RE1-T112 Weather fixes, calendar fixes and comm test fixes

Author: ucswift

Core/Resgrid.Model/DepartmentSettingTypes.cs

@@ -46,5 +46,6 @@ public enum DepartmentSettingTypes
 		WeatherAlertCallIntegration = 42,
 		WeatherAlertCacheMinutes = 43,
 		WeatherAlertAutoMessageSchedule = 44,
+		WeatherAlertExcludedEvents = 45,
 	}
 }

Core/Resgrid.Model/PermissionTypes.cs

@@ -29,7 +29,8 @@ public enum PermissionTypes
 		ViewWorkflowRuns = 24,
 		ViewUdfFields = 25,
 		ManageRoutes = 26,
-		DeleteLog = 27
+		DeleteLog = 27,
+		UseCalendarSync = 28
 	}
 
 }

Core/Resgrid.Services/WeatherAlertService.cs

@@ -340,6 +340,17 @@ public async Task SendPendingNotificationsAsync(CancellationToken ct = default)
 						legacyThreshold = parsed;
 				}
 
+				// Load excluded event titles
+				HashSet<string> excludedEvents = null;
+				var excludedSetting = await _departmentSettingsRepository.GetDepartmentSettingByIdTypeAsync(
+					departmentId, DepartmentSettingTypes.WeatherAlertExcludedEvents);
+				if (excludedSetting != null && !string.IsNullOrWhiteSpace(excludedSetting.Setting))
+				{
+					excludedEvents = new HashSet<string>(
+						excludedSetting.Setting.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries),
+						StringComparer.OrdinalIgnoreCase);
+				}
+
 				// Load department for sender info and time conversion
 				Department department = null;
 				try
@@ -353,6 +364,15 @@ public async Task SendPendingNotificationsAsync(CancellationToken ct = default)
 
 				foreach (var alert in group)
 				{
+					// Skip excluded event titles
+					if (excludedEvents != null && !string.IsNullOrWhiteSpace(alert.Event) && excludedEvents.Contains(alert.Event))
+					{
+						alert.NotificationSent = true;
+						alert.LastUpdatedUtc = DateTime.UtcNow;
+						await _weatherAlertRepository.UpdateAsync(alert, ct, true);
+						continue;
+					}
+
 					bool shouldSend = ShouldSendAutoMessage(alert.Severity, schedule, legacyThreshold, department);
 					if (shouldSend)
 					{

Web/Resgrid.Web.Services/Controllers/v4/CalendarExportController.cs

@@ -23,15 +23,27 @@ public class CalendarExportController : V4AuthenticatedApiControllerbase
 		private readonly ICalendarExportService _calendarExportService;
 		private readonly ICalendarService _calendarService;
 		private readonly IUserProfileService _userProfileService;
+		private readonly IPermissionsService _permissionsService;
+		private readonly IPersonnelRolesService _personnelRolesService;
+		private readonly IDepartmentsService _departmentsService;
+		private readonly IDepartmentGroupsService _departmentGroupsService;
 
 		public CalendarExportController(
 			ICalendarExportService calendarExportService,
 			ICalendarService calendarService,
-			IUserProfileService userProfileService)
+			IUserProfileService userProfileService,
+			IPermissionsService permissionsService,
+			IPersonnelRolesService personnelRolesService,
+			IDepartmentsService departmentsService,
+			IDepartmentGroupsService departmentGroupsService)
 		{
 			_calendarExportService = calendarExportService;
 			_calendarService = calendarService;
 			_userProfileService = userProfileService;
+			_permissionsService = permissionsService;
+			_personnelRolesService = personnelRolesService;
+			_departmentsService = departmentsService;
+			_departmentGroupsService = departmentGroupsService;
 		}
 
 		/// <summary>
@@ -132,6 +144,19 @@ public async Task<IActionResult> CalendarFeed(string token)
 			if (validated == null)
 				return Unauthorized();
 
+			// Check UseCalendarSync permission for the user who owns this token
+			var calSyncPerm = await _permissionsService.GetPermissionByDepartmentTypeAsync(validated.Value.DepartmentId, Resgrid.Model.PermissionTypes.UseCalendarSync);
+			if (calSyncPerm != null)
+			{
+				var dept = await _departmentsService.GetDepartmentByIdAsync(validated.Value.DepartmentId, false);
+				var isAdmin = dept != null && dept.IsUserAnAdmin(validated.Value.UserId);
+				var grp = await _departmentGroupsService.GetGroupForUserAsync(validated.Value.UserId, validated.Value.DepartmentId);
+				var isGroupAdmin = grp != null && grp.IsUserGroupAdmin(validated.Value.UserId);
+				var roles = await _personnelRolesService.GetRolesForUserAsync(validated.Value.UserId, validated.Value.DepartmentId);
+				if (!_permissionsService.IsUserAllowed(calSyncPerm, isAdmin, isGroupAdmin, roles))
+					return Unauthorized();
+			}
+
 			var icsContent = await _calendarExportService.GenerateICalForDepartmentAsync(validated.Value.DepartmentId);
 			var bytes = Encoding.UTF8.GetBytes(icsContent);
 

Web/Resgrid.Web.Services/Controllers/v4/WeatherAlertsController.cs

@@ -363,14 +363,17 @@ public async Task<ActionResult<GetWeatherAlertSettingsResult>> SaveSettings([Fro
 				await _departmentSettingsService.SaveOrUpdateSettingAsync(DepartmentId, scheduleJson, DepartmentSettingTypes.WeatherAlertAutoMessageSchedule);
 			}
 
+			await _departmentSettingsService.SaveOrUpdateSettingAsync(DepartmentId, input.ExcludedEvents ?? "", DepartmentSettingTypes.WeatherAlertExcludedEvents);
+
 			var result = new GetWeatherAlertSettingsResult();
 			result.Data = new WeatherAlertSettingsData
 			{
 				WeatherAlertsEnabled = input.WeatherAlertsEnabled,
 				MinimumSeverity = input.MinimumSeverity,
 				AutoMessageSeverity = input.AutoMessageSeverity,
 				CallIntegrationEnabled = input.CallIntegrationEnabled,
-				AutoMessageSchedule = input.AutoMessageSchedule
+				AutoMessageSchedule = input.AutoMessageSchedule,
+				ExcludedEvents = input.ExcludedEvents
 			};
 
 			ResponseHelper.PopulateV4ResponseData(result);
@@ -386,6 +389,7 @@ private async Task<WeatherAlertSettingsData> GetWeatherAlertSettingsDataAsync()
 			var autoMsgSetting = await _departmentSettingsService.GetSettingByTypeAsync(DepartmentId, DepartmentSettingTypes.WeatherAlertAutoMessageSeverity);
 			var callIntSetting = await _departmentSettingsService.GetSettingByTypeAsync(DepartmentId, DepartmentSettingTypes.WeatherAlertCallIntegration);
 			var scheduleSetting = await _departmentSettingsService.GetSettingByTypeAsync(DepartmentId, DepartmentSettingTypes.WeatherAlertAutoMessageSchedule);
+			var excludedEventsSetting = await _departmentSettingsService.GetSettingByTypeAsync(DepartmentId, DepartmentSettingTypes.WeatherAlertExcludedEvents);
 
 			if (enabledSetting != null && !string.IsNullOrWhiteSpace(enabledSetting.Setting))
 				settings.WeatherAlertsEnabled = bool.TryParse(enabledSetting.Setting, out var enabled) && enabled;
@@ -408,6 +412,9 @@ private async Task<WeatherAlertSettingsData> GetWeatherAlertSettingsDataAsync()
 				catch { }
 			}
 
+			if (excludedEventsSetting != null && !string.IsNullOrWhiteSpace(excludedEventsSetting.Setting))
+				settings.ExcludedEvents = excludedEventsSetting.Setting;
+
 			return settings;
 		}
 

Web/Resgrid.Web.Services/Models/v4/WeatherAlerts/SaveWeatherAlertSettingsInput.cs

@@ -9,5 +9,6 @@ public class SaveWeatherAlertSettingsInput
 		public int AutoMessageSeverity { get; set; }
 		public bool CallIntegrationEnabled { get; set; }
 		public List<WeatherAlertSeverityScheduleData> AutoMessageSchedule { get; set; }
+		public string ExcludedEvents { get; set; }
 	}
 }

