public async Task <IEnumerable <PersonPositionModel> > GetPersonPosition(int personId) { var personPositions = (await _misService.GetPersonPosition(personId)).ToList(); var departments = (await _misService.GetAllDepartments(1)).ToList(); foreach (var currentPersonPosition in personPositions) { foreach (var department in currentPersonPosition.Department) { var selectedDepartment = departments.FirstOrDefault(x => x.DepartmentId == department.DepartmentId); if (selectedDepartment == null) { continue; } department.DepartmentUuid = selectedDepartment.DepartmentUuid; department.DivisionId = selectedDepartment.DivisionId; department.IsSatsangActivityDepartment = selectedDepartment.IsSatsangActivityDepartment; department.IsAdministrationDepartment = selectedDepartment.IsAdministrationDepartment; department.IsApplicationDepartment = selectedDepartment.IsApplicationDepartment; } } return(personPositions.OrderBy(x => x.EntityName)); }
public void OnActionExecuting(ActionExecutingContext context) { var appSettings = new AppSettings(); _configuration.GetSection("AppSettings").Bind(appSettings); if (!appSettings.EnableAsmAuthorization) { return; } // User Id will be exist once SSO Validation is successfully completed using CustomAuthorization filter var userId = _httpContextAccessor?.HttpContext?.Request.HttpContext.Items["UserId"]?.ToString(); // Below list of headers must be passed to each API Call to perform authorization var applicationId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-app-id"].ToString(); var applicationSecret = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-app-secret"].ToString(); var personId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-user-id"].ToString(); var roleId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-role-id"].ToString(); var positionId = _httpContextAccessor?.HttpContext?.Request.Headers["x-baps-auth-position-id"].ToString(); if (string.IsNullOrEmpty(userId) || string.IsNullOrEmpty(personId) || string.IsNullOrEmpty(roleId) || string.IsNullOrEmpty(positionId)) { context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } else { /* We may utilize Application Id & Secret in future * * if (appSettings.ApplicationId != applicationId) * { * context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; * context.Result = new UnauthorizedResult(); * } * * if (appSettings.ApplicationSecret != applicationSecret) * { * context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; * context.Result = new UnauthorizedResult(); * } * */ // Compare SSO User Id (Person Id) to User Id passed in header if (userId != personId) { context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } // TODO: Store PersonPosition in a cache, so doesn't need to hit MIS Api for each call var positions = _misService.GetPersonPosition(int.Parse(userId)).Result.ToList(); if (positions.Count == 0) { context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } var selectedPosition = positions.FirstOrDefault(x => x.PositionId == int.Parse(positionId)); if (selectedPosition == null) { context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } // Allow For Non-Protected Access if (AccessType == AccessType.AllowAny) { return; } // TODO: Store ASM Access Data in a cache, so doesn't need to hit ASM Api for each call var applicationSecurityRequestModel = new ApplicationSecurityRequestModel { ApplicationId = Guid.Parse(appSettings.ApplicationId), PersonId = int.Parse(userId), Positions = positions.Select(currentPosition => new PositionRequestModel { RoleId = currentPosition.RoleId, PositionId = currentPosition.PositionId }).ToList() }; var accessPermissions = _asmService.Get(applicationSecurityRequestModel).Result.ToList(); if (accessPermissions.Count == 0) { context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } var selectedAccessPermission = accessPermissions.FirstOrDefault(x => x.RoleId == selectedPosition?.RoleId && x.PositionId == selectedPosition.PositionId); if (selectedAccessPermission == null) { context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } if (HasAccess(ModuleCode, AccessType, selectedAccessPermission?.ApplicationAccess)) { return; } context.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; context.Result = new UnauthorizedResult(); } }