Matching authorization (#25)

* Matching authorization * Updated git ignore
Altinn · Feb 21, 2023 · 8a95fe3 · 8a95fe3
1 parent 04f7e1e
commit 8a95fe3
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 19 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,4 +10,5 @@ bld/
 [Bb]in/
 [Oo]bj/
 msbuild.log
-AltinnPlatformLocal/
+AltinnPlatformLocal/
+/.vs/LocalTest
diff --git a/src/Constants/Authorization/XacmlRequestAttribute.cs b/src/Constants/Authorization/XacmlRequestAttribute.cs
@@ -20,16 +20,31 @@ public static class XacmlRequestAttribute
         /// </summary>
         public const string InstanceAttribute = "urn:altinn:instance-id";
 
+        /// <summary>
+        /// xacm string that represents appresource
+        /// </summary>
+        public const string AppResourceAttribute = "urn:altinn:appresource";
+
         /// <summary>
         /// xacml string that represents task
         /// </summary>
         public const string TaskAttribute = "urn:altinn:task";
 
+        /// <summary>
+        /// xacml string that represents end event
+        /// </summary>
+        public const string EndEventAttribute = "urn:altinn:end-event";
+
         /// <summary>
         /// xacml string that represents party
         /// </summary>
         public const string PartyAttribute = "urn:altinn:partyid";
 
+        /// <summary>
+        /// xacml string that represents organization number 
+        /// </summary>
+        public const string OrganizationNumberAttribute = "urn:altinn:organizationnumber";
+
         /// <summary>
         /// xacml string that represents user
         /// </summary>

diff --git a/src/Models/Authorization/XacmlResourceAttributes.cs b/src/Models/Authorization/XacmlResourceAttributes.cs
@@ -29,5 +29,20 @@ public class XacmlResourceAttributes
         /// Gets or sets the value for task attribute
         /// </summary>
         public string TaskValue { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value for app resource. 
+        /// </summary>
+        public string AppResourceValue { get; set; }
+
+        /// <summary>
+        /// Gets or sets the resource registry Id
+        /// </summary>
+        public string ResourceRegistryId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the OrganizationNumber for the org owning the resource
+        /// </summary>
+        public string OrganizationNumber { get; set; }
     }
 }
diff --git a/src/Services/Authorization/Implementation/ContextHandler.cs b/src/Services/Authorization/Implementation/ContextHandler.cs
@@ -56,8 +56,37 @@ private async Task EnrichResourceAttributes(XacmlContextRequest request)
             XacmlContextAttributes resourceContextAttributes = request.GetResourceAttributes();
             XacmlResourceAttributes resourceAttributes = GetResourceAttributeValues(resourceContextAttributes);
 
-            bool resourceAttributeComplete = false;
+            bool resourceAttributeComplete = IsResourceComplete(resourceAttributes);
+
+            if (!resourceAttributeComplete && !string.IsNullOrEmpty(resourceAttributes.InstanceValue))
+            {
+                Instance instanceData = await _policyInformationRepository.GetInstance(resourceAttributes.InstanceValue);
+                if (instanceData != null)
+                {
+                    AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.OrgAttribute, resourceAttributes.OrgValue, instanceData.Org);
+                    string app = instanceData.AppId.Split("/")[1];
+                    AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.AppAttribute, resourceAttributes.AppValue, app);
+                    if (instanceData.Process?.CurrentTask != null)
+                    {
+                        AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.TaskAttribute, resourceAttributes.TaskValue, instanceData.Process.CurrentTask.ElementId);
+                    }
+                    else if (instanceData.Process?.EndEvent != null)
+                    {
+                        AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.EndEventAttribute, null, instanceData.Process.EndEvent);
+                    }
+
+                    AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.PartyAttribute, resourceAttributes.ResourcePartyValue, instanceData.InstanceOwner.PartyId);
+                    resourceAttributes.ResourcePartyValue = instanceData.InstanceOwner.PartyId;
+                }
+            }
 
