Skip to content

Commit

Permalink
chore: add identity check to policy CompanyUser and ServiceAccount
Browse files Browse the repository at this point in the history 
Refs: CPLP-2863
  • Loading branch information
@Phil91
Phil91 committed Jul 31, 2023
1 parent 2593154 commit 4f0344f
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 23 deletions.
6 changes: 0 additions & 6 deletions src/administration/Administration.Service/Controllers/CompanyDataController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,6 @@ public IAsyncEnumerable<CompanyRoleConsentViewData> GetCompanyRoleAndConsentAgre
/// <response code="409">All agreement need to get signed</response>
[HttpPost]
[Authorize(Roles = "view_company_data")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Route("companyRolesAndConsents")]
[ProducesResponseType(typeof(NoContentResult), StatusCodes.Status204NoContent)]
Expand Down Expand Up @@ -194,7 +193,6 @@ public Task<IEnumerable<SsiCertificateData>> GetSsiCertificationData() =>
/// <response code="200">Returns a collection of certificates.</response>
[HttpGet]
[Authorize(Roles = "request_ssicredential")]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Route("certificateTypes")]
[ProducesResponseType(typeof(IEnumerable<SsiCertificateTransferData>), StatusCodes.Status200OK)]
public IAsyncEnumerable<VerifiedCredentialTypeId> GetCertificateTypes() =>
Expand All @@ -211,7 +209,6 @@ public IAsyncEnumerable<VerifiedCredentialTypeId> GetCertificateTypes() =>
[HttpPost]
[Consumes("multipart/form-data")]
[Authorize(Roles = "request_ssicredential")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Route("useCaseParticipation")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
Expand All @@ -232,7 +229,6 @@ public async Task<NoContentResult> CreateUseCaseParticipation([FromForm] UseCase
[HttpPost]
[Consumes("multipart/form-data")]
[Authorize(Roles = "request_ssicredential")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Route("certificates")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
Expand Down Expand Up @@ -277,7 +273,6 @@ public async Task<NoContentResult> CreateSsiCertificate([FromForm] SsiCertificat
/// <response code="204">Successfully approved the credentials.</response>
[HttpPut]
[Authorize(Roles = "decision_ssicredential")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[Route("credentials/{credentialId}/approval")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
Expand All @@ -296,7 +291,6 @@ public async Task<NoContentResult> ApproveCredential([FromRoute] Guid credential
/// <response code="204">Successfully rejected the credentials.</response>
[HttpPut]
[Authorize(Roles = "decision_ssicredential")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[Route("credentials/{credentialId}/reject")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
Expand Down
5 changes: 0 additions & 5 deletions src/administration/Administration.Service/Controllers/ConnectorsController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,6 @@ public Task<ConnectorData> GetCompanyConnectorByIdForCurrentUserAsync([FromRoute
[Route("")]
[Authorize(Roles = "add_connectors")]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[ProducesResponseType(typeof(Guid), StatusCodes.Status201Created)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status503ServiceUnavailable)]
Expand All @@ -143,7 +142,6 @@ public async Task<CreatedAtRouteResult> CreateConnectorAsync([FromForm] Connecto
[Route("managed")]
[Authorize(Roles = "add_connectors")]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[ProducesResponseType(typeof(Guid), StatusCodes.Status201Created)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status503ServiceUnavailable)]
Expand Down Expand Up @@ -171,7 +169,6 @@ public async Task<CreatedAtRouteResult> CreateManagedConnectorAsync([FromForm] M
[Route("trigger-daps/{connectorId:guid}")]
[Authorize(Roles = "notexistingrole")]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[ProducesResponseType(typeof(bool), StatusCodes.Status200OK)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status404NotFound)]
Expand Down Expand Up @@ -227,7 +224,6 @@ public IAsyncEnumerable<ConnectorEndPointData> GetCompanyConnectorEndPointAsync(
[HttpPost]
[Authorize(Roles = "submit_connector_sd")]
[Route("clearinghouse/selfDescription")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ServiceAccount)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status409Conflict)]
Expand All @@ -254,7 +250,6 @@ public async Task<NoContentResult> ProcessClearinghouseSelfDescription([FromBody
[HttpPut]
[Route("{connectorId:guid}/connectorUrl")]
[Authorize(Roles = "modify_connectors")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand Down
1 change: 0 additions & 1 deletion src/administration/Administration.Service/Controllers/InvitationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ public InvitationController(IInvitationBusinessLogic logic)
/// <response code="409">user is not associated with company.</response>
[HttpPost]
[Authorize(Roles = "invite_new_partner")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand Down
12 changes: 10 additions & 2 deletions src/framework/Framework.Web/StartupServiceExtensions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,16 @@ public static IServiceCollection AddDefaultServices<TProgram>(this IServiceColle
{
options.AddPolicy(PolicyTypes.ValidIdentity, policy => policy.Requirements.Add(new MandatoryGuidClaimRequirement(PortalClaimTypes.IdentityId)));
options.AddPolicy(PolicyTypes.ValidCompany, policy => policy.Requirements.Add(new MandatoryGuidClaimRequirement(PortalClaimTypes.CompanyId)));
options.AddPolicy(PolicyTypes.CompanyUser, policy => policy.Requirements.Add(new MandatoryEnumTypeClaimRequirement(PortalClaimTypes.IdentityType, IdentityTypeId.COMPANY_USER)));
options.AddPolicy(PolicyTypes.ServiceAccount, policy => policy.Requirements.Add(new MandatoryEnumTypeClaimRequirement(PortalClaimTypes.IdentityType, IdentityTypeId.COMPANY_SERVICE_ACCOUNT)));
options.AddPolicy(PolicyTypes.CompanyUser, policy =>
{
policy.Requirements.Add(new MandatoryEnumTypeClaimRequirement(PortalClaimTypes.IdentityType, IdentityTypeId.COMPANY_USER));
policy.Requirements.Add(new MandatoryGuidClaimRequirement(PortalClaimTypes.IdentityId));
});
options.AddPolicy(PolicyTypes.ServiceAccount, policy =>
{
policy.Requirements.Add(new MandatoryEnumTypeClaimRequirement(PortalClaimTypes.IdentityType, IdentityTypeId.COMPANY_SERVICE_ACCOUNT));
policy.Requirements.Add(new MandatoryGuidClaimRequirement(PortalClaimTypes.IdentityId));
});
});

