Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Systemuser support #1058

Open
wants to merge 16 commits into
base: feat/authn-abstraction
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/Altinn.App.Api/Altinn.App.Api.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

<ItemGroup>
<PackageReference Include="Altinn.Common.PEP" Version="4.1.2" />
<PackageReference Include="Altinn.Platform.Storage.Interface" Version="4.0.4" />
<PackageReference Include="Altinn.Platform.Storage.Interface" Version="4.0.5" />
<PackageReference Include="Microsoft.FeatureManagement.AspNetCore" Version="4.0.0" />
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.11.0" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.11.0" />
Expand Down
15 changes: 8 additions & 7 deletions src/Altinn.App.Api/Controllers/ActionsController.cs
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
using Altinn.App.Api.Extensions;
using Altinn.App.Api.Infrastructure.Filters;
using Altinn.App.Api.Models;
using Altinn.App.Core.Extensions;
using Altinn.App.Core.Features;
using Altinn.App.Core.Features.Action;
using Altinn.App.Core.Features.Auth;
using Altinn.App.Core.Helpers.Serialization;
using Altinn.App.Core.Internal.App;
using Altinn.App.Core.Internal.Data;
Expand Down Expand Up @@ -35,6 +35,7 @@ public class ActionsController : ControllerBase
private readonly IDataClient _dataClient;
private readonly IAppMetadata _appMetadata;
private readonly ModelSerializationService _modelSerialization;
private readonly IAuthenticationContext _authenticationContext;

/// <summary>
/// Create new instance of the <see cref="ActionsController"/> class
Expand All @@ -46,7 +47,8 @@ public ActionsController(
IValidationService validationService,
IDataClient dataClient,
IAppMetadata appMetadata,
ModelSerializationService modelSerialization
ModelSerializationService modelSerialization,
IServiceProvider serviceProvider
)
{
_authorization = authorization;
Expand All @@ -56,6 +58,7 @@ ModelSerializationService modelSerialization
_dataClient = dataClient;
_appMetadata = appMetadata;
_modelSerialization = modelSerialization;
_authenticationContext = serviceProvider.GetRequiredService<IAuthenticationContext>();
}

/// <summary>
Expand Down Expand Up @@ -109,11 +112,9 @@ public async Task<ActionResult<UserActionResponse>> Perform(
return Conflict($"Process is ended.");
}

int? userId = HttpContext.User.GetUserIdAsInt();
if (userId == null)
{
var currentAuth = _authenticationContext.Current;
if (currentAuth is not Authenticated.User user)
return Unauthorized();
}

bool authorized = await _authorization.AuthorizeAction(
new AppIdentifier(org, app),
Expand All @@ -136,7 +137,7 @@ await _appMetadata.GetApplicationMetadata(),
);
UserActionContext userActionContext = new(
dataMutator,
userId.Value,
user.UserId,
actionRequest.ButtonId,
actionRequest.Metadata,
language
Expand Down
38 changes: 31 additions & 7 deletions src/Altinn.App.Api/Controllers/DataController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
using Altinn.App.Core.Constants;
using Altinn.App.Core.Extensions;
using Altinn.App.Core.Features;
using Altinn.App.Core.Features.Auth;
using Altinn.App.Core.Features.FileAnalysis;
using Altinn.App.Core.Features.FileAnalyzis;
using Altinn.App.Core.Helpers;
Expand Down Expand Up @@ -55,7 +56,7 @@ public class DataController : ControllerBase
private readonly IFeatureManager _featureManager;
private readonly InternalPatchService _patchService;
private readonly ModelSerializationService _modelDeserializer;

private readonly IAuthenticationContext _authenticationContext;
private const long REQUEST_SIZE_LIMIT = 2000 * 1024 * 1024;

/// <summary>
Expand All @@ -74,6 +75,7 @@ public class DataController : ControllerBase
/// <param name="fileValidationService">Service used to validate files uploaded.</param>
/// <param name="patchService">Service for applying a json patch to a json serializable object</param>
/// <param name="modelDeserializer">Service for serializing and deserializing models</param>
/// <param name="authenticationContext">The authentication context service</param>
public DataController(
ILogger<DataController> logger,
IInstanceClient instanceClient,
Expand All @@ -87,7 +89,8 @@ public DataController(
IAppMetadata appMetadata,
IFeatureManager featureManager,
InternalPatchService patchService,
ModelSerializationService modelDeserializer
ModelSerializationService modelDeserializer,
IAuthenticationContext authenticationContext
)
{
_logger = logger;
Expand All @@ -104,6 +107,7 @@ ModelSerializationService modelDeserializer
_featureManager = featureManager;
_patchService = patchService;
_modelDeserializer = modelDeserializer;
_authenticationContext = authenticationContext;
}

/// <summary>
Expand Down Expand Up @@ -247,7 +251,10 @@ private async Task<ServiceResult<DataPostResponse, ProblemDetails>> PostImpl(

var (instance, dataType, applicationMetadata) = instanceResult.Ok;

if (DataElementAccessChecker.GetCreateProblem(instance, dataType, User) is { } accessProblem)
if (
DataElementAccessChecker.GetCreateProblem(instance, dataType, _authenticationContext.Current) is
{ } accessProblem
)
{
return accessProblem;
}
Expand Down Expand Up @@ -522,7 +529,10 @@ public async Task<ActionResult> Get(
}
var (instance, dataType, dataElement) = instanceResult.Ok;

if (DataElementAccessChecker.GetReaderProblem(instance, dataType, User) is { } accessProblem)
if (
DataElementAccessChecker.GetReaderProblem(instance, dataType, _authenticationContext.Current) is
{ } accessProblem
)
{
return Problem(accessProblem);
}
Expand Down Expand Up @@ -588,7 +598,10 @@ public async Task<ActionResult> Put(
}
var (instance, dataType, dataElement) = instanceResult.Ok;

if (DataElementAccessChecker.GetUpdateProblem(instance, dataType, User) is { } accessProblem)
if (
DataElementAccessChecker.GetUpdateProblem(instance, dataType, _authenticationContext.Current) is
{ } accessProblem
)
{
return Problem(accessProblem);
}
Expand Down Expand Up @@ -705,7 +718,10 @@ public async Task<ActionResult<DataPatchResponseMultiple>> PatchFormDataMultiple
// Verify that the data elements isn't restricted for the user
foreach (var dataType in dataTypes)
{
if (DataElementAccessChecker.GetUpdateProblem(instance, dataType, User) is { } accessProblem)
if (
DataElementAccessChecker.GetUpdateProblem(instance, dataType, _authenticationContext.Current) is
{ } accessProblem
)
{
return Problem(accessProblem);
}
Expand Down Expand Up @@ -773,7 +789,15 @@ public async Task<ActionResult<DataPostResponse>> Delete(
}
var (instance, dataType, dataElement) = instanceResult.Ok;

if (DataElementAccessChecker.GetDeleteProblem(instance, dataType, dataGuid, User) is { } accessProblem)
if (
DataElementAccessChecker.GetDeleteProblem(
instance,
dataType,
dataGuid,
_authenticationContext.Current
) is
{ } accessProblem
)
{
return Problem(accessProblem);
}
Expand Down
Loading
Loading