-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend authorized parties with instance delegations #856
base: main
Are you sure you want to change the base?
Changes from 15 commits
35577ab
a1382a0
528cfff
daff182
c7daa54
929228b
ebbaf08
e585ce8
9a9840a
a1699a9
6ff5fc2
cca465a
102c559
d25262d
85b5c5d
51a5f5d
30429b8
c098ecf
dbc99ff
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -164,10 +164,18 @@ | |
return await Task.FromResult(new List<AuthorizedParty>()); | ||
} | ||
|
||
private async Task<List<InstanceDelegationChange>> GetInstanceDelegations(int subjectUserId, List<int> subjectPartyIds, CancellationToken cancellationToken) | ||
{ | ||
var userId = subjectUserId != 0 ? subjectUserId.SingleToList() : []; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Det blir vel feil å legge inn en userid i en liste over partyids siden disse ikke brukes likt og ikke har samme verdi en user har en party id men den er ikke lik userid There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. jaja, var en god del issues med denne logikken. Har skrevet den om nå, ble ganske feil. |
||
userId.AddRange(subjectPartyIds); | ||
var parties = await _contextRetrievalService.GetPartiesAsync(userId, false, cancellationToken); | ||
return await _delegations.GetAllCurrentReceivedInstanceDelegations(parties.Select(p => (Guid)p.PartyUuid).ToList(), cancellationToken); | ||
} | ||
|
||
private async Task<List<AuthorizedParty>> BuildAuthorizedParties(int subjectUserId, List<int> subjectPartyIds, bool includeAltinn2AuthorizedParties, bool includeResourcesThroughRoles, CancellationToken cancellationToken) | ||
{ | ||
List<AuthorizedParty> result = new(); | ||
List<AuthorizedParty> a3AuthParties = new(); | ||
List<AuthorizedParty> result = []; | ||
List<AuthorizedParty> a3AuthParties = []; | ||
SortedDictionary<int, AuthorizedParty> authorizedPartyDict = []; | ||
|
||
if ((includeAltinn2AuthorizedParties || includeResourcesThroughRoles) && subjectUserId != 0) | ||
|
@@ -285,6 +293,30 @@ | |
authorizedParty.EnrichWithResourceAccess(delegation.ResourceId); | ||
} | ||
|
||
var instanceDelegations = await GetInstanceDelegations(subjectUserId, subjectPartyIds, cancellationToken); | ||
var instanceParties = await _contextRetrievalService.GetPartiesByUuids(instanceDelegations.Select(i => i.FromUuid), false, cancellationToken); | ||
foreach (var delegation in instanceDelegations) | ||
{ | ||
if (instanceParties.TryGetValue(delegation.FromUuid.ToString(), out var instanceParty)) | ||
{ | ||
throw new UnreachableException($"Get AuthorizedParties failed to lookup party with uuid {delegation.FromUuid} while building instance delegations list"); | ||
} | ||
|
||
if (authorizedPartyDict.TryGetValue(instanceParty.PartyId, out var authorizedParty)) | ||
{ | ||
continue; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Vil ikke denne continue blokken medføre at bare nye partyid får lagt til nye instanser om du har flere instanser så er det bare den første som blir lagt til og dersom du har en annen tilgang så blir ingen instanser lagt til siden den allerede ligger i dictionarien. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. mm, har skrevet om logikken her. |
||
} | ||
|
||
authorizedParty = new AuthorizedParty(instanceParty); | ||
authorizedParty.AuthorizedInstances.Add(new() | ||
{ | ||
InstanceId = delegation.InstanceId, | ||
ResourceId = delegation.ResourceId, | ||
}); | ||
authorizedPartyDict.Add(authorizedParty.PartyId, authorizedParty); | ||
a3AuthParties.Add(authorizedParty); | ||
} | ||
|
||
result.AddRange(a3AuthParties); | ||
return result; | ||
} | ||
|
@@ -305,4 +337,4 @@ | |
} | ||
} | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,7 +42,7 @@ public DelegationMetadataRepo(NpgsqlDataSource conn) | |
public async Task<List<DelegationChange>> GetAllAppDelegationChanges(string altinnAppId, int offeredByPartyId, int? coveredByPartyId, int? coveredByUserId, CancellationToken cancellationToken = default) | ||
{ | ||
using var activity = TelemetryConfig.ActivitySource.StartActivity(ActivityKind.Client); | ||
|
||
if (coveredByUserId == null && coveredByPartyId == null) | ||
{ | ||
activity?.StopWithError(new ArgumentException($"Both params: {nameof(coveredByUserId)}, {nameof(coveredByPartyId)} cannot be null.")); | ||
|
@@ -60,7 +60,7 @@ FROM delegation.delegationChanges | |
AND coveredByPartyId = @coveredByPartyId | ||
"; | ||
} | ||
|
||
if (coveredByUserId != null) | ||
{ | ||
query = /*strpsql*/@$" | ||
|
@@ -335,6 +335,56 @@ public async Task<DelegationChange> InsertDelegation(ResourceAttributeMatchType | |
return await InsertResourceRegistryDelegation(delegationChange, cancellationToken); | ||
} | ||
|
||
/// <summary> | ||
/// Fetches all instance delegated to given param | ||
/// </summary> | ||
/// <param name="toUuid">list of parties that has received an instance delegation</param> | ||
/// <param name="cancellationToken">cancellation token</param> | ||
/// <returns></returns> | ||
public async Task<List<InstanceDelegationChange>> GetAllCurrentReceivedInstanceDelegations(List<Guid> toUuid, CancellationToken cancellationToken = default) | ||
{ | ||
using var activity = TelemetryConfig.ActivitySource.StartActivity(ActivityKind.Client); | ||
|
||
var query = /*strpsql*/ @" | ||
SELECT | ||
instancedelegationchangeid | ||
,delegationchangetype | ||
,instanceDelegationMode | ||
,resourceid | ||
,instanceid | ||
,fromuuid | ||
,fromtype | ||
,touuid | ||
,totype | ||
,performedby | ||
,performedbytype | ||
,blobstoragepolicypath | ||
,blobstorageversionid | ||
,created | ||
FROM | ||
delegation.instancedelegationchanges | ||
AND delegationchangetype != 'revoke_last' | ||
WHERE | ||
touuid = ANY(@toUuid) | ||
GROUP BY | ||
resourceid, touuid, fromuuid; | ||
andreasisnes marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Samme som JK dersom du ikke har instanceId i group by så vil den slå sammen alle instansene desuten er det vel ikke mulig å bruke en group by og hente ut alle kolonner for de kolenne som ikke er grupert på vil kunne være mange verdier så de må ha en agregate funksjon for å finne hvilken som skal brukes. Jeg ville brukt Common table expression her og grupere på de dataene som var viktige og så hente ut max(instancedelegationchangeid) og deretter joine med denne common table expressionen med tabellen på nytt med id som match så ville jeg få ut alle siste endringer. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. stemmer, templating før jeg fikk testet spørringen. Endret på spørringen nu |
||
"; | ||
|
||
try | ||
{ | ||
await using var cmd = _conn.CreateCommand(query); | ||
cmd.Parameters.AddWithValue("toUuid", NpgsqlDbType.Array | NpgsqlDbType.Uuid, toUuid); | ||
return await cmd.ExecuteEnumerableAsync(cancellationToken) | ||
.SelectAwait(GetInstanceDelegationChange) | ||
.ToListAsync(cancellationToken); | ||
} | ||
catch (Exception ex) | ||
{ | ||
activity?.StopWithError(ex); | ||
throw; | ||
} | ||
} | ||
|
||
/// <inheritdoc /> | ||
public async Task<InstanceDelegationChange> GetLastInstanceDelegationChange(InstanceDelegationChangeRequest request, CancellationToken cancellationToken = default) | ||
{ | ||
|
@@ -515,15 +565,15 @@ LatestChanges lc | |
|
||
return await cmd.ExecuteEnumerableAsync(cancellationToken) | ||
.SelectAwait(GetInstanceDelegationChange) | ||
