spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ce7b00b68cac6b9f30066b5356f838db2d6808d0
PowderCoatingLogix/src/PowderCoating.Web/Controllers/SmsConsentAuditController.cs
T
spouliot 8acbc8605d Harden multi-tenant isolation across all user-facing controllers 
Added explicit CompanyId == companyId predicates to every tenant-scoped
query in 22 controllers so cross-tenant data leakage is impossible even
if EF Core global query filters are bypassed or misconfigured.

Also fixed ApplicationDbContext.IsPlatformAdmin to correctly return true
for SuperAdmins with no CompanyId claim (break-glass accounts) and when
no HTTP context is present (background services, unit tests), resolving
225 unit test failures that stemmed from the global filter blocking all
in-memory test data.

New MultiTenantIsolationTests class (8 tests) verifies the explicit
predicate layer independently of the global query filters.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 18:04:22 -04:00

210 lines
8.7 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using PowderCoating.Core.Interfaces;
using PowderCoating.Shared.Constants;
using System.Text;
namespace PowderCoating.Web.Controllers;
/// <summary>
/// Displays per-company SMS consent status for all customers. Intended for company admins to
/// verify compliance (who has opted in, who opted out, and when). SuperAdmins can also access
/// this via the normal admin impersonation path.
/// </summary>
[Authorize(Policy = AppConstants.Policies.CompanyAdminOnly)]
public class SmsConsentAuditController : Controller
{
private readonly IUnitOfWork _unitOfWork;
private readonly ITenantContext _tenantContext;
private readonly ILogger<SmsConsentAuditController> _logger;
public SmsConsentAuditController(IUnitOfWork unitOfWork, ITenantContext tenantContext, ILogger<SmsConsentAuditController> logger)
{
_unitOfWork = unitOfWork;
_tenantContext = tenantContext;
_logger = logger;
}
/// <summary>
/// Shows the SMS consent audit report filtered by status and optional name/phone search.
/// </summary>
public async Task<IActionResult> Index(string? filter = "all", string? search = null)
{
try
{
var companyId = _tenantContext.GetCurrentCompanyId() ?? 0;
var allCustomers = await _unitOfWork.Customers.FindAsync(c => c.CompanyId == companyId);
if (!string.IsNullOrWhiteSpace(search))
{
var s = search.Trim().ToLower();
allCustomers = allCustomers.Where(c =>
(c.ContactFirstName != null && c.ContactFirstName.ToLower().Contains(s)) ||
(c.ContactLastName != null && c.ContactLastName.ToLower().Contains(s)) ||
(c.CompanyName != null && c.CompanyName.ToLower().Contains(s)) ||
(c.MobilePhone != null && c.MobilePhone.Contains(s)) ||
(c.Phone != null && c.Phone.Contains(s)));
}
var allRows = allCustomers
.OrderBy(c => c.CompanyName ?? c.ContactLastName ?? c.ContactFirstName)
.Select(c => new SmsConsentRow
{
CustomerId = c.Id,
CustomerName = GetDisplayName(c.IsCommercial, c.CompanyName, c.ContactFirstName, c.ContactLastName),
Phone = c.Phone,
MobilePhone = c.MobilePhone,
NotifyBySms = c.NotifyBySms,
ConsentedAt = c.SmsConsentedAt,
ConsentMethod = c.SmsConsentMethod,
OptedOutAt = c.SmsOptedOutAt,
SmsStatus = ResolveSmsStatus(c.NotifyBySms, c.SmsConsentedAt, c.SmsOptedOutAt)
}).ToList();
var optedIn = allRows.Count(r => r.SmsStatus == "active");
var optedOut = allRows.Count(r => r.SmsStatus == "opted-out");
var never = allRows.Count(r => r.SmsStatus == "never");
var filtered = filter switch
{
"opted-in" => allRows.Where(r => r.SmsStatus == "active").ToList(),
"opted-out" => allRows.Where(r => r.SmsStatus == "opted-out").ToList(),
"never" => allRows.Where(r => r.SmsStatus == "never").ToList(),
_ => allRows
};
var vm = new SmsConsentAuditViewModel
{
Rows = filtered,
Filter = filter ?? "all",
Search = search,
