Include escalate in model

[simen-rekkedal]

Description

Related Issue(s)

• #{issue number}

Verification

• Your code builds clean without any errors or warnings
• Manual testing done (required)
• Relevant automated test added (if you find this hard, leave it and we'll help out)
• All tests run green

Documentation

• User documentation is updated with a separate linked PR in altinn-studio-docs. (if applicable)

Summary by CodeRabbit

Release Notes

• New Features

  • Added pagination support to system request listings, enabling navigation through large result sets using continuation tokens
  • Added escalation tracking to indicate when approval requests have been escalated to another approver

• Chores

  • Upgraded to .NET 10
  • Updated dependencies including Npgsql, Swashbuckle.AspNetCore, and Microsoft.Extensions packages
  • Updated Docker container images to .NET 10

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR migrates the project to .NET 10.0 across all CI/CD workflows, project files, and NuGet dependencies. Additionally, it updates OpenAPI schema filter implementations to use the IOpenApiSchema interface and adds pagination support with a continuation token to request repository methods, along with an Escalated property to track request escalation status.

Changes

Cohort / File(s)	Summary
CI/CD Workflow Updates .github/workflows/build-and-analyze-fork.yml, .github/workflows/build-and-analyze.yml, .github/workflows/codeql-analysis.yml, .github/workflows/publish-jwtcookie-nuget.yml, .github/workflows/scheduled-e2e.yml, .github/workflows/system-integration-tests.yml	Updated dotnet-version environment variable and setup steps from .NET 9.0.x to 10.0.x; one workflow adds 10.0.x alongside 9.0.x; removed 3.1.x where present
Docker & Project Framework Migration Dockerfile, src/Authentication/Altinn.Platform.Authentication.csproj, src/Core/Altinn.Platform.Authentication.Core.csproj, src/Integration/Altinn.Platform.Authentication.Integration.csproj, src/Persistance/Altinn.Platform.Authentication.Persistance.csproj, test/Altinn.Platform.Authentication.SystemIntegrationTests/Altinn.Platform.Authentication.SystemIntegrationTests.csproj, test/Altinn.Platform.Authentication.Tests/Altinn.Platform.Authentication.Tests.csproj	Updated all target frameworks from net9.0 to net10.0; bumped NuGet packages (Swashbuckle.AspNetCore, Npgsql, Microsoft.Extensions.\*); updated Docker base images from .NET 9.0-alpine to 10.0-alpine with new SHA256 digests
OpenAPI Schema Filter Signature Updates src/Authentication/AuthenticationHost.cs, src/Authentication/Model/ClientInfoPaginated.cs, src/Authentication/Model/ItemStream.cs, src/Authentication/Model/ListObject.cs, src/Authentication/Model/Opaque.cs, src/Authentication/Model/Paginated.cs	Updated using directives from Microsoft.OpenApi.Models to Microsoft.OpenApi; changed Apply() method signatures from OpenApiSchema schema to IOpenApiSchema schema; added [ExcludeFromCodeCoverage] attributes and conditional type-checking in Opaque and Paginated filters
Request Pagination & Escalation Feature src/Core/RepositoryInterfaces/IRequestRepository.cs, src/Persistance/RepositoryImplementations/RequestRepository.cs, src/Authentication/Services/RequestSystemUserService.cs, src/Core/Models/SystemUsers/RequestSystemResponse.cs, src/Core/Models/SystemUsers/RequestSystemResponseInternal.cs	Added Guid continueFrom parameter to GetAllRequestsBySystem() and GetAllAgentRequestsBySystem() methods; updated SQL queries to filter and order by ID for pagination; added Escalated property with [JsonPropertyName("escalated")] attribute
Test Updates test/Altinn.Platform.Authentication.SystemIntegrationTests/Resources/Testusers/testusers.tt02.json, test/Altinn.Platform.Authentication.SystemIntegrationTests/Tests/SystemUserTests.cs	Added altinnPartyUuid field to test user data; changed ApproveRequest() method parameter from nullable Testuser? to non-nullable Testuser

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• update to .net10 #1764: Applies identical .NET 10.0 migration updates to project files and package versions, plus the same OpenAPI schema-filter signature changes using IOpenApiSchema and [ExcludeFromCodeCoverage] attributes.
• oppdatert #1720: Modifies src/Persistance/RepositoryImplementations/RequestRepository.cs with related changes to reader-to-model conversion logic and async patterns.

Suggested reviewers

• Alxandr
• TheTechArch

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 73.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Include escalate in model' directly relates to adding the Escalated property to RequestSystemResponseInternal and RequestSystemResponse models.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch include_escalate_in_model

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

test/Altinn.Platform.Authentication.SystemIntegrationTests/Tests/SystemUserTests.cs (1)

498-507: Potential null reference in ApproveSystemUserRequest.

