From deeb1d9658a73c3e10a0bf288104893d2c4753cd Mon Sep 17 00:00:00 2001 From: CelineTrammi <61122289+CelineTrammi@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:26:16 +0100 Subject: [PATCH] remove isRecipient check because user can have delegated permissions (#457) --- .../LegacyDownloadCorrespondenceAttachmentHandler.cs | 7 +------ .../LegacyGetCorrespondenceHistoryHandler.cs | 3 ++- .../LegacyUpdateCorrespondenceStatusHandler.cs | 6 +----- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/src/Altinn.Correspondence.Application/DownloadCorrespondenceAttachment/LegacyDownloadCorrespondenceAttachmentHandler.cs b/src/Altinn.Correspondence.Application/DownloadCorrespondenceAttachment/LegacyDownloadCorrespondenceAttachmentHandler.cs index 53635bf6..14187d7d 100644 --- a/src/Altinn.Correspondence.Application/DownloadCorrespondenceAttachment/LegacyDownloadCorrespondenceAttachmentHandler.cs +++ b/src/Altinn.Correspondence.Application/DownloadCorrespondenceAttachment/LegacyDownloadCorrespondenceAttachmentHandler.cs @@ -38,7 +38,7 @@ public async Task> Proces { return Errors.CouldNotFindOrgNo; } - + // TODO: Authorize party var correspondence = await _correspondenceRepository.GetCorrespondenceById(request.CorrespondenceId, true, false, cancellationToken); if (correspondence is null) { @@ -49,11 +49,6 @@ public async Task> Proces { return Errors.AttachmentNotFound; } - bool isRecipient = correspondence.Recipient == ("0192:"+party.OrgNumber) || correspondence.Recipient == party.SSN; - if (!isRecipient) - { - return Errors.CorrespondenceNotFound; - } var latestStatus = correspondence.GetLatestStatus(); if (!latestStatus.Status.IsAvailableForRecipient()) { diff --git a/src/Altinn.Correspondence.Application/GetCorrespondenceHistory/LegacyGetCorrespondenceHistoryHandler.cs b/src/Altinn.Correspondence.Application/GetCorrespondenceHistory/LegacyGetCorrespondenceHistoryHandler.cs index 84636693..1bf26966 100644 --- a/src/Altinn.Correspondence.Application/GetCorrespondenceHistory/LegacyGetCorrespondenceHistoryHandler.cs +++ b/src/Altinn.Correspondence.Application/GetCorrespondenceHistory/LegacyGetCorrespondenceHistoryHandler.cs @@ -33,6 +33,7 @@ public async Task> Process( { return Errors.CouldNotFindOrgNo; } + // TODO: Authorize party var correspondence = await _correspondenceRepository.GetCorrespondenceById(correspondenceId, true, true, cancellationToken); if (correspondence is null) { @@ -46,7 +47,7 @@ public async Task> Process( var minimumAuthLevel = await _altinnAuthorizationService.CheckUserAccessAndGetMinimumAuthLevel(correspondence.ResourceId, new List { ResourceAccessLevel.Read }, cancellationToken); if (minimumAuthLevel is not int authenticationLevel) { - authenticationLevel = 2; + authenticationLevel = 2; // TODO: Remove when authorization is implemented // return Errors.LegacyNoAccessToCorrespondence; } diff --git a/src/Altinn.Correspondence.Application/UpdateCorrespondenceStatus/LegacyUpdateCorrespondenceStatusHandler.cs b/src/Altinn.Correspondence.Application/UpdateCorrespondenceStatus/LegacyUpdateCorrespondenceStatusHandler.cs index 6d14121a..6ff3314b 100644 --- a/src/Altinn.Correspondence.Application/UpdateCorrespondenceStatus/LegacyUpdateCorrespondenceStatusHandler.cs +++ b/src/Altinn.Correspondence.Application/UpdateCorrespondenceStatus/LegacyUpdateCorrespondenceStatusHandler.cs @@ -39,16 +39,12 @@ public async Task> Process(UpdateCorrespondenceStatusRequest { return Errors.CouldNotFindOrgNo; } + // TODO: Authorize party var correspondence = await _correspondenceRepository.GetCorrespondenceById(request.CorrespondenceId, true, false, cancellationToken); if (correspondence == null) { return Errors.CorrespondenceNotFound; } - bool isRecipient = correspondence.Recipient == ("0192:" + party.OrgNumber) || correspondence.Recipient == party.SSN; - if (!isRecipient) - { - return Errors.CorrespondenceNotFound; - } var currentStatus = correspondence.GetLatestStatus(); if (currentStatus is null) {