fix subunits for legacy search (#580)

* fix subunits for search * cleanup * add a max depth to sub units in case of malicious data --------- Co-authored-by: Hammerbeck <[email protected]>
Altinn · Jan 9, 2025 · 9e6c94a · 9e6c94a
1 parent 4418f33
commit 9e6c94a
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 15 deletions.
diff --git a/src/Altinn.Correspondence.Application/GetCorespondences/LegacyGetCorrespondencesHandler.cs b/src/Altinn.Correspondence.Application/GetCorespondences/LegacyGetCorrespondencesHandler.cs
@@ -46,7 +46,7 @@ public async Task<OneOf<LegacyGetCorrespondencesResponse, Error>> Process(Legacy
         if (request.InstanceOwnerPartyIdList != null && request.InstanceOwnerPartyIdList.Length > 0)
         {
             var authorizedParties = await altinnAccessManagementService.GetAuthorizedParties(userParty, cancellationToken);
-            var authorizedPartiesDict = authorizedParties.ToDictionary(c => c.PartyId);
+            var authorizedPartiesDict = authorizedParties.ToDictionary(p => p.PartyId, p => p);
             foreach (int instanceOwnerPartyId in request.InstanceOwnerPartyIdList)
             {
                 if (!authorizedPartiesDict.TryGetValue(instanceOwnerPartyId, out var mappedInstanceOwner))

diff --git a/src/Altinn.Correspondence.Core/Models/Entities/PartyWithSubUnits.cs b/src/Altinn.Correspondence.Core/Models/Entities/PartyWithSubUnits.cs
@@ -0,0 +1,10 @@
+namespace Altinn.Correspondence.Core.Models.Entities
+{
+    /// <summary>
+    /// Class representing a party
+    /// </summary>
+    public class PartyWithSubUnits : Party
+    {
+        public List<PartyWithSubUnits> SubUnits { get; set; } = new List<PartyWithSubUnits>();
+    }
+}
diff --git a/src/Altinn.Correspondence.Core/Repositories/IAltinnAccessManangementService.cs b/src/Altinn.Correspondence.Core/Repositories/IAltinnAccessManangementService.cs
@@ -4,5 +4,5 @@ namespace Altinn.Correspondence.Core.Repositories;
 
 public interface IAltinnAccessManagementService
 {
-    Task<List<Party>> GetAuthorizedParties(Party partyToRequestFor, CancellationToken cancellationToken = default);
+    Task<List<PartyWithSubUnits>> GetAuthorizedParties(Party partyToRequestFor, CancellationToken cancellationToken = default);
 }
diff --git a/...n.Correspondence.Integrations/Altinn/AccessManagement/AltinnAccessManagementDevService.cs b/...n.Correspondence.Integrations/Altinn/AccessManagement/AltinnAccessManagementDevService.cs
@@ -8,9 +8,9 @@ namespace Altinn.Correspondence.Integrations.Altinn.AccessManagement;
 public class AltinnAccessManagementDevService : IAltinnAccessManagementService
 {
     private readonly int _digdirPartyId = 50952483;
-    public Task<List<Party>> GetAuthorizedParties(Party partyToRequestFor, CancellationToken cancellationToken = default)
+    public Task<List<PartyWithSubUnits>> GetAuthorizedParties(Party partyToRequestFor, CancellationToken cancellationToken = default)
     {
-        Party party = new()
+        PartyWithSubUnits party = new()
         {
             PartyId = _digdirPartyId,
             OrgNumber = "991825827",
@@ -20,6 +20,6 @@ public Task<List<Party>> GetAuthorizedParties(Party partyToRequestFor, Cancellat
             UnitType = "Virksomhet",
             Name = "Digitaliseringsdirektoratet",
         };
-        return Task.FromResult(new List<Party> { party });
+        return Task.FromResult(new List<PartyWithSubUnits> { party });
     }
 }
diff --git a/...tinn.Correspondence.Integrations/Altinn/AccessManagement/AltinnAccessManagementService.cs b/...tinn.Correspondence.Integrations/Altinn/AccessManagement/AltinnAccessManagementService.cs
@@ -16,6 +16,7 @@ public class AltinnAccessManagementService : IAltinnAccessManagementService
 {
     private readonly HttpClient _httpClient;
     private readonly ILogger<AltinnAccessManagementService> _logger;
+    private readonly int _MAX_DEPTH_FOR_SUBUNITS = 20;
 
     public AltinnAccessManagementService(HttpClient httpClient, IOptions<AltinnOptions> altinnOptions, ILogger<AltinnAccessManagementService> logger)
     {
@@ -24,7 +25,7 @@ public AltinnAccessManagementService(HttpClient httpClient, IOptions<AltinnOptio
         _logger = logger;
     }
 
-    public async Task<List<Party>> GetAuthorizedParties(Party partyToRequestFor, CancellationToken cancellationToken = default)
+    public async Task<List<PartyWithSubUnits>> GetAuthorizedParties(Party partyToRequestFor, CancellationToken cancellationToken = default)
     {
         AuthorizedPartiesRequest request = new(partyToRequestFor);
         JsonSerializerOptions serializerOptions = new()
@@ -45,16 +46,25 @@ public async Task<List<Party>> GetAuthorizedParties(Party partyToRequestFor, Can
             _logger.LogError("Unexpected null or invalid json response from Authorization GetAuthorizedParties.");
             throw new Exception("Unexpected null or invalid json response from Authorization GetAuthorizedParties.");
         }
-
-        return responseContent.Select(p => new Party
+        List<PartyWithSubUnits> parties = new();
+        foreach (var p in responseContent)
         {
-            PartyId = p.partyId,
-            PartyUuid = p.partyUuid,
-            OrgNumber = p.organizationNumber,
-            SSN = p.personId,
-            Resources = p.authorizedResources,
-            PartyTypeName = GetType(p.type)
-        }).ToList();
+            parties.Add(new PartyWithSubUnits
+            {
+                PartyId = p.partyId,
+                PartyUuid = p.partyUuid,
+                OrgNumber = p.organizationNumber,
+                SSN = p.personId,
+                Resources = p.authorizedResources,
+                PartyTypeName = GetType(p.type),
+            });
+            if (p.subunits != null && p.subunits.Count > 0)
+            {
+                parties.AddRange(GetPartiesFromSubunits(p.subunits));
+            }
+        }
+
+        return parties;
     }
     public PartyType GetType(string type)
     {
@@ -66,6 +76,33 @@ public PartyType GetType(string type)
             _ => throw new NotImplementedException()
         };
     }
+    private List<PartyWithSubUnits> GetPartiesFromSubunits(List<AuthroizedPartiesResponse> subunits, int depth = 0)
+    {
+        List<PartyWithSubUnits> parties = new();
+        if (depth > _MAX_DEPTH_FOR_SUBUNITS)
+        {
+            _logger.LogWarning("Max depth for subunits reached. Ignoring further subunits.");
+            return parties;
+        }
+        foreach (var subunit in subunits)
+        {
+            parties.Add(new PartyWithSubUnits
+            {
+
+                PartyId = subunit.partyId,
+                PartyUuid = subunit.partyUuid,
+                OrgNumber = subunit.organizationNumber,
+                SSN = subunit.personId,
+                Resources = subunit.authorizedResources,
+                PartyTypeName = GetType(subunit.type),
+            });
+            if (subunit.subunits != null && subunit.subunits.Count > 0)
+            {
+                parties.AddRange(GetPartiesFromSubunits(subunit.subunits, depth + 1));
+            }
+        }
+        return parties;
+    }
 
     internal sealed class AuthorizedPartiesRequest
     {