resourceadm bugfix: fix import resource identifier validation and ret…

…urn errors (#12466) * bugfix: equality check resource name with exact filename, not filename.Contains new identifier * bugfix: return error code if error happens when importing resource, before trying to import policy file
Altinn · Mar 13, 2024 · 2af8181 · 2af8181
1 parent cd08be4
commit 2af8181
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 14 deletions.
diff --git a/backend/src/Designer/Controllers/ResourceAdminController.cs b/backend/src/Designer/Controllers/ResourceAdminController.cs
@@ -253,7 +253,7 @@ public async Task<ActionResult> UpdateResource(string org, string id, [FromBody]
 
         [HttpPost]
         [Route("designer/api/{org}/resources/addresource")]
-        public async Task<ActionResult<ServiceResource>> AddResource(string org, [FromBody] ServiceResource resource)
+        public async Task<StatusCodeResult> AddResource(string org, [FromBody] ServiceResource resource)
         {
             resource.HasCompetentAuthority = await GetCompetentAuthorityFromOrg(org);
             return _repository.AddServiceResource(org, resource);
@@ -266,7 +266,11 @@ public async Task<ActionResult> ImportResource(string org, string serviceCode, i
             string repository = string.Format("{0}-resources", org);
             ServiceResource resource = await _resourceRegistry.GetServiceResourceFromService(serviceCode, serviceEdition, environment.ToLower());
             resource.Identifier = resourceId;
-            _repository.AddServiceResource(org, resource);
+            StatusCodeResult statusCodeResult = _repository.AddServiceResource(org, resource);
+            if (statusCodeResult.StatusCode != (int)HttpStatusCode.Created)
+            {
+                return statusCodeResult;
+            }
             XacmlPolicy policy = await _resourceRegistry.GetXacmlPolicy(serviceCode, serviceEdition, resource.Identifier, environment.ToLower());
             await _repository.SavePolicy(org, repository, resource.Identifier, policy);
             return Ok(resource);

diff --git a/backend/src/Designer/Services/Implementation/RepositorySI.cs b/backend/src/Designer/Services/Implementation/RepositorySI.cs
@@ -489,15 +489,15 @@ public ActionResult UpdateServiceResource(string org, string id, ServiceResource
             return new StatusCodeResult(403);
         }
 
-        public ActionResult AddServiceResource(string org, ServiceResource newResource)
+        public StatusCodeResult AddServiceResource(string org, ServiceResource newResource)
         {
             try
             {
                 string repository = $"{org}-resources";
                 if (!CheckIfResourceFileAlreadyExists(newResource.Identifier, org, repository))
                 {
                     string repopath = _settings.GetServicePath(org, repository, AuthenticationHelper.GetDeveloperUserName(_httpContextAccessor.HttpContext));
-                    string fullPathOfNewResource = Path.Combine(repopath, newResource.Identifier.AsFileName(), string.Format("{0}_resource.json", newResource.Identifier));
+                    string fullPathOfNewResource = Path.Combine(repopath, newResource.Identifier.AsFileName(), GetResourceFileName(newResource.Identifier));
                     string newResourceJson = System.Text.Json.JsonSerializer.Serialize(newResource, _serializerOptions);
                     Directory.CreateDirectory(Path.Combine(repopath, newResource.Identifier.AsFileName()));
                     File.WriteAllText(fullPathOfNewResource, newResourceJson);
@@ -518,14 +518,7 @@ public ActionResult AddServiceResource(string org, ServiceResource newResource)
         public bool CheckIfResourceFileAlreadyExists(string identifier, string org, string repository)
         {
             List<FileSystemObject> resourceFiles = GetResourceFiles(org, repository);
-            foreach (var _ in from FileSystemObject resourceFile in resourceFiles
-                              where resourceFile.Name.Contains(identifier)
-                              select new { })
-            {
-                return true;
-            }
-
-            return false;
+            return resourceFiles.Any(resourceFile => resourceFile.Name.ToLower().Equals(GetResourceFileName(identifier).ToLower()));
         }
 
         public ServiceResource GetServiceResourceById(string org, string repository, string identifier)
@@ -618,6 +611,11 @@ private List<FileSystemObject> GetResourceFiles(string org, string repository, s
             return resourceFiles;
         }
 
+        private string GetResourceFileName(string identifier)
+        {
+            return string.Format("{0}_resource.json", identifier);
+        }
+
         private FileSystemObject GetFileSystemObjectForFile(string path)
         {
             FileInfo fi = new(path);

diff --git a/backend/src/Designer/Services/Interfaces/IRepository.cs b/backend/src/Designer/Services/Interfaces/IRepository.cs
@@ -124,8 +124,8 @@ public interface IRepository
         /// </summary>
         /// <param name="org">The organisation which owns the repository</param>
         /// <param name="newResource">The new resource that is to be added to the repository</param>
-        /// <returns></returns>
-        ActionResult AddServiceResource(string org, ServiceResource newResource);
+        /// <returns>Status code result of resource creation request: 201 if success, or 409 or 400 on error</returns>
+        StatusCodeResult AddServiceResource(string org, ServiceResource newResource);
 
         /// <summary>
         /// Checks a resource if it has a policy by checking if a policyfile exists in the same folder as the resourcefile.

diff --git a/backend/tests/Designer.Tests/Controllers/ResourceAdminController/ImportResourceTests.cs b/backend/tests/Designer.Tests/Controllers/ResourceAdminController/ImportResourceTests.cs
@@ -6,6 +6,7 @@
 using Altinn.Authorization.ABAC.Xacml;
 using Altinn.Studio.Designer.Models;
 using Designer.Tests.Utils;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Testing;
 using Moq;
 using Xunit;
@@ -34,6 +35,7 @@ public async Task ExportAltinn2Resource()
 
                 XacmlPolicy policy = AuthorizationUtil.ParsePolicy("resource_registry_delegatableapi.xml");
 
+                RepositoryMock.Setup(r => r.AddServiceResource(It.IsAny<string>(), It.IsAny<ServiceResource>())).Returns(new StatusCodeResult(201));
                 ResourceRegistryMock.Setup(r => r.GetServiceResourceFromService(It.IsAny<string>(), It.IsAny<int>(), It.IsAny<string>())).ReturnsAsync(serviceResource);
                 ResourceRegistryMock.Setup(r => r.GetXacmlPolicy(It.IsAny<string>(), It.IsAny<int>(), It.IsAny<string>(), It.IsAny<string>())).ReturnsAsync(policy);