/// <summary> /// returns a tuple of a department and its parent branch office /// throws ItemNotFoundException if any of the two is not found /// throws UnauthorizedAccessException if any of the two don't belong to the proper tenant /// </summary> /// <param name="departmentId"></param> /// <returns></returns> private async Task <Tuple <Department, BranchOffice> > GetOrgStructureItemsAsync(Guid departmentId) { var dept = await _orgStructReference.GetDepartmentAsync(departmentId); if (dept == null) { throw ItemNotFoundException.NotFoundByKey("Id", departmentId.ToString(), nameof(Department));; } await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(dept, Shared.Permissions.EntityAction.Read); var branch = await _orgStructReference.GetBranchOfficeAsync(dept.BranchOfficeId); if (branch == null) { throw ItemNotFoundException.NotFoundByKey("Id", dept.BranchOfficeId.ToString(), nameof(BranchOffice));; } await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(branch, Shared.Permissions.EntityAction.Read); return(Tuple.Create(dept, branch)); }
public async Task <SummaryDocument> GetSummaryForInspectionAsync(Guid inspectionId) { var summary = await TryGetSummaryEntityForInspectionAsync(inspectionId); if (summary == null) { throw ItemNotFoundException.NotFoundByKey(nameof(Summary.InspectionId), inspectionId.ToString(), nameof(Summary)); } await _tenantEntityAccessChecker.ValidateAccessToEntityAsync(summary, Shared.Permissions.EntityAction.Read); return(summary.SummaryDocument); }
protected override void CheckAccess(ApplicationRole role, EntityAction desiredAction) { _tenantAccessChecker.ValidateAccessToEntityAsync(role, desiredAction); }
public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditDto user) { if (user == null) { return(InvalidRequestBodyJson(nameof(UserEditDto))); } if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id) { return(BadRequest("Conflicting user id in URL and model data")); } ApplicationUser appUser = await _accountManager.GetUserByIdAsync(id); if (null == appUser) { return(NotFound()); } Guid[] currentRoleIds = appUser != null ? (await _accountManager.GetUserRoleIdsAsync(appUser)).ToArray() : null; await _accessChecker.ValidateAccessToEntityAsync(appUser, EntityAction.Update); var manageUsersPolicyResult = _authorizationService.AuthorizeAsync( User, appUser, UserAccountAuthorizationRequirements.Update); var assignRolePolicyResult = _authorizationService.AuthorizeAsync( User, new UserRoleChange { NewRoles = user.Roles?.Select(r => Guid.Parse(r.Id)).ToArray(), CurrentRoles = currentRoleIds }, Policies.AssignAllowedRolesPolicy); if ((await Task.WhenAll(manageUsersPolicyResult, assignRolePolicyResult)).Any(r => !r.Succeeded)) { return(Forbid()); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (appUser == null) { return(NotFound(id)); } var currentUserId = this.User.GetUserId(); if (currentUserId == id && string.IsNullOrWhiteSpace(user.CurrentPassword)) { if (!string.IsNullOrWhiteSpace(user.NewPassword)) { return(BadRequest("Current password is required when changing your own password")); } if (appUser.UserName != user.UserName) { return(BadRequest("Current password is required when changing your own username")); } } if (currentUserId == id && (appUser.UserName != user.UserName || !string.IsNullOrWhiteSpace(user.NewPassword))) { if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword)) { AddErrors(new string[] { "The username/password couple is invalid." }); return(BadRequest(ModelState)); } } _mapper.Map <UserDto, ApplicationUser>(user, appUser); await _accountManager.UpdateUserAsync(appUser, user.Roles.Select(r => Guid.Parse(r.Id))); if (!string.IsNullOrWhiteSpace(user.NewPassword)) { if (!string.IsNullOrWhiteSpace(user.CurrentPassword)) { await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword); } else { await _accountManager.ResetPasswordAsync(appUser, user.NewPassword); } } return(NoContent()); }