canRepresent + ); return _extra; } } @@ -319,7 +339,8 @@ internal static AuthenticationInfo From( Func> lookupUserParty, Func> lookupOrgParty, Func?>> getPartyList, - Func> validateSelectedParty + Func> validateSelectedParty, + Func> getApplicationMetadata ) { string token = JwtTokenUtil.GetTokenFromContext(httpContext, authCookieName); @@ -452,7 +473,8 @@ static void ParseAuthLevel(string? value, out int authLevel) getUserProfile, lookupUserParty, getPartyList, - validateSelectedParty + validateSelectedParty, + getApplicationMetadata ); } @@ -491,6 +513,7 @@ internal sealed class AuthenticationContext : IAuthenticationContext private readonly IProfileClient _profileClient; private readonly IAltinnPartyClient _altinnPartyClient; private readonly IAuthorizationClient _authorizationClient; + private readonly IAppMetadata _appMetadata; public AuthenticationContext( IHttpContextAccessor httpContextAccessor, @@ -498,7 +521,8 @@ public AuthenticationContext( IOptionsMonitor generalSettings, IProfileClient profileClient, IAltinnPartyClient altinnPartyClient, - IAuthorizationClient authorizationClient + IAuthorizationClient authorizationClient, + IAppMetadata appMetadata ) { _httpContextAccessor = httpContextAccessor; @@ -507,6 +531,7 @@ IAuthorizationClient authorizationClient _profileClient = profileClient; _altinnPartyClient = altinnPartyClient; _authorizationClient = authorizationClient; + _appMetadata = appMetadata; } // Currently we're coupling this to the HTTP context directly. @@ -529,7 +554,8 @@ internal void ResolveCurrent() _altinnPartyClient.GetParty, (string orgNr) => _altinnPartyClient.LookupParty(new PartyLookup { OrgNo = orgNr }), _authorizationClient.GetPartyList, - _authorizationClient.ValidateSelectedParty + _authorizationClient.ValidateSelectedParty, + _appMetadata.GetApplicationMetadata ); httpContext.Items[ItemsKey] = authInfo; }