public async Task <IActionResult> AccessDenied()
{
if (TempData.Keys.Contains(nameof(PrivilegeAuthorizationDeniedContext)))
{
var deniedContext = JsonConvert
.DeserializeObject <PrivilegeAuthorizationDeniedContext>(TempData[nameof(PrivilegeAuthorizationDeniedContext)]
.ToString());
var userId = Guid.Parse(User.FindFirst("UserId").Value);
var user = await _contactsApiClient.GetById(userId);
OrganisationResponse organisation = null;
try
{
organisation = await _organisationsApiClient.GetOrganisationByUserId(userId);
}
catch (Exception ex)
{
_logger.LogWarning(ex.Message, ex);
if (user.OrganisationId == null && user.Status == ContactStatus.Live)
{
return(RedirectToAction("Index", "OrganisationSearch"));
}
}
if (user.OrganisationId != null && user.Status == ContactStatus.InvitePending)
{
return(RedirectToAction("InvitePending", "Home"));
}
if (organisation != null && organisation.Status == OrganisationStatus.Applying ||
organisation.Status == OrganisationStatus.New)
{
return(RedirectToAction("Index", "Dashboard"));
}
var privilege = (await _contactsApiClient.GetPrivileges()).Single(p => p.Id == deniedContext.PrivilegeId);
var usersPrivileges = await _contactsApiClient.GetContactPrivileges(userId);
return(View("~/Views/Account/AccessDeniedForPrivilege.cshtml", new AccessDeniedViewModel
{
Title = privilege.UserPrivilege,
Rights = privilege.PrivilegeData.Rights,
PrivilegeId = deniedContext.PrivilegeId,
ContactId = userId,
UserHasUserManagement = usersPrivileges.Any(up => up.Privilege.Key == Privileges.ManageUsers),
ReturnController = deniedContext.Controller,
ReturnAction = deniedContext.Action,
IsUsersOrganisationLive = organisation?.Status == OrganisationStatus.Live
}));
}
else if (TempData.Keys.Contains("UnavailableFeatureContext"))
{
return(View("~/Views/Account/UnavailableFeature.cshtml"));
}
return(View());
}
public async Task <IActionResult> Invite(string backController = "ManageUsers", string backAction = "Index")
{
var privileges = await _contactsApiClient.GetPrivileges();
var vm = new InviteContactViewModel
{
PrivilegesViewModel = new EditPrivilegesViewModel
{
PrivilegeViewModels = privileges.Select(p => new PrivilegeViewModel {
Privilege = p
}).ToArray()
},
BackController = backController,
BackAction = backAction
};
return(View("~/Views/ManageUsers/InviteUser/Invite.cshtml", vm));
}
private async Task <RegisterViewAndEditUserViewModel> GetUserViewModel(Guid contactId)
{
var contact = await _contactsApiClient.GetById(contactId);
var organisation = await _organisationsApiClient.Get(contact.OrganisationId.Value);
var vm = Mapper.Map <RegisterViewAndEditUserViewModel>(contact);
vm.EndPointAssessorOrganisationId = organisation.EndPointAssessorOrganisationId;
vm.AssignedPrivileges = await _contactsApiClient.GetContactPrivileges(contact.Id);
vm.AllPrivilegeTypes = await _contactsApiClient.GetPrivileges();
return(vm);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PrivilegeRequirement requirement)
{
if (!_httpContextAccessor.HttpContext.User.HasClaim(c => c.Type == "UserId"))
{
context.Fail();
return;
}
var userid = _httpContextAccessor.HttpContext.User.FindFirst("UserId").Value;
var controllerActionDescriptor = (context.Resource as AuthorizationFilterContext).ActionDescriptor as ControllerActionDescriptor;
var privilegeRequested = (await _contactsApiClient.GetPrivileges()).FirstOrDefault(p => p.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase));
if (privilegeRequested is null || !privilegeRequested.Enabled)
{
var unavailableFeatureContext = new DeniedPrivilegeContext();
_tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> {
{ "UnavailableFeatureContext", JsonConvert.SerializeObject(unavailableFeatureContext) }
});
return;
}
var contactPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userid));
if (contactPrivileges.Any(cp => cp.Privilege.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase)))
{
context.Succeed(requirement);
}
else
{
var deniedPrivilegeContext = new DeniedPrivilegeContext
{
PrivilegeId = privilegeRequested.Id,
Controller = controllerActionDescriptor.ControllerName,
Action = controllerActionDescriptor.ActionName
};
_tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> {
{ "DeniedPrivilegeContext", JsonConvert.SerializeObject(deniedPrivilegeContext) }
});
}
}
public async Task <IActionResult> OrganisationDetails()
{
var epaoid = _contextAccessor.HttpContext.User.FindFirst("http://schemas.portal.com/epaoid")?.Value;
var ukprn = _contextAccessor.HttpContext.User.FindFirst("http://schemas.portal.com/ukprn")?.Value;
try
{
var organisation = await _organisationsApiClient.GetEpaOrganisation(epaoid);
var viewModel = MapOrganisationModel(organisation);
viewModel.ExternalApiSubscriptions = await GetExternalApiSubscriptions(_webConfiguration.AzureApiAuthentication.ProductId, ukprn);
var userId = _contextAccessor.HttpContext.User.FindFirst("UserId").Value;
var userPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userId));
viewModel.UserHasChangeOrganisationPrivilege =
userPrivileges.Any(cp => cp.Privilege.Key == Privileges.ChangeOrganisationDetails);
if (viewModel.UserHasChangeOrganisationPrivilege == false)
{
var changeOrganisationPriviledge = (await _contactsApiClient.GetPrivileges()).First(p => p.Key == Privileges.ChangeOrganisationDetails);
viewModel.AccessDeniedViewModel = new AccessDeniedViewModel
{
PrivilegeId = changeOrganisationPriviledge.Id,
ContactId = Guid.Parse(userId),
UserHasUserManagement = userPrivileges.Any(up => up.Privilege.Key == Privileges.ManageUsers),
ReturnController = nameof(OrganisationController).RemoveController(),
ReturnAction = nameof(OrganisationDetails)
};
}
return(View(viewModel));
}
catch (EntityNotFoundException e)
{
_logger.LogWarning(e, "Failed to find organisation");
return(RedirectToAction(nameof(HomeController.NotRegistered), nameof(HomeController).RemoveController()));
}
}
public async Task <IActionResult> RequestSent(Guid privilegeId)
{
var privilege = (await _contactsApiClient.GetPrivileges()).Single(p => p.Id == privilegeId);
return(View("~/Views/Account/RequestSent.cshtml", privilege.UserPrivilege));
}
