just two minor nitpicks #1719
Open
just two minor nitpicks #1719
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
📝 WalkthroughWalkthroughThis pull request refactors error handling in RequestSystemUserController by implementing an early-return pattern for failure cases, and removes commented-out validation code from SystemUserService. No functional behavior changes are introduced. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
src/Authentication/Controllers/RequestSystemUserController.cs (1)
133-140: Early-return on unsuccessful CreateRequest response improves clarityThe new
if (!response.IsSuccess) { return response.Problem.ToActionResult(); }followed by the straight-line success path is clearer and avoids an extra nesting level, while preserving behavior. As a small optional follow-up, you could mirror this pattern inCreateAgentRequestfor stylistic consistency, but it’s not required.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
src/Authentication/Controllers/RequestSystemUserController.cs(3 hunks)src/Authentication/Services/SystemUserService.cs(0 hunks)
💤 Files with no reviewable changes (1)
- src/Authentication/Services/SystemUserService.cs
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: simen-rekkedal
Repo: Altinn/altinn-authentication PR: 1716
File: src/Authentication/AuthenticationHost.cs:247-250
Timestamp: 2025-12-01T09:36:27.308Z
Learning: In the Altinn Authentication project's `src/Authentication/AuthenticationHost.cs`, the configuration keys `PostgreSQLSettings:authenticationDbAdminPwd` and `PostgreSQLSettings:authenticationDbPwd` intentionally use camelCase because they match the key names as stored in Azure Key Vault. This naming should be preserved.
📚 Learning: 2025-11-04T17:38:15.650Z
Learnt from: simen-rekkedal
Repo: Altinn/altinn-authentication PR: 1581
File: src/Authentication/Controllers/RequestSystemUserController.cs:459-485
Timestamp: 2025-11-04T17:38:15.650Z
Learning: In the Altinn Authentication codebase (src/Authentication/Controllers/RequestSystemUserController.cs), party parameter validation for system user request operations is handled by the Policy Enforcement Point (PEP) layer, not at the controller level. Controller methods rely on authorization policies like AuthzConstants.POLICY_ACCESS_MANAGEMENT_WRITE to enforce party-level access control.
Applied to files:
src/Authentication/Controllers/RequestSystemUserController.cs
📚 Learning: 2025-10-27T11:13:45.141Z
Learnt from: TheTechArch
Repo: Altinn/altinn-authentication PR: 1480
File: src/Authentication/Services/UpstreamTokenValidator.cs:0-0
Timestamp: 2025-10-27T11:13:45.141Z
Learning: In Altinn Platform Authentication OIDC implementation (src/Authentication/Services/UpstreamTokenValidator.cs), when validating upstream OIDC tokens, ensure issuer validation is enabled (ValidateIssuer = true with ValidIssuer set to provider.Issuer), nonce validation is performed by comparing token nonce claim against expected value, and audience validation is either enabled for ID tokens or explicitly documented if skipped with security justification.
Applied to files:
src/Authentication/Controllers/RequestSystemUserController.cs
🧬 Code graph analysis (1)
src/Authentication/Controllers/RequestSystemUserController.cs (4)
src/Authentication/Controllers/SystemUserController.cs (1)
OrganisationNumber(529-543)src/Authentication/Controllers/ChangeRequestSystemUserController.cs (1)
OrganisationNumber(182-196)src/Core/Models/Parties/OrganisationNumber.cs (3)
OrganisationNumber(12-47)OrganisationNumber(49-63)OrganisationNumber(65-70)src/Core/Problems/Problem.cs (1)
Problem(8-410)
🔇 Additional comments (1)
src/Authentication/Controllers/RequestSystemUserController.cs (1)
104-107: Vendor org number guard remains correct and consistentThe null/empty
vendorOrgNocheck andVendor_Orgno_NotFoundproblem response are consistent with the rest of this controller’s endpoints and keep the failure path nice and explicit. No issues here.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
Release Notes
Note: These are internal code improvements with no changes to user-facing functionality.
✏️ Tip: You can customize this high-level summary in your review settings.