Release/2025.01.31

build.cake

@@ -59,7 +59,7 @@ Task("Publish")
 
 Task("Script")
     .Description("Generates a migration script.")
-    .IsDependentOn("Build")
+    //.IsDependentOn("Build")
     .Does(() =>{
 
         var migrationProject = "src/Infrastructure/Infrastructure.csproj";

src/Application/Features/Activities/Commands/AddActivity.cs

@@ -212,7 +212,7 @@ public Validator(IUnitOfWork unitOfWork)
             When(c => c.ActivityId is not null, () =>
             {
                 RuleFor(c => c.ActivityId)
-                    .MustAsync(BeInPendingStatus);
+                    .Must(BeInPendingStatus);
             });
 
             RuleFor(c => c.ParticipantId)
@@ -224,7 +224,7 @@ public Validator(IUnitOfWork unitOfWork)
                 .WithMessage("You must choose a location");
 
             RuleFor(c => c.Location)
-                .MustAsync(async (command, location, token) => await HaveAHubInduction(command.ParticipantId, location!, token))
+                .Must((command, location, token) => HaveAHubInduction(command.ParticipantId, location!))
                 .When(c => c.Location is { LocationType.IsHub: true })
                 .WithMessage("A hub induction is required for the selected location");
 
@@ -242,7 +242,7 @@ public Validator(IUnitOfWork unitOfWork)
                 .WithMessage("The date the activity took place cannot be in the future")
                 .GreaterThanOrEqualTo(DateTime.Today.AddMonths(-3))
                 .WithMessage("The activity must have taken place within the last three months")
-                .MustAsync((command, commencedOn, token) => HaveOccurredOnOrAfterConsentWasGranted(command.ParticipantId, commencedOn, token))
+                .Must((command, commencedOn, token) => HaveOccurredOnOrAfterConsentWasGranted(command.ParticipantId, commencedOn))
                 .WithMessage("The activity cannot take place before the participant gave consent");
 
             RuleFor(c => c.AdditionalInformation)
@@ -271,16 +271,16 @@ public Validator(IUnitOfWork unitOfWork)
             });
         }
 
-        async Task<bool> BeInPendingStatus(Guid? activityId, CancellationToken cancellationToken)
+        private bool BeInPendingStatus(Guid? activityId)
         {
-            var activity = await unitOfWork.DbContext.Activities.SingleAsync(a => a.Id == activityId, cancellationToken).ConfigureAwait(false);
+            var activity = unitOfWork.DbContext.Activities.Single(a => a.Id == activityId);
             return activity.Status == ActivityStatus.PendingStatus;
         }
 
-        async Task<bool> HaveAHubInduction(string participantId, LocationDto location, CancellationToken cancellationToken)
+        private bool HaveAHubInduction(string participantId, LocationDto location)
         {
-            return await unitOfWork.DbContext.HubInductions.AnyAsync(induction => 
-                induction.ParticipantId == participantId && induction.LocationId == location.Id, cancellationToken).ConfigureAwait(false);
+            return unitOfWork.DbContext.HubInductions.Any(induction => 
+                induction.ParticipantId == participantId && induction.LocationId == location.Id);
         }
 
         private static bool NotExceedMaximumFileSize(IBrowserFile? file, double maxSizeMB)
@@ -289,40 +289,46 @@ private static bool NotExceedMaximumFileSize(IBrowserFile? file, double maxSizeM
         private async Task<bool> BePdfFile(IBrowserFile? file, CancellationToken cancellationToken)
         {
             if (file is null)
+            {
                 return false;
+            }
 
             // Check file extension
             if (!Path.GetExtension(file.Name).Equals(".pdf", StringComparison.OrdinalIgnoreCase))
+            {
                 return false;
+            }
 
             // Check MIME type
             if (file.ContentType != "application/pdf")
+            {
                 return false;
+            }
 
             long maxSizeBytes = Convert.ToInt64(ByteSize.FromMegabytes(Infrastructure.Constants.Documents.ActivityTemplate.MaximumSizeInMegabytes).Bytes);
 
             // Check file signature (magic numbers)
-            using (var stream = file.OpenReadStream(maxSizeBytes, cancellationToken))
-            {
-                byte[] buffer = new byte[4];
-                await stream.ReadExactlyAsync(buffer.AsMemory(0, 4), cancellationToken);
-                string header = System.Text.Encoding.ASCII.GetString(buffer);
-                return header == "%PDF";
-            }
+            await using var stream = file.OpenReadStream(maxSizeBytes, cancellationToken);
+            byte[] buffer = new byte[4];
+            await stream.ReadExactlyAsync(buffer.AsMemory(0, 4), cancellationToken);
+            string header = System.Text.Encoding.ASCII.GetString(buffer);
+            return header == "%PDF";
         }
 
         bool NotBeCompletedInTheFuture(DateTime? completed) => completed < DateTime.UtcNow;
-        private async Task<bool> HaveOccurredOnOrAfterConsentWasGranted(string participantId, DateTime? commencedOn, CancellationToken cancellationToken)
+        private bool HaveOccurredOnOrAfterConsentWasGranted(string participantId, DateTime? commencedOn)
         {
             if(commencedOn is null)
             {
                 return false;
             }
 
-            var consentDate = await unitOfWork.DbContext
-                .Participants.AsNoTracking().Where(x => x.Id == participantId)
+            var consentDate = unitOfWork.DbContext
+                .Participants
+                .AsNoTracking()
+                .Where(x => x.Id == participantId)
                 .Select(c => c.Consents.Max(d => d.Lifetime.StartDate))
-                .FirstAsync(cancellationToken).ConfigureAwait(false);
+                .First();
 
             return commencedOn >= consentDate;
         }

src/Application/Features/AuditTrails/Queries/PaginationQuery/AuditTrailsWithPaginationQuery.cs

@@ -7,7 +7,7 @@
 
 namespace Cfo.Cats.Application.Features.AuditTrails.Queries.PaginationQuery;
 
-[RequestAuthorize(Roles = RoleNames.SystemSupport)]
+[RequestAuthorize(Policy = SecurityPolicies.ViewAudit)]
 public class AuditTrailsWithPaginationQuery
     : AuditTrailAdvancedFilter,
         ICacheableRequest<PaginatedData<AuditTrailDto>>

src/Application/Features/AuditTrails/Specifications/AuditTrailAdvancedFilter.cs

@@ -4,6 +4,8 @@ namespace Cfo.Cats.Application.Features.AuditTrails.Specifications;
 
 public class AuditTrailAdvancedFilter : PaginationFilter
 {
+    public Dictionary<string, object>? PrimaryKey { get; set; }
+
     public AuditType? AuditType { get; set; }
     public AuditTrailListView ListView { get; set; } = AuditTrailListView.All;
     public UserProfile? CurrentUser { get; set; }

src/Application/Features/AuditTrails/Specifications/AuditTrailAdvancedSpecification.cs

@@ -19,6 +19,7 @@ public AuditTrailAdvancedSpecification(AuditTrailAdvancedFilter filter)
         );
 
         Query
+            .Where(p => p.PrimaryKey == filter.PrimaryKey, filter.PrimaryKey is not null)
             .Where(p => p.AuditType == filter.AuditType, filter.AuditType is not null)
             .Where(
                 p => p.UserId == filter.CurrentUser!.UserId,

src/Application/Features/Participants/Specifications/ParticipantByIdSpecification.cs

@@ -7,5 +7,6 @@ public class ParticipantByIdSpecification : Specification<Participant>
     public ParticipantByIdSpecification(string id)
     {
         Query.Where(p => p.Id == id);
+        Query.AsSplitQuery();
     }
 }

src/Application/SecurityConstants/SecurityPolicies.cs

@@ -50,4 +50,9 @@ public static class SecurityPolicies
     /// The used anywhere any user > support worker can do it
     /// </summary>
     public const string UserHasAdditionalRoles = nameof(UserHasAdditionalRoles);
+
+    /// <summary>
+    /// Used to allow users to view the audits
+    /// </summary>
+    public const string ViewAudit = nameof(ViewAudit);
 }

src/Infrastructure/DependencyInjection.cs

@@ -324,6 +324,17 @@ private static IServiceCollection AddAuthenticationService(this IServiceCollecti
                         RoleNames.QAOfficer,
                         RoleNames.QASupportManager);
                 });
+
+                options.AddPolicy(SecurityPolicies.ViewAudit, policy => {
+                    policy.RequireAuthenticatedUser();
+                    policy.RequireClaim(ApplicationClaimTypes.AccountLocked, "False");
+                    policy.RequireRole(RoleNames.SystemSupport, 
+                        RoleNames.SMT, 
+                        RoleNames.QAManager 
+                        );
+                });
+
+
             })
             .AddAuthentication(options => {
                 options.DefaultScheme = IdentityConstants.ApplicationScheme;

src/Infrastructure/Persistence/Configurations/Audit/AuditTrailConfigurations.cs

@@ -22,6 +22,12 @@ public void Configure(EntityTypeBuilder<AuditTrail> builder)
         builder.Property(u => u.OldValues).HasJsonConversion();
         builder.Property(u => u.NewValues).HasJsonConversion();
         builder.Property(u => u.PrimaryKey).HasJsonConversion();
+
+        builder.Property(u => u.PrimaryKey)
+            .HasMaxLength(150);
+
+        builder.HasIndex(x => x.PrimaryKey);
+
         builder.Ignore(x => x.TemporaryProperties);
         builder.Ignore(x => x.HasTemporaryProperties);
     }