public async Task <IActionResult> SwitchRoleToPatient(UserSwitchRoleUpdate vm) { //## Get the existing UserDetails from Redis Cache- AppUserDetailsVM cachedUser = await GetCurrentUser(); //## This is a Patient- update only ApplicationRole cachedUser.ApplicationRole = ApplicationRole.Patient; _appAuthorisationService.SetActiveUserInCache(cachedUser); return(RedirectToAction("Index", "Home", new { Area = "Patient" })); }
public async Task <IActionResult> SwitchRole(UserSwitchRoleUpdate vm) { //## Get the existing UserDetails from Redis Cache- AppUserDetailsVM cachedUser = await GetCurrentUser(); //## Check this is not a hacker trying to allocate Roles that doesn't exist var selectedOrgRole = await _userOrgRoleService.Find(cachedUser.Id, vm.UserOrganisationRoleId); if (selectedOrgRole is null) { //## Someone tempered the data- hence no Role found for this User in the UserOrgTable return(RedirectToAction("AccessDenied", "Account", new { Area = "Identity" })); } //## So- now we know what the User has selected to be cachedUser.ApplicationRole = (ApplicationRole)selectedOrgRole.RoleId; //cachedUser.HasAdditionalRoles = true; //## Save it in the Redis Cache- with the new UserOrgRole value cachedUser.CurrentRole = new UserRoleVM() { OrganisationId = selectedOrgRole.OrganisationId, OrganisationName = selectedOrgRole.Organisation.Name, RoleId = selectedOrgRole.RoleId, RoleName = selectedOrgRole.Role.Name }; //## Save it back in redis _appAuthorisationService.SetActiveUserInCache(cachedUser); //await _applicationUserClaimsPrincipalFactory.CreateAsync(currentUser); var areaName = ((ApplicationRole)selectedOrgRole.RoleId).ToString(); return(RedirectToAction("Index", "Home", new { Area = areaName })); }