Fixing IOD workflow switch for non-standalone environment

cisagov · Sep 20, 2023 · 210ffe7 · 210ffe7
1 parent 080c98b
commit 210ffe7
Show file tree

Hide file tree

Showing 3 changed files with 360 additions and 330 deletions.
diff --git a/CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ProtectedFeatureController.cs b/CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ProtectedFeatureController.cs
@@ -12,8 +12,7 @@
 using CSETWebCore.DataLayer.Model;
 using CSETWebCore.Model.Module;
 using CSETWebCore.Interfaces.Helpers;
-using CSETWebCore.Helpers;
-using Namotion.Reflection;
+using Microsoft.AspNetCore.Authorization;
 
 namespace CSETWebCore.Api.Controllers
 {
@@ -116,16 +115,18 @@ public IActionResult SetCisaAssessorWorkflow([FromBody] bool cisaWorkflowEnabled
         }
 
         [HttpGet]
+        [AllowAnonymous]
         [Route("api/EnableProtectedFeature/getCisaAssessorWorkflow")]
         /// <summary>
-        /// Marks the FAA set as 'unlocked.'
+        /// Gets the status of the CISA assessor workflow for the current user.
         /// </summary>
         /// <returns></returns>
         public IActionResult GetCisaAssessorWorkflow()
         {
             var userId = _tokenManager.GetCurrentUserId();
             var ak = _tokenManager.GetAccessKey();
 
+            // Assume false if we can't find the user or access key (they are probably on the login page).
             bool cisaWorkflowEnabled = false;
 
             if (userId != null)