Allow any action to be checked with ["authContext"] expression

[ivarne]

Previously the only allowed actions were 'instantiate' | 'confirm' | 'sign' | 'reject' | 'read' | 'write' | 'complete'.

Now any action that backend think is relevant for the task (based on proces.pbmn). Unknown actions triggers a warning (even thogh they are on the previously accepted list).

This is a change in behaviour for previously buggy apps that used eg. ["authContext", "reject"] without specifying reject as an action in bpmn. Previously authContext returned false, but now the whole expression fails.

I tested that vsCode understands the trick with "anyOf": ["enum", "string"] and provides suggestions from the enum but accept any action.

Verification/QA

• Manual functionality testing
  • I have tested these changes manually
  • Creator of the original issue (or service owner) has been contacted for manual testing (or will be contacted when released in alpha)
  • No testing done/necessary
• Automated tests
  • Unit test(s) have been added/updated
  • Cypress E2E test(s) have been added/updated
  • No automatic tests are needed here (no functional changes/additions)
  • I want someone to help me make some tests
• UU/WCAG (follow these guidelines until we have our own)
  • I have tested with a screen reader/keyboard navigation/automated wcag validator
  • No testing done/necessary (no DOM/visual changes)
  • I want someone to help me perform accessibility testing
• User documentation @ altinn-studio-docs
  • Has been added/updated
  • No functionality has been changed/added, so no documentation is needed
  • I will do that later/have created an issue
• Support in Altinn Studio
  • Issue(s) created for support in Studio
  • This change/feature does not require any changes to Altinn Studio
• Sprint board
  • The original issue (or this PR itself) has been added to the Team Apps project and to the current sprint board
  • I don't have permissions to do that, please help me out
• Labels
  • I have added a kind/* and backport* label to this PR for proper release notes grouping
  • I don't have permissions to add labels, please help me out

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Authorization validation now provides clearer, more descriptive error messages when unknown or invalid actions are referenced
  • Enhanced feedback displays available authorization options and current task context
• Tests
  • Expanded test coverage for authorization scenarios, including handling of unknown actions and support for additional permission types

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request broadens the authContext function schema to accept arbitrary string values alongside predefined enum values, updates the runtime implementation to perform dynamic validation against available context keys, and adds test fixtures covering unknown action scenarios and new permission flags.

Changes

Cohort / File(s)	Summary
Schema Definition schemas/json/layout/expression.schema.v1.json	Broadened the second parameter in func-authContext from a fixed enum to anyOf pattern, allowing either predefined enum values or arbitrary strings. Enables non-enumerated values while maintaining backward compatibility.
Implementation src/features/expressions/expression-functions.ts	Refactored authContext function to accept any non-null string key and perform runtime lookup against dynamic auth context instead of static validation. Updated error messaging to reference available keys and removed hard-coded key map validation.
Test Fixtures src/features/expressions/shared-tests/functions/authContext/error-unknown-action.json, read-sign.json	Added new test fixture for unknown action error case; augmented existing test with additional "reject" action flag in permissions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the main change: expanding authContext expression to accept any action instead of a fixed set, which aligns with all the modifications across the schema, implementation, and tests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/remove-authContext-limitations

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[olemartinorg]

I see a shared test is failing, you should probably fix that one and make sure the behavior matches the backend. 🙌 Otherwise this LGTM! 🙌

[olemartinorg]

I would probably call this hasPermissions instead. Now it reads like it contains a boolean that checks if the action exists.