From 5f8873d16768853e62928f39342908a97a283d83 Mon Sep 17 00:00:00 2001
From: Natalie Hergesheimer <natalie.hergesheimer@inl.gov>
Date: Wed, 16 Oct 2024 08:46:53 -0600
Subject: [PATCH 1/3] Role change dialog complete

---
 .../Controllers/ContactsController.cs         |  9 +++-
 CSETWebNg/src/app/app.module.ts               |  4 +-
 .../roles-changed.component.html              | 34 +++++++++++++++
 .../roles-changed/roles-changed.component.ts  | 43 +++++++++++++++++++
 CSETWebNg/src/assets/i18n/en.json             |  6 ++-
 CSETWebNg/src/assets/i18n/es.json             |  6 ++-
 CSETWebNg/src/assets/i18n/uk.json             |  6 ++-
 7 files changed, 103 insertions(+), 5 deletions(-)
 create mode 100644 CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html
 create mode 100644 CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.ts

diff --git a/CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ContactsController.cs b/CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ContactsController.cs
index e233199422..4146d8d0ca 100644
--- a/CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ContactsController.cs
+++ b/CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ContactsController.cs
@@ -422,7 +422,14 @@ public IActionResult PostUpdateUser([FromBody] CreateUser userBeingUpdated)
                 if (assessmentId >= 0)
                 {
                     // Updating a Contact in the context of the current Assessment.  
-                    (_token).AuthorizeAdminRole();
+                    try
+                    {
+                        (_token).AuthorizeAdminRole();
+                    }
+                    catch
+                    {
+                        return Forbid();
+                    }
 
                     int newUserId = (int)userBeingUpdated.UserId;
 
diff --git a/CSETWebNg/src/app/app.module.ts b/CSETWebNg/src/app/app.module.ts
index fdbf6e636d..151bb9f36c 100644
--- a/CSETWebNg/src/app/app.module.ts
+++ b/CSETWebNg/src/app/app.module.ts
@@ -675,6 +675,7 @@ import { AllAnsweredquestionsComponent } from './reports/all-answeredquestions/a
 import { AllCommentsmarkedComponent } from './reports/all-commentsmarked/all-commentsmarked.component';
 import { AllReviewedComponent } from './reports/all-reviewed/all-reviewed.component';
 import { QuestionsReviewedComponent } from './reports/questions-reviewed/questions-reviewed.component';
+import { RolesChangedComponent } from './dialogs/roles-changed/roles-changed.component';
 
