public async Task <ActionResult <EnrolleeViewModel> > Submit(int enrolleeId, EnrolleeUpdateModel updatedProfile)
{
var record = await _enrolleeService.GetPermissionsRecordAsync(enrolleeId);
if (record == null)
{
return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}")));
}
if (!record.EditableBy(User))
{
return(Forbid());
}
if (updatedProfile == null)
{
this.ModelState.AddModelError("EnrolleeUpdateModel", "New profile cannot be null.");
return(BadRequest(ApiResponse.BadRequest(this.ModelState)));
}
if (!await _enrolleeService.IsEnrolleeInStatusAsync(enrolleeId, StatusType.Editable))
{
this.ModelState.AddModelError("Enrollee.CurrentStatus", "Application can not be submitted when the current status is not 'Active'.");
return(BadRequest(ApiResponse.BadRequest(this.ModelState)));
}
updatedProfile.IdentityAssuranceLevel = User.GetIdentityAssuranceLevel();
updatedProfile.IdentityProvider = User.GetIdentityProvider();
await _submissionService.SubmitApplicationAsync(enrolleeId, updatedProfile);
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
return(Ok(ApiResponse.Result(enrollee)));
}
public async Task <ActionResult <Enrollee> > GetEnrolleeById(int enrolleeId)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
if (enrollee == null)
{
return(NotFound(new ApiResponse(404, $"Enrollee not found with id {enrolleeId}")));
}
// if the user is not an ADMIN, make sure the enrolleeId matches the user, otherwise return not authorized
if (!BelongsToEnrollee(enrollee))
{
return(Forbid());
}
return(Ok(new ApiOkResponse <Enrollee>(enrollee)));
}
public async Task <ActionResult <IEnumerable <AccessTerm> > > GetAccessTerms(int enrolleeId, [FromQuery] int year)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
if (enrollee == null)
{
return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}")));
}
if (!User.CanView(enrollee))
{
return(Forbid());
}
var accessTerms = await _accessTermService.GetAcceptedAccessTerms(enrolleeId, year);
if (User.IsAdmin())
{
await _businessEventService.CreateAdminViewEventAsync(enrollee.Id, "Admin viewing PRIME History");
}
return(Ok(ApiResponse.Result(accessTerms)));
}
// Create the credential proposal attributes.
private async Task <JArray> CreateCredentialAttributesAsync(int enrolleeId)
{
// TODO Update schema to rename organization_type to care_setting
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
foreach (var careSetting in enrollee.EnrolleeCareSettings)
{
await _context.Entry(careSetting).Reference(o => o.CareSetting).LoadAsync();
}
JArray attributes = new JArray
{
new JObject
{
{ "name", "GPID" },
{ "value", enrollee.GPID }
},
new JObject
{
{ "name", "Renewal Date" },
{ "value", enrollee.ExpiryDate.Value.Date.ToShortDateString() }
},
new JObject
{
{ "name", "TOA Name" },
{ "value", enrollee.AssignedTOAType.Value.ToString() }
},
new JObject
{
{ "name", "Care Type Setting" },
{ "value", string.Join(',', enrollee.EnrolleeCareSettings.Select(ecs => ecs.CareSetting.Name)) }
},
new JObject
{
{ "name", "Remote User" },
{ "value", enrollee.EnrolleeRemoteUsers.Count > 0 ? "true" : "false" }
}
};
_logger.LogInformation("Credential offer attributes for {@JObject}", JsonConvert.SerializeObject(attributes));
return(attributes);
}
// Create the credential proposal attributes.
private async Task <JArray> CreateCredentialAttributesAsync(int enrolleeId)
{
// TODO Update schema to rename organization_type to care_setting
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
var enrolleeCareSetting = enrollee.EnrolleeCareSettings.Single();
await _context.Entry(enrolleeCareSetting).Reference(o => o.CareSetting).LoadAsync();
JArray attributes = new JArray
{
new JObject
{
{ "name", "gpid" },
{ "value", enrollee.GPID }
},
new JObject
{
{ "name", "renewal_date" },
{ "value", enrollee.ExpiryDate }
},
new JObject
{
{ "name", "organization_type" },
{ "value", enrolleeCareSetting.CareSetting.Name }
},
new JObject
{
{ "name", "user_class" },
{ "value", enrollee.IsRegulatedUser ? "RU" : "OBO" }
},
new JObject
{
{ "name", "remote_access" },
{ "value", enrollee.EnrolleeRemoteUsers.Count > 0 ? "true" : "false" }
}
};
_logger.LogInformation("Credential offer attributes for {@JObject}", JsonConvert.SerializeObject(attributes));
return(attributes);
}
// Create the credential proposal attributes.
private async Task <JArray> CreateCredentialAttributesAsync(int enrolleeId)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
var organizationType = _context.OrganizationTypes.SingleOrDefault(t => t.Code == enrollee.EnrolleeOrganizationTypes.FirstOrDefault().OrganizationTypeCode);
JArray attributes = new JArray
{
new JObject
{
{ "name", "gpid" },
{ "value", enrollee.GPID }
},
new JObject
{
{ "name", "renewal_date" },
{ "value", enrollee.ExpiryDate }
},
new JObject
{
{ "name", "organization_type" },
{ "value", organizationType.Name }
},
new JObject
{
{ "name", "user_class" },
{ "value", enrollee.IsRegulatedUser() ? "RU" : "OBO" }
},
new JObject
{
{ "name", "remote_access" },
{ "value", enrollee.RequestingRemoteAccess ? "true" : "false" }
}
};
_logger.LogInformation("Credential offer attributes for {@JObject}", JsonConvert.SerializeObject(attributes));
return(attributes);
}
public async Task <ActionResult <Feedback> > CreateFeedback(Feedback feedback)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(feedback.EnrolleeId);
if (enrollee == null)
{
return(NotFound(ApiResponse.Message($"Enrollee not found with id {feedback.EnrolleeId}")));
}
if (!User.CanView(enrollee))
{
return(Forbid());
}
var createFeedback = await _feedbackService.CreateFeedbackAsync(feedback);
return(CreatedAtAction(
nameof(CreateFeedback),
new { enrolleeId = feedback.EnrolleeId },
ApiResponse.Result(createFeedback)
));
}
public async Task <ActionResult <Enrollee> > GetEnrolleeById(int enrolleeId)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId, User.HasAdminView());
if (enrollee == null)
{
return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}")));
}
if (!User.CanView(enrollee))
{
return(Forbid());
}
if (User.IsAdmin())
{
await _businessEventService.CreateAdminViewEventAsync(enrollee.Id, "Admin viewing the current Enrolment");
}
return(Ok(ApiResponse.Result(enrollee)));
}