.ToListAsync(cancellationToken); | ||
.ToListAsync(cancellationToken); | ||
} | ||
catch (Exception ex) | ||
{ | ||
activity?.StopWithError(ex); | ||
throw; | ||
} | ||
} | ||
|
||
private static async ValueTask<InstanceDelegationChange> GetInstanceDelegationChange(NpgsqlDataReader reader) | ||
{ | ||
using var activity = TelemetryConfig.ActivitySource.StartActivity(); | ||
|
@@ -682,7 +732,7 @@ FROM insertAction AS ins | |
} | ||
} | ||
|
||
private async Task<DelegationChange> GetCurrentResourceRegistryDelegation(string resourceId, int offeredByPartyId, int? coveredByPartyId, int? coveredByUserId, Guid? toUuid, UuidType toUuidType, CancellationToken cancellationToken = default) | ||
private async Task<DelegationChange> GetCurrentResourceRegistryDelegation(string resourceId, int offeredByPartyId, int? coveredByPartyId, int? coveredByUserId, Guid? toUuid, UuidType toUuidType, CancellationToken cancellationToken = default) | ||
{ | ||
using var activity = TelemetryConfig.ActivitySource.StartActivity(ActivityKind.Client); | ||
|
||
|
@@ -754,7 +804,7 @@ ORDER BY resourceRegistryDelegationChangeId DESC LIMIT 1 | |
cmd.Parameters.AddWithNullableValue("coveredByUserId", NpgsqlDbType.Integer, coveredByUserId); | ||
cmd.Parameters.AddWithNullableValue(ToUuid, NpgsqlDbType.Uuid, toUuid); | ||
cmd.Parameters.AddWithValue(ToType, toUuidType); | ||
|
||
await using var reader = await cmd.ExecuteReaderAsync(cancellationToken); | ||
if (await reader.ReadAsync(cancellationToken)) | ||
{ | ||
|
@@ -980,7 +1030,7 @@ FROM delegation.ResourceRegistryDelegationChanges AS rrdc | |
INNER JOIN res ON rrdc.resourceId_fk = res.resourceid | ||
WHERE coveredByPartyId = ANY (@coveredByPartyIds) | ||
"; | ||
|
||
if (offeredByPartyIds != null && offeredByPartyIds.Count > 0) | ||
{ | ||
query += /*strpsql*/@" | ||
|
@@ -1020,7 +1070,7 @@ FROM delegation.ResourceRegistryDelegationChanges AS rr | |
public async Task<List<DelegationChange>> GetReceivedResourceRegistryDelegationsForCoveredByUser(int coveredByUserId, List<int> offeredByPartyIds, List<string> resourceRegistryIds = null, List<ResourceType> resourceTypes = null, CancellationToken cancellationToken = default) | ||
{ | ||
using var activity = TelemetryConfig.ActivitySource.StartActivity(ActivityKind.Client); | ||
|
||
if (coveredByUserId < 1) | ||
{ | ||
throw new ArgumentException("CoveredByUserId is required"); | ||
|
@@ -1118,7 +1168,7 @@ accessmanagement.Resource AS R | |
AND offeredByPartyId = @offeredByPartyId"; | ||
} | ||
|
||
if (coveredByPartyId > 0) | ||
if (coveredByPartyId > 0) | ||
{ | ||
query += /*strpsql*/@" | ||
AND coveredByPartyId = @coveredByPartyId"; | ||
|
@@ -1271,7 +1321,7 @@ public async Task<List<DelegationChange>> GetAllDelegationChangesForAuthorizedPa | |
|
||
if (coveredByUserIds == null && coveredByPartyIds == null) | ||
{ | ||
return new List<DelegationChange>(); | ||
return []; | ||
} | ||
|
||
const string query = /*strpsql*/@" | ||
|
@@ -1427,4 +1477,4 @@ private static async ValueTask<DelegationChange> GetResourceRegistryDelegationCh | |
} | ||
} | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Burde ikke denne hete noe med Instance for ikke å blande den med AuthorizedResources som er av type string
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mm, skal rename den
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blir kanskje ikke så synelig i File Changes PRen. Men klassen er definert inne i klassen AuthorizedParty. Så for å referere til klassen Resource utenfor klassen AuthorizedParty så må man bruke AuthorizedParty.Resource. Uansett, så endret jeg navnet til AuthorizedResource. Så det blir nå AuthorizedParty.AuthorizedResource.