 
 @NgModule({ declarations: [
@@ -1202,7 +1203,8 @@ import { QuestionsReviewedComponent } from './reports/questions-reviewed/questio
         AllAnsweredquestionsComponent,
         AllCommentsmarkedComponent,
         AllReviewedComponent,
-        QuestionsReviewedComponent
+        QuestionsReviewedComponent, 
+        RolesChangedComponent
     ],
     bootstrap: [AppComponent], imports: [BrowserModule,
         BrowserAnimationsModule,
diff --git a/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html b/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html
new file mode 100644
index 0000000000..992950502e
--- /dev/null
+++ b/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html
@@ -0,0 +1,34 @@
+<!---------------------- 
+
+   Copyright 2024 Battelle Energy Alliance, LLC  
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy 
+  of this software and associated documentation files (the "Software"), to deal 
+  in the Software without restriction, including without limitation the rights 
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+  copies of the Software, and to permit persons to whom the Software is 
+  furnished to do so, subject to the following conditions: 
+ 
+  The above copyright notice and this permission notice shall be included in all 
+  copies or substantial portions of the Software. 
+ 
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+  SOFTWARE. 
+-------------------------->
+<div class="d-flex flex-column justify-content-center flex-11a" *transloco="let t">
+  <div class="mat-dialog-header p-3 d-flex justify-content-start align-items-center flex-00a">
+    <span class="cset-icons-exclamation-triangle fs-base-6 me-3"></span>
+    <span>{{t('dialogs.access denied')}}</span>
+  </div>
+  <mat-dialog-content class="p-3 pe-0 oy-auto d-flex flex-column flex-11a">
+    <p>Your role on this assessment has been changed by another user.</p>
+  </mat-dialog-content>
+  <mat-dialog-actions class="p-3 pt-0 mb-0">
+    <button class="btn btn-secondary" (click)="close()">{{t('buttons.ok')}}</button>
+  </mat-dialog-actions>
+</div>
\ No newline at end of file
diff --git a/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.ts b/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.ts
new file mode 100644
index 0000000000..a20d4deb68
--- /dev/null
+++ b/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.ts
@@ -0,0 +1,43 @@
+////////////////////////////////
+//
+//   Copyright 2024 Battelle Energy Alliance, LLC
+//
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files (the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions:
+//
+//  The above copyright notice and this permission notice shall be included in all
+//  copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+//  SOFTWARE.
+//
+////////////////////////////////
+import { Component, OnInit } from '@angular/core';
+import { MatDialogRef } from '@angular/material/dialog';
+
+@Component({
+  selector: 'app-roles-changed',
+  templateUrl: './roles-changed.component.html',
+  // eslint-disable-next-line
+  host: { class: 'd-flex flex-column flex-11a' }
+})
+export class RolesChangedComponent implements OnInit {
+  constructor(private dialog: MatDialogRef<RolesChangedComponent>) { }
+
+  ngOnInit() {
+    sessionStorage.setItem('hasUserAgreedToPrivacyWarning', 'true');
+  }
+
+  close() {
+    return this.dialog.close();
+  }
+}
diff --git a/CSETWebNg/src/assets/i18n/en.json b/CSETWebNg/src/assets/i18n/en.json
index 48a7dba8c0..278df14a73 100644
--- a/CSETWebNg/src/assets/i18n/en.json
+++ b/CSETWebNg/src/assets/i18n/en.json
@@ -639,7 +639,11 @@
     "export assessment title": "Export Assessment Options", 
     "scrub pcii": "Select to remove PCII fields from export", 
     "encrypt 1": "To encrypt your assessment, please enter a password.", 
-    "encrypt 2": "If you proceed without entering a password, no encryption will be used."
+    "encrypt 2": "If you proceed without entering a password, no encryption will be used.",
+    "access denied": "Access Denied", 
+    "access denied 1": "Your session has expired, a connection error has occurred, or you are no longer authorized to access that assessment.", 
+    "access denied 2": "Please log in again.", 
+    "access denied 3": "Your role on this assessment has been changed by another user."
   },
   "reports": {
     "launch": {
diff --git a/CSETWebNg/src/assets/i18n/es.json b/CSETWebNg/src/assets/i18n/es.json
index 7de98fa3c6..8fa2e5c022 100644
--- a/CSETWebNg/src/assets/i18n/es.json
+++ b/CSETWebNg/src/assets/i18n/es.json
@@ -542,7 +542,11 @@
         "export assessment title": "Opciones de evaluación de exportación", 
         "scrub pcii": "Seleccione para eliminar los campos PCII de la exportación", 
         "encrypt 1": "Para cifrar su evaluación, ingrese una contraseña.", 
-        "encrypt 2": "Si continúa sin ingresar una contraseña, no se utilizará ningún cifrado."
+        "encrypt 2": "Si continúa sin ingresar una contraseña, no se utilizará ningún cifrado.", 
+        "access denied": "Acceso denegado", 
+        "access denied 1": "Su sesión expiró, se produjo un error de conexión o ya no está autorizado a acceder a esa evaluación.", 
+        "access denied 2": "Por favor inicia sesión nuevamente.", 
+        "access denied 3": "Otro usuario ha cambiado su función en esta evaluación."
     },
     "reports": {
         "assessment complete message": "Gracias por completar su evaluación. Los informes en esta página capturan resúmenes de sus resultados que pueden ayudar en la planificación y crecimiento de la ciberseguridad de su organización en el futuro. La evaluación fue actualizada por última vez el {date}.",
diff --git a/CSETWebNg/src/assets/i18n/uk.json b/CSETWebNg/src/assets/i18n/uk.json
index d9ca9e7e2d..ce4d457819 100644
--- a/CSETWebNg/src/assets/i18n/uk.json
+++ b/CSETWebNg/src/assets/i18n/uk.json
@@ -491,7 +491,11 @@
     "export assessment title": "Параметри експортної оцінки", 
     "scrub pcii": "Виберіть, щоб видалити поля PCII з експорту", 
     "encrypt 1": "Щоб зашифрувати свою оцінку, введіть пароль.", 
-    "encrypt 2": "Якщо ви продовжите без введення пароля, шифрування не використовуватиметься."
+    "encrypt 2": "Якщо ви продовжите без введення пароля, шифрування не використовуватиметься.", 
+    "access denied": "Доступ заборонено", 
+    "access denied 1": "Ваш сеанс закінчився, сталася помилка підключення або ви більше не маєте доступу до цього оцінювання.", 
+    "access denied 2": "Будь ласка, увійдіть знову.", 
+    "access denied 3": "Вашу роль у цьому оцінюванні змінив інший користувач."
   },
   "reports": {
     "launch": {

From 0f2df80406665f1016e7210b602b27954eb75da0 Mon Sep 17 00:00:00 2001
From: Natalie Hergesheimer <natalie.hergesheimer@inl.gov>
Date: Wed, 16 Oct 2024 10:35:34 -0600
Subject: [PATCH 2/3] Translation for ejection

---
 .../src/app/dialogs/ejection/ejection.component.html      | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/CSETWebNg/src/app/dialogs/ejection/ejection.component.html b/CSETWebNg/src/app/dialogs/ejection/ejection.component.html
index 89c0975085..fca25b4eca 100644
--- a/CSETWebNg/src/app/dialogs/ejection/ejection.component.html
+++ b/CSETWebNg/src/app/dialogs/ejection/ejection.component.html
@@ -23,13 +23,11 @@
 <div class="d-flex flex-column justify-content-center flex-11a" *transloco="let t">
   <div class="mat-dialog-header p-3 d-flex justify-content-start align-items-center flex-00a">
     <span class="cset-icons-exclamation-triangle fs-base-6 me-3"></span>
-    <span>Access Denied</span>
+    <span>{{t('dialogs.access denied')}}</span>
   </div>
   <mat-dialog-content class="p-3 pe-0 oy-auto d-flex flex-column flex-11a">
-    <p class="pe-3">Your session has expired, a connection error has occurred, or you are no longer authorized to access
-      that
-      assessment.</p>
-    <p>Please log in again.</p>
+    <p class="pe-3">{{t('dialogs.access denied 1')}}</p>
+    <p>{{t('dialogs.access denied 2')}}</p>
   </mat-dialog-content>
   <mat-dialog-actions class="p-3 pt-0 mb-0">
     <button class="btn btn-secondary" (click)="close()">{{t('buttons.ok')}}</button>

From c9f0d6d1c6ea90d45ff1e904bbbcfe3298155e56 Mon Sep 17 00:00:00 2001
From: Natalie Hergesheimer <natalie.hergesheimer@inl.gov>
Date: Wed, 16 Oct 2024 11:01:05 -0600
Subject: [PATCH 3/3] Assessment role changed while attempting to change
 another user logic complete

---
 .../assessment-contacts.component.html        |  2 +-
 .../assessment-contacts.component.ts          | 31 ++++++++++---
 .../contact-item/contact-item.component.ts    | 46 +++++++++++++------
 .../roles-changed.component.html              |  2 +-
 4 files changed, 58 insertions(+), 23 deletions(-)

diff --git a/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.html b/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.html
index 9d29cad12f..ac3ac9a0c4 100644
--- a/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.html
+++ b/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.html
@@ -26,7 +26,7 @@ <h4>{{ t('contacts') }}</h4>
     <div class="list-group">
       <app-contact-item [contact]="contact" [contactsList]="contacts" *ngFor="let contact of contacts; let i = index"
         (startEditEvent)="startEdit()" (abandonEditEvent)="abandonEdit()" (edit)="editContact(contact)"
-        (create)="saveNewContact(contact)" (remove)="removeContact(contact, i)">
+        (create)="saveNewContact(contact)" (remove)="removeContact(contact, i)" (rolesChangedEvent)="refreshContacts()">
       </app-contact-item>
       <span class="mt-2 btn-group" *ngIf="showControls()">
         <button class="btn btn-group d-flex align-items-center flex-00a" (click)="newContact()" [disabled]="adding==1">
diff --git a/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.ts b/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.ts
index 6fbdf57f65..99605f2866 100644
--- a/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.ts
+++ b/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/assessment-contacts.component.ts
@@ -216,14 +216,31 @@ export class AssessmentContactsComponent implements OnInit {
    * Fires when a contact's edit is complete.
    */
   editContact(contact: User) {
-    this.assessSvc.updateContact(contact).subscribe(data => {
-      if (data && data.userId != contact.userId) {
-        // Update the userId in case changing email linked to new user in backend
-        this.contacts.find(x => x.userId === contact.userId).userId = data.userId;
+    this.assessSvc
+      .getAssessmentContacts()
+      .then((data: AssessmentContactsResponse) => {
+        if (data.currentUserRole == 2) {
+        try {
+          this.assessSvc.updateContact(contact).subscribe(data => {
+            if (data && data.userId != contact.userId) {
+              // Update the userId in case changing email linked to new user in backend
+              this.contacts.find(x => x.userId === contact.userId).userId = data.userId;
+            }
+            this.contactItems.forEach(x => x.enableMyControls = true);
+            this.changeOccurred();
+          });
+        } catch (error) {
+          console.error(error)
+        }
+      } else {
+        console.error("User does not have the correct role to edit")
       }
-      this.contactItems.forEach(x => x.enableMyControls = true);
-      this.changeOccurred();
-    });
+      })
+  }
+
+  refreshContacts(){
+    this.contacts = [] as EditableUser[];
+    this.ngOnInit();
   }
 
