Skip to content

Commit

Permalink
remove isRecipient check because user can have delegated permissions (#…
Browse files Browse the repository at this point in the history 
…457)
  • Loading branch information
@CelineTrammi
CelineTrammi authored Nov 7, 2024
1 parent 2c778b7 commit deeb1d9
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 12 deletions.
7 changes: 1 addition & 6 deletions ...ication/DownloadCorrespondenceAttachment/LegacyDownloadCorrespondenceAttachmentHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public async Task<OneOf<DownloadCorrespondenceAttachmentResponse, Error>> Proces
{
return Errors.CouldNotFindOrgNo;
}

// TODO: Authorize party
var correspondence = await _correspondenceRepository.GetCorrespondenceById(request.CorrespondenceId, true, false, cancellationToken);
if (correspondence is null)
{
Expand All @@ -49,11 +49,6 @@ public async Task<OneOf<DownloadCorrespondenceAttachmentResponse, Error>> Proces
{
return Errors.AttachmentNotFound;
}
bool isRecipient = correspondence.Recipient == ("0192:"+party.OrgNumber) || correspondence.Recipient == party.SSN;
if (!isRecipient)
{
return Errors.CorrespondenceNotFound;
}
var latestStatus = correspondence.GetLatestStatus();
if (!latestStatus.Status.IsAvailableForRecipient())
{
Expand Down
3 changes: 2 additions & 1 deletion ...respondence.Application/GetCorrespondenceHistory/LegacyGetCorrespondenceHistoryHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ public async Task<OneOf<LegacyGetCorrespondenceHistoryResponse, Error>> Process(
{
return Errors.CouldNotFindOrgNo;
}
// TODO: Authorize party
var correspondence = await _correspondenceRepository.GetCorrespondenceById(correspondenceId, true, true, cancellationToken);
if (correspondence is null)
{
Expand All @@ -46,7 +47,7 @@ public async Task<OneOf<LegacyGetCorrespondenceHistoryResponse, Error>> Process(
var minimumAuthLevel = await _altinnAuthorizationService.CheckUserAccessAndGetMinimumAuthLevel(correspondence.ResourceId, new List<ResourceAccessLevel> { ResourceAccessLevel.Read }, cancellationToken);
if (minimumAuthLevel is not int authenticationLevel)
{
authenticationLevel = 2;
authenticationLevel = 2; // TODO: Remove when authorization is implemented
// return Errors.LegacyNoAccessToCorrespondence;
}

Expand Down
6 changes: 1 addition & 5 deletions ...ondence.Application/UpdateCorrespondenceStatus/LegacyUpdateCorrespondenceStatusHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,16 +39,12 @@ public async Task<OneOf<Guid, Error>> Process(UpdateCorrespondenceStatusRequest
{
return Errors.CouldNotFindOrgNo;
}
// TODO: Authorize party
var correspondence = await _correspondenceRepository.GetCorrespondenceById(request.CorrespondenceId, true, false, cancellationToken);
if (correspondence == null)
{
return Errors.CorrespondenceNotFound;
}
bool isRecipient = correspondence.Recipient == ("0192:" + party.OrgNumber) || correspondence.Recipient == party.SSN;
if (!isRecipient)
{
return Errors.CorrespondenceNotFound;
}
var currentStatus = correspondence.GetLatestStatus();
if (currentStatus is null)
{
Expand Down

0 comments on commit deeb1d9

Please sign in to comment.