public async Task <IActionResult> Deny(ProcessRequestGroupModel model) { var requestGroup = await _dbContext.RequestGroups.GetRequestGroupById(model.RequestGroupId); if ((await _authorizationService.AuthorizeAsync(User, requestGroup.OrderGroup, Policies.Accept)).Succeeded) { if (!requestGroup.CanDeny) { return(RedirectToAction("Index", "Home", new { ErrorMessage = "Det går inte att neka denna tillsättning" })); } await _orderService.DenyRequestGroupAnswer(requestGroup, User.GetUserId(), User.TryGetImpersonatorId(), model.DenyMessage); await _dbContext.SaveChangesAsync(); return(RedirectToAction(nameof(View), new { id = requestGroup.OrderGroupId })); } return(Forbid()); }
public async Task <IActionResult> Approve(ProcessRequestGroupModel model) { var requestGroup = await _dbContext.RequestGroups.GetRequestGroupById(model.RequestGroupId); if ((await _authorizationService.AuthorizeAsync(User, requestGroup.OrderGroup, Policies.Accept)).Succeeded) { if (!requestGroup.CanApprove) { _logger.LogError("Wrong status when trying to Approve request group. Status: {requestGroup.Status}, RequestGroupId: {requestGroup.RequestGroupId}", requestGroup.Status, requestGroup.RequestGroupId); return(RedirectToAction(nameof(View), new { id = requestGroup.OrderGroupId })); } await _orderService.ApproveRequestGroupAnswer(requestGroup, User.GetUserId(), User.TryGetImpersonatorId()); await _dbContext.SaveChangesAsync(); return(RedirectToAction(nameof(View), new { id = requestGroup.OrderGroupId })); } return(Forbid()); }