Merge pull request #1283 from TechnologyEnhancedLearning/TD-5727-ContributeScreen-AccessDenied

AnjuJose011 · web-flow · commit 2db7358ac2f7 · 2025-07-30T10:41:00.000+01:00
TD-5727-Fix for Full user who is not a catalogue editor/admin can access My contribution page by navigating to the link directly
diff --git a/LearningHub.Nhs.WebUI/Controllers/ContributeController.cs b/LearningHub.Nhs.WebUI/Controllers/ContributeController.cs
@@ -28,6 +28,7 @@ public class ContributeController : BaseController
         private readonly IFileService fileService;
         private readonly IResourceService resourceService;
         private readonly IUserService userService;
+        private readonly IUserGroupService userGroupService;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ContributeController"/> class.
@@ -37,6 +38,7 @@ public class ContributeController : BaseController
         /// <param name="logger">Logger.</param>
         /// <param name="settings">Settings.</param>
         /// <param name="userService">User service.</param>
+        /// <param name="userGroupService"> userGroupService.</param>
         /// <param name="fileService">File service.</param>
         /// <param name="resourceService">Resource service.</param>
         /// <param name="azureMediaService">Azure media service.</param>
@@ -48,6 +50,7 @@ public ContributeController(
             ILogger<ContributeController> logger,
             IOptions<Settings> settings,
             IUserService userService,
+            IUserGroupService userGroupService,
             IFileService fileService,
             IResourceService resourceService,
             IAzureMediaService azureMediaService,
@@ -58,6 +61,7 @@ public ContributeController(
             this.authConfig = authConfig;
 
             this.userService = userService;
+            this.userGroupService = userGroupService;
             this.fileService = fileService;
             this.resourceService = resourceService;
             this.azureMediaService = azureMediaService;
@@ -167,7 +171,8 @@ public async Task<IActionResult> CreateVersion(int resourceId)
         [Route("my-contributions/{selectedTab}/{catalogueId}/{nodeId}")]
         public async Task<IActionResult> MyContributions()
         {
-            if ((this.User.IsInRole("ReadOnly") || this.User.IsInRole("BasicUser")) && !await this.resourceService.UserHasPublishedResourcesAsync())
+            bool catalogueContributionPermission = await this.userGroupService.UserHasCatalogueContributionPermission();
+            if ((this.User.IsInRole("ReadOnly") || this.User.IsInRole("BasicUser")) || (!catalogueContributionPermission && (!await this.resourceService.UserHasPublishedResourcesAsync())))
             {
                 return this.RedirectToAction("AccessDenied", "Home");
             }
