/// <summary>
/// returns a tuple of a department and its parent branch office
/// throws ItemNotFoundException if any of the two is not found
/// throws UnauthorizedAccessException if any of the two don't belong to the proper tenant
/// </summary>
/// <param name="departmentId"></param>
/// <returns></returns>
private async Task <Tuple <Department, BranchOffice> > GetOrgStructureItemsAsync(Guid departmentId)
{
var dept = await _orgStructReference.GetDepartmentAsync(departmentId);
if (dept == null)
{
throw ItemNotFoundException.NotFoundByKey("Id", departmentId.ToString(), nameof(Department));;
}
await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(dept, Shared.Permissions.EntityAction.Read);
var branch = await _orgStructReference.GetBranchOfficeAsync(dept.BranchOfficeId);
if (branch == null)
{
throw ItemNotFoundException.NotFoundByKey("Id", dept.BranchOfficeId.ToString(), nameof(BranchOffice));;
}
await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(branch, Shared.Permissions.EntityAction.Read);
return(Tuple.Create(dept, branch));
}
public async Task <SummaryDocument> GetSummaryForInspectionAsync(Guid inspectionId)
{
var summary = await TryGetSummaryEntityForInspectionAsync(inspectionId);
if (summary == null)
{
throw ItemNotFoundException.NotFoundByKey(nameof(Summary.InspectionId), inspectionId.ToString(), nameof(Summary));
}
await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(summary, Shared.Permissions.EntityAction.Read);
return(summary.SummaryDocument);
}
protected override void CheckAccess(ApplicationRole role, EntityAction desiredAction)
{
_tenantAccessChecker.ValidateAccessToEntityAsync(role, desiredAction);
}
public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditDto user)
{
if (user == null)
{
return(InvalidRequestBodyJson(nameof(UserEditDto)));
}
if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id)
{
return(BadRequest("Conflicting user id in URL and model data"));
}
ApplicationUser appUser = await _accountManager.GetUserByIdAsync(id);
if (null == appUser)
{
return(NotFound());
}
Guid[] currentRoleIds = appUser != null ? (await _accountManager.GetUserRoleIdsAsync(appUser)).ToArray() : null;
await _accessChecker.ValidateAccessToEntityAsync(appUser, EntityAction.Update);
var manageUsersPolicyResult = _authorizationService.AuthorizeAsync(
User, appUser, UserAccountAuthorizationRequirements.Update);
var assignRolePolicyResult = _authorizationService.AuthorizeAsync(
User,
new UserRoleChange {
NewRoles = user.Roles?.Select(r => Guid.Parse(r.Id)).ToArray(), CurrentRoles = currentRoleIds
},
Policies.AssignAllowedRolesPolicy);
if ((await Task.WhenAll(manageUsersPolicyResult, assignRolePolicyResult)).Any(r => !r.Succeeded))
{
return(Forbid());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (appUser == null)
{
return(NotFound(id));
}
var currentUserId = this.User.GetUserId();
if (currentUserId == id && string.IsNullOrWhiteSpace(user.CurrentPassword))
{
if (!string.IsNullOrWhiteSpace(user.NewPassword))
{
return(BadRequest("Current password is required when changing your own password"));
}
if (appUser.UserName != user.UserName)
{
return(BadRequest("Current password is required when changing your own username"));
}
}
if (currentUserId == id && (appUser.UserName != user.UserName || !string.IsNullOrWhiteSpace(user.NewPassword)))
{
if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword))
{
AddErrors(new string[] { "The username/password couple is invalid." });
return(BadRequest(ModelState));
}
}
_mapper.Map <UserDto, ApplicationUser>(user, appUser);
await _accountManager.UpdateUserAsync(appUser, user.Roles.Select(r => Guid.Parse(r.Id)));
if (!string.IsNullOrWhiteSpace(user.NewPassword))
{
if (!string.IsNullOrWhiteSpace(user.CurrentPassword))
{
await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword);
}
else
{
await _accountManager.ResetPasswordAsync(appUser, user.NewPassword);
}
}
return(NoContent());
}