-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Authorize system user by delegations (#927)
* Added support for system user uuid as xacml request attribute Added support for lookup of delegations using system user uuid Added new request/response integration tests using user uuid (will fail until mocked delegations are updated) * delegation wrapper mock update * - Update AccessManagementWrapper to use the new full DelegationChangeExternal model in order to get all properties correctly from the AccessManagement PIP API - Added integration tests for both Decision and Authorize endpoints for SystemUser with App delegation and Resource delegation * force upgrade of npgsql to 8.0.3 * fix sonar cloud issue --------- Co-authored-by: Jon Kjetil Øye <acn-joye@ai-dev.no>
- Loading branch information
1 parent
5c4e6d9
commit e8284ae
Showing
24 changed files
with
735 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
using System; | ||
using System.Text.Json.Serialization; | ||
using Altinn.Authorization.Enums; | ||
|
||
namespace Altinn.Platform.Authorization.Models | ||
{ | ||
/// <summary> | ||
/// This model describes a delegation change as stored in the Authorization postgre DelegationChanges table. | ||
/// </summary> | ||
public class DelegationChangeExternal | ||
{ | ||
/// <summary> | ||
/// Gets or sets the delegation change id | ||
/// </summary> | ||
[JsonPropertyName("delegationchangeid")] | ||
public int DelegationChangeId { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the resource registry delegation change id | ||
/// </summary> | ||
[JsonPropertyName("resourceregistrydelegationchangeid")] | ||
public int ResourceRegistryDelegationChangeId { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the delegation change type | ||
/// </summary> | ||
[JsonPropertyName("delegationchangetype")] | ||
public DelegationChangeType DelegationChangeType { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the resource id. | ||
/// </summary> | ||
[JsonPropertyName("resourceid")] | ||
public string ResourceId { get; set; } = string.Empty; | ||
|
||
/// <summary> | ||
/// Gets or sets the resourcetype. | ||
/// </summary> | ||
[JsonPropertyName("resourcetype")] | ||
public string ResourceType { get; set; } = string.Empty; | ||
|
||
/// <summary> | ||
/// Gets or sets the offeredbypartyid, refering to the party id of the user or organization offering the delegation. | ||
/// </summary> | ||
[JsonPropertyName("offeredbypartyid")] | ||
public int OfferedByPartyId { get; set; } | ||
|
||
/// <summary> | ||
/// The uuid of the party the right is on behalf of | ||
/// </summary> | ||
[JsonPropertyName("fromuuid")] | ||
public Guid? FromUuid { get; set; } | ||
|
||
/// <summary> | ||
/// The type of party the right is on behalf of (Person, Organization, SystemUser) | ||
/// </summary> | ||
[JsonPropertyName("fromuuidtype")] | ||
public UuidType FromUuidType { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the coveredbypartyid, refering to the party id of the organization having received the delegation. Otherwise Null if the recipient is a user. | ||
/// </summary> | ||
[JsonPropertyName("coveredbypartyid")] | ||
public int? CoveredByPartyId { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the coveredbyuserid, refering to the user id of the user having received the delegation. Otherwise Null if the recipient is an organization. | ||
/// </summary> | ||
[JsonPropertyName("coveredbyuserid")] | ||
public int? CoveredByUserId { get; set; } | ||
|
||
/// <summary> | ||
/// The uuid of the party holding the right | ||
/// </summary> | ||
[JsonPropertyName("touuid")] | ||
public Guid? ToUuid { get; set; } | ||
|
||
/// <summary> | ||
/// The type of party holding the right | ||
/// </summary> | ||
[JsonPropertyName("touuidtype")] | ||
public UuidType ToUuidType { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the user id of the user that performed the delegation change (either added or removed rules to the policy, or deleted it entirely). | ||
/// </summary> | ||
[JsonPropertyName("performedbyuserid")] | ||
public int? PerformedByUserId { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the party id of the user that performed the delegation change (either added or removed rules to the policy, or deleted it entirely). | ||
/// </summary> | ||
[JsonPropertyName("performedbypartyid")] | ||
public int? PerformedByPartyId { get; set; } | ||
|
||
/// <summary> | ||
/// The uuid of the party that performed the delegation | ||
/// </summary> | ||
[JsonPropertyName("performedbyuuid")] | ||
public Guid? PerformedByUuid { get; set; } | ||
|
||
/// <summary> | ||
/// The type of the party that performed the delegation | ||
/// </summary> | ||
[JsonPropertyName("performedbyuuidtype")] | ||
public UuidType PerformedByUuidType { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets blobstoragepolicypath. | ||
/// </summary> | ||
[JsonPropertyName("blobstoragepolicypath")] | ||
public string BlobStoragePolicyPath { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the blobstorage versionid | ||
/// </summary> | ||
[JsonPropertyName("blobstorageversionid")] | ||
public string BlobStorageVersionId { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the created date and timestamp for the delegation change | ||
/// </summary> | ||
[JsonPropertyName("created")] | ||
public DateTime? Created { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
using System.Runtime.Serialization; | ||
using NpgsqlTypes; | ||
|
||
namespace Altinn.Authorization.Enums; | ||
|
||
/// <summary> | ||
/// Enum defining the different uuids used for defining parts in a delegation | ||
/// </summary> | ||
public enum UuidType | ||
{ | ||
/// <summary> | ||
/// Placeholder when type is not specified should only happen when there is no Uuid to match it with | ||
/// </summary> | ||
[EnumMember] | ||
NotSpecified, | ||
|
||
/// <summary> | ||
/// Defining a person this could also be identified with "Fødselsnummer"/"Dnummer" | ||
/// </summary> | ||
[EnumMember(Value = "urn:altinn:person:uuid")] | ||
[PgName("urn:altinn:person:uuid")] | ||
Person, | ||
|
||
/// <summary> | ||
/// Identifies a unit could also be identified with a Organization number | ||
/// </summary> | ||
[EnumMember(Value = "urn:altinn:organization:uuid")] | ||
[PgName("urn:altinn:organization:uuid")] | ||
Organization, | ||
|
||
/// <summary> | ||
/// Identifies a systemuser this is a identifier for machine integration it could also be identified with a unique name | ||
/// </summary> | ||
[EnumMember(Value = "urn:altinn:systemuser:uuid")] | ||
[PgName("urn:altinn:systemuser:uuid")] | ||
SystemUser, | ||
|
||
/// <summary> | ||
/// Identifies a enterpriseuser this is marked as obsolete and is used for existing integration is also identified with an unique username | ||
/// </summary> | ||
[EnumMember(Value = "urn:altinn:enterpriseuser:uuid")] | ||
[PgName("urn:altinn:enterpriseuser:uuid")] | ||
EnterpriseUser | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.