Add system user to subject category builder for xacml

Altinn · May 28, 2024 · 738f2de · 738f2de
1 parent b94fd24
commit 738f2de
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/DecisionRequestHelper.cs b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/DecisionRequestHelper.cs
@@ -1,5 +1,6 @@
 using Altinn.Authorization.ABAC.Xacml.JsonProfile;
 using System.Security.Claims;
+using System.Text.Json;
 using Digdir.Domain.Dialogporten.Application.Common.Authorization;
 using Digdir.Domain.Dialogporten.Application.Common.Extensions;
 using Digdir.Domain.Dialogporten.Application.Externals.AltinnAuthorization;
@@ -63,9 +64,7 @@ private static List<XacmlJsonCategory> CreateAccessSubjectCategory(IEnumerable<C
                 { Type: PidClaimType } => new XacmlJsonAttribute { AttributeId = NorwegianPersonIdentifier.Prefix, Value = x.Value },
                 { Type: var type } when type.StartsWith(AltinnUrnNsPrefix, StringComparison.Ordinal) => new() { AttributeId = type, Value = x.Value },
                 { Type: ConsumerClaimType } when x.TryGetOrganizationNumber(out var organizationNumber) => new() { AttributeId = NorwegianOrganizationIdentifier.Prefix, Value = organizationNumber },
-                // See question about array in ClaimsPrincipalExtensions.cs line 80
-                // TODO: https://docs.altinn.studio/authentication/systemauthentication/
-                { Type: AltinnAutorizationDetailsClaim } => new() { AttributeId = AttributeIdSystemUser, Value = "some_unique_system_user_id" },
+                { Type: AltinnAutorizationDetailsClaim } => new() { AttributeId = AttributeIdSystemUser, Value = GetSystemUserId(x) },
                 _ => null
             })
             .Where(x => x is not null)
@@ -82,6 +81,13 @@ private static List<XacmlJsonCategory> CreateAccessSubjectCategory(IEnumerable<C
         return [new() { Id = SubjectId, Attribute = attributes }];
     }
 
+    private static string GetSystemUserId(Claim claim)
+    {
+        var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(new[] { claim }));
+        claimsPrincipal.TryGetSystemUserId(out var systemUserId);
+        return systemUserId!;
+    }
+
     private static List<XacmlJsonCategory> CreateActionCategories(
         HashSet<AltinnAction> altinnActions, out Dictionary<string, string> actionIdByName)
     {