#3 Both instance owner identifier header and party id cannot be prese…

…nt at the same time (#385) * Both person header and party id cannot be present at the same time * Fix of logic for instance owner identifier * Test added * Reverted the SQL file change * Update src/Storage/Controllers/InstancesController.cs Co-authored-by: Stephanie Buadu <[email protected]> * Test updated as per message change --------- Co-authored-by: Stephanie Buadu <[email protected]>
Altinn · Apr 22, 2024 · fd0d629 · fd0d629
1 parent 8a8a913
commit fd0d629
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/src/Storage/Controllers/InstancesController.cs b/src/Storage/Controllers/InstancesController.cs
@@ -136,6 +136,11 @@ public async Task<ActionResult<QueryResponse<Instance>>> GetInstances(
             string orgClaim = User.GetOrg();
             int? userId = User.GetUserIdAsInt();
 
+            if (instanceOwnerPartyId.HasValue && !string.IsNullOrEmpty(instanceOwnerIdentifier))
+            {
+                return BadRequest("Both InstanceOwner.PartyId and InstanceOwnerIdentifier cannot be present at the same time.");
+            }
+
             if (orgClaim != null)
             {
                 if (!_authorizationService.UserHasRequiredScope(_generalSettings.InstanceReadScope))

diff --git a/test/UnitTest/TestingControllers/InstancesControllerTests.cs b/test/UnitTest/TestingControllers/InstancesControllerTests.cs
@@ -542,6 +542,32 @@ public async Task GetMany_UserRequestsInstancesNoPartyIdDefinedAndWithPerson_Ret
             registerService.VerifyAll();
         }
 
+        /// <summary>
+        /// Test case: Get Multiple instances with person number and instance owner partyId.
+        /// Expected: Returns status bad request.
+        /// </summary>
+        [Fact]
+        public async Task GetMany_UserRequestsInstancesWithPartyIdDefinedAndWithPerson_ReturnsBadRequest()
+        {
+            // Arrange
+            string requestUri = $"{BasePath}?instanceOwner.partyId=1600";
+            int partyId = 1337;
+            string expected = "Both InstanceOwner.PartyId and InstanceOwnerIdentifier cannot be present at the same time.";
+
+            HttpClient client = GetTestClient();
+            string token = PrincipalUtil.GetToken(3, partyId);
+            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+            client.DefaultRequestHeaders.Add("X-Ai-InstanceOwnerIdentifier", "Person:33312321321");
+
+            // Act
+            HttpResponseMessage response = await client.GetAsync(requestUri);
+            string responseMessage = await response.Content.ReadAsStringAsync();
+
+            // Assert
+            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+            Assert.Contains(expected, responseMessage);
+        }
+
         /// <summary>
         /// Test case: Get Multiple instances with organisation number and without specifying instance owner partyId.
         /// Expected: Returns internal server error.