public async Task <IActionResult> OnGetApprovalsAsync()
{
if (!(await _authorizationService.AuthorizeAsync(User, "RequireAuthorityRole")).Succeeded)
{
return(Forbid());
}
var userId = _userManager.GetUserId(User);
var authorityRoles = _authorityProvider.GetAuthorityRoles(userId).ToList();
var approvalsQueryResult = await _proposalDbContext.Approvals.AsQueryable()
.Where(a => authorityRoles.Contains(a.AuthorityRole) || a.AuthorityRole == ApprovalAuthorityRole.Supervisor && a.Proposal.SupervisorId == userId)
.Where(a => a.Status == ApprovalStatus.ApprovalPending || a.Status == ApprovalStatus.Rejected || a.Status == ApprovalStatus.Approved)
.OrderByDescending(a => a.Proposal.LastEditedOn)
.Select(a => new
{
a.ProposalId,
ProposalOwnerId = a.Proposal.OwnerId,
ProposalTitle = a.Proposal.Title,
a.AuthorityRole,
a.Status
})
.ToListAsync();
var ownerNames = await _userManager.GetUserNamesForIdsAsync(approvalsQueryResult.Select(p => p.ProposalOwnerId));
var approvals = approvalsQueryResult
.Select(a => new ApprovalModel
{
ProposalId = a.ProposalId,
SectionId = _sectionHandlers.First(s => s.HasApprovalAuthorityRole(a.AuthorityRole)).Id,
ProposalOwnerName = ownerNames[a.ProposalOwnerId],
ProposalTitle = a.ProposalTitle,
Role = (ApprovalAuthorityRoleModel)a.AuthorityRole,
RoleType = _authorityProvider.IsPrimaryAuthorityForRole(userId, a.AuthorityRole) ? ApprovalRoleTypeModel.Primary : ApprovalRoleTypeModel.Secondary,
Status = (ApprovalStatusModel)a.Status
})
.ToList();
return(new JsonResult(approvals));
}
public async Task <SignInStatus> EndSignInAsync(HttpContext httpContext, bool isPersistent)
{
var result = await _authenticationService.AuthenticateAsync(httpContext, Constants.AuthenticationSchemes.External);
if (!result.Succeeded)
{
return(SignInStatus.NoExternalCookie);
}
await _authenticationService.SignOutAsync(httpContext, Constants.AuthenticationSchemes.External, null);
var userId = result.Principal.FindFirstValue(ClaimTypes.UserId);
if (userId == null)
{
_logger.LogInformation("DCCN user ID is missing.");
return(SignInStatus.InvalidUser);
}
var user = await UserManager.GetUserByIdAsync(userId, true);
if (user == null)
{
_logger.LogInformation("User '{UserId}' does not exist.", userId);
return(SignInStatus.InvalidUser);
}
if (user.Status == CheckinStatus.Tentative)
{
_logger.LogInformation("User '{UserId} has tentative status.", userId);
return(SignInStatus.InvalidStatus);
}
var identity = new ClaimsIdentity(Constants.AuthenticationSchemes.Default, ClaimTypes.UserName, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.UserId, user.Id));
identity.AddClaim(new Claim(ClaimTypes.UserName, user.DisplayName));
identity.AddClaim(new Claim(ClaimTypes.EmailAddress, user.Email));
identity.AddClaim(new Claim(ClaimTypes.Group, user.GroupId));
var authorityRoles = _authorityProvider.GetAuthorityRoles(user.Id).ToList();
if (authorityRoles.Any() || user.IsHead)
{
identity.AddClaim(new Claim(ClaimTypes.Role, Role.Authority.GetName()));
identity.AddClaims(authorityRoles.Select(role => new Claim(ClaimTypes.ApprovalRole, role.GetName())));
}
if (user.IsHead)
{
identity.AddClaim(new Claim(ClaimTypes.Role, Role.Supervisor.GetName()));
}
if (_formOptions.Administration.Contains(user.Id))
{
identity.AddClaim(new Claim(ClaimTypes.Role, Role.Administration.GetName()));
}
var authProperties = new AuthenticationProperties
{
IsPersistent = isPersistent
};
await _authenticationService.SignInAsync(httpContext, Constants.AuthenticationSchemes.Default, new ClaimsPrincipal(identity), authProperties);
return(SignInStatus.Success);
}