public async Task <IActionResult> Approve(int id, string password, string comments) { string username = ((ClaimsIdentity)User.Identity).GetClaim(ClaimTypes.NameIdentifier); if (!_adService.Authenticate(username, password)) { RedirectToAction(nameof(EditReview), new { id }); } Review review = _requestService.GetReview(id); var authResult = await _authService.AuthorizeAsync(User, review, "CanEnterReview"); if (!authResult.Succeeded) { return(new ForbidResult()); } Request request = _requestService.GetRequest(review.RequestId); review.Approve(comments); request.UpdatedOn = DateTime.Now; _requestService.SaveChanges(); var identity = (ClaimsIdentity)User.Identity; await _auditLog.Append(identity.GetClaimAsInt("EmployeeId"), LogActionType.Approve, LogResourceType.Request, request.RequestId, $"{identity.GetClaim(ClaimTypes.Name)} approved request with id {request.RequestId}"); if (review.ReviewOrder < request.Reviews.Count - 1) { Review nextReview = request.OrderedReviews[review.ReviewOrder + 1]; string emailName = "ReviewRequest"; var model = new { _emailHelper.AppUrl, _emailHelper.AppEmail, Request = request }; string subject = _emailHelper.GetSubjectFromTemplate(emailName, model, _email.Renderer); string receipient = nextReview.Reviewer.Email; _email.To(receipient) .Subject(subject) .UsingTemplateFromFile(_emailHelper.GetBodyTemplateFile(emailName), model) .Send(); emailName = "RequestUpdated"; subject = _emailHelper.GetSubjectFromTemplate(emailName, model, _email.Renderer); receipient = request.RequestedBy.Email; _email.To(receipient) .Subject(subject) .UsingTemplateFromFile(_emailHelper.GetBodyTemplateFile(emailName), model) .Send(); } else // last review { request.RequestStatus = RequestStatus.Approved; request.CompletedOn = DateTime.Now; _requestService.SaveChanges(); foreach (var requestedSystem in request.Systems) { var systemAccess = new SystemAccess(request, requestedSystem); _systemService.AddSystemAccess(systemAccess); } string emailName = "RequestApproved"; var model = new { _emailHelper.AppUrl, _emailHelper.AppEmail, Request = request }; string subject = _emailHelper.GetSubjectFromTemplate(emailName, model, _email.Renderer); string receipient = request.RequestedBy.Email; _email.To(receipient) .Subject(subject) .UsingTemplateFromFile(_emailHelper.GetBodyTemplateFile(emailName), model) .Send(); emailName = "ProcessRequest"; _email.Subject(_emailHelper.GetSubjectFromTemplate(emailName, model, _email.Renderer)) .UsingTemplateFromFile(_emailHelper.GetBodyTemplateFile(emailName), model); _email.Data.ToAddresses.Clear(); var supportUnitIds = request.Systems.GroupBy(s => s.System.SupportUnitId, s => s).Select(g => g.Key).ToList(); foreach (var supportUnitId in supportUnitIds) { var supportUnit = _organizationService.GetSupportUnit((int)supportUnitId); _email.To(supportUnit.Email); } await _email.SendAsync(); } return(RedirectToAction(nameof(MyReviews))); }