/// <summary>
        /// returns a tuple of a department and its parent branch office
        /// throws ItemNotFoundException if any of the two is not found
        /// throws UnauthorizedAccessException if any of the two don't belong to the proper tenant
        /// </summary>
        /// <param name="departmentId"></param>
        /// <returns></returns>
        private async Task <Tuple <Department, BranchOffice> > GetOrgStructureItemsAsync(Guid departmentId)
        {
            var dept = await _orgStructReference.GetDepartmentAsync(departmentId);

            if (dept == null)
            {
                throw ItemNotFoundException.NotFoundByKey("Id", departmentId.ToString(), nameof(Department));;
            }
            await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(dept, Shared.Permissions.EntityAction.Read);

            var branch = await _orgStructReference.GetBranchOfficeAsync(dept.BranchOfficeId);

            if (branch == null)
            {
                throw ItemNotFoundException.NotFoundByKey("Id", dept.BranchOfficeId.ToString(), nameof(BranchOffice));;
            }
            await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(branch, Shared.Permissions.EntityAction.Read);

            return(Tuple.Create(dept, branch));
        }
Exemple #2
0
        public async Task <SummaryDocument> GetSummaryForInspectionAsync(Guid inspectionId)
        {
            var summary = await TryGetSummaryEntityForInspectionAsync(inspectionId);

            if (summary == null)
            {
                throw ItemNotFoundException.NotFoundByKey(nameof(Summary.InspectionId), inspectionId.ToString(), nameof(Summary));
            }
            await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(summary, Shared.Permissions.EntityAction.Read);

            return(summary.SummaryDocument);
        }
Exemple #3
0
 protected override void CheckAccess(ApplicationRole role, EntityAction desiredAction)
 {
     _tenantAccessChecker.ValidateAccessToEntityAsync(role, desiredAction);
 }
        public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditDto user)
        {
            if (user == null)
            {
                return(InvalidRequestBodyJson(nameof(UserEditDto)));
            }
            if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id)
            {
                return(BadRequest("Conflicting user id in URL and model data"));
            }

            ApplicationUser appUser = await _accountManager.GetUserByIdAsync(id);

            if (null == appUser)
            {
                return(NotFound());
            }

            Guid[] currentRoleIds = appUser != null ? (await _accountManager.GetUserRoleIdsAsync(appUser)).ToArray() : null;

            await _accessChecker.ValidateAccessToEntityAsync(appUser, EntityAction.Update);

            var manageUsersPolicyResult = _authorizationService.AuthorizeAsync(
                User, appUser, UserAccountAuthorizationRequirements.Update);

            var assignRolePolicyResult = _authorizationService.AuthorizeAsync(
                User,
                new UserRoleChange {
                NewRoles = user.Roles?.Select(r => Guid.Parse(r.Id)).ToArray(), CurrentRoles = currentRoleIds
            },
                Policies.AssignAllowedRolesPolicy);

            if ((await Task.WhenAll(manageUsersPolicyResult, assignRolePolicyResult)).Any(r => !r.Succeeded))
            {
                return(Forbid());
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (appUser == null)
            {
                return(NotFound(id));
            }

            var currentUserId = this.User.GetUserId();

            if (currentUserId == id && string.IsNullOrWhiteSpace(user.CurrentPassword))
            {
                if (!string.IsNullOrWhiteSpace(user.NewPassword))
                {
                    return(BadRequest("Current password is required when changing your own password"));
                }

                if (appUser.UserName != user.UserName)
                {
                    return(BadRequest("Current password is required when changing your own username"));
                }
            }

            if (currentUserId == id && (appUser.UserName != user.UserName || !string.IsNullOrWhiteSpace(user.NewPassword)))
            {
                if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword))
                {
                    AddErrors(new string[] { "The username/password couple is invalid." });
                    return(BadRequest(ModelState));
                }
            }

            _mapper.Map <UserDto, ApplicationUser>(user, appUser);

            await _accountManager.UpdateUserAsync(appUser, user.Roles.Select(r => Guid.Parse(r.Id)));

            if (!string.IsNullOrWhiteSpace(user.NewPassword))
            {
                if (!string.IsNullOrWhiteSpace(user.CurrentPassword))
                {
                    await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword);
                }
                else
                {
                    await _accountManager.ResetPasswordAsync(appUser, user.NewPassword);
                }
            }
            return(NoContent());
        }