diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs
new file mode 100644
index 00000000..c07ca327
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs
@@ -0,0 +1,13 @@
+namespace Altinn.AccessManagement.Core.Configuration
+{
+ ///
+ /// AppsInstanceDelegationSettings
+ ///
+ public class AppsInstanceDelegationSettings
+ {
+ ///
+ /// Sets the maximum policy files to handle under revoke all calls
+ ///
+ public int MaxPolicyFilesToRevoke { get; set; }
+ }
+}
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs
index 92689022..18c2e19b 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs
@@ -40,5 +40,5 @@ private static readonly ValidationErrorDescriptorFactory _factory
/// Gets a validation error descriptor for when a Resource not has any delegable rights for the app
///
public static ValidationErrorDescriptor ToManyDelegationsToRevoke { get; }
- = _factory.Create(5, $"There must be 10 or less policy files to update.");
+ = _factory.Create(5, $"There is to many policy files to update. Must delete individual delegations.");
}
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs
index d44ea1c1..d313ce92 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs
@@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations;
using System.Formats.Asn1;
using Altinn.AccessManagement.Core.Clients.Interfaces;
+using Altinn.AccessManagement.Core.Configuration;
using Altinn.AccessManagement.Core.Constants;
using Altinn.AccessManagement.Core.Enums;
using Altinn.AccessManagement.Core.Errors;
@@ -16,7 +17,7 @@
using Altinn.Platform.Register.Models;
using Altinn.Urn;
using Altinn.Urn.Json;
-using static System.Runtime.InteropServices.JavaScript.JSType;
+using Microsoft.Extensions.Options;
namespace Altinn.AccessManagement.Core.Services.Implementation;
@@ -29,17 +30,19 @@ public class AppsInstanceDelegationService : IAppsInstanceDelegationService
private readonly IPolicyInformationPoint _pip;
private readonly IPolicyAdministrationPoint _pap;
private readonly IResourceRegistryClient _resourceRegistryClient;
+ private readonly AppsInstanceDelegationSettings _appsInstanceDelegationSettings;
private readonly string appInstanceResourcePath = "appInstanceDelegationRequest.Resource";
///
/// Initializes a new instance of the class.
///
- public AppsInstanceDelegationService(IPartiesClient partiesClient, IResourceRegistryClient resourceRegistryClient, IPolicyInformationPoint pip, IPolicyAdministrationPoint pap)
+ public AppsInstanceDelegationService(IPartiesClient partiesClient, IOptions appsInstanceDelegationSettings, IResourceRegistryClient resourceRegistryClient, IPolicyInformationPoint pip, IPolicyAdministrationPoint pap)
{
_partiesClient = partiesClient;
_pip = pip;
_resourceRegistryClient = resourceRegistryClient;
_pap = pap;
+ _appsInstanceDelegationSettings = appsInstanceDelegationSettings.Value;
}
private async Task<(UuidType DelegationType, Guid? Uuid)> TranslatePartyUuidToPersonOrganizationUuid(PartyUrn partyId)
@@ -306,6 +309,17 @@ public async Task>> RevokeAll(AppsInstan
}
}
+ int limit = _appsInstanceDelegationSettings.MaxPolicyFilesToRevoke;
+ if (rightsToRevoke.Count > limit)
+ {
+ errors.Add(ValidationErrors.ToManyDelegationsToRevoke, "InstanceId");
+
+ if (errors.TryBuild(out errorResult))
+ {
+ return errorResult;
+ }
+ }
+
// Perform Revoke
List revokedResult = await _pap.TryWriteInstanceRevokeAllPolicyRules(rightsToRevoke, cancellationToken);
List result = TransformInstanceRightListToAppsInstanceDelegationResponseList(revokedResult);
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
index c5c889a2..85cb1bab 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
@@ -124,6 +124,7 @@ private static void ConfigureAppsettings(this WebApplicationBuilder builder)
builder.Services.Configure(config.GetSection("kvSetting"));
builder.Services.Configure(config.GetSection("OidcProviders"));
builder.Services.Configure(config.GetSection("UserProfileLookupSettings"));
+ builder.Services.Configure(config.GetSection("AppsInstanceDelegationSettings"));
}
private static void ConfigureAuthorization(this WebApplicationBuilder builder)
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json
index 17165cb7..5bdb156f 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json
@@ -65,5 +65,8 @@
"RightsDelegationApi": false,
"OpenTelementry": false,
"UseNewQueryRepo": true
+ },
+ "AppsInstanceDelegationSettings": {
+ "MaxPolicyFilesToRevoke": 10
}
}
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs
index d1f45e40..07b9f47c 100644
--- a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs
@@ -125,6 +125,22 @@ public async Task AppsInstanceDelegationController_ValidToken_RevokeAll_OK(strin
AssertionUtil.AssertPagination(expected, actual, AssertionUtil.AssertAppsInstanceRevokeResponseDto);
}
+ [Theory]
+ [MemberData(nameof(TestDataAppsInstanceDelegation.RevokeAllToManyPolicyFiles), MemberType = typeof(TestDataAppsInstanceDelegation))]
+ public async Task AppsInstanceDelegationController_ValidToken_RevokeAll_ToManyPolicyFilesToUpdate(string platformToken, string resourceId, string instanceId, AltinnProblemDetails expected)
+ {
+ var client = GetTestClient(platformToken);
+
+ // Act