Web/Resgrid.Web.Services/Models/v4/WeatherAlerts/WeatherAlertSettingsData.cs

@@ -9,6 +9,7 @@ public class WeatherAlertSettingsData
 		public int AutoMessageSeverity { get; set; }
 		public bool CallIntegrationEnabled { get; set; }
 		public List<WeatherAlertSeverityScheduleData> AutoMessageSchedule { get; set; }
+		public string ExcludedEvents { get; set; }
 	}
 
 	public class WeatherAlertSeverityScheduleData

Web/Resgrid.Web/Areas/User/Controllers/CalendarController.cs

@@ -34,10 +34,13 @@ public class CalendarController : SecureBaseController
 		private readonly IEventAggregator _eventAggregator;
 		private readonly IAuthorizationService _authorizationService;
 		private readonly IUserProfileService _userProfileService;
+		private readonly IPermissionsService _permissionsService;
+		private readonly IPersonnelRolesService _personnelRolesService;
 
 		public CalendarController(IDepartmentsService departmentsService, IUsersService usersService, ICalendarService calendarService,
 			IDepartmentGroupsService departmentGroupsService, IGeoLocationProvider geoLocationProvider, IEventAggregator eventAggregator,
-			IAuthorizationService authorizationService, IUserProfileService userProfileService)
+			IAuthorizationService authorizationService, IUserProfileService userProfileService,
+			IPermissionsService permissionsService, IPersonnelRolesService personnelRolesService)
 		{
 			_departmentsService = departmentsService;
 			_usersService = usersService;
@@ -47,6 +50,8 @@ public CalendarController(IDepartmentsService departmentsService, IUsersService
 			_eventAggregator = eventAggregator;
 			_authorizationService = authorizationService;
 			_userProfileService = userProfileService;
+			_permissionsService = permissionsService;
+			_personnelRolesService = personnelRolesService;
 		}
 		#endregion Private Members and Constructors
 
@@ -69,13 +74,25 @@ public async Task<IActionResult> Index()
 			model.UpcomingItems = new List<CalendarItem>();
 			model.UpcomingItems = await _calendarService.GetUpcomingCalendarItemsAsync(DepartmentId, DateTime.UtcNow);
 
+			// Check calendar sync permission
+			var calSyncPermission = await _permissionsService.GetPermissionByDepartmentTypeAsync(DepartmentId, PermissionTypes.UseCalendarSync);
+			var department = model.Department;
+			var isAdmin = department.IsUserAnAdmin(UserId);
+			var group = await _departmentGroupsService.GetGroupForUserAsync(UserId, DepartmentId);
+			var isGroupAdmin = group != null && group.IsUserGroupAdmin(UserId);
+			var roles = await _personnelRolesService.GetRolesForUserAsync(UserId, DepartmentId);
+			model.CanUseCalendarSync = _permissionsService.IsUserAllowed(calSyncPermission, isAdmin, isGroupAdmin, roles);
+
 			// Populate calendar sync token for the subscribe panel.
-			var profile = await _userProfileService.GetProfileByUserIdAsync(UserId);
-			if (profile != null && !String.IsNullOrWhiteSpace(profile.CalendarSyncToken))
+			if (model.CanUseCalendarSync)
 			{
-				model.CalendarSyncToken = profile.CalendarSyncToken;
-				var feedToken = await _calendarService.GetCalendarFeedTokenAsync(DepartmentId, UserId);
-				model.CalendarSubscriptionUrl = $"{SystemBehaviorConfig.ResgridApiBaseUrl}/api/v4/CalendarExport/CalendarFeed/{feedToken}";
+				var profile = await _userProfileService.GetProfileByUserIdAsync(UserId);
+				if (profile != null && !String.IsNullOrWhiteSpace(profile.CalendarSyncToken))
+				{
+					model.CalendarSyncToken = profile.CalendarSyncToken;
+					var feedToken = await _calendarService.GetCalendarFeedTokenAsync(DepartmentId, UserId);
+					model.CalendarSubscriptionUrl = $"{SystemBehaviorConfig.ResgridApiBaseUrl}/api/v4/CalendarExport/CalendarFeed/{feedToken}";
+				}
 			}
 
