Fix IsAccessListModeApplicable Check

#172 Fixed so IsAccessListModeApplicable use the users delegable right model and not the input model for the check Related Work Items: #17
Altinn · Dec 16, 2024 · cd479f9 · cd479f9
1 parent 90f44d7
commit cd479f9
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 2 deletions.
diff --git a/.../Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/SingleRightsService.cs b/.../Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/SingleRightsService.cs
@@ -160,11 +160,12 @@ public async Task<DelegationActionResult> DelegateRights(int authenticatedUserId
             List<Right> rightsUserCantDelegate = new List<Right>();
             foreach (Right rightToDelegate in delegation.Rights)
             {
-                if (usersDelegableRights.Contains(rightToDelegate))
+                Right delegableRight = usersDelegableRights.Find(r => r.RightKey == rightToDelegate.RightKey);
+                if (delegableRight != null)
                 {
                     // If delegable and serviceResource.AccessListMode is enabled, call accessListAuthorizationClient
                     AccessListAuthorizationResult accessListAuthorizationResult = AccessListAuthorizationResult.NotApplicable;
-                    if (DelegationHelper.IsAccessListModeEnabledAndApplicable(rightToDelegate, resource, fromParty))
+                    if (DelegationHelper.IsAccessListModeEnabledAndApplicable(delegableRight, resource, fromParty))
                     {
                         AccessListAuthorizationRequest accessListAuthorizationRequest = new AccessListAuthorizationRequest
                         {

diff --git a/...ion/RightsInternal/accesslist-resource/AccessListDelegation_Dagl_OrgWithPartialAccess.bru b/...ion/RightsInternal/accesslist-resource/AccessListDelegation_Dagl_OrgWithPartialAccess.bru
@@ -0,0 +1,59 @@
+meta {
+  name: AccessListDelegation_Dagl_OrgWithPartialAccess
+  type: http
+  seq: 1
+}
+
+post {
+  url: {{baseUrl}}/accessmanagement/api/v1/internal/{{party}}/rights/delegation/delegationcheck
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "resource": [
+      {
+        "id": "urn:altinn:resource",
+        "value": "{{resource}}"
+      }
+    ]
+  }
+}
+
+script:pre-request {
+  const testdata = require(`./Testdata/accesslist-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+  const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+  bru.setVar("party", testdata.OrdentligUlasteligStruts.partyid);
+  bru.setVar("resource", testdata.resource);
+
+  var getTokenParameters = {
+    auth_tokenType: sharedtestdata.authTokenType.personal,
+    auth_userId: testdata.OrdentligUlasteligStruts.dagl.userid,
+    auth_partyId: testdata.OrdentligUlasteligStruts.dagl.partyid,
+    auth_ssn: testdata.OrdentligUlasteligStruts.dagl.pid
+  }
+
+  const token = await testTokenGenerator.getToken(getTokenParameters);
+  bru.setVar("bearerToken",  token);
+}
+
+tests {
+  // Should be the same as the .bru request file. Used as prefix in test name which also shows in test result in pipeline.
+  const requestName = "AccessListDelegation_Dagl_OrgWithPartialAccess";
+  const body = res.getBody();
+
+  test(requestName + "|HttpStatus.OK", function() {
+    expect(res.status).to.equal(200);
+  });
+
+  test(requestName + "|Read_IsDelegable", function() {
+    const right = body.find(right => right.rightKey === "devtest_gar_bruno_accesslist_actionfilter:read");
+    assert.equal(right.status, "Delegable", `Expected read to be: Delegable`);
+  });
+
+  test(requestName + "|Write_IsNotDelegable", function() {
+    const right = body.find(right => right.rightKey === "devtest_gar_bruno_accesslist_actionfilter:write");
+    assert.equal(right.status, "NotDelegable", `Expected write to be; NotDelegable`);
+  });
+}
diff --git a/...essManagement/test/Bruno/Altinn.AccessManagement/Testdata/accesslist-delegation/at22.json b/...essManagement/test/Bruno/Altinn.AccessManagement/Testdata/accesslist-delegation/at22.json
@@ -0,0 +1,17 @@
+{
+  "env": "at22",
+  "resource": "devtest_gar_bruno_accesslist_actionfilter",
+  "OrdentligUlasteligStruts": {
+    "orgno": "313776735",
+    "name": "ORDENTLIG ULASTELIG STRUTS LTD",
+    "partyid": 51655628,
+    "partyuuid": "5d99cf7c-2cce-42f7-a07b-516e52ece2e9",
+    "dagl": {
+      "pid": "12819498464",
+      "name": "KRAMPE VEIK",
+      "userid": 20012620,
+      "partyid": 50656486,
+      "partyuuid": "a30eea39-348b-444b-9342-8172f756a6f8"
+    }
+  }
+}
diff --git a/...essManagement/test/Bruno/Altinn.AccessManagement/Testdata/accesslist-delegation/tt02.json b/...essManagement/test/Bruno/Altinn.AccessManagement/Testdata/accesslist-delegation/tt02.json
@@ -0,0 +1,17 @@
+{
+  "env": "tt02",
+  "resource": "devtest_gar_bruno_accesslist_actionfilter",
+  "OrdentligUlasteligStruts": {
+    "orgno": "313776735",
+    "name": "ORDENTLIG ULASTELIG STRUTS LTD",
+    "partyid": 51868999,
+    "partyuuid": "e5c0efcd-d806-48de-8476-9feb6a710d4c",
+    "dagl": {
+      "pid": "12819498464",
+      "name": "KRAMPE VEIK",
+      "userid": 1290037,
+      "partyid": 50669264,
+      "partyuuid": "39210c03-09df-4b8c-92a4-b0763e132ba6"
+    }
+  }
+}