+ HttpResponseMessage response = await client.DeleteAsync($"accessmanagement/api/v1/app/delegationrevoke/resource/{resourceId}/instance/{instanceId}");
+
+ // Assert
+ Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+
+ AltinnProblemDetails actual = JsonSerializer.Deserialize(await response.Content.ReadAsStringAsync(), options);
+ TestDataAppsInstanceDelegation.AssertAltinnProblemDetailsEqual(expected, actual);
+ }
+
[Theory]
[MemberData(nameof(TestDataAppsInstanceDelegation.RevokeAllUnathorized), MemberType = typeof(TestDataAppsInstanceDelegation))]
public async Task AppsInstanceDelegationController_NoToken_RevokeAll_Unauthorized(string resourceId, string instanceId)
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs
index d98522e5..08550617 100644
--- a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs
@@ -33,6 +33,8 @@ public static class TestDataAppsInstanceDelegation
private static readonly string RevokeAllInstance = "00000000-0000-0000-0000-000000000010";
+ private static readonly string RevokeAllInstanceToManyPolicyFiles = "00000000-0000-0000-0000-000000000011";
+
///
/// Test case: GET v1/apps/instancedelegation/{resourceId}/{instanceId}/delegationcheck
/// with:
@@ -129,6 +131,16 @@ public static class TestDataAppsInstanceDelegation
}
};
+ public static TheoryData RevokeAllToManyPolicyFiles() => new()
+ {
+ {
+ PrincipalUtil.GetAccessToken("ttd", "am-devtest-instancedelegation"),
+ AppId,
+ RevokeAllInstanceToManyPolicyFiles,
+ GetExpectedResponse("Revoke", AppId, RevokeAllInstanceToManyPolicyFiles)
+ }
+ };
+
public static TheoryData RevokeAllUnathorized() => new()
{
{
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json
new file mode 100644
index 00000000..8f821834
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json
@@ -0,0 +1,16 @@
+{
+ "type": "https://tools.ietf.org/html/rfc9110#section-15.5.1",
+ "title": "Bad Request",
+ "status": 400,
+ "detail": "One or more validation errors occurred.",
+ "code": "STD-00000",
+ "validationErrors": [
+ {
+ "code": "AM.VLD-00005",
+ "detail": "There is to many policy files to update. Must delete individual delegations.",
+ "paths": [
+ "InstanceId"
+ ]
+ }
+ ]
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml
new file mode 100644
index 00000000..248b2d5e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ CE4BA72B-D111-404F-95B5-313FB3847FA1
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml
new file mode 100644
index 00000000..18e99382
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml
@@ -0,0 +1,79 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ sign
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml
new file mode 100644
index 00000000..e2c36dbd
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000014, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000014, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000014
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml
new file mode 100644
index 00000000..a1a56017
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000016, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000016, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000016
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml
new file mode 100644
index 00000000..75bfb0e0
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000018, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000018, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000018
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml
new file mode 100644
index 00000000..6df43440
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000020, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000020, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000020
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml
new file mode 100644
index 00000000..3f370d11
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000022, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000022, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000022
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml
new file mode 100644
index 00000000..0d01d9fd
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000024, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000024, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000024
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml
new file mode 100644
index 00000000..78847ec6
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000026, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000026, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000026
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml
new file mode 100644
index 00000000..248b2d5e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ CE4BA72B-D111-404F-95B5-313FB3847FA1
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml
new file mode 100644
index 00000000..18e99382
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml
@@ -0,0 +1,79 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ sign
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs
index 831581ba..4cb18324 100644
--- a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs
@@ -604,6 +604,19 @@ public Task> GetAllLatestInstanceDelegationChange
result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000012")));