 			return View(model);
@@ -895,6 +912,13 @@ public async Task<IActionResult> GetMapDataForItem(int calendarItemId)
 		[ValidateAntiForgeryToken]
 		public async Task<IActionResult> ActivateCalendarSync(CancellationToken cancellationToken)
 		{
+			var permission = await _permissionsService.GetPermissionByDepartmentTypeAsync(DepartmentId, PermissionTypes.UseCalendarSync);
+			var dept = await _departmentsService.GetDepartmentByIdAsync(DepartmentId, false);
+			var grp = await _departmentGroupsService.GetGroupForUserAsync(UserId, DepartmentId);
+			var roles = await _personnelRolesService.GetRolesForUserAsync(UserId, DepartmentId);
+			if (!_permissionsService.IsUserAllowed(permission, dept.IsUserAnAdmin(UserId), grp != null && grp.IsUserGroupAdmin(UserId), roles))
+				return Unauthorized();
+
 			await _calendarService.ActivateCalendarSyncAsync(DepartmentId, UserId, cancellationToken);
 			return RedirectToAction("Index");
 		}
@@ -908,10 +932,41 @@ public async Task<IActionResult> ActivateCalendarSync(CancellationToken cancella
 		[ValidateAntiForgeryToken]
 		public async Task<IActionResult> RegenerateCalendarSync(CancellationToken cancellationToken)
 		{
+			var permission = await _permissionsService.GetPermissionByDepartmentTypeAsync(DepartmentId, PermissionTypes.UseCalendarSync);
+			var dept = await _departmentsService.GetDepartmentByIdAsync(DepartmentId, false);
+			var grp = await _departmentGroupsService.GetGroupForUserAsync(UserId, DepartmentId);
+			var roles = await _personnelRolesService.GetRolesForUserAsync(UserId, DepartmentId);
+			if (!_permissionsService.IsUserAllowed(permission, dept.IsUserAnAdmin(UserId), grp != null && grp.IsUserGroupAdmin(UserId), roles))
+				return Unauthorized();
+
 			await _calendarService.RegenerateCalendarSyncAsync(DepartmentId, UserId, cancellationToken);
 			return RedirectToAction("Index");
 		}
 
+		/// <summary>
+		/// Admin action: regenerates calendar sync tokens for ALL users in the department who have one provisioned.
+		/// </summary>
+		[HttpPost]
+		[Authorize(Policy = ResgridResources.Department_Update)]
+		[ValidateAntiForgeryToken]
+		public async Task<IActionResult> RegenerateAllCalendarSyncTokens(CancellationToken cancellationToken)
+		{
+			var members = await _departmentsService.GetAllMembersForDepartmentAsync(DepartmentId);
+			if (members != null)
+			{
+				foreach (var member in members)
+				{
+					var profile = await _userProfileService.GetProfileByUserIdAsync(member.UserId);
+					if (profile != null && !string.IsNullOrWhiteSpace(profile.CalendarSyncToken))
+					{
+						await _calendarService.RegenerateCalendarSyncAsync(DepartmentId, member.UserId, cancellationToken);
+					}
+				}
+			}
+
+			return RedirectToAction("Index");
+		}
+
 		// -- Check-In Attendance -------------------------------------------------------
 
 		[HttpPost]

Web/Resgrid.Web/Areas/User/Controllers/CommunicationTestController.cs

@@ -22,24 +22,40 @@ public class CommunicationTestController : Resgrid.Web.SecureBaseController
 		private readonly ICommunicationTestService _communicationTestService;
 		private readonly IUserProfileService _userProfileService;
 		private readonly IEventAggregator _eventAggregator;
+		private readonly IDepartmentGroupsService _departmentGroupsService;
+		private readonly IDepartmentsService _departmentsService;
 
 		public CommunicationTestController(
 			ICommunicationTestService communicationTestService,
 			IUserProfileService userProfileService,
-			IEventAggregator eventAggregator)
+			IEventAggregator eventAggregator,
+			IDepartmentGroupsService departmentGroupsService,
+			IDepartmentsService departmentsService)
 		{
 			_communicationTestService = communicationTestService;
 			_userProfileService = userProfileService;
 			_eventAggregator = eventAggregator;
+			_departmentGroupsService = departmentGroupsService;
+			_departmentsService = departmentsService;
 		}
 
