/// <inheritdoc />
public async Task <Campus> CreateCampus(ClaimsPrincipal user, Guid hubId, Campus campus, bool modelState)
{
var userId = AuthenticationHelper.GetUserIdFromToken(user);
// find hub
var hub = await _hubDbService.GetById(hubId);
// find lead
var lead = await _graphUserService.GetGraphUserById(campus.Lead);
var campusGroup = await _graphGroupService.CreateGroup(campus.Name, userId, hub.AadGroupId.ToString());
// add lead to group
await _graphGroupService.AddUserToGroup(lead, campusGroup.Id);
// make sure lead has permissions and title
await _graphUserService.DefineCampusLead(campus.Lead, campusGroup.Id);
// assign manager
await _graphUserService.AssignManager(lead, hub.Lead.ToString());
var newCampus = new Infrastructure.Entities.Db.Campus(campus.Name, campus.Lead, campusGroup.Id,
campus.University, userId)
{
Hub = hub
};
return(Campus.FromDb(await _campusDbService.Create(newCampus, modelState)));
}
/// <summary>
/// This method throws an exception if the user is a hub lead but not for the <see cref="Campus"/>.
/// </summary>
/// <param name="campus"></param>
/// <param name="user"></param>
private void AuthorizeHubLeadForCampus(Infrastructure.Entities.Db.Campus campus, ClaimsPrincipal user)
{
// skip if development or German lead
if (user.HasGroupId(_authorizationConfiguration.GermanLeadsGroupId) || user.HasGroupId(_authorizationConfiguration.InternalDevelopmentGroupId))
{
return;
}
// for all other users this check is already performed
if (user.IsHubLead(_authorizationConfiguration))
{
// check if the campus the hub lead is checking for belongs to their hub
var hub = campus.Hub;
if (!user.HasGroupId(hub.AadGroupId))
{
throw new MccNotAuthorizedException($"user {AuthenticationHelper.GetUserIdFromToken(user)} is not authorized to access campus with id {campus.Id}.");
}
}
}