result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000010")));
return Task.FromResult(result);
+ case "00000000-0000-0000-0000-000000000011":
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("CE4BA72B-D111-404F-95B5-313FB3847FA1")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("0268B99A-5817-4BBF-9B62-D90B16D527EA")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000012")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000010")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000014")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000016")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000018")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000020")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000022")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000024")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000026")));
+ return Task.FromResult(result);
default:
return Task.FromResult(result);
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru
index 0f60d6f8..93d85432 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru
@@ -82,7 +82,7 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation ReadSign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke post DelegateReadSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru
index 921aa4d7..72eba42f 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru
@@ -33,7 +33,7 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation ReadSign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke get GetReadSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru
index 864a6549..9b2a6f2a 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru
@@ -64,7 +64,7 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation RevokeRead", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke post RevokeRead", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru
index ebce9fec..49f45ceb 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru
@@ -33,7 +33,7 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation Sign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke get GetSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru
index 7dec4fa7..7f8c4add 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru
@@ -64,7 +64,7 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation RevokeSign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke post RevokeSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru
index 6ee4543e..5a0c4da2 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru
@@ -33,7 +33,7 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation EmptyResponce", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke get GetEmptyResponce", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
new file mode 100644
index 00000000..1e19977e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 1.DelegatePerson1
+ type: http
+ seq: 1
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person1.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post DelegateReadSignPolicy1", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'Incorect fromId');
+ assert.equal(data.to.value, testdata.person1.partyuuid, 'Incorect toId');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'Incorect sign delegation resorceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
new file mode 100644
index 00000000..9f8f9f6d
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 2.DelegatePerson3
+ type: http
+ seq: 2
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post DelegateReadSignPolicy2", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'Incorect fromId');
+ assert.equal(data.to.value, testdata.person3.partyuuid, 'Incorect toId');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'Incorect sign delegation resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
new file mode 100644
index 00000000..1ab2052a
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 3.DelegateOrg3
+ type: http
+ seq: 3
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post DelegateReadSignPolicy3", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.resourceId, resource, 'Incorect resourceId');
+ expect(data.instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'Incorect fromId');
+ assert.equal(data.to.value, testdata.org3.partyuuid, 'Incorect toId');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'Incorect sign delegation resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru
new file mode 100644
index 00000000..dfcca746
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru
@@ -0,0 +1,119 @@
+meta {
+ name: 4.GetAllDelegations
+ type: http
+ seq: 4
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll get GetAllInstanceDelegationsBeforeRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ let toList = [3];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+
+ assert.equal(data.data.length, toList.length, 'expected result contains not expected count of data');
+
+ for(var i = 0; i < toList.length; i++) {
+ assert.equal(data.data[i].resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.data[i].instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'Incorect fromId');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.data[i].rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'Incorect sign delegation resourceId');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ }
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru
new file mode 100644
index 00000000..2f86c6f2
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru
@@ -0,0 +1,119 @@
+meta {
+ name: 5.RevokeAllDelegationsForInstance
+ type: http
+ seq: 5
+}
+
+delete {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegationrevoke/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post RevokeAllDelegationsInstance", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ let toList = [3];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+
+ assert.equal(data.data.length, toList.length, 'expected result contains not expected count of data');
+
+ for(var i = 0; i < toList.length; i++) {
+ assert.equal(data.data[i].resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.data[i].instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'Incorect fromId');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Revoked', 'Incorect read delegation status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.data[i].rights[1].status, 'Revoked', 'Incorect read delegation status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'Incorect read delegation action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+ }
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru
new file mode 100644
index 00000000..03eaf142
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru
@@ -0,0 +1,95 @@
+meta {
+ name: 6.GetAllDelegationsAfterRevoke
+ type: http
+ seq: 6
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll get GetEmtyDelegationsAfterRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.data.length, 0, 'After revoke no rights should remain');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru
index 45985887..262ee9a6 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NoRights", function() {
+ test("InstanceDelegation DelegateDelegaterHasNoRights post InstanceDelegation NoRights", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00004");
- expect(data.validationErrors[0].paths[0]).to.equal("appInstanceDelegationRequest.Resource");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00004', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'appInstanceDelegationRequest.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
new file mode 100644
index 00000000..8539751b
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 1.DelegatePerson1
+ type: http
+ seq: 1
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person1.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile01", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.person1.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru
new file mode 100644
index 00000000..87c43d56
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 10.DelegateOrg10
+ type: http
+ seq: 10
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org10.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile10", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org11.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru
new file mode 100644
index 00000000..922d445f
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 11.DelegateOrg11
+ type: http
+ seq: 11
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org11.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile11", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org11.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru
new file mode 100644
index 00000000..d8e56e69
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru
@@ -0,0 +1,128 @@
+meta {
+ name: 12.GetAllDelegations
+ type: http
+ seq: 12
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallbeyondlimitinstanceid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit get GetBeforeDeniedRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ let toList = [11];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+ toList[3] = testdata.org4.partyuuid;
+ toList[4] = testdata.org5.partyuuid;
+ toList[5] = testdata.org6.partyuuid;
+ toList[6] = testdata.org7.partyuuid;
+ toList[7] = testdata.org8.partyuuid;
+ toList[8] = testdata.org9.partyuuid;
+ toList[9] = testdata.org10.partyuuid;
+ toList[10] = testdata.org11.partyuuid;
+
+ for(var i = 0; i < toList.length; i++) {
+
+ assert.equal(data.data[i].resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.data[i].instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ assert.equal(data.data[i].rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ }
+
+
+
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru
new file mode 100644
index 00000000..91348a9e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru
@@ -0,0 +1,99 @@
+meta {
+ name: 13.RevokeAllDelegationsForInstance
+ type: http
+ seq: 13
+}
+
+delete {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegationrevoke/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit delete RevokeAllDeniedToManyPolicies", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status,400, 'httpstatus is incorect');
+
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
+