 		[HttpGet]
 		public async Task<IActionResult> Index()
 		{
-			if (!ClaimsAuthorizationHelper.IsUserDepartmentAdmin())
+			bool isDeptAdmin = ClaimsAuthorizationHelper.IsUserDepartmentAdmin();
+			bool isGroupAdmin = false;
+
+			if (!isDeptAdmin)
+			{
+				var group = await _departmentGroupsService.GetGroupForUserAsync(UserId, DepartmentId);
+				isGroupAdmin = group != null && group.IsUserGroupAdmin(UserId);
+			}
+
+			if (!isDeptAdmin && !isGroupAdmin)
 				return Unauthorized();
 
 			var model = new CommunicationTestIndexView();
+			model.IsDepartmentAdmin = isDeptAdmin;
 
 			var tests = await _communicationTestService.GetTestsByDepartmentIdAsync(DepartmentId);
 			if (tests != null)
@@ -287,7 +303,17 @@ public async Task<IActionResult> StartRun(string testId, CancellationToken cance
 		[HttpGet]
 		public async Task<IActionResult> Report(string runId)
 		{
-			if (!ClaimsAuthorizationHelper.IsUserDepartmentAdmin())
+			bool isDeptAdmin = ClaimsAuthorizationHelper.IsUserDepartmentAdmin();
+			bool isGroupAdmin = false;
+			DepartmentGroup userGroup = null;
+
+			if (!isDeptAdmin)
+			{
+				userGroup = await _departmentGroupsService.GetGroupForUserAsync(UserId, DepartmentId);
+				isGroupAdmin = userGroup != null && userGroup.IsUserGroupAdmin(UserId);
+			}
+
+			if (!isDeptAdmin && !isGroupAdmin)
 				return Unauthorized();
 
 			if (!Guid.TryParse(runId, out var id))
@@ -299,13 +325,39 @@ public async Task<IActionResult> Report(string runId)
 
 			var test = await _communicationTestService.GetTestByIdAsync(run.CommunicationTestId);
 			var results = await _communicationTestService.GetResultsByRunIdAsync(id);
+			var resultList = results?.ToList() ?? new List<CommunicationTestResult>();
 			var profiles = await _userProfileService.GetAllProfilesForDepartmentAsync(DepartmentId);
 
+			// Group admins only see results for members in their group and child groups
+			if (!isDeptAdmin && isGroupAdmin && userGroup != null)
+			{
+				var allowedUserIds = new HashSet<string>();
+
+				// Add members of the admin's own group
+				var groupMembers = await _departmentGroupsService.GetAllMembersForGroupAsync(userGroup.DepartmentGroupId);
+				foreach (var m in groupMembers)
+					allowedUserIds.Add(m.UserId);
+
+				// Add members of child groups
+				var childGroups = await _departmentGroupsService.GetAllChildDepartmentGroupsAsync(userGroup.DepartmentGroupId);
+				if (childGroups != null)
+				{
+					foreach (var childGroup in childGroups)
+					{
+						var childMembers = await _departmentGroupsService.GetAllMembersForGroupAsync(childGroup.DepartmentGroupId);
+						foreach (var m in childMembers)
+							allowedUserIds.Add(m.UserId);
+					}
+				}
+
+				resultList = resultList.Where(r => allowedUserIds.Contains(r.UserId)).ToList();
+			}
+
 			var model = new CommunicationTestReportView
 			{
 				Run = run,
 				Test = test,
-				Results = results?.ToList() ?? new List<CommunicationTestResult>(),
+				Results = resultList,
 				Profiles = profiles ?? new Dictionary<string, UserProfile>()
 			};
 

Web/Resgrid.Web/Areas/User/Controllers/SecurityController.cs

@@ -382,6 +382,19 @@ public async Task<IActionResult> Index()
 			model.ViewWorkflowRunsPermissions = new SelectList(viewWorkflowRunsPermissions, "Id", "Name");
 
 			// 2FA enforcement scope � only managingUser can change this
+			if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.UseCalendarSync))
+				model.UseCalendarSync = permissions.First(x => x.PermissionType == (int)PermissionTypes.UseCalendarSync).Action;
+			else
+				model.UseCalendarSync = 3;
+
+			var useCalendarSyncPermissions = new List<dynamic>();
+			useCalendarSyncPermissions.Add(new { Id = 3, Name = "Everyone" });
+			useCalendarSyncPermissions.Add(new { Id = 0, Name = "Department Admins" });
+			useCalendarSyncPermissions.Add(new { Id = 1, Name = "Department and Group Admins" });
+			useCalendarSyncPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" });
+			model.UseCalendarSyncPermissions = new SelectList(useCalendarSyncPermissions, "Id", "Name");
+
+
 			var department = await _departmentsService.GetDepartmentByIdAsync(DepartmentId);
 			model.IsManagingUser = department.ManagingUserId == UserId;
 			model.Require2FAForAdmins = await _departmentSettingsService.GetRequire2FAForAdminsAsync(DepartmentId);