diff --git a/docs/schema/V1/swagger.verified.json b/docs/schema/V1/swagger.verified.json index 85147c0a5..bcde68739 100644 --- a/docs/schema/V1/swagger.verified.json +++ b/docs/schema/V1/swagger.verified.json @@ -5161,7 +5161,7 @@ } }, { - "description": "Filter by Display state ", + "description": "Filter by Display state", "explode": true, "in": "query", "name": "systemLabel", diff --git a/src/Digdir.Domain.Dialogporten.Application/Externals/AltinnAuthorization/IAltinnAuthorization.cs b/src/Digdir.Domain.Dialogporten.Application/Externals/AltinnAuthorization/IAltinnAuthorization.cs index 1864d373c..601edd44a 100644 --- a/src/Digdir.Domain.Dialogporten.Application/Externals/AltinnAuthorization/IAltinnAuthorization.cs +++ b/src/Digdir.Domain.Dialogporten.Application/Externals/AltinnAuthorization/IAltinnAuthorization.cs @@ -7,13 +7,11 @@ public interface IAltinnAuthorization { public Task GetDialogDetailsAuthorization( DialogEntity dialogEntity, - string? endUserId = null, CancellationToken cancellationToken = default); public Task GetAuthorizedResourcesForSearch( List constraintParties, List constraintServiceResources, - string? endUserId = null, CancellationToken cancellationToken = default); public Task GetAuthorizedParties(IPartyIdentifier authenticatedParty, bool flatten = false, diff --git a/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Get/GetDialogQuery.cs b/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Get/GetDialogQuery.cs index acb9898e5..f3129159f 100644 --- a/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Get/GetDialogQuery.cs +++ b/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Get/GetDialogQuery.cs @@ -101,7 +101,6 @@ public async Task Handle(GetDialogQuery request, CancellationTo var authorizationResult = await _altinnAuthorization.GetDialogDetailsAuthorization( dialog, - request.EndUserId, cancellationToken); if (!authorizationResult.HasAccessToMainResource()) diff --git a/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Search/SearchDialogQuery.cs b/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Search/SearchDialogQuery.cs index 3cd661e74..ba853b699 100644 --- a/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Search/SearchDialogQuery.cs +++ b/src/Digdir.Domain.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Search/SearchDialogQuery.cs @@ -96,7 +96,7 @@ public sealed class SearchDialogQuery : SortablePaginationParameter - /// Filter by Display state + /// Filter by Display state /// public List? SystemLabel { get; set; } @@ -162,7 +162,6 @@ public async Task Handle(SearchDialogQuery request, Cancella var authorizedResources = await _altinnAuthorization.GetAuthorizedResourcesForSearch( request.Party ?? [], request.ServiceResource ?? [], - request.EndUserId, cancellationToken); dialogQuery = _db.Dialogs.PrefilterAuthorizedDialogs(authorizedResources); } diff --git a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/AltinnAuthorizationClient.cs b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/AltinnAuthorizationClient.cs index dfedb905f..16aeb8978 100644 --- a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/AltinnAuthorizationClient.cs +++ b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/AltinnAuthorizationClient.cs @@ -45,12 +45,11 @@ public AltinnAuthorizationClient( public async Task GetDialogDetailsAuthorization( DialogEntity dialogEntity, - string? endUserId, CancellationToken cancellationToken = default) { var request = new DialogDetailsAuthorizationRequest { - Claims = GetOrCreateClaimsBasedOnEndUserId(endUserId), + Claims = _user.GetPrincipal().Claims.ToList(), ServiceResource = dialogEntity.ServiceResource, DialogId = dialogEntity.Id, Party = dialogEntity.Party, @@ -64,10 +63,9 @@ public async Task GetDialogDetailsAuthorizatio public async Task GetAuthorizedResourcesForSearch( List constraintParties, List serviceResources, - string? endUserId, CancellationToken cancellationToken = default) { - var claims = GetOrCreateClaimsBasedOnEndUserId(endUserId); + var claims = _user.GetPrincipal().Claims.ToList(); var request = new DialogSearchAuthorizationRequest { Claims = claims, @@ -187,21 +185,6 @@ private void LogIfIndeterminate(XacmlJsonResponse? response, XacmlJsonRequestRoo } } - private List GetOrCreateClaimsBasedOnEndUserId(string? endUserId) - { - List claims = []; - if (endUserId is not null && PartyIdentifier.TryParse(endUserId, out var partyIdentifier)) - { - claims.Add(new Claim(partyIdentifier.Prefix(), partyIdentifier.Id)); - } - else - { - claims.AddRange(_user.GetPrincipal().Claims); - } - - return claims; - } - private async Task SendPdpRequest( XacmlJsonRequestRoot xacmlJsonRequest, CancellationToken cancellationToken) => await SendRequest( diff --git a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/LocalDevelopmentAltinnAuthorization.cs b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/LocalDevelopmentAltinnAuthorization.cs index 9d4020241..2957f7714 100644 --- a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/LocalDevelopmentAltinnAuthorization.cs +++ b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/LocalDevelopmentAltinnAuthorization.cs @@ -20,14 +20,13 @@ public LocalDevelopmentAltinnAuthorization(IDialogDbContext db) [SuppressMessage("Performance", "CA1822:Mark members as static")] public Task GetDialogDetailsAuthorization( DialogEntity dialogEntity, - string? _, CancellationToken __) { // Just allow everything return Task.FromResult(new DialogDetailsAuthorizationResult { AuthorizedAltinnActions = dialogEntity.GetAltinnActions() }); } - public async Task GetAuthorizedResourcesForSearch(List constraintParties, List serviceResources, string? endUserId, + public async Task GetAuthorizedResourcesForSearch(List constraintParties, List serviceResources, CancellationToken cancellationToken = default) {