+ assert.equal(data.validationErrors[0].code,'AM.VLD-00005', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'InstanceId', 'Incorect path');
+
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru
new file mode 100644
index 00000000..fbd61f71
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru
@@ -0,0 +1,133 @@
+meta {
+ name: 14.GetAllDelegationsAfterRevoke
+ type: http
+ seq: 14
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit get GetBeforeDeniedRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.data.length, 11, 'There is less than eqpected delegations')
+
+ let toList = [11];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+ toList[3] = testdata.org4.partyuuid;
+ toList[4] = testdata.org5.partyuuid;
+ toList[5] = testdata.org6.partyuuid;
+ toList[6] = testdata.org7.partyuuid;
+ toList[7] = testdata.org8.partyuuid;
+ toList[8] = testdata.org9.partyuuid;
+ toList[9] = testdata.org10.partyuuid;
+ toList[10] = testdata.org11.partyuuid;
+
+ for(var i = 0; i < 11; i++)
+ {
+
+ assert.equal(data.data[i].resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.data[i].instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ assert.equal(data.data[i].rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ }
+
+
+
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
new file mode 100644
index 00000000..bc1c8e28
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 2.DelegatePerson3
+ type: http
+ seq: 2
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile02", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.person3.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
new file mode 100644
index 00000000..0deecaa4
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 3.DelegateOrg3
+ type: http
+ seq: 3
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile03", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org3.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru
new file mode 100644
index 00000000..b373c5de
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 3.DelegateOrg4
+ type: http
+ seq: 4
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org4.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile04", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org4.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru
new file mode 100644
index 00000000..0b902d86
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 5.DelegateOrg5
+ type: http
+ seq: 5
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org5.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile05", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org5.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru
new file mode 100644
index 00000000..5d91c6dd
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 6.DelegateOrg6
+ type: http
+ seq: 6
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org6.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile06", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org6.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru
new file mode 100644
index 00000000..b6364db0
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 7.DelegateOrg7
+ type: http
+ seq: 7
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org7.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile07", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org7.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru
new file mode 100644
index 00000000..faddd855
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 8.DelegateOrg8
+ type: http
+ seq: 8
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org8.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile08", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org8.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru
new file mode 100644
index 00000000..8f75c427
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 9.DelegateOrg9
+ type: http
+ seq: 9
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org9.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile09", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org9.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru
index cb1ec2ca..75283440 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NoResource", function() {
+ test("InstanceDelegation DelegateNonExistingResource post DelegateNoResource", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_NonExistingApp";
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status,400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status,400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00002");
- expect(data.validationErrors[0].paths[0]).to.equal("appInstanceDelegationRequest.Resource");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00002', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'appInstanceDelegationRequest.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru
index 096f697a..89333ee0 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NotExistFrom", function() {
+ test("InstanceDelegation DelegateNonExistingFrom post NotExistFrom", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00001");
- expect(data.validationErrors[0].paths[0]).to.equal("From");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00001', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'From', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru
index 57437365..84ab0a2a 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NotExistTo", function() {
+ test("InstanceDelegation DelegateNonExistingTo post NotExistTo", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00001");
- expect(data.validationErrors[0].paths[0]).to.equal("To");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00001', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'To', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru
index d3567897..6c77bec3 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru
@@ -35,18 +35,17 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation NoRihts", function() {
+ test("InstanceDelegation DelegateNonExistingRights get InstanceDelegation NoRights", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + "ttd/authz-bruno-testapp1";
const data = res.getBody();
- expect(res.status).to.equal(400);
+ expect(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ expect(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00004");
- expect(data.validationErrors[0].paths[0]).to.equal("request.Resource");
-
+ expect(data.validationErrors[0].code,'AM.VLD-00004', 'Incorect error code');
+ expect(data.validationErrors[0].paths[0], 'request.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru
index fb058647..eba3185f 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru
@@ -35,18 +35,17 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation NoResource", function() {
+ test("InstanceDelegation GetNonExistingResource get NoResource", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + "authz-bruno-testapp1";
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00002");
- expect(data.validationErrors[0].paths[0]).to.equal("request.Resource");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00002', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'request.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json
index 9702ccb7..093d217f 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json
@@ -2,6 +2,8 @@
"env": "at22",
"app": "authz-bruno-instancedelegation",
"instanceid": "1cc971b6-c518-43ab-9345-21daab7e919e",
+ "revokeallinstanceid": "1646867c-2394-4575-aad3-0507efabe436",
+ "revokeallbeyondlimitinstanceid": "d80b8481-0dfa-4125-ac0b-e33565b5cd74",
"org1": {
"orgno": "310438707",
"partyid": 51350052,
@@ -18,6 +20,42 @@
"orgno": "405002701",
"partyuuid": "60610979-39fe-4997-90da-03069736d75d"
},
+ "org3": {
+ "orgno": "310001406",
+ "partyuuid": "56972f80-d3c1-4461-9cc6-357e98383e55"
+ },
+ "org4": {
+ "orgno": "310014540",
+ "partyuuid": "ede969ef-ca7b-4827-8d56-f1952f89bcda"
+ },
+ "org5": {
+ "orgno": "310014559",
+ "partyuuid": "3324b237-c91f-4f1b-8087-eff11501435f"
+ },
+ "org6": {
+ "orgno": "310014575",
+ "partyuuid": "408d803b-a541-48bf-8867-0b4cd5b5defb"
+ },
+ "org7": {
+ "orgno": "310014613",
+ "partyuuid": "d67a7e17-42cb-488c-8747-ff7a983f064a"
+ },
+ "org8": {
+ "orgno": "310014664",
+ "partyuuid": "3595c0ad-8963-42f0-9d21-5f3ddf9126a3"
+ },
+ "org9": {
+ "orgno": "310014702",
+ "partyuuid": "553700bd-5710-4321-b01e-6612c4446d6a"
+ },
+ "org10": {
+ "orgno": "310014745",
+ "partyuuid": "b9aac0ba-d6e9-4881-8375-a68e1dbe61f6"
+ },
+ "org11": {
+ "orgno": "310014796",
+ "partyuuid": "489c7896-1a96-4389-ba37-400dee571b68"
+ },
"person1": {
"pid": "23862849957",
"userid": 20002641,
@@ -28,5 +66,9 @@
"person2": {
"pid": "29907329133",
"partyuuid": "b35ba3e9-6c73-410c-abd8-4e0205837f88"
+ },
+ "person3": {
+ "pid": "08817498451",
+ "partyuuid": "a80aeedd-cfec-44f2-9761-91409d399900"
}
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json
index 7345aabb..ffd7ffd5 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json
@@ -2,6 +2,7 @@
"env": "tt02",
"app": "authz-bruno-instancedelegation",
"instanceid": "1cc971b6-c518-43ab-9345-21daab7e919e",
+ "revokeallinstanceid": "1646867c-2394-4575-aad3-0507efabe436",
"org1": {
"orgno": "310438707",
"partyid": 51563583,
@@ -18,6 +19,42 @@
"orgno": "405002701",
"partyuuid": "60610979-39fe-4997-90da-03069736d75d"
},
+ "org3": {
+ "orgno": "310001406",
+ "partyuuid": "22d673ed-0703-4eac-8790-fa8601361a35"
+ },
+ "org4": {
+ "orgno": "310014540",
+ "partyuuid": "ee5774c6-f2ee-407f-8685-a8ebbb27768c"
+ },
+ "org5": {
+ "orgno": "310014559",
+ "partyuuid": "412fd60c-80ae-43e1-b4e8-3c4eb572567b"
+ },
+ "org6": {
+ "orgno": "310014575",
+ "partyuuid": "2b59ce5b-e677-4110-94a1-9f65b15e3588"
+ },
+ "org7": {
+ "orgno": "310014613",
+ "partyuuid": "c4ba72b3-502e-4b49-9ca1-4ce5f6f767ef"
+ },
+ "org8": {
+ "orgno": "310014664",
+ "partyuuid": "ae45d226-4499-4ee0-8720-b8e390ffe74c"
+ },
+ "org9": {
+ "orgno": "310014702",
+ "partyuuid": "b9d146d4-e187-4074-8bd2-94d0e243e945"
+ },
+ "org10": {
+ "orgno": "310014745",
+ "partyuuid": "822a516c-1d38-4392-8369-cd6e86c764d1"
+ },
+ "org11": {
+ "orgno": "310014796",
+ "partyuuid": "12512dd4-82a7-4ddd-b202-b0bd3d9dcb2e"
+ },
"person1": {
"pid": "23862849957",
"userid": 91561,
@@ -28,5 +65,9 @@
"person2": {
"pid": "29917329042",
"partyuuid": "b35ba3e9-6c73-410c-abd8-4e0205837f88"
+ },
+ "person3": {
+ "pid": "08817498451",
+ "partyuuid": "dadb268b-f4a0-4ba2-8900-a8420b8f2bf8"
}
}