public ActionResult Edit(RequestContent reqContent)
{
var rmc = new RequestManagementController();
var rlc = new RequestLockManagementController();
var uc = new UserManagementController();
var almc = new AuditLogManagementController();
UserProfile up = uc.getUserProfile(User.Identity.Name);
RequestLock rl = rlc.getRequestLock(reqContent.requestID);
if (rl == null) {
return RedirectToAction("Index", "Home", new {
status = Constants.URLStatus.NotLockedToYou
});
}
if (rl.UserID != up.UserId) {
return RedirectToAction("Index", "Home", new {
status = Constants.URLStatus.AccessingLocked
});
}
if (Request.Form["delete"] != null) {
rmc.invalidate(reqContent.requestID);
rlc.removeLock(reqContent.requestID);
almc.addEntry(reqContent.requestID, up.UserId,
Constants.AuditType.RequestDeletion);
return RedirectToAction("Index", "Home", new {
status = Constants.URLStatus.Deleted
});
}
if (Request.Form["cancel"] != null) {
rlc.removeLock(reqContent.requestID);
if (Roles.IsUserInRole(Constants.Roles.VIEWER)) {
return RedirectToAction(
"Details", "Request",
new {
id = reqContent.requestID
});
}
return RedirectToAction(
"Index", "Home",
new {
status =
Constants.URLStatus.SuccessfulEdit
});
}
bool valid = ModelState.IsValid;
if (reqContent.parentRequestID != null &&
!rmc.requestExists((long) reqContent.parentRequestID)) {
ModelState.AddModelError("NonexistentParentRequest",
"Parent Request ID must correspond to an existing request.");
valid = false;
}
if (Request.Form["mark_as_complete"] != null ||
(Request.Form["update"] != null && reqContent.requestStatus == Constants.RequestStatus.Completed)) {
foreach (
QuestionResponseContent qrContent in
reqContent.questionResponseList) {
if (String.IsNullOrEmpty(qrContent.question) ||
removeNewLinesAndTabs(qrContent.question).Equals("<br />") ||
String.IsNullOrEmpty(qrContent.response) ||
removeNewLinesAndTabs(qrContent.response).Equals("<br />") ||
qrContent.questionTypeID == null ||
qrContent.tumourGroupID == null ||
qrContent.timeSpent == null ||
qrContent.severity == null ||
qrContent.consequence == null ||
qrContent.keywords.Count < 1) {
ModelState.AddModelError("IncompleteQuestion",
"Questions must be completed before marking request as complete.");
valid = false;
break;
}
if (qrContent.keywords.Any(keyword => keyword.Length > 128)) {
ModelState.AddModelError("KeywordTooLong",
"Keywords must be less than 128 characters.");
valid = false;
}
if (qrContent.referenceList.Any(refContent => String.IsNullOrEmpty(refContent.referenceString))) {
ModelState.AddModelError("IncompleteReference",
"References must be completed before marking request as complete.");
valid = false;
}
}
reqContent.timeClosed = DateTime.Now;
reqContent.requestStatus = Constants.RequestStatus.Completed;
}
// Encode HTML in question responses
// Replace null references with empty string
foreach (
QuestionResponseContent qrContent in
reqContent.questionResponseList) {
if (!String.IsNullOrEmpty(qrContent.question)) {
qrContent.question = HttpUtility.HtmlEncode(
removeNewLinesAndTabs(qrContent.question))
.Replace("'", "'");
}
if (!String.IsNullOrEmpty(qrContent.response)) {
qrContent.response = HttpUtility.HtmlEncode(
removeNewLinesAndTabs(qrContent.response))
.Replace("'", "'");
}
if (!String.IsNullOrEmpty(qrContent.specialNotes)) {
qrContent.specialNotes = HttpUtility.HtmlEncode(
removeNewLinesAndTabs(qrContent.specialNotes))
.Replace("'", "'");
}
foreach (
ReferenceContent refContent in
qrContent.referenceList) {
refContent.referenceString =
refContent.referenceString == null
? ""
: refContent.referenceString.Replace("\\", "\\\\");
}
}
if (!valid) {
var dc = new DropdownManagementController();
ViewBag.RequestorTypes = new SelectList(
dc.getEntries(Constants.DropdownTable.RequestorType),
"id", "text");
ViewBag.Regions = new SelectList(
dc.getEntries(Constants.DropdownTable.Region),
"id", "text");
ViewBag.GenderOptions = new SelectList(Constants.genderOptions);
return View(reqContent);
}
rmc.edit(reqContent);
rlc.removeLock(reqContent.requestID);
almc.addEntry(reqContent.requestID, up.UserId,
Constants.AuditType.RequestModification);
if (Request.Form["mark_as_complete"] != null) {
almc.addEntry(reqContent.requestID, up.UserId,
Constants.AuditType.RequestCompletion,
(DateTime) reqContent.timeClosed);
}
if (Roles.IsUserInRole(Constants.Roles.VIEWER)) {
return RedirectToAction("Details", "Request",
new {id = reqContent.requestID});
}
return RedirectToAction("Index", "Home",
new {
status =
Constants.URLStatus.SuccessfulEdit
});
}
public ActionResult Unlock(long id)
{
var rlc = new RequestLockManagementController();
// add AuditLog entry for lock remove
var upc = new UserManagementController();
var almc = new AuditLogManagementController();
almc.addEntry(id, upc.getUserProfile(User.Identity.Name).UserId,
Constants.AuditType.RequestUnlock);
rlc.removeLock(id);
return RedirectToAction("Index", "Home", new {
status = Constants.URLStatus.Unlocked
});
}
public void TestViewRequestLockedToAnother()
{
// Create a test request in the DB
var rc = new RequestContent {
patientFName = "VRInt-" +
_random.Next()
.ToString(CultureInfo.InvariantCulture)
};
var rmc = new RequestManagementController();
long rid = rmc.create(rc);
// Create the User
var up = new UserProfile {
UserName = "******" +
_random.Next()
.ToString(CultureInfo.InvariantCulture)
};
_cdc.UserProfiles.InsertOnSubmit(up);
_cdc.SubmitChanges();
// Create the Lock
var rlmc = new RequestLockManagementController();
rlmc.addLock(rid, up.UserId);
// Remove the Viewer Role from the User
_ctm.removeRole(Constants.Roles.ADMINISTRATOR);
// Attempt to go to the appropriate View Request Page Directly
_driver.Navigate().GoToUrl(CommonTestingMethods.getURL());
_driver.Navigate()
.GoToUrl(CommonTestingMethods.getURL() + "/Request/Details/" +
rid.ToString(CultureInfo.InvariantCulture));
_driver.FindElement(By.Id("error-header"));
IWebElement msg = _driver.FindElement(By.Id("error-message"));
StringAssert.AreEqualIgnoringCase(
"This request has been locked to another person and cannot be viewed until unlocked.",
msg.Text);
// Assert that we're redirected to the not authorized page
StringAssert.Contains("/Request/Details", _driver.Url);
// Cleanup
rlmc.removeLock(rid);
_cdc.UserProfiles.DeleteOnSubmit(up);
Request rq = _cdc.Requests.FirstOrDefault(r => r.RequestID == rid);
if (rq == null) {
Assert.Fail("Request is null");
}
_cdc.Requests.DeleteOnSubmit(rq);
_cdc.SubmitChanges();
_ctm.addRole(Constants.Roles.ADMINISTRATOR);
}