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Expand Down
5 changes: 0 additions & 5 deletions src/marketplace/Apps.Service/Controllers/AppReleaseProcessController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,6 @@ public async Task<NoContentResult> UpdateApp([FromRoute] Guid appId, [FromBody]
[HttpPut]
[Route("updateappdoc/{appId}/documentType/{documentTypeId}/documents")]
[Authorize(Roles = "app_management")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Consumes("multipart/form-data")]
[RequestFormLimits(ValueLengthLimit = 819200, MultipartBodyLengthLimit = 819200)]
Expand Down Expand Up @@ -250,7 +249,6 @@ public IAsyncEnumerable<CompanyUserNameData> GetAppProviderSalesManagerAsync() =
[HttpPost]
[Route("createapp")]
[Authorize(Roles = "add_apps")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[ProducesResponseType(typeof(Guid), StatusCodes.Status201Created)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand All @@ -276,7 +274,6 @@ public async Task<CreatedAtRouteResult> ExecuteAppCreation([FromBody] AppRequest
[HttpPut]
[Route("{appId}")]
[Authorize(Roles = "edit_apps")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand Down Expand Up @@ -342,7 +339,6 @@ public async Task<NoContentResult> SubmitAppReleaseRequest([FromRoute] Guid appI
[HttpPut]
[Route("{appId}/approveApp")]
[Authorize(Roles = "approve_app_release")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status404NotFound)]
Expand Down Expand Up @@ -382,7 +378,6 @@ public Task<PrivacyPolicyData> GetPrivacyPolicyDataAsync() =>
[HttpPut]
[Route("{appId:guid}/declineApp")]
[Authorize(Roles = "decline_app_release")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand Down
4 changes: 0 additions & 4 deletions src/marketplace/Services.Service/Controllers/ServiceReleaseController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,6 @@ public async Task<NoContentResult> DeleteServiceDocumentsAsync([FromRoute] Guid
[HttpPost]
[Route("addservice")]
[Authorize(Roles = "add_service_offering")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[ProducesResponseType(typeof(OfferProviderResponse), StatusCodes.Status201Created)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand Down Expand Up @@ -276,7 +275,6 @@ public async Task<NoContentResult> SubmitService([FromRoute] Guid serviceId)
[HttpPut]
[Route("{serviceId}/approveService")]
[Authorize(Roles = "approve_service_release")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status404NotFound)]
Expand All @@ -303,7 +301,6 @@ public async Task<NoContentResult> ApproveServiceRequest([FromRoute] Guid servic
[HttpPut]
[Route("{serviceId:guid}/declineService")]
[Authorize(Roles = "decline_service_release")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.CompanyUser)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
Expand Down Expand Up @@ -334,7 +331,6 @@ public async Task<NoContentResult> DeclineServiceRequest([FromRoute] Guid servic
[HttpPut]
[Route("updateservicedoc/{serviceId}/documentType/{documentTypeId}/documents")]
[Authorize(Roles = "add_service_offering")]
[Authorize(Policy = PolicyTypes.ValidIdentity)]
[Authorize(Policy = PolicyTypes.ValidCompany)]
[Consumes("multipart/form-data")]
[RequestFormLimits(ValueLengthLimit = 819200, MultipartBodyLengthLimit = 819200)]
Expand Down

0 comments on commit 4f0344f

Please sign in to comment.