+            await EnrichSubjectAttributes(request, resourceAttributes.ResourcePartyValue);
+        }
+
+
+        private static bool IsResourceComplete(XacmlResourceAttributes resourceAttributes)
+        {
+            bool resourceAttributeComplete = false;
             if (!string.IsNullOrEmpty(resourceAttributes.OrgValue) &&
                 !string.IsNullOrEmpty(resourceAttributes.AppValue) &&
                 !string.IsNullOrEmpty(resourceAttributes.InstanceValue) &&
@@ -76,26 +105,24 @@ private async Task EnrichResourceAttributes(XacmlContextRequest request)
                 // The resource attributes are complete
                 resourceAttributeComplete = true;
             }
-
-            if (!resourceAttributeComplete && !string.IsNullOrEmpty(resourceAttributes.InstanceValue))
+            else if (!string.IsNullOrEmpty(resourceAttributes.OrgValue) &&
+            !string.IsNullOrEmpty(resourceAttributes.AppValue) &&
+            !string.IsNullOrEmpty(resourceAttributes.InstanceValue) &&
+            !string.IsNullOrEmpty(resourceAttributes.ResourcePartyValue) &&
+            !string.IsNullOrEmpty(resourceAttributes.AppResourceValue) &&
+            resourceAttributes.AppResourceValue.Equals("events"))
             {
-                Instance instanceData = await _policyInformationRepository.GetInstance(resourceAttributes.InstanceValue);
-                if (instanceData != null)
-                {
-                    AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.OrgAttribute, resourceAttributes.OrgValue, instanceData.Org);
-                    string app = instanceData.AppId.Split("/")[1];
-                    AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.AppAttribute, resourceAttributes.AppValue, app);
-                    if (instanceData.Process?.CurrentTask != null)
-                    {
-                        AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.TaskAttribute, resourceAttributes.TaskValue, instanceData.Process.CurrentTask.ElementId);
-                    }
-
-                    AddIfValueDoesNotExist(resourceContextAttributes, XacmlRequestAttribute.PartyAttribute, resourceAttributes.ResourcePartyValue, instanceData.InstanceOwner.PartyId);
-                    resourceAttributes.ResourcePartyValue = instanceData.InstanceOwner.PartyId;
-                }
+                // The resource attributes are complete
+                resourceAttributeComplete = true;
+            }
+            else if (!string.IsNullOrEmpty(resourceAttributes.ResourceRegistryId) &&
+           !string.IsNullOrEmpty(resourceAttributes.ResourcePartyValue))
+            {
+                // The resource attributes are complete
+                resourceAttributeComplete = true;
             }
 
-            await EnrichSubjectAttributes(request, resourceAttributes.ResourcePartyValue);
+            return resourceAttributeComplete;
         }
 
         private static XacmlResourceAttributes GetResourceAttributeValues(XacmlContextAttributes resourceContextAttributes)
@@ -128,6 +155,21 @@ private static XacmlResourceAttributes GetResourceAttributeValues(XacmlContextAt
                 {
                     resourceAttributes.TaskValue = attribute.AttributeValues.First().Value;
                 }
+
+                if (attribute.AttributeId.OriginalString.Equals(XacmlRequestAttribute.AppResourceAttribute))
+                {
+                    resourceAttributes.AppResourceValue = attribute.AttributeValues.First().Value;
+                }
+
+                if (attribute.AttributeId.OriginalString.Equals(XacmlRequestAttribute.ResourceRegistryAttribute))
+                {
+                    resourceAttributes.ResourceRegistryId = attribute.AttributeValues.First().Value;
+                }
+
+                if (attribute.AttributeId.OriginalString.Equals(XacmlRequestAttribute.OrganizationNumberAttribute))
+                {
+                    resourceAttributes.OrganizationNumber = attribute.AttributeValues.First().Value;
+                }
             }
 
             return resourceAttributes;