fix: Authorize access to dialog details for any mainresource action

Altinn · Sep 11, 2024 · 2b705c7 · 2b705c7
1 parent ca81e2b
commit 2b705c7
Show file tree

Hide file tree

Showing 9 changed files with 12 additions and 12 deletions.
diff --git a/...ialogporten.Application/Externals/AltinnAuthorization/DialogDetailsAuthorizationResult.cs b/...ialogporten.Application/Externals/AltinnAuthorization/DialogDetailsAuthorizationResult.cs
@@ -9,16 +9,16 @@ public sealed class DialogDetailsAuthorizationResult
     // e.g. urn:altinn:resource:some-other-resource
     public List<AltinnAction> AuthorizedAltinnActions { get; init; } = [];
 
-    public bool HasReadAccessToMainResource() =>
-        AuthorizedAltinnActions.Contains(new(Constants.ReadAction, Constants.MainResource));
+    public bool HasAccessToMainResource() =>
+        AuthorizedAltinnActions.Any(action => action.AuthorizationAttribute == Constants.MainResource);
 
     public bool HasReadAccessToDialogTransmission(string? authorizationAttribute)
     {
         return authorizationAttribute is not null
-            ? ( // Dialog transmissions are authorized by either the read or read action, depending on the authorization attribute type
+            ? ( // Dialog transmissions are authorized by either the read or transmissionRead action, depending on the authorization attribute type
                 // The infrastructure will ensure that the correct action is used, so here we just check for either
                 AuthorizedAltinnActions.Contains(new(Constants.TransmissionReadAction, authorizationAttribute))
                 || AuthorizedAltinnActions.Contains(new(Constants.ReadAction, authorizationAttribute))
-            ) : HasReadAccessToMainResource();
+            ) : HasAccessToMainResource();
     }
 }
diff --git a/...en.Application/Features/V1/EndUser/DialogActivities/Queries/Get/GetDialogActivityQuery.cs b/...en.Application/Features/V1/EndUser/DialogActivities/Queries/Get/GetDialogActivityQuery.cs
@@ -57,7 +57,7 @@ public async Task<GetDialogActivityResult> Handle(GetDialogActivityQuery request
             cancellationToken: cancellationToken);
 
         // If we cannot read the dialog at all, we don't allow access to any of the activity history
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...lication/Features/V1/EndUser/DialogActivities/Queries/Search/SearchDialogActivityQuery.cs b/...lication/Features/V1/EndUser/DialogActivities/Queries/Search/SearchDialogActivityQuery.cs
@@ -51,7 +51,7 @@ public async Task<SearchDialogActivityResult> Handle(SearchDialogActivityQuery r
             cancellationToken: cancellationToken);
 
         // If we cannot read the dialog at all, we don't allow access to any of the activity history
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...orten.Application/Features/V1/EndUser/DialogSeenLogs/Queries/Get/GetDialogSeenLogQuery.cs b/...orten.Application/Features/V1/EndUser/DialogSeenLogs/Queries/Get/GetDialogSeenLogQuery.cs
@@ -61,7 +61,7 @@ public async Task<GetDialogSeenLogResult> Handle(GetDialogSeenLogQuery request,
             cancellationToken: cancellationToken);
 
         // If we cannot read the dialog at all, we don't allow access to the seen log
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...Application/Features/V1/EndUser/DialogSeenLogs/Queries/Search/SearchDialogSeenLogQuery.cs b/...Application/Features/V1/EndUser/DialogSeenLogs/Queries/Search/SearchDialogSeenLogQuery.cs
@@ -59,7 +59,7 @@ public async Task<SearchDialogSeenLogResult> Handle(SearchDialogSeenLogQuery req
             cancellationToken: cancellationToken);
 
         // If we cannot read the dialog at all, we don't allow access to the seen log
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...ication/Features/V1/EndUser/DialogTransmissions/Queries/Get/GetDialogTransmissionQuery.cs b/...ication/Features/V1/EndUser/DialogTransmissions/Queries/Get/GetDialogTransmissionQuery.cs
@@ -62,7 +62,7 @@ public async Task<GetDialogTransmissionResult> Handle(GetDialogTransmissionQuery
             cancellationToken: cancellationToken);
 
         // If we cannot read the dialog at all, we don't allow access to any of the dialog transmissions.
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...n/Features/V1/EndUser/DialogTransmissions/Queries/Search/SearchDialogTransmissionQuery.cs b/...n/Features/V1/EndUser/DialogTransmissions/Queries/Search/SearchDialogTransmissionQuery.cs
@@ -58,7 +58,7 @@ public async Task<SearchDialogTransmissionResult> Handle(SearchDialogTransmissio
             cancellationToken: cancellationToken);
 
         // If we cannot read the dialog at all, we don't allow access to any of the activity history
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...Domain.Dialogporten.Application/Features/V1/EndUser/Dialogs/Queries/Get/GetDialogQuery.cs b/...Domain.Dialogporten.Application/Features/V1/EndUser/Dialogs/Queries/Get/GetDialogQuery.cs
@@ -94,7 +94,7 @@ public async Task<GetDialogResult> Handle(GetDialogQuery request, CancellationTo
             dialog,
             cancellationToken: cancellationToken);
 
-        if (!authorizationResult.HasReadAccessToMainResource())
+        if (!authorizationResult.HasAccessToMainResource())
         {
             return new EntityNotFound<DialogEntity>(request.DialogId);
         }

diff --git a/...n.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Get/GetDialogQuery.cs b/...n.Dialogporten.Application/Features/V1/ServiceOwner/Dialogs/Queries/Get/GetDialogQuery.cs
@@ -103,7 +103,7 @@ public async Task<GetDialogResult> Handle(GetDialogQuery request, CancellationTo
                 request.EndUserId,
                 cancellationToken);
 
-            if (!authorizationResult.HasReadAccessToMainResource())
+            if (!authorizationResult.HasAccessToMainResource())
             {
                 return new EntityNotFound<DialogEntity>(request.DialogId);
             }