cmu-sei
diff --git a/‎Cite.Api/Cite.Api.csproj‎
Lines changed: 1 addition & 1 deletion b/‎Cite.Api/Cite.Api.csproj‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Cite.Api/Infrastructure/Authorization/CanIncrementIncidentRequirement.cs‎
Lines changed: 11 additions & 5 deletions b/‎Cite.Api/Infrastructure/Authorization/CanIncrementIncidentRequirement.cs‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎Cite.Api/Infrastructure/Authorization/CanModifyRequirement.cs‎
Lines changed: 11 additions & 5 deletions b/‎Cite.Api/Infrastructure/Authorization/CanModifyRequirement.cs‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎Cite.Api/Infrastructure/Authorization/CanSubmitRequirement.cs‎
Lines changed: 11 additions & 5 deletions b/‎Cite.Api/Infrastructure/Authorization/CanSubmitRequirement.cs‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎Cite.Api/Infrastructure/Authorization/EvaluationObserverRequirement.cs‎
Lines changed: 11 additions & 5 deletions b/‎Cite.Api/Infrastructure/Authorization/EvaluationObserverRequirement.cs‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎Cite.Api/Infrastructure/Authorization/EvaluationUserRequirement.cs‎
Lines changed: 9 additions & 7 deletions b/‎Cite.Api/Infrastructure/Authorization/EvaluationUserRequirement.cs‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎Cite.Api/Infrastructure/Authorization/TeamUserRequirement.cs‎
Lines changed: 9 additions & 5 deletions b/‎Cite.Api/Infrastructure/Authorization/TeamUserRequirement.cs‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎Cite.Api/Infrastructure/EventHandlers/SubmissionHandler.cs‎
Lines changed: 1 addition & 1 deletion b/‎Cite.Api/Infrastructure/EventHandlers/SubmissionHandler.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Cite.Api/Services/ActionService.cs‎
Lines changed: 8 additions & 8 deletions b/‎Cite.Api/Services/ActionService.cs‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎Cite.Api/Services/EvaluationService.cs‎
Lines changed: 6 additions & 3 deletions b/‎Cite.Api/Services/EvaluationService.cs‎
Lines changed: 6 additions & 3 deletions
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <Version>1.5.0</Version>
+    <Version>1.5.1</Version>
     <TargetFramework>net6.0</TargetFramework>
     <DocumentationFile>bin\$(Configuration)\$(TargetFramework)\$(AssemblyName).xml</DocumentationFile>
     <NoWarn>CS1591</NoWarn>
 
@@ -3,28 +3,34 @@
 
 using Microsoft.AspNetCore.Authorization;
 using System;
+using System.Linq;
 using System.Threading.Tasks;
+using Cite.Api.Data;
 
 namespace Cite.Api.Infrastructure.Authorization
 {
     public class CanIncrementMoveRequirement : IAuthorizationRequirement
     {
         public readonly Guid EvaluationId;
+        public readonly CiteContext DbContext;
 
-        public CanIncrementMoveRequirement(Guid evaluationId)
+        public CanIncrementMoveRequirement(Guid evaluationId, CiteContext dbContext)
         {
             EvaluationId = evaluationId;
+            DbContext = dbContext;
         }
     }
 
     public class CanIncrementMoveHandler