refactor: full process in instance

src/App/backend/src/Altinn.App.Api/Controllers/InstancesController.cs

@@ -78,6 +78,7 @@ public class InstancesController : ControllerBase
     private readonly InstanceDataUnitOfWorkInitializer _instanceDataUnitOfWorkInitializer;
     private readonly IAuthenticationContext _authenticationContext;
     private readonly IDataElementAccessChecker _dataElementAccessChecker;
+    private readonly ProcessStateEnricher _processStateEnricher;
     private const long RequestSizeLimit = 2000 * 1024 * 1024;
 
     /// <summary>
@@ -127,6 +128,7 @@ IServiceProvider serviceProvider
         _instanceDataUnitOfWorkInitializer = serviceProvider.GetRequiredService<InstanceDataUnitOfWorkInitializer>();
         _authenticationContext = authenticationContext;
         _dataElementAccessChecker = serviceProvider.GetRequiredService<IDataElementAccessChecker>();
+        _processStateEnricher = serviceProvider.GetRequiredService<ProcessStateEnricher>();
     }
 
     /// <summary>
@@ -202,6 +204,84 @@ await instance.WithOnlyAccessibleDataElements(_dataElementAccessChecker),
         }
     }
 
+    /// <summary>
+    /// Gets an instance object from storage with enriched process state including authorized actions,
+    /// read/write access, element types, and process task metadata.
+    /// </summary>
+    /// <param name="org">unique identifier of the organisation responsible for the app</param>
+    /// <param name="app">application identifier which is unique within an organisation</param>
+    /// <param name="instanceOwnerPartyId">unique id of the party that is the owner of the instance</param>
+    /// <param name="instanceGuid">unique id to identify the instance</param>
+    /// <param name="cancellationToken">cancellation token</param>
+    /// <returns>the instance with enriched process state</returns>
+    [Authorize]
+    [HttpGet("{instanceOwnerPartyId:int}/{instanceGuid:guid}/enriched")]
+    [Produces("application/json")]
+    [ProducesResponseType(typeof(EnrichedInstanceResponse), StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
+    public async Task<ActionResult> GetEnriched(
+        [FromRoute] string org,
+        [FromRoute] string app,
+        [FromRoute] int instanceOwnerPartyId,
+        [FromRoute] Guid instanceGuid,
+        CancellationToken cancellationToken
+    )
+    {
+        EnforcementResult enforcementResult = await AuthorizeAction(
+            org,
+            app,
+            instanceOwnerPartyId,
+            instanceGuid,
+            "read"
+        );
+
+        if (!enforcementResult.Authorized)
+        {
+            return Forbidden(enforcementResult);
+        }
+
+        try
+        {
+            Instance instance = await _instanceClient.GetInstance(
+                app,
+                org,
+                instanceOwnerPartyId,
+                instanceGuid,
+                ct: cancellationToken
+            );
+            SelfLinkHelper.SetInstanceAppSelfLinks(instance, Request);
+
+            string? userOrgClaim = User.GetOrg();
+
+            if (userOrgClaim == null || !org.Equals(userOrgClaim, StringComparison.OrdinalIgnoreCase))
+            {
+                await _instanceClient.UpdateReadStatus(
+                    instanceOwnerPartyId,
+                    instanceGuid,
+                    "read",
+                    ct: cancellationToken
+                );
+            }
+
+            var instanceOwnerPartyTask = _registerClient.GetPartyUnchecked(instanceOwnerPartyId, cancellationToken);
+            var processStateTask = _processStateEnricher.Enrich(instance, instance.Process, User);
+
+            await Task.WhenAll(instanceOwnerPartyTask, processStateTask);
+
+            var dto = EnrichedInstanceResponse.From(
+                await instance.WithOnlyAccessibleDataElements(_dataElementAccessChecker),
+                await instanceOwnerPartyTask,
+                await processStateTask
+            );
+
+            return Ok(dto);
+        }
+        catch (Exception exception)
+        {
+            return ExceptionResponse(exception, $"Get enriched instance {instanceOwnerPartyId}/{instanceGuid} failed");
+        }
+    }
+
     /// <summary>
     /// Creates a new instance of an application in platform storage. Clients can send an instance as json or send a
     /// multipart form-data with the instance in the first part named "instance" and the prefill data in the next parts, with

src/App/backend/src/Altinn.App.Api/Controllers/ProcessController.cs

@@ -7,16 +7,13 @@
 using Altinn.App.Core.Internal.Data;
 using Altinn.App.Core.Internal.Instances;
 using Altinn.App.Core.Internal.Process;
-using Altinn.App.Core.Internal.Process.Elements;
-using Altinn.App.Core.Internal.Process.Elements.AltinnExtensionProperties;
 using Altinn.App.Core.Internal.Validation;
 using Altinn.App.Core.Models.Process;
 using Altinn.App.Core.Models.Validation;
 using Altinn.Platform.Storage.Interface.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using AppProcessState = Altinn.App.Core.Internal.Process.Elements.AppProcessState;
-using IAuthorizationService = Altinn.App.Core.Internal.Auth.IAuthorizationService;
 
 namespace Altinn.App.Api.Controllers;
 
@@ -34,12 +31,12 @@ public class ProcessController : ControllerBase
     private readonly ILogger<ProcessController> _logger;
     private readonly IInstanceClient _instanceClient;
     private readonly IProcessClient _processClient;
-    private readonly IAuthorizationService _authorization;
     private readonly IProcessEngine _processEngine;
     private readonly IProcessReader _processReader;
     private readonly IProcessEngineAuthorizer _processEngineAuthorizer;
     private readonly IValidationService _validationService;
     private readonly InstanceDataUnitOfWorkInitializer _instanceDataUnitOfWorkInitializer;
+    private readonly ProcessStateEnricher _processStateEnricher;
 
     /// <summary>
     /// Initializes a new instance of the <see cref="ProcessController"/>
@@ -49,22 +46,22 @@ public ProcessController(
         IInstanceClient instanceClient,
         IProcessClient processClient,
         IValidationService validationService,
-        IAuthorizationService authorization,
         IProcessReader processReader,
         IProcessEngine processEngine,
         IServiceProvider serviceProvider,
-        IProcessEngineAuthorizer processEngineAuthorizer
+        IProcessEngineAuthorizer processEngineAuthorizer,
+        ProcessStateEnricher processStateEnricher
     )
     {
         _logger = logger;
         _instanceClient = instanceClient;
         _processClient = processClient;
-        _authorization = authorization;
         _processReader = processReader;
         _processEngine = processEngine;
         _processEngineAuthorizer = processEngineAuthorizer;
         _validationService = validationService;
         _instanceDataUnitOfWorkInitializer = serviceProvider.GetRequiredService<InstanceDataUnitOfWorkInitializer>();
+        _processStateEnricher = processStateEnricher;
     }
 
     /// <summary>
@@ -96,7 +93,7 @@ [FromRoute] Guid instanceGuid
                 authenticationMethod: null,
                 CancellationToken.None
             );
-            AppProcessState appProcessState = await ConvertAndAuthorizeActions(instance, instance.Process);
+            AppProcessState appProcessState = await _processStateEnricher.Enrich(instance, instance.Process, User);
 
             return Ok(appProcessState);
         }
@@ -163,9 +160,10 @@ public async Task<ActionResult<AppProcessState>> StartProcess(
 
             await _processEngine.HandleEventsAndUpdateStorage(instance, null, result.ProcessStateChange?.Events);
 
-            AppProcessState appProcessState = await ConvertAndAuthorizeActions(
+            AppProcessState appProcessState = await _processStateEnricher.Enrich(
                 instance,
-                result.ProcessStateChange?.NewProcessState
+                result.ProcessStateChange?.NewProcessState,
+                User
             );
             return Ok(appProcessState);
         }
@@ -312,9 +310,10 @@ public async Task<ActionResult<AppProcessState>> NextElement(
                 return GetResultForError(result);
             }
 
-            AppProcessState appProcessState = await ConvertAndAuthorizeActions(
+            AppProcessState appProcessState = await _processStateEnricher.Enrich(
                 instance,
-                result.ProcessStateChange.NewProcessState
+                result.ProcessStateChange.NewProcessState,
+                User
             );
 
             return Ok(appProcessState);
@@ -454,7 +453,7 @@ instance.Process.EndEvent is null
             );
         }
 
-        AppProcessState appProcessState = await ConvertAndAuthorizeActions(instance, instance.Process);
+        AppProcessState appProcessState = await _processStateEnricher.Enrich(instance, instance.Process, User);
         return Ok(appProcessState);
     }
 
@@ -498,48 +497,6 @@ await _processClient.GetProcessHistory(
         }
     }
 
-    private async Task<AppProcessState> ConvertAndAuthorizeActions(Instance instance, ProcessState? processState)
-    {
-        AppProcessState appProcessState = new AppProcessState(processState);
-        if (appProcessState.CurrentTask?.ElementId != null)
-        {
-            var flowElement = _processReader.GetFlowElement(appProcessState.CurrentTask.ElementId);
-            if (flowElement is ProcessTask processTask)
-            {
-                appProcessState.CurrentTask.Actions = new Dictionary<string, bool>();
-                List<AltinnAction> actions = new List<AltinnAction>() { new("read"), new("write") };
-                actions.AddRange(
-                    processTask.ExtensionElements?.TaskExtension?.AltinnActions ?? new List<AltinnAction>()
-                );
-                var authDecisions = await AuthorizeActions(actions, instance);
-                appProcessState.CurrentTask.Actions = authDecisions
-                    .Where(a => a.ActionType == ActionType.ProcessAction)
-                    .ToDictionary(a => a.Id, a => a.Authorized);
-                appProcessState.CurrentTask.HasReadAccess = authDecisions.Single(a => a.Id == "read").Authorized;
-                appProcessState.CurrentTask.HasWriteAccess = authDecisions.Single(a => a.Id == "write").Authorized;
-                appProcessState.CurrentTask.UserActions = authDecisions;
-                appProcessState.CurrentTask.ElementType = flowElement.ElementType();
-            }
-        }
-
-        var processTasks = new List<AppProcessTaskTypeInfo>();
-        foreach (ProcessTask processElement in _processReader.GetAllFlowElements().OfType<ProcessTask>())
-        {
-            processTasks.Add(
-                new AppProcessTaskTypeInfo
-                {
-                    ElementId = processElement.Id,
-                    ElementType = processElement.ElementType(),
-                    AltinnTaskType = processElement.ExtensionElements?.TaskExtension?.TaskType,
-                }
-            );
-        }
-
-        appProcessState.ProcessTasks = processTasks;
-
-        return appProcessState;
-    }
-
     private ActionResult<AppProcessState> GetResultForError(ProcessChangeResult result)
     {
         switch (result.ErrorType)
@@ -676,11 +633,6 @@ private ObjectResult ExceptionResponse(Exception exception, string message)
         return null;
     }
 
-    private async Task<List<UserAction>> AuthorizeActions(List<AltinnAction> actions, Instance instance)
-    {
-        return await _authorization.AuthorizeActions(instance, HttpContext.User, actions);
-    }
-
     private ActionResult HandlePlatformHttpException(PlatformHttpException e, string defaultMessage)
     {
         if (e.Response.StatusCode == HttpStatusCode.Forbidden)