Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Comments

Auth context (copy of #3954)#3981

Open
ivarne wants to merge 2 commits intomain from
auth-context
Open

Auth context (copy of #3954) #3981
ivarne wants to merge 2 commits intomain from
auth-context

Conversation

@ivarne
Copy link
Member

@ivarne ivarne commented Feb 4, 2026
edited by coderabbitai bot
Loading

Copy of #3954 without capital letters in the branch name

Summary by CodeRabbit

Release Notes

  • Enhancements

    • Auth context now accepts custom permission keys beyond predefined options.

  • Bug Fixes

    • Enhanced error reporting with clearer messages for invalid context properties.

  • Tests

    • Expanded test coverage for unknown authentication context scenarios.

ivarne added 2 commits February 2, 2026 10:26 
Previously the only allowed actions were 'instantiate' | 'confirm' | 'sign' | 'reject' | 'read' | 'write' | 'complete'.
Now any action that backend think is relevant for the task (based on proces.pbmn). Unknown actions triggers a warning (even thogh they are on the previously accepted list).
This is a change in behaviour for previously buggy apps that used eg. `["authContext", "reject"]` without specifying `reject` as an action in bpmn. Previously authContext returned false, but now the whole expression fails.
I tested that vsCode understands the trick with `"anyOf": ["enum", "string"]` and provides suggestions from the enum but accept any action.
Copy link
Contributor

coderabbitai bot commented Feb 4, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The changes extend the authContext function to accept custom string values beyond predefined permissions. The JSON schema constraint is relaxed from a fixed enum to an anyOf pattern. The TypeScript implementation is refactored to validate against actual runtime context rather than hardcoded keys, with improved error messaging. Test cases are added and updated to reflect the new behavior.

Changes

Cohort / File(s) Summary
Schema Definition
schemas/json/layout/expression.schema.v1.json		 Updated func-authContext definition items[1] from fixed enum to anyOf pattern, allowing predefined permissions or any custom string value.
Implementation
src/features/expressions/expression-functions.ts		 Refactored authContext function to validate keys against actual context instead of hardcoded map; removed IAuthContext import; enhanced error messages to include task elementId and available keys.
Test Cases
src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json, src/features/expressions/shared-tests/functions/authContext/read-sign.json		 Added new error test case for unknown authContext property and updated existing test with explicit reject permission flag.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2
❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is minimal and incomplete; it lacks detailed explanation of changes, related issue links, and verification/QA checkboxes required by the template. Add a comprehensive description following the template: explain the change in detail, link to issue #3954, and complete the verification checklist sections.
Title check ❓ Inconclusive The title is partially related to the changeset; it refers to the main feature (authContext improvements) but is vague by mentioning it's a copy of another PR without explaining the actual change. Consider using a more descriptive title such as 'Allow arbitrary action strings in authContext expressions' to clearly convey the main change.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch auth-context

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Member Author

ivarne commented Feb 4, 2026

/publish

Copy link
Contributor

github-actions bot commented Feb 4, 2026
edited
Loading

PR release:

  • <link rel="stylesheet" type="text/css" href="https://altinncdn.no/toolkits/altinn-app-frontend/4.25.0-pr.3786.auth-context.9502fcd7/altinn-app-frontend.css">
  • <script src="https://altinncdn.no/toolkits/altinn-app-frontend/4.25.0-pr.3786.auth-context.9502fcd7/altinn-app-frontend.js"></script>

⚙️ Building...
✅ Done!
github-actions[bot] reacted with rocket emoji

@olemartinorg olemartinorg added kind/product-feature Pull requests containing new features backport-ignore This PR is a new feature and should not be cherry-picked onto release branches labels Feb 24, 2026
Copy link
Contributor

@olemartinorg olemartinorg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olemartinorg olemartinorg olemartinorg approved these changes

Assignees

No one assigned

Labels

backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/product-feature Pull requests containing new features

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /