public async Task <IEnumerable <PersonPositionModel> > GetPersonPosition(int personId)
{
var personPositions = (await _misService.GetPersonPosition(personId)).ToList();
var departments = (await _misService.GetAllDepartments(1)).ToList();
foreach (var currentPersonPosition in personPositions)
{
foreach (var department in currentPersonPosition.Department)
{
var selectedDepartment = departments.FirstOrDefault(x => x.DepartmentId == department.DepartmentId);
if (selectedDepartment == null)
{
continue;
}
department.DepartmentUuid = selectedDepartment.DepartmentUuid;
department.DivisionId = selectedDepartment.DivisionId;
department.IsSatsangActivityDepartment = selectedDepartment.IsSatsangActivityDepartment;
department.IsAdministrationDepartment = selectedDepartment.IsAdministrationDepartment;
department.IsApplicationDepartment = selectedDepartment.IsApplicationDepartment;
}
}
return(personPositions.OrderBy(x => x.EntityName));
}
public void OnActionExecuting(ActionExecutingContext context)
{
var appSettings = new AppSettings();
_configuration.GetSection("AppSettings").Bind(appSettings);
if (!appSettings.EnableAsmAuthorization)
{
return;
}
// User Id will be exist once SSO Validation is successfully completed using CustomAuthorization filter
var userId = _httpContextAccessor?.HttpContext?.Request.HttpContext.Items["UserId"]?.ToString();
// Below list of headers must be passed to each API Call to perform authorization
var applicationId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-app-id"].ToString();
var applicationSecret = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-app-secret"].ToString();
var personId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-user-id"].ToString();
var roleId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-role-id"].ToString();
var positionId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-position-id"].ToString();
if (string.IsNullOrEmpty(userId) || string.IsNullOrEmpty(personId) || string.IsNullOrEmpty(roleId) ||
string.IsNullOrEmpty(positionId))
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
else
{
/* We may utilize Application Id & Secret in future
*
* if (appSettings.ApplicationId != applicationId)
* {
* context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
* context.Result = new UnauthorizedResult();
* }
*
* if (appSettings.ApplicationSecret != applicationSecret)
* {
* context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
* context.Result = new UnauthorizedResult();
* }
*
*/
// Compare SSO User Id (Person Id) to User Id passed in header
if (userId != personId)
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
// TODO: Store PersonPosition in a cache, so doesn't need to hit MIS Api for each call
var positions = _misService.GetPersonPosition(int.Parse(userId)).Result.ToList();
if (positions.Count == 0)
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
var selectedPosition = positions.FirstOrDefault(x => x.PositionId == int.Parse(positionId));
if (selectedPosition == null)
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
// Allow For Non-Protected Access
if (AccessType == AccessType.AllowAny)
{
return;
}
// TODO: Store ASM Access Data in a cache, so doesn't need to hit ASM Api for each call
var applicationSecurityRequestModel = new ApplicationSecurityRequestModel
{
ApplicationId = Guid.Parse(appSettings.ApplicationId),
PersonId = int.Parse(userId),
Positions = positions.Select(currentPosition => new PositionRequestModel
{
RoleId = currentPosition.RoleId, PositionId = currentPosition.PositionId
}).ToList()
};
var accessPermissions = _asmService.Get(applicationSecurityRequestModel).Result.ToList();
if (accessPermissions.Count == 0)
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
var selectedAccessPermission = accessPermissions.FirstOrDefault(x =>
x.RoleId == selectedPosition?.RoleId && x.PositionId == selectedPosition.PositionId);
if (selectedAccessPermission == null)
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
if (HasAccess(ModuleCode, AccessType, selectedAccessPermission?.ApplicationAccess))
{
return;
}
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Result = new UnauthorizedResult();
}
}