public async Task <IActionResult> AccessDenied() { if (TempData.Keys.Contains(nameof(PrivilegeAuthorizationDeniedContext))) { var deniedContext = JsonConvert .DeserializeObject <PrivilegeAuthorizationDeniedContext>(TempData[nameof(PrivilegeAuthorizationDeniedContext)] .ToString()); var userId = Guid.Parse(User.FindFirst("UserId").Value); var user = await _contactsApiClient.GetById(userId); OrganisationResponse organisation = null; try { organisation = await _organisationsApiClient.GetOrganisationByUserId(userId); } catch (Exception ex) { _logger.LogWarning(ex.Message, ex); if (user.OrganisationId == null && user.Status == ContactStatus.Live) { return(RedirectToAction("Index", "OrganisationSearch")); } } if (user.OrganisationId != null && user.Status == ContactStatus.InvitePending) { return(RedirectToAction("InvitePending", "Home")); } if (organisation != null && organisation.Status == OrganisationStatus.Applying || organisation.Status == OrganisationStatus.New) { return(RedirectToAction("Index", "Dashboard")); } var privilege = (await _contactsApiClient.GetPrivileges()).Single(p => p.Id == deniedContext.PrivilegeId); var usersPrivileges = await _contactsApiClient.GetContactPrivileges(userId); return(View("~/Views/Account/AccessDeniedForPrivilege.cshtml", new AccessDeniedViewModel { Title = privilege.UserPrivilege, Rights = privilege.PrivilegeData.Rights, PrivilegeId = deniedContext.PrivilegeId, ContactId = userId, UserHasUserManagement = usersPrivileges.Any(up => up.Privilege.Key == Privileges.ManageUsers), ReturnController = deniedContext.Controller, ReturnAction = deniedContext.Action, IsUsersOrganisationLive = organisation?.Status == OrganisationStatus.Live })); } else if (TempData.Keys.Contains("UnavailableFeatureContext")) { return(View("~/Views/Account/UnavailableFeature.cshtml")); } return(View()); }
public async Task <IActionResult> Invite(string backController = "ManageUsers", string backAction = "Index") { var privileges = await _contactsApiClient.GetPrivileges(); var vm = new InviteContactViewModel { PrivilegesViewModel = new EditPrivilegesViewModel { PrivilegeViewModels = privileges.Select(p => new PrivilegeViewModel { Privilege = p }).ToArray() }, BackController = backController, BackAction = backAction }; return(View("~/Views/ManageUsers/InviteUser/Invite.cshtml", vm)); }
private async Task <RegisterViewAndEditUserViewModel> GetUserViewModel(Guid contactId) { var contact = await _contactsApiClient.GetById(contactId); var organisation = await _organisationsApiClient.Get(contact.OrganisationId.Value); var vm = Mapper.Map <RegisterViewAndEditUserViewModel>(contact); vm.EndPointAssessorOrganisationId = organisation.EndPointAssessorOrganisationId; vm.AssignedPrivileges = await _contactsApiClient.GetContactPrivileges(contact.Id); vm.AllPrivilegeTypes = await _contactsApiClient.GetPrivileges(); return(vm); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PrivilegeRequirement requirement) { if (!_httpContextAccessor.HttpContext.User.HasClaim(c => c.Type == "UserId")) { context.Fail(); return; } var userid = _httpContextAccessor.HttpContext.User.FindFirst("UserId").Value; var controllerActionDescriptor = (context.Resource as AuthorizationFilterContext).ActionDescriptor as ControllerActionDescriptor; var privilegeRequested = (await _contactsApiClient.GetPrivileges()).FirstOrDefault(p => p.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase)); if (privilegeRequested is null || !privilegeRequested.Enabled) { var unavailableFeatureContext = new DeniedPrivilegeContext(); _tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> { { "UnavailableFeatureContext", JsonConvert.SerializeObject(unavailableFeatureContext) } }); return; } var contactPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userid)); if (contactPrivileges.Any(cp => cp.Privilege.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase))) { context.Succeed(requirement); } else { var deniedPrivilegeContext = new DeniedPrivilegeContext { PrivilegeId = privilegeRequested.Id, Controller = controllerActionDescriptor.ControllerName, Action = controllerActionDescriptor.ActionName }; _tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> { { "DeniedPrivilegeContext", JsonConvert.SerializeObject(deniedPrivilegeContext) } }); } }
public async Task <IActionResult> OrganisationDetails() { var epaoid = _contextAccessor.HttpContext.User.FindFirst("http://schemas.portal.com/epaoid")?.Value; var ukprn = _contextAccessor.HttpContext.User.FindFirst("http://schemas.portal.com/ukprn")?.Value; try { var organisation = await _organisationsApiClient.GetEpaOrganisation(epaoid); var viewModel = MapOrganisationModel(organisation); viewModel.ExternalApiSubscriptions = await GetExternalApiSubscriptions(_webConfiguration.AzureApiAuthentication.ProductId, ukprn); var userId = _contextAccessor.HttpContext.User.FindFirst("UserId").Value; var userPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userId)); viewModel.UserHasChangeOrganisationPrivilege = userPrivileges.Any(cp => cp.Privilege.Key == Privileges.ChangeOrganisationDetails); if (viewModel.UserHasChangeOrganisationPrivilege == false) { var changeOrganisationPriviledge = (await _contactsApiClient.GetPrivileges()).First(p => p.Key == Privileges.ChangeOrganisationDetails); viewModel.AccessDeniedViewModel = new AccessDeniedViewModel { PrivilegeId = changeOrganisationPriviledge.Id, ContactId = Guid.Parse(userId), UserHasUserManagement = userPrivileges.Any(up => up.Privilege.Key == Privileges.ManageUsers), ReturnController = nameof(OrganisationController).RemoveController(), ReturnAction = nameof(OrganisationDetails) }; } return(View(viewModel)); } catch (EntityNotFoundException e) { _logger.LogWarning(e, "Failed to find organisation"); return(RedirectToAction(nameof(HomeController.NotRegistered), nameof(HomeController).RemoveController())); } }
public async Task <IActionResult> RequestSent(Guid privilegeId) { var privilege = (await _contactsApiClient.GetPrivileges()).Single(p => p.Id == privilegeId); return(View("~/Views/Account/RequestSent.cshtml", privilege.UserPrivilege)); }