   /**
diff --git a/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/contact-item/contact-item.component.ts b/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/contact-item/contact-item.component.ts
index b69b07c6c1..1b1321ea1e 100644
--- a/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/contact-item/contact-item.component.ts
+++ b/CSETWebNg/src/app/assessment/prepare/assessment-info/assessment-contacts/contact-item/contact-item.component.ts
@@ -34,6 +34,8 @@ import { EmailService } from "../../../../../services/email.service";
 import { LayoutService } from "../../../../../services/layout.service";
 import { TranslocoService } from "@jsverse/transloco";
 import { DemographicIodService } from "../../../../../services/demographic-iod.service";
+import { AssessmentContactsResponse } from "../../../../../models/assessment-info.model";
+import { RolesChangedComponent } from "../../../../../dialogs/roles-changed/roles-changed.component";
 
 @Component({
   selector: "app-contact-item",
@@ -60,6 +62,8 @@ export class ContactItemComponent implements OnInit {
   abandonEditEvent = new EventEmitter<boolean>();
   @Output()
   edit = new EventEmitter<EditableUser>();
+  @Output()
+  rolesChangedEvent = new EventEmitter<boolean>();
 
   @ViewChild('topScrollAnchor') topScroll;
 
@@ -70,7 +74,7 @@ export class ContactItemComponent implements OnInit {
   results: EditableUser[];
   roles: Role[];
   editMode: boolean;
-  creatorId: any; 
+  creatorId: any;
 
 
   constructor(
@@ -80,7 +84,7 @@ export class ContactItemComponent implements OnInit {
     private assessSvc: AssessmentService,
     private dialog: MatDialog,
     public layoutSvc: LayoutService,
-    public tSvc: TranslocoService, 
+    public tSvc: TranslocoService,
     public demoSvc: DemographicIodService
   ) {
     this.editMode = true;
@@ -184,19 +188,33 @@ export class ContactItemComponent implements OnInit {
   }
 
   saveContact() {
-    if (this.contact.isNew) {
-      if (this.existsDuplicateEmail(this.contact.primaryEmail)) {
-        return;
-      }
+    this.assessSvc
+      .getAssessmentContacts()
+      .then((data: AssessmentContactsResponse) => {
+        if (data.currentUserRole == 2) {
+          if (this.contact.isNew) {
+            if (this.existsDuplicateEmail(this.contact.primaryEmail)) {
+              return;
+            }
 
-      this.create.emit(this.contact);
+            this.create.emit(this.contact);
 
-      this.contact.isNew = false;
-      this.editMode = true;
-    } else {
-      this.finishEdit();
-    }
-    return true;
+            this.contact.isNew = false;
+            this.editMode = true;
+          } else {
+            this.finishEdit();
+          }
+          return true;
+        } else {
+          this.scrollToTop();
+          this.abandonEdit();
+          let rolesChangeDialog = this.dialog.open(RolesChangedComponent)
+          rolesChangeDialog.afterClosed().subscribe(() => {
+          })
+            this.ngOnInit();
+            this.rolesChangedEvent.emit();
+        }
+      })
   }
 
   removeContact() {
@@ -275,7 +293,7 @@ export class ContactItemComponent implements OnInit {
     this.topScroll?.nativeElement.scrollIntoView({ behavior: 'smooth', alignToTop: true });
   }
   // Check if assessment was created by current user 
-  assessmentCreator(){
+  assessmentCreator() {
     this.assessSvc.getCreator().then((response: any) => {
       this.creatorId = response
     })
diff --git a/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html b/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html
index 992950502e..94c4dd9494 100644
--- a/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html
+++ b/CSETWebNg/src/app/dialogs/roles-changed/roles-changed.component.html
@@ -26,7 +26,7 @@
     <span>{{t('dialogs.access denied')}}</span>
   </div>
   <mat-dialog-content class="p-3 pe-0 oy-auto d-flex flex-column flex-11a">
-    <p>Your role on this assessment has been changed by another user.</p>
+    <p class="pe-3">{{t('dialogs.access denied 3')}}</p>
   </mat-dialog-content>
   <mat-dialog-actions class="p-3 pt-0 mb-0">
     <button class="btn btn-secondary" (click)="close()">{{t('buttons.ok')}}</button>