The method accepts Testuser? testuser but accesses testuser.AltinnPartyId on line 501 and passes testuser to ApproveRequest which now requires a non-nullable Testuser. This could cause a NullReferenceException if called with null.

Suggested fix

-    private async Task ApproveSystemUserRequest(Testuser? testuser, string requestId, HttpStatusCode expectedStatusCode = HttpStatusCode.OK)
+    private async Task ApproveSystemUserRequest(Testuser testuser, string requestId, HttpStatusCode expectedStatusCode = HttpStatusCode.OK)
     {
         var approveUrl = Endpoints.ApproveSystemUserRequest.Url()
             .Replace("{party}", testuser.AltinnPartyId)
             .Replace("{requestId}", requestId);

         var approveResponse = await ApproveRequest(approveUrl, testuser);

         Assert.True(approveResponse.StatusCode == expectedStatusCode, $"Approval failed with status code: {approveResponse.StatusCode}");
     }

src/Persistance/RepositoryImplementations/RequestRepository.cs (1)

592-629: Missing ORDER BY clause breaks pagination.

GetAllAgentRequestsBySystem lacks ORDER BY r.id ASC (compare with GetAllRequestsBySystem at line 529). Without deterministic ordering, pagination may return duplicates or skip records.

Fix: Add ORDER BY clause

             FROM business_application.request r
             WHERE r.system_id = `@system_id`
                 and r.id > `@continue_from`
                 and r.is_deleted = false
-                and systemuser_type = `@systemuser_type`;";
+                and systemuser_type = `@systemuser_type`
+            ORDER BY r.id ASC;";

🤖 Fix all issues with AI agents

In @.github/workflows/codeql-analysis.yml:
- Around line 33-37: The workflow is setting actions/setup-dotnet with
dotnet-version: 10.0.x which CodeQL's C#/.NET extractor doesn't support; fix by
either changing the dotnet-version value used by the actions/setup-dotnet step
to a supported SDK like 9.0.x or 8.0.x, or remove/disable the autobuild step and
add explicit build commands (dotnet restore and dotnet build) between the CodeQL
init and analyze steps so the analyzer sees a proper build; update the
actions/setup-dotnet usage or the autobuild/init/analyze sequence accordingly to
ensure CodeQL can build the C# code.

🧹 Nitpick comments (7)

src/Core/Models/SystemUsers/RequestSystemResponseInternal.cs (1)

95-99: Consider adding JsonPropertyName attribute for consistency.

The Escalated property lacks a [JsonPropertyName("escalated")] attribute, while other properties in this class (e.g., Created, ConfirmUrl) and the corresponding RequestSystemResponse model have JSON serialization attributes.

Suggested change

     /// <summary>
     /// Tracks if the original user creating the Request have escalated the Approval of this Request
     /// to somebody else in the organisation with AccessManager (Package:Tilgangsstyring)
     /// </summary>
+    [JsonPropertyName("escalated")]
     public bool Escalated { get; set; }

src/Authentication/Services/RequestSystemUserService.cs (1)

798-804: Duplicate pagination logic could be extracted.

This pagination token handling is identical to lines 766-773 in GetAllRequestsForVendor. Consider extracting a helper method to reduce duplication.

Example helper

private static Guid ExtractContinuationToken(Page<Guid>.Request continueRequest)
{
    if (continueRequest is not null && continueRequest.ContinuationToken != Guid.Empty)
    {
        return continueRequest.ContinuationToken;
    }
    return Guid.Empty;
}

src/Core/RepositoryInterfaces/IRequestRepository.cs (2)

47-53: Documentation incomplete for new parameter.

The XML documentation is missing the <param name="continueFrom"> description for the new pagination parameter.

Suggested documentation

     /// <summary>
     /// Retrieves a list of Status-Response-model for all Requests that the Vendor has
     /// </summary>    
     /// <param name="systemId">The chosen system</param>
+    /// <param name="continueFrom">The continuation token (Guid) for pagination; use Guid.Empty for the first page</param>
     /// <param name="cancellationToken">The cancellationToken</param>
     /// <returns></returns>
     Task<List<RequestSystemResponse>> GetAllRequestsBySystem(string systemId, Guid continueFrom, CancellationToken cancellationToken);

---

55-61: Documentation incomplete for new parameter.

Same as above - missing <param name="continueFrom"> description.

Suggested documentation

     /// <summary>
     /// Retrieves a list of Status-Response-model for all agent Requests that the Vendor has
     /// </summary>    
     /// <param name="systemId">The chosen system</param>
+    /// <param name="continueFrom">The continuation token (Guid) for pagination; use Guid.Empty for the first page</param>
     /// <param name="cancellationToken">The cancellationToken</param>
     /// <returns>list of agent requests for a system the vendor has</returns>
     Task<List<AgentRequestSystemResponse>> GetAllAgentRequestsBySystem(string systemId, Guid continueFrom, CancellationToken cancellationToken);

src/Authentication/Model/ClientInfoPaginated.cs (1)

3-3: Unused import detected.

The using Microsoft.OpenApi; directive does not appear to be used in this file. No types from the OpenAPI namespace are referenced in the visible code.

♻️ Suggested fix

 `#nullable` enable
 using System.Collections.Generic;
-using Microsoft.OpenApi;
 using Swashbuckle.AspNetCore.Annotations;
 using Swashbuckle.AspNetCore.SwaggerGen;

src/Authentication/Model/ItemStream.cs (1)

89-94: Inconsistent schema filter implementation pattern.

This implementation directly accesses schema.Required without type-checking, while Paginated.cs (lines 52-61) and Opaque.cs (lines 218-225) use defensive if (schema is OpenApiSchema openApiSchema) checks before accessing schema properties.

Consider aligning with the defensive pattern used elsewhere for consistency and to guard against potential interface changes:

♻️ Suggested defensive pattern

         public void Apply(IOpenApiSchema schema, SchemaFilterContext context)
         {
-            schema.Required.Add("pageStart");
-            schema.Required.Add("pageEnd");
-            schema.Required.Add("sequenceMax");
+            if (schema is OpenApiSchema openApiSchema)
+            {
+                openApiSchema.Required.Add("pageStart");
+                openApiSchema.Required.Add("pageEnd");
+                openApiSchema.Required.Add("sequenceMax");
+            }
         }

src/Authentication/Model/ListObject.cs (1)

33-39: Inconsistent schema filter implementation pattern.

Same concern as ItemStream.cs — this implementation directly accesses schema.Properties and schema.Required without the defensive type-checking pattern used in Paginated.cs and Opaque.cs.

♻️ Suggested defensive pattern

         public void Apply(IOpenApiSchema schema, SchemaFilterContext context)
         {
-            foreach (var prop in schema.Properties)
+            if (schema is OpenApiSchema openApiSchema)
             {
-                schema.Required.Add(prop.Key);
+                foreach (var prop in openApiSchema.Properties)
+                {
+                    openApiSchema.Required.Add(prop.Key);
+                }
             }
         }

Note: You'll need to add using Microsoft.OpenApi.Models; for OpenApiSchema type access.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for global.json files in the repository
fd -a '^global\.json$' -t f -x cat {}

Repository: Altinn/altinn-authentication

Length of output: 54

---

🏁 Script executed:

# Also check the CodeQL workflow file to understand the full context
cat -n .github/workflows/codeql-analysis.yml | head -50

Repository: Altinn/altinn-authentication

Length of output: 1909

---

🌐 Web query:

CodeQL autobuild .NET 10 support compatibility

💡 Result:

CodeQL’s C#/.NET extractor (and therefore autobuild for C#) is not officially listed as supporting .NET 10 yet. The current “Supported languages and frameworks” table lists .NET 5 through .NET 9 (plus .NET Framework / .NET Core versions), but does not include .NET 10. [1]

In practice, this shows up as autobuild/finalize failures for some .NET 10 setups (for example, a reported failure with .NET 10 RC2 on macOS/Linux where CodeQL reports it “didn’t build any” C# code). [2]

What to do:

• If you need reliability today, build with a supported SDK (e.g., .NET 9 or .NET 8) for the CodeQL job (often by pinning via global.json). [1]
• Or switch to manual build in the CodeQL workflow and run explicit dotnet restore/build/test steps between init and analyze (recommended when autobuild doesn’t correctly detect/build your project). [3]

Sources: [1] [2] [3]

---

CodeQL does not support .NET 10—downgrade SDK or use manual build.

.NET 10 is not officially supported by CodeQL's C#/.NET extractor (supported versions: .NET 5–9). Using dotnet-version: 10.0.x will cause the autobuild step to fail with "didn't build any" C# code errors.

Either:

• Change line 37 to 10.0.x → 9.0.x (or 8.0.x) to use a supported SDK version, or
• Replace the autobuild step with explicit dotnet restore and dotnet build commands between init and analyze

There is no global.json in the repository to override the workflow setting.

🤖 Prompt for AI Agents

In @.github/workflows/codeql-analysis.yml around lines 33 - 37, The workflow is
setting actions/setup-dotnet with dotnet-version: 10.0.x which CodeQL's C#/.NET
extractor doesn't support; fix by either changing the dotnet-version value used
by the actions/setup-dotnet step to a supported SDK like 9.0.x or 8.0.x, or
remove/disable the autobuild step and add explicit build commands (dotnet
restore and dotnet build) between the CodeQL init and analyze steps so the
analyzer sees a proper build; update the actions/setup-dotnet usage or the
autobuild/init/analyze sequence accordingly to ensure CodeQL can build the C#
code.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud