TD-5084 Self-assessments Sign off should not be allowed through URL manipulation

sherif-olaboye · sherif-olaboye · commit df24eb8b9d9c · 2024-12-11T10:56:35.000Z
diff --git a/DigitalLearningSolutions.Web/Controllers/LearningPortalController/SelfAssessment.cs b/DigitalLearningSolutions.Web/Controllers/LearningPortalController/SelfAssessment.cs
@@ -1558,6 +1558,12 @@ ManageOptionalCompetenciesViewModel model
         public IActionResult RequestSignOff(int selfAssessmentId)
         {
             var delegateUserId = User.GetUserIdKnownNotNull();
+            var delegateId = User.GetCandidateIdKnownNotNull();
+            var recentResults = selfAssessmentService.GetMostRecentResults(selfAssessmentId, delegateId).ToList();
+            var competencySummaries = CertificateHelper.CompetencySummation(recentResults);
+           
+            if (competencySummaries.QuestionsCount != competencySummaries.VerifiedCount)  return RedirectToAction("StatusCode", "LearningSolutions", new { code = 403 });
+            
             var assessment = selfAssessmentService.GetSelfAssessmentForCandidateById(delegateUserId, selfAssessmentId);
             var supervisors =
                 selfAssessmentService.GetSignOffSupervisorsForSelfAssessmentId(selfAssessmentId, delegateUserId);
@@ -1568,6 +1574,8 @@ public IActionResult RequestSignOff(int selfAssessmentId)
                 Supervisors = supervisors,
                 NumberOfSelfAssessedOptionalCompetencies = optionalCompetencies.Count(x => x.IncludedInSelfAssessment)
             };
+            if (model.NumberOfSelfAssessedOptionalCompetencies < model.SelfAssessment.MinimumOptionalCompetencies) return RedirectToAction("StatusCode", "LearningSolutions", new { code = 403 });
+            
             return View("SelfAssessments/RequestSignOff", model);
         }
 
diff --git a/DigitalLearningSolutions.Web/Helpers/CertificateHelper.cs b/DigitalLearningSolutions.Web/Helpers/CertificateHelper.cs
@@ -46,5 +46,25 @@ public static CompetencySummary CanViewCertificate(List<Competency> reviewedComp
             };
             return model;
         }
+        public static CompetencySummary CompetencySummation(List<Competency> reviewedCompetencies)
+        {
+            var CompetencyGroups = reviewedCompetencies.GroupBy(competency => competency.CompetencyGroup);
+            var competencySummaries = CompetencyGroups.Select(g =>
+            {
+                var questions = g.SelectMany(c => c.AssessmentQuestions).Where(q => q.Required);
+                var verifiedCount = questions.Count(q => !((q.Result == null || q.Verified == null || q.SignedOff != true) && q.Required));
+                return new
+                {
+                    QuestionsCount = questions.Count(),
+                    VerifiedCount = verifiedCount
+                };
+            });
+            var model = new CompetencySummary()
+            {
+                VerifiedCount = competencySummaries.Sum(item => item.VerifiedCount),
+                QuestionsCount = competencySummaries.Sum(item => item.QuestionsCount),
+            };
+            return model;
+        }
     }
 }
