public async Task <IActionResult> SwitchRoleToPatient(UserSwitchRoleUpdate vm)
{
//## Get the existing UserDetails from Redis Cache-
AppUserDetailsVM cachedUser = await GetCurrentUser();
//## This is a Patient- update only ApplicationRole
cachedUser.ApplicationRole = ApplicationRole.Patient;
_appAuthorisationService.SetActiveUserInCache(cachedUser);
return(RedirectToAction("Index", "Home", new { Area = "Patient" }));
}
public async Task <IActionResult> SwitchRole(UserSwitchRoleUpdate vm)
{
//## Get the existing UserDetails from Redis Cache-
AppUserDetailsVM cachedUser = await GetCurrentUser();
//## Check this is not a hacker trying to allocate Roles that doesn't exist
var selectedOrgRole = await _userOrgRoleService.Find(cachedUser.Id, vm.UserOrganisationRoleId);
if (selectedOrgRole is null)
{
//## Someone tempered the data- hence no Role found for this User in the UserOrgTable
return(RedirectToAction("AccessDenied", "Account", new { Area = "Identity" }));
}
//## So- now we know what the User has selected to be
cachedUser.ApplicationRole = (ApplicationRole)selectedOrgRole.RoleId;
//cachedUser.HasAdditionalRoles = true;
//## Save it in the Redis Cache- with the new UserOrgRole value
cachedUser.CurrentRole = new UserRoleVM()
{
OrganisationId = selectedOrgRole.OrganisationId,
OrganisationName = selectedOrgRole.Organisation.Name,
RoleId = selectedOrgRole.RoleId,
RoleName = selectedOrgRole.Role.Name
};
//## Save it back in redis
_appAuthorisationService.SetActiveUserInCache(cachedUser);
//await _applicationUserClaimsPrincipalFactory.CreateAsync(currentUser);
var areaName = ((ApplicationRole)selectedOrgRole.RoleId).ToString();
return(RedirectToAction("Index", "Home", new { Area = areaName }));
}