TotalCount = allRows.Count,
OptedInCount = optedIn,
OptedOutCount = optedOut,
NeverSubscribedCount = never
};
return View(vm);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error loading SMS consent audit");
return View(new SmsConsentAuditViewModel());
}
}
/// <summary>
/// Exports the SMS consent audit as a CSV file for compliance record-keeping.
/// Includes all customers regardless of the current filter.
/// </summary>
public async Task<IActionResult> ExportCsv()
{
try
{
var companyId = _tenantContext.GetCurrentCompanyId() ?? 0;
var customers = (await _unitOfWork.Customers.FindAsync(c => c.CompanyId == companyId))
.OrderBy(c => c.CompanyName ?? c.ContactLastName ?? c.ContactFirstName)
.ToList();
var sb = new StringBuilder();
sb.AppendLine("Customer Name,Phone,Mobile Phone,SMS Status,Consented At (UTC),Consent Method,Opted Out At (UTC)");
foreach (var c in customers)
{
var name = CsvEscape(GetDisplayName(c.IsCommercial, c.CompanyName, c.ContactFirstName, c.ContactLastName));
var status = ResolveSmsStatus(c.NotifyBySms, c.SmsConsentedAt, c.SmsOptedOutAt) switch
{
"active" => "Opted In",
"opted-out" => "Opted Out",
_ => "Never Subscribed"
};
sb.AppendLine(string.Join(",",
name,
CsvEscape(c.Phone ?? ""),
CsvEscape(c.MobilePhone ?? ""),
status,
c.SmsConsentedAt.HasValue ? c.SmsConsentedAt.Value.ToString("yyyy-MM-dd HH:mm:ss") : "",
CsvEscape(c.SmsConsentMethod ?? ""),
c.SmsOptedOutAt.HasValue ? c.SmsOptedOutAt.Value.ToString("yyyy-MM-dd HH:mm:ss") : ""
));
}
var bytes = Encoding.UTF8.GetBytes(sb.ToString());
return File(bytes, "text/csv", $"sms-consent-audit-{DateTime.UtcNow:yyyyMMdd}.csv");
}
catch (Exception ex)
{
_logger.LogError(ex, "Error exporting SMS consent audit");
return RedirectToAction(nameof(Index));
}
}
// ── Helpers ───────────────────────────────────────────────────────────────
private static string ResolveSmsStatus(bool notifyBySms, DateTime? consentedAt, DateTime? optedOutAt)
{
if (notifyBySms) return "active";
if (optedOutAt.HasValue || (consentedAt.HasValue && !notifyBySms)) return "opted-out";
return "never";
}
private static string GetDisplayName(bool isCommercial, string? companyName, string? first, string? last)
{
if (!isCommercial)
{
var contact = $"{first} {last}".Trim();
if (!string.IsNullOrEmpty(contact)) return contact;
}
if (!string.IsNullOrWhiteSpace(companyName)) return companyName;
return $"{first} {last}".Trim() is { Length: > 0 } n ? n : "—";
}
private static string CsvEscape(string value)
{
if (value.Contains(',') || value.Contains('"') || value.Contains('\n'))
return $"\"{value.Replace("\"", "\"\"")}\"";
return value;
}
}
// ── View models ───────────────────────────────────────────────────────────────
public class SmsConsentAuditViewModel
{
public List<SmsConsentRow> Rows { get; set; } = [];
public string Filter { get; set; } = "all";
public string? Search { get; set; }
public int TotalCount { get; set; }
public int OptedInCount { get; set; }
public int OptedOutCount { get; set; }
public int NeverSubscribedCount { get; set; }
}
public class SmsConsentRow
{
public int CustomerId { get; set; }
public string CustomerName { get; set; } = "";
public string? Phone { get; set; }
public string? MobilePhone { get; set; }
public bool NotifyBySms { get; set; }
public string SmsStatus { get; set; } = "never"; // "active" | "opted-out" | "never"
public DateTime? ConsentedAt { get; set; }
public string? ConsentMethod { get; set; }
public DateTime? OptedOutAt { get; set; }
public string StatusBadgeClass => SmsStatus switch
{
"active" => "bg-success",
"opted-out" => "bg-danger",
_ => "bg-secondary"
};
public string StatusLabel => SmsStatus switch
{
"active" => "Opted In",
"opted-out" => "Opted Out",
_ => "Never Subscribed"
};
}
Reference in New Issue View Git Blame Copy Permalink