bcgov · amlanc1 · Sep 17, 2025 · Sep 3, 2025 · Sep 3, 2025 · Sep 4, 2025
diff --git a/.github/workflows/actions/build-api/action.yml b/.github/workflows/actions/build-api/action.yml
@@ -20,7 +20,7 @@ runs:
 
     - run: dotnet format --verify-no-changes --severity info
       shell: bash
-      working-directory: ${{ inputs.working_directory }}
+      working-directory: ${{ inputs.working_directory }}/api
       continue-on-error: true
 
     - run: dotnet restore
@@ -29,8 +29,8 @@ runs:
 
     - run: dotnet build --configuration Release --no-restore
       shell: bash
-      working-directory: ${{ inputs.working_directory }}
+      working-directory: ${{ inputs.working_directory }}/api
 
     - run: dotnet test --no-restore --verbosity normal
       shell: bash
-      working-directory: ${{ inputs.working_directory }}
+      working-directory: ${{ inputs.working_directory }}/tests
diff --git a/.github/workflows/build-and-test-api.yml b/.github/workflows/build-and-test-api.yml
@@ -5,13 +5,13 @@ on:
     branches:
       - master
     paths:
-      - "api/**"
-      - "db/**"
+      - 'api/**'
+      - 'db/**'
 
   workflow_dispatch:
 
 env:
-  WORKING_DIRECTORY: ./api
+  WORKING_DIRECTORY: .
 
 jobs:
   build-and-test:

diff --git a/.github/workflows/build-infra.yml b/.github/workflows/build-infra.yml
@@ -66,7 +66,7 @@ jobs:
           sarif_file: tfsec.sarif
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-skip-session-tagging: true
           aws-region: ${{ vars.AWS_REGION }}

diff --git a/.github/workflows/publish-api.yml b/.github/workflows/publish-api.yml
@@ -5,13 +5,13 @@ on:
     branches:
       - master
     paths:
-      - "api/**"
-      - "db/**"
+      - 'api/**'
+      - 'db/**'
 
   workflow_dispatch:
 
 env:
-  WORKING_DIRECTORY: ./api
+  WORKING_DIRECTORY: .
   IMAGE_NAME: api
   GITHUB_IMAGE_REPO: ghcr.io/bcgov/jasper
 

diff --git a/.github/workflows/publish-infra.yml b/.github/workflows/publish-infra.yml
@@ -71,7 +71,7 @@ jobs:
           sarif_file: tfsec.sarif
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-skip-session-tagging: true
           aws-region: ${{ vars.AWS_REGION }}

diff --git a/api/Controllers/AuthController.cs b/api/Controllers/AuthController.cs
@@ -52,12 +52,12 @@
             var forwardedPort = HttpContext.Request.Headers["X-Forwarded-Port"];
 
             //We are always sending X-Forwarded-Port, only time we aren't is when we are hitting the API directly. 
-            var baseUri = HttpContext.Request.Headers.ContainsKey("X-Forwarded-Host") ? $"{HttpContext.Request.Headers["X-Base-Href"]}logout" : "/api";
+            var baseUri = HttpContext.Request.Headers.ContainsKey("X-Forwarded-Host") ? $"{HttpContext.Request.Headers["X-Base-Href"]}" : "/api";
 
             var applicationUrl = $"{XForwardedForHelper.BuildUrlString(forwardedHost, forwardedPort, baseUri)}";
-            var keycloakLogoutUrl = $"{logoutUrl}?post_logout_redirect_uri={applicationUrl}";
+            var keycloakLogoutUrl = $"{logoutUrl}?post_logout_redirect_uri={applicationUrl}"; //TODO: add id_token_hint using id_token, currently removed in AuthenticationServiceCollectionExtension
             var siteMinderLogoutUrl = $"{Configuration.GetNonEmptyValue("SiteMinderLogoutUrl")}?returl={keycloakLogoutUrl}&retnow=1";
             return Redirect(siteMinderLogoutUrl);
         }

        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
@@ -131,6 +131,8 @@
                 AgencyCode = HttpContext.User.AgencyCode(),
                 UserId = HttpContext.User.UserId(),
                 JudgeId = HttpContext.User.JudgeId(),
+                Email = HttpContext.User.Email(),
+                IsActive = HttpContext.User.IsActive(),
                 DateTime.UtcNow
             }));
         }

diff --git a/api/Controllers/BindersController.cs b/api/Controllers/BindersController.cs
@@ -1,4 +1,5 @@
-using System.Linq;
+using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -62,4 +63,21 @@ public virtual async Task<IActionResult> DeleteBinder(string id)
 
         return NoContent();
     }
+
+    [HttpPost]
+    [Route("bundle")]
+    public async Task<IActionResult> CreateDocumentBundle([FromBody] List<Dictionary<string, string>> request)
+    {
+        if (request == null || request.Count == 0)
+        {
+            return BadRequest("Invalid request.");
+        }
+
+        var result = await _binderService.CreateDocumentBundle(request);
+        if (!result.Succeeded)
+        {
+            return BadRequest(new { error = result.Errors });
+        }
+        return Ok(result);
+    }
 }
diff --git a/api/Controllers/UsersController.cs b/api/Controllers/UsersController.cs
@@ -1,7 +1,13 @@
-using System.Threading.Tasks;
+using System;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
 using FluentValidation;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Scv.Api.Helpers.Extensions;
 using Scv.Api.Infrastructure.Authorization;
 using Scv.Api.Models.AccessControlManagement;
 using Scv.Api.Services;
@@ -14,17 +20,85 @@ namespace Scv.Api.Controllers;
 [ApiController]
 public class UsersController(
     IUserService userService,
-    IValidator<UserDto> validator
+    IValidator<UserDto> validator,
+    ILogger<UsersController> logger
 ) : AccessControlManagementControllerBase<IUserService, UserDto>(userService, validator)
 {
+
     /// <summary>
     /// Get all active users
     /// </summary>
     /// <returns>Active users</returns>
     [HttpGet]
-    [RequiresPermission(permissions: [Permission.LOCK_UNLOCK_USERS])]
+    [RequiresPermission(permissions: Permission.LOCK_UNLOCK_USERS)]
     public override Task<IActionResult> GetAll()
     {
         return base.GetAll();
     }
+
+    /// <summary>
+    /// Get the user information for the currently logged-in user.
+    /// </summary>
+    /// <returns>Active users</returns>
+    [HttpGet]
+    [Route("me")]
+    public async Task<IActionResult> GetMyUser()
+    {
+        var userId = User.UserId();
+        logger.LogInformation("User Id {UserId}, returning their own user information", userId);
+        if (string.IsNullOrWhiteSpace(userId))
+        {
+            return BadRequest("Invalid user. Please contact the JASPER admin.");
+        }
+        var user = await base.Service.GetByIdWithPermissionsAsync(User.UserId());
+
+        if (user != null)
+        {
+            return Ok(user);
+        }
+        return NotFound("Unable to locate JASPER user. Please contact the JASPER admin.");
+    }
+
+    /// <summary>
+    /// Allows a new user without authorization to JASPER to request access to the application.
+    /// </summary>
+    /// <returns>The user resulting from the access request.</returns>
+    [HttpPut]
+    [Route("request-access")]
+    public async Task<IActionResult> RequestAccess()
+    {
+        var userId = User.UserId();
+        logger.LogInformation("User Id {UserId}, requested access", userId);
+        if (string.IsNullOrWhiteSpace(userId))
+        {
+            return BadRequest("Invalid user. Please contact the JASPER admin.");
+        }
+
+        var existingUserResponse = await base.GetById(User.UserId());
+
+        var email = User.Email();
+        if (existingUserResponse is OkObjectResult okResult)
+        {
+            var existingUser = (UserDto)okResult.Value;
+            if (existingUser != null)
+            {
+                if (email != existingUser.Email)
+                {
+                    existingUser.Email = email;
+                }
+                existingUser.IsPendingRegistration = true;
+                var result = await base.Update(User.UserId(), existingUser);
+
+                return result;
+            }
+            else
+            {
+                return NotFound("Unable to locate JASPER user. Please contact the JASPER admin.");
+            }
+        }
+        else
+        {
+            return existingUserResponse;
+        }
+    }
 }
diff --git a/api/Documents/DocumentConverter.cs b/api/Documents/DocumentConverter.cs
@@ -0,0 +1,51 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using JCCommon.Clients.FileServices;
+using MapsterMapper;
+using Scv.Api.Models.Criminal.Detail;
+using Scv.Api.Services;
+
+namespace Scv.Api.Documents;
+
+public class DocumentConverter(IMapper mapper, LookupService lookupService) : IDocumentConverter
+{
+    private readonly IMapper _mapper = mapper;
+    private readonly LookupService _lookupService = lookupService;
+
+    public async Task<ICollection<CriminalDocument>> GetCriminalDocuments(CfcAccusedFile ac)
+    {
+        var criminalDocuments = _mapper.Map<List<CriminalDocument>>(ac.Document);
+
+        //Create ROPs.
+        if (ac.Appearance != null && ac.Appearance.Count != 0)
+        {
+            criminalDocuments.Insert(0, new CriminalDocument
+            {
+                DocumentTypeDescription = "Record of Proceedings",
+                DocmFormDsc = "Record of Proceedings",
+                ImageId = ac.PartId,
+                Category = "rop",
+                PartId = ac.PartId,
+                HasFutureAppearance = ac.Appearance?.Any(a =>
+                    a?.AppearanceDate != null && DateTime.Parse(a.AppearanceDate) >= DateTime.Today)
+            });
+        }
+
+        //Populate extra fields.
+        foreach (var document in criminalDocuments)
+        {
+            document.Category = string.IsNullOrEmpty(document.Category)
+                ? await _lookupService.GetDocumentCategory(document.DocmFormId, document.DocmClassification)
+                : document.Category;
+            document.DocumentTypeDescription = document.DocmFormDsc;
+            document.PartId = string.IsNullOrEmpty(ac.PartId) ? null : ac.PartId;
+            document.DocmId = string.IsNullOrEmpty(document.DocmId) ? null : document.DocmId;
+            document.ImageId = string.IsNullOrEmpty(document.ImageId) ? null : document.ImageId;
+            document.HasFutureAppearance = ac.Appearance?.Any(a =>
+                a?.AppearanceDate != null && DateTime.Parse(a.AppearanceDate) >= DateTime.Today);
+        }
+        return criminalDocuments;
+    }
+}
diff --git a/api/Documents/IDocumentConverter.cs b/api/Documents/IDocumentConverter.cs
@@ -0,0 +1,11 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using JCCommon.Clients.FileServices;
+using Scv.Api.Models.Criminal.Detail;
+
+namespace Scv.Api.Documents;
+
+public interface IDocumentConverter
+{
+    Task<ICollection<CriminalDocument>> GetCriminalDocuments(CfcAccusedFile ac);
+}
diff --git a/api/Documents/Strategies/ReportStrategy.cs b/api/Documents/Strategies/ReportStrategy.cs
@@ -1,30 +1,26 @@
 using System.IO;
 using System.Threading.Tasks;
-using Scv.Api.Models.CourtList;
+using PCSSCommon.Clients.ReportServices;
 using Scv.Api.Models.Document;
-using Scv.Api.Services;
 
 namespace Scv.Api.Documents.Strategies;
 
-public class ReportStrategy(CourtListService courtListService) : IDocumentStrategy
+public class ReportStrategy(ReportServicesClient reportServiceClient) : IDocumentStrategy
 {
-    private readonly CourtListService _courtListService = courtListService;
-    
+    private readonly ReportServicesClient _reportServiceClient = reportServiceClient;
+
     public DocumentType Type => DocumentType.Report;
 
     public async Task<MemoryStream> Invoke(PdfDocumentRequestDetails documentRequest)
     {
-        var courtListReportRequest = new CourtListReportRequest
-        {
-            CourtDivision = documentRequest.CourtDivisionCd,
-            Date = documentRequest.Date,
-            LocationId = documentRequest.LocationId,
-            CourtClass = documentRequest.CourtClassCd,
-            RoomCode = documentRequest.RoomCode,
-            AdditionsList = documentRequest.AdditionsList,
-            ReportType = documentRequest.ReportType
-        };
-        (Stream pdfStream, _) = await _courtListService.GenerateReportAsync(courtListReportRequest);
+        (Stream pdfStream, _) = await _reportServiceClient.GetCourtListReportAsync(
+                documentRequest.CourtDivisionCd,
+                documentRequest.Date.GetValueOrDefault(),
+                documentRequest.LocationId.GetValueOrDefault(),
+                documentRequest.CourtClassCd,
+                documentRequest.RoomCode,
+                documentRequest.AdditionsList,
+                documentRequest.ReportType);
 
         return (MemoryStream)pdfStream;
     }

diff --git a/api/Helpers/ClaimsTypes.cs b/api/Helpers/ClaimsTypes.cs
@@ -9,6 +9,7 @@ public class CustomClaimTypes
         public const string JcParticipantId = nameof(CustomClaimTypes) + nameof(JcParticipantId);
         public const string JcAgencyCode = nameof(CustomClaimTypes) + nameof(JcAgencyCode);
         public const string IsSupremeUser = nameof(CustomClaimTypes) + nameof(IsSupremeUser);
+        public const string IsActive = nameof(CustomClaimTypes) + nameof(IsActive);
         public const string CivilFileAccess = nameof(CustomClaimTypes) + nameof(CivilFileAccess);
         public const string ExternalRole = nameof(CustomClaimTypes) + nameof(ExternalRole);
         public const string SubRole = nameof(CustomClaimTypes) + nameof(SubRole);

diff --git a/api/Helpers/Extensions/ClaimsPrincipalExtensions.cs b/api/Helpers/Extensions/ClaimsPrincipalExtensions.cs
@@ -1,4 +1,5 @@
-using System;
+using Scv.Api.Models.AccessControlManagement;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
@@ -53,6 +54,10 @@ public static bool IsSupremeUser(this ClaimsPrincipal claimsPrincipal)
         => claimsPrincipal.HasClaim(c => c.Type == CustomClaimTypes.IsSupremeUser) &&
            claimsPrincipal.FindFirstValue(CustomClaimTypes.IsSupremeUser).Equals("true", StringComparison.OrdinalIgnoreCase);
 
+        public static bool IsActive(this ClaimsPrincipal claimsPrincipal)
+        => claimsPrincipal.HasClaim(c => c.Type == CustomClaimTypes.IsActive) &&
+           claimsPrincipal.FindFirstValue(CustomClaimTypes.IsActive).Equals("true", StringComparison.OrdinalIgnoreCase);
+
         public static string ExternalRole(this ClaimsPrincipal claimsPrincipal) =>
            claimsPrincipal.FindFirstValue(CustomClaimTypes.ExternalRole);
 
@@ -129,5 +134,11 @@ public static string UserGuid(this ClaimsPrincipal claimsPrincipal)
 
         public static string ExternalJudgeId(this ClaimsPrincipal claimsPrincipal)
             => claimsPrincipal.FindFirstValue(CustomClaimTypes.ExternalJudgeId);
+
+        // Check if any of the user's claims have meaningfully changed compared to the current user data
+        public static bool HasChanged(this ClaimsPrincipal claimsPrincipal, UserDto currentUser)
+            => claimsPrincipal.IsActive() != currentUser.IsActive ||
+            !claimsPrincipal.Roles().Order().SequenceEqual(currentUser.Roles.Order()) ||
+            !claimsPrincipal.Permissions().Order().SequenceEqual(currentUser.Permissions.Order());
     }
 }