public async Task <ActionResult <EnrolleeViewModel> > Submit(int enrolleeId, EnrolleeUpdateModel updatedProfile) { var record = await _enrolleeService.GetPermissionsRecordAsync(enrolleeId); if (record == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } if (!record.EditableBy(User)) { return(Forbid()); } if (updatedProfile == null) { this.ModelState.AddModelError("EnrolleeUpdateModel", "New profile cannot be null."); return(BadRequest(ApiResponse.BadRequest(this.ModelState))); } if (!await _enrolleeService.IsEnrolleeInStatusAsync(enrolleeId, StatusType.Editable)) { this.ModelState.AddModelError("Enrollee.CurrentStatus", "Application can not be submitted when the current status is not 'Active'."); return(BadRequest(ApiResponse.BadRequest(this.ModelState))); } updatedProfile.IdentityAssuranceLevel = User.GetIdentityAssuranceLevel(); updatedProfile.IdentityProvider = User.GetIdentityProvider(); await _submissionService.SubmitApplicationAsync(enrolleeId, updatedProfile); var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); return(Ok(ApiResponse.Result(enrollee))); }
public async Task <ActionResult <Enrollee> > GetEnrolleeById(int enrolleeId) { var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); if (enrollee == null) { return(NotFound(new ApiResponse(404, $"Enrollee not found with id {enrolleeId}"))); } // if the user is not an ADMIN, make sure the enrolleeId matches the user, otherwise return not authorized if (!BelongsToEnrollee(enrollee)) { return(Forbid()); } return(Ok(new ApiOkResponse <Enrollee>(enrollee))); }
public async Task <ActionResult <IEnumerable <AccessTerm> > > GetAccessTerms(int enrolleeId, [FromQuery] int year) { var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); if (enrollee == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } if (!User.CanView(enrollee)) { return(Forbid()); } var accessTerms = await _accessTermService.GetAcceptedAccessTerms(enrolleeId, year); if (User.IsAdmin()) { await _businessEventService.CreateAdminViewEventAsync(enrollee.Id, "Admin viewing PRIME History"); } return(Ok(ApiResponse.Result(accessTerms))); }
// Create the credential proposal attributes. private async Task <JArray> CreateCredentialAttributesAsync(int enrolleeId) { // TODO Update schema to rename organization_type to care_setting var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); foreach (var careSetting in enrollee.EnrolleeCareSettings) { await _context.Entry(careSetting).Reference(o => o.CareSetting).LoadAsync(); } JArray attributes = new JArray { new JObject { { "name", "GPID" }, { "value", enrollee.GPID } }, new JObject { { "name", "Renewal Date" }, { "value", enrollee.ExpiryDate.Value.Date.ToShortDateString() } }, new JObject { { "name", "TOA Name" }, { "value", enrollee.AssignedTOAType.Value.ToString() } }, new JObject { { "name", "Care Type Setting" }, { "value", string.Join(',', enrollee.EnrolleeCareSettings.Select(ecs => ecs.CareSetting.Name)) } }, new JObject { { "name", "Remote User" }, { "value", enrollee.EnrolleeRemoteUsers.Count > 0 ? "true" : "false" } } }; _logger.LogInformation("Credential offer attributes for {@JObject}", JsonConvert.SerializeObject(attributes)); return(attributes); }
// Create the credential proposal attributes. private async Task <JArray> CreateCredentialAttributesAsync(int enrolleeId) { // TODO Update schema to rename organization_type to care_setting var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); var enrolleeCareSetting = enrollee.EnrolleeCareSettings.Single(); await _context.Entry(enrolleeCareSetting).Reference(o => o.CareSetting).LoadAsync(); JArray attributes = new JArray { new JObject { { "name", "gpid" }, { "value", enrollee.GPID } }, new JObject { { "name", "renewal_date" }, { "value", enrollee.ExpiryDate } }, new JObject { { "name", "organization_type" }, { "value", enrolleeCareSetting.CareSetting.Name } }, new JObject { { "name", "user_class" }, { "value", enrollee.IsRegulatedUser ? "RU" : "OBO" } }, new JObject { { "name", "remote_access" }, { "value", enrollee.EnrolleeRemoteUsers.Count > 0 ? "true" : "false" } } }; _logger.LogInformation("Credential offer attributes for {@JObject}", JsonConvert.SerializeObject(attributes)); return(attributes); }
// Create the credential proposal attributes. private async Task <JArray> CreateCredentialAttributesAsync(int enrolleeId) { var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); var organizationType = _context.OrganizationTypes.SingleOrDefault(t => t.Code == enrollee.EnrolleeOrganizationTypes.FirstOrDefault().OrganizationTypeCode); JArray attributes = new JArray { new JObject { { "name", "gpid" }, { "value", enrollee.GPID } }, new JObject { { "name", "renewal_date" }, { "value", enrollee.ExpiryDate } }, new JObject { { "name", "organization_type" }, { "value", organizationType.Name } }, new JObject { { "name", "user_class" }, { "value", enrollee.IsRegulatedUser() ? "RU" : "OBO" } }, new JObject { { "name", "remote_access" }, { "value", enrollee.RequestingRemoteAccess ? "true" : "false" } } }; _logger.LogInformation("Credential offer attributes for {@JObject}", JsonConvert.SerializeObject(attributes)); return(attributes); }
public async Task <ActionResult <Feedback> > CreateFeedback(Feedback feedback) { var enrollee = await _enrolleeService.GetEnrolleeAsync(feedback.EnrolleeId); if (enrollee == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {feedback.EnrolleeId}"))); } if (!User.CanView(enrollee)) { return(Forbid()); } var createFeedback = await _feedbackService.CreateFeedbackAsync(feedback); return(CreatedAtAction( nameof(CreateFeedback), new { enrolleeId = feedback.EnrolleeId }, ApiResponse.Result(createFeedback) )); }
public async Task <ActionResult <Enrollee> > GetEnrolleeById(int enrolleeId) { var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId, User.HasAdminView()); if (enrollee == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } if (!User.CanView(enrollee)) { return(Forbid()); } if (User.IsAdmin()) { await _businessEventService.CreateAdminViewEventAsync(enrollee.Id, "Admin viewing the current Enrolment"); } return(Ok(ApiResponse.Result(enrollee))); }