public async Task <IActionResult> ChangeOrganisationScope(string request) { // Ensure user has completed the registration process var checkResult = await CheckUserRegisteredOkAsync(); if (checkResult != null) { return(checkResult); } // Decrypt request if (!request.DecryptToParams(out var requestParams)) { return(new HttpBadRequestResult($"Cannot decrypt request parameters '{request}'")); } // Extract the request vars var organisationId = requestParams[0].ToInt64(); var reportingStartYear = requestParams[1].ToInt32(); // Check the user has permission for this organisation var userOrg = VirtualUser.UserOrganisations.FirstOrDefault(uo => uo.OrganisationId == organisationId); if (userOrg == null) { return(new HttpForbiddenResult( $"User {VirtualUser?.EmailAddress} is not registered for organisation id {organisationId}")); } // Generate the scope state model var stateModel = ScopePresentation.CreateScopingViewModel(userOrg.Organisation, CurrentUser); // Get the latest scope for the reporting year var latestScope = stateModel.ThisScope.SnapshotDate.Year == reportingStartYear ? stateModel.ThisScope : stateModel.LastScope.SnapshotDate.Year == reportingStartYear ? stateModel.LastScope : null; // Set the return url stateModel.StartUrl = Url.Action("ManageOrganisation", new { id = Encryption.EncryptQuerystring(organisationId.ToString()) }); stateModel.IsChangeJourney = true; stateModel.AccountingDate = latestScope.SnapshotDate; //Set the in/out journey type stateModel.IsOutOfScopeJourney = latestScope.ScopeStatus.IsAny(ScopeStatuses.PresumedInScope, ScopeStatuses.InScope); // Stash the model for the scope controller StashModel(typeof(ScopeController), stateModel); if (stateModel.IsOutOfScopeJourney) { return(RedirectToAction("EnterOutOfScopeAnswers", "Scope")); } return(RedirectToAction("ConfirmInScope", "Scope")); }
public async Task <IActionResult> ConfirmOutOfScopeAnswers(string command) { // When User is Admin then redirect to Admin\Home if (CurrentUser != null && _sharedBusinessLogic.AuthorisationBusinessLogic.IsAdministrator(CurrentUser)) { return(RedirectToAction("Home", "Admin")); } var stateModel = UnstashModel <ScopingViewModel>(); // when model is null then return session expired view if (stateModel == null) { return(SessionExpiredView()); } ApplyUserContactDetails(CurrentUser, stateModel); // Save user as out of scope var snapshotYears = new HashSet <int> { stateModel.AccountingDate.Year }; if (!stateModel.IsChangeJourney) { snapshotYears.Add(stateModel.AccountingDate.Year - 1); } await ScopePresentation.SaveScopesAsync(stateModel, snapshotYears); StashModel(stateModel); var organisation = SharedBusinessLogic.DataRepository.Get <Organisation>(stateModel.OrganisationId); var currentSnapshotDate = _sharedBusinessLogic.GetAccountingStartDate(organisation.SectorType); if (stateModel.AccountingDate == currentSnapshotDate) { var emailAddressesForOrganisation = organisation.UserOrganisations.Select(uo => uo.User.EmailAddress); foreach (var emailAddress in emailAddressesForOrganisation) { _sharedBusinessLogic.NotificationService.SendScopeChangeOutEmail(emailAddress, organisation.OrganisationName); } } //Start new user registration return(RedirectToAction("FinishOutOfScope", "Scope")); }
public async Task <IActionResult> OutOfScope(EnterCodesViewModel model) { // When User is Admin then redirect to Admin\Home if (CurrentUser != null && _sharedBusinessLogic.AuthorisationBusinessLogic.IsAdministrator(CurrentUser)) { return(RedirectToAction("Home", "Admin")); } // When Spamlocked then return a CustomError view var remainingTime = await GetRetryLockRemainingTimeAsync("lastScopeCode", SharedBusinessLogic.SharedOptions.LockoutMinutes); if (remainingTime > TimeSpan.Zero) { return(View("CustomError", WebService.ErrorViewModelFactory.Create(1125, new { remainingTime = remainingTime.ToFriendly(maxParts: 2) }))); } // the following fields are validatable at this stage ModelState.Include( nameof(EnterCodesViewModel.EmployerReference), nameof(EnterCodesViewModel.SecurityToken)); // When ModelState is Not Valid Then Return the EnterCodes View if (!ModelState.IsValid) { this.CleanModelErrors <EnterCodesViewModel>(); return(View("EnterCodes", model)); } // Generate the state model var stateModel = await ScopePresentation.CreateScopingViewModelAsync(model, CurrentUser); if (stateModel == null) { await IncrementRetryCountAsync("lastScopeCode", SharedBusinessLogic.SharedOptions.LockoutMinutes); ModelState.AddModelError(3027); this.CleanModelErrors <EnterCodesViewModel>(); return(View("EnterCodes", model)); } //Clear the retry locks await ClearRetryLocksAsync("lastScopeCode"); // set the back link stateModel.StartUrl = Url.Action("OutOfScope"); // set the journey to out-of-scope stateModel.IsOutOfScopeJourney = true; // save the state to the session cache StashModel(stateModel); // when security code has expired then redirect to the CodeExpired action if (stateModel.IsSecurityCodeExpired) { return(View("CodeExpired", stateModel)); } //When on out-of-scope journey and any previous explicit scope then tell user scope is known if (!stateModel.IsChangeJourney && ( stateModel.LastScope != null && stateModel.LastScope.ScopeStatus.IsAny(ScopeStatuses.InScope, ScopeStatuses.OutOfScope) || stateModel.ThisScope != null && stateModel.ThisScope.ScopeStatus.IsAny(ScopeStatuses.InScope, ScopeStatuses.OutOfScope) ) ) { return(View("ScopeKnown", stateModel)); } // redirect to next step return(RedirectToAction("ConfirmOutOfScopeDetails")); }