Ejemplo n.º 1
0
        public async Task <IActionResult> AccessDenied()
        {
            if (TempData.Keys.Contains(nameof(PrivilegeAuthorizationDeniedContext)))
            {
                var deniedContext = JsonConvert
                                    .DeserializeObject <PrivilegeAuthorizationDeniedContext>(TempData[nameof(PrivilegeAuthorizationDeniedContext)]
                                                                                             .ToString());

                var userId = Guid.Parse(User.FindFirst("UserId").Value);
                var user   = await _contactsApiClient.GetById(userId);

                OrganisationResponse organisation = null;
                try
                {
                    organisation = await _organisationsApiClient.GetOrganisationByUserId(userId);
                }
                catch (Exception ex)
                {
                    _logger.LogWarning(ex.Message, ex);
                    if (user.OrganisationId == null && user.Status == ContactStatus.Live)
                    {
                        return(RedirectToAction("Index", "OrganisationSearch"));
                    }
                }

                if (user.OrganisationId != null && user.Status == ContactStatus.InvitePending)
                {
                    return(RedirectToAction("InvitePending", "Home"));
                }

                if (organisation != null && organisation.Status == OrganisationStatus.Applying ||
                    organisation.Status == OrganisationStatus.New)
                {
                    return(RedirectToAction("Index", "Dashboard"));
                }

                var privilege = (await _contactsApiClient.GetPrivileges()).Single(p => p.Id == deniedContext.PrivilegeId);

                var usersPrivileges = await _contactsApiClient.GetContactPrivileges(userId);

                return(View("~/Views/Account/AccessDeniedForPrivilege.cshtml", new AccessDeniedViewModel
                {
                    Title = privilege.UserPrivilege,
                    Rights = privilege.PrivilegeData.Rights,
                    PrivilegeId = deniedContext.PrivilegeId,
                    ContactId = userId,
                    UserHasUserManagement = usersPrivileges.Any(up => up.Privilege.Key == Privileges.ManageUsers),
                    ReturnController = deniedContext.Controller,
                    ReturnAction = deniedContext.Action,
                    IsUsersOrganisationLive = organisation?.Status == OrganisationStatus.Live
                }));
            }
            else if (TempData.Keys.Contains("UnavailableFeatureContext"))
            {
                return(View("~/Views/Account/UnavailableFeature.cshtml"));
            }

            return(View());
        }
Ejemplo n.º 2
0
        public async Task <IActionResult> Invite(string backController = "ManageUsers", string backAction = "Index")
        {
            var privileges = await _contactsApiClient.GetPrivileges();

            var vm = new InviteContactViewModel
            {
                PrivilegesViewModel = new EditPrivilegesViewModel
                {
                    PrivilegeViewModels = privileges.Select(p => new PrivilegeViewModel {
                        Privilege = p
                    }).ToArray()
                },
                BackController = backController,
                BackAction     = backAction
            };


            return(View("~/Views/ManageUsers/InviteUser/Invite.cshtml", vm));
        }
Ejemplo n.º 3
0
        private async Task <RegisterViewAndEditUserViewModel> GetUserViewModel(Guid contactId)
        {
            var contact = await _contactsApiClient.GetById(contactId);

            var organisation = await _organisationsApiClient.Get(contact.OrganisationId.Value);

            var vm = Mapper.Map <RegisterViewAndEditUserViewModel>(contact);

            vm.EndPointAssessorOrganisationId = organisation.EndPointAssessorOrganisationId;
            vm.AssignedPrivileges             = await _contactsApiClient.GetContactPrivileges(contact.Id);

            vm.AllPrivilegeTypes = await _contactsApiClient.GetPrivileges();

            return(vm);
        }
        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PrivilegeRequirement requirement)
        {
            if (!_httpContextAccessor.HttpContext.User.HasClaim(c => c.Type == "UserId"))
            {
                context.Fail();
                return;
            }

            var userid = _httpContextAccessor.HttpContext.User.FindFirst("UserId").Value;

            var controllerActionDescriptor = (context.Resource as AuthorizationFilterContext).ActionDescriptor as ControllerActionDescriptor;

            var privilegeRequested = (await _contactsApiClient.GetPrivileges()).FirstOrDefault(p => p.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase));

            if (privilegeRequested is null || !privilegeRequested.Enabled)
            {
                var unavailableFeatureContext = new DeniedPrivilegeContext();

                _tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> {
                    { "UnavailableFeatureContext", JsonConvert.SerializeObject(unavailableFeatureContext) }
                });
                return;
            }

            var contactPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userid));

            if (contactPrivileges.Any(cp => cp.Privilege.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase)))
            {
                context.Succeed(requirement);
            }
            else
            {
                var deniedPrivilegeContext = new DeniedPrivilegeContext
                {
                    PrivilegeId = privilegeRequested.Id,
                    Controller  = controllerActionDescriptor.ControllerName,
                    Action      = controllerActionDescriptor.ActionName
                };

                _tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> {
                    { "DeniedPrivilegeContext", JsonConvert.SerializeObject(deniedPrivilegeContext) }
                });
            }
        }
        public async Task <IActionResult> OrganisationDetails()
        {
            var epaoid = _contextAccessor.HttpContext.User.FindFirst("http://schemas.portal.com/epaoid")?.Value;
            var ukprn  = _contextAccessor.HttpContext.User.FindFirst("http://schemas.portal.com/ukprn")?.Value;

            try
            {
                var organisation = await _organisationsApiClient.GetEpaOrganisation(epaoid);

                var viewModel = MapOrganisationModel(organisation);
                viewModel.ExternalApiSubscriptions = await GetExternalApiSubscriptions(_webConfiguration.AzureApiAuthentication.ProductId, ukprn);

                var userId         = _contextAccessor.HttpContext.User.FindFirst("UserId").Value;
                var userPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userId));

                viewModel.UserHasChangeOrganisationPrivilege =
                    userPrivileges.Any(cp => cp.Privilege.Key == Privileges.ChangeOrganisationDetails);

                if (viewModel.UserHasChangeOrganisationPrivilege == false)
                {
                    var changeOrganisationPriviledge = (await _contactsApiClient.GetPrivileges()).First(p => p.Key == Privileges.ChangeOrganisationDetails);
                    viewModel.AccessDeniedViewModel = new AccessDeniedViewModel
                    {
                        PrivilegeId           = changeOrganisationPriviledge.Id,
                        ContactId             = Guid.Parse(userId),
                        UserHasUserManagement = userPrivileges.Any(up => up.Privilege.Key == Privileges.ManageUsers),
                        ReturnController      = nameof(OrganisationController).RemoveController(),
                        ReturnAction          = nameof(OrganisationDetails)
                    };
                }

                return(View(viewModel));
            }
            catch (EntityNotFoundException e)
            {
                _logger.LogWarning(e, "Failed to find organisation");
                return(RedirectToAction(nameof(HomeController.NotRegistered), nameof(HomeController).RemoveController()));
            }
        }
Ejemplo n.º 6
0
        public async Task <IActionResult> RequestSent(Guid privilegeId)
        {
            var privilege = (await _contactsApiClient.GetPrivileges()).Single(p => p.Id == privilegeId);

            return(View("~/Views/Account/RequestSent.cshtml", privilege.UserPrivilege));
        }