public Vacancy UpsertVacancy(Vacancy vacancy, Func <Vacancy, Vacancy> operation) { Condition.Requires(vacancy); _authoriseCurrentUserStrategy.AuthoriseCurrentUser(vacancy); if (_currentUserService.IsInRole(Roles.Faa)) { var username = _currentUserService.CurrentUserName; var lastEditedBy = _providerUserReadRepository.GetByUsername(username); if (lastEditedBy != null) { vacancy.LastEditedById = lastEditedBy.ProviderUserId; } } vacancy = operation(vacancy); _publishVacancySummaryUpdateStrategy.PublishVacancySummaryUpdate(vacancy); return(_vacancyReadRepository.Get(vacancy.VacancyId)); }
public async Task <CheckForUpdateVm> Handle(CheckForUpdateQuery request, CancellationToken cancellationToken) { var vm = new CheckForUpdateVm(); //Ensures updating in stages var packageVersion = await _context.PackageVersions .FirstOrDefaultAsync(pv => pv.PreviousPackageVersionId == request.FromPackageVersionId); //If the version is the newest if (packageVersion == null) { return(vm); } //If it is not released yet if (packageVersion.ReleaseDate > DateTime.Now) { return(vm); } //If user has no access to it if (!_currentUserService.IsInRole(packageVersion.Channel)) { return(vm); } //If the user is from a banned country if (packageVersion.BannedCountries.FirstOrDefault(bc => bc.Iso == _currentUserService.Country) != null) { return(vm); } vm.HasAvailable = true; vm.Version = packageVersion.Version; return(vm); }
public void Authorise(Vacancy vacancy) { if (!_currentUserService.IsInRole(Roles.Faa)) { // Only Provider Users require authorisation (QA users are always authorised). return; } var ukprn = _currentUserService.GetClaimValue("ukprn"); var ukprnoverride = _currentUserService.GetClaimValue("ukprnoverride"); if (!string.IsNullOrEmpty(ukprnoverride)) { ukprn = ukprnoverride; } else if (_currentUserService.IsInRole(Roles.Admin)) { //This is to fix the anonymous view issue when impersonating return; } var provider = _providerService.GetProvider(ukprn); var vacancyId = vacancy.VacancyId; var contractOwnerId = vacancy.ContractOwnerId; if (provider == null) { var message = $"Provider user '{_currentUserService.CurrentUserName}' signed in with invalid UKPRN '{ukprn}' attempted to view Vacancy Id '{vacancyId}' for Contract Owner Id '{contractOwnerId}', Vacancy Manager Id '{vacancy.VacancyManagerId}' and Delivery Organisation Id '{vacancy.DeliveryOrganisationId}'"; throw new Domain.Entities.Exceptions.CustomException( message, ErrorCodes.ProviderVacancyAuthorisation.InvalidUkprn); } if (provider.ProviderId == contractOwnerId) { return; } var providerSiteIds = new List <int?> { vacancy.VacancyManagerId, vacancy.DeliveryOrganisationId }; // Fall back to Provider Site Id as the assigned provider for a vacancy could be a sub-contractor. foreach (var providerSiteId in providerSiteIds.Where(id => id.HasValue)) { var providerSite = _providerService.GetProviderSite(providerSiteId.Value); if (providerSite != null && providerSite.ProviderSiteRelationships.Any(psr => psr.ProviderId == provider.ProviderId)) { return; } var providerSites = _providerService.GetProviderSites(ukprn); if (providerSites.Any(each => each.ProviderSiteId == providerSiteId)) { return; } } var errorMessage = $"Provider user '{_currentUserService.CurrentUserName}' (signed in as UKPRN '{ukprn}') attempted to view Vacancy Id '{vacancyId}' for Contract Owner Id '{contractOwnerId}', Vacancy Manager Id '{vacancy.VacancyManagerId}' and Delivery Organisation Id '{vacancy.DeliveryOrganisationId}'"; throw new Domain.Entities.Exceptions.CustomException( errorMessage, ErrorCodes.ProviderVacancyAuthorisation.Failed); }