-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When using admin-scope, dialog.Org should be set to service resource owner #1409
Comments
…ogs (#1529) ## Description This implements a proper handling of serviceprovider.admin-scope, where the "org"-value for the actual service resource is used instead of always being "digdir". This also maintains the possibility for the admin-scope-wielder to access and update the dialog afterwards. The search-endpoint is however not changed (will only display actually owned dialogs, and requiring search-scope) ## Related Issue(s) - #1409 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes - **New Features** - Added a new property `OwnOrgShortName` to enhance resource information. - Introduced conditional filtering in various query handlers to improve access control based on user roles. - Expanded testing coverage for service owners with admin capabilities. - **Bug Fixes** - Improved error handling for missing organization information in dialog creation. - **Documentation** - Updated test setup to reflect changes in dependencies for dialog creation tests. - **Chores** - Modified API call in tests to retrieve a larger number of dialog items. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description This causes any deserialization exceptions happening when fetching caches to trigger a factory run, instead of bubbling up and hitting the global exception handler. This error was introduced in #1409, which added a non-nullable field to an entity that existed in the distributed cache. ## Related Issue(s) - #1409 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)
Test: Forstår at deler av testen inkluderer "Scopes" som kan angis i "GET EnterpriseToken" |
@elsand det kan hende jeg har testet denne på riktig måte og at den er god, fordi jeg får forventet resultat.
|
Jeg hadde testet feil fordi jeg hadde et script i mellom som oppdaterte scope. Men med "digdir:dialogporten.serviceprovider.admin" som eneste scope så får jeg 403 Forbidden. Hvis jeg legger nevnte scope til blandt de som finnes fungerer det og feilen beskrevet i repro steps oppstår ikke. Det store spørsmålet nå er om det er ment "digdir:dialogporten.serviceprovider.admin" som eneste scope, eller som scope sammen med andre scope? { |
Q: A: |
Test: Denne er fra request som fungerte (er scopet ned men måtte ha med et subscope til på grunn av innholdet): { Dialog "0193d8b3-83fe-72b9-b6c7-a27f9864bf6c" ble oppettet. Denne fikk kallende ServiceOwner sitt "org" og derfor er Test Passed.
|
Description
The admin-scope short circuits the
AuthorizeServiceResources
check, such that the calling system can create dialogs for any service resource. This is meant for othter internal writing Altinn integrations, such as correspondence and the Altinn Storage.The
Org
population is however always performed based on the authenticated user, which causes "Digitaliseringsdirektoratet" to be the sender for all correspondence.Reproduction
digdir:dialogporten.serviceprovider.admin
Expected behavior
The dialog should have the "Org" field set to "ske"
Actual behavior
The dialog has the "Org" field set to "digdir"
Additional information
If there is additional context that is relevant to include.
The text was updated successfully, but these errors were encountered: