fx

digdir · Aug 13, 2024 · bb2052b · bb2052b
1 parent e096743
commit bb2052b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/src/Digdir.Domain.Dialogporten.Application/Common/Authorization/Constants.cs b/src/Digdir.Domain.Dialogporten.Application/Common/Authorization/Constants.cs
@@ -7,4 +7,5 @@ public static class Constants
     public const string TransmissionReadAction = "transmissionread";
     public static readonly Uri UnauthorizedUri = new("urn:dialogporten:unauthorized");
     public const string CorrespondenceScope = "digdir:dialogporten.correspondence";
+    public const string ServiceOwnerAdminScope = "digdir:dialogporten.serviceprovider.admin";
 }
diff --git a/src/Digdir.Domain.Dialogporten.Application/Common/IUserResourceRegistry.cs b/src/Digdir.Domain.Dialogporten.Application/Common/IUserResourceRegistry.cs
@@ -12,6 +12,7 @@ public interface IUserResourceRegistry
     Task<IReadOnlyCollection<string>> GetCurrentUserResourceIds(CancellationToken cancellationToken);
     Task<string> GetResourceType(string serviceResourceId, CancellationToken cancellationToken);
     bool UserCanModifyResourceType(string serviceResourceType);
+    bool IsCurrentUserServiceOwnerAdmin();
 }
 
 public class UserResourceRegistry : IUserResourceRegistry
@@ -46,6 +47,8 @@ public Task<string> GetResourceType(string serviceResourceId, CancellationToken
         ResourceRegistry.Constants.Correspondence => _user.GetPrincipal().HasScope(Constants.CorrespondenceScope),
         _ => true
     };
+
+    public bool IsCurrentUserServiceOwnerAdmin() => _user.GetPrincipal().HasScope(Constants.ServiceOwnerAdminScope);
 }
 
 internal sealed class LocalDevelopmentUserResourceRegistryDecorator : IUserResourceRegistry
@@ -67,4 +70,5 @@ public Task<string> GetResourceType(string serviceResourceId, CancellationToken
         Task.FromResult("LocalResourceType");
 
     public bool UserCanModifyResourceType(string serviceResourceType) => true;
+    public bool IsCurrentUserServiceOwnerAdmin() => true;
 }
diff --git a/...orten.Application/Features/V1/ServiceOwner/Dialogs/Commands/Create/CreateDialogCommand.cs b/...orten.Application/Features/V1/ServiceOwner/Dialogs/Commands/Create/CreateDialogCommand.cs
@@ -54,11 +54,14 @@ public CreateDialogCommandHandler(
 
     public async Task<CreateDialogResult> Handle(CreateDialogCommand request, CancellationToken cancellationToken)
     {
-        foreach (var serviceResourceReference in GetServiceResourceReferences(request))
+        if (!_userResourceRegistry.IsCurrentUserServiceOwnerAdmin())
         {
-            if (!await _userResourceRegistry.CurrentUserIsOwner(serviceResourceReference, cancellationToken))
+            foreach (var serviceResourceReference in GetServiceResourceReferences(request))
             {
-                return new Forbidden($"Not allowed to reference {serviceResourceReference}.");
+                if (!await _userResourceRegistry.CurrentUserIsOwner(serviceResourceReference, cancellationToken))
+                {
+                    return new Forbidden($"Not allowed to reference {serviceResourceReference}.");
+                }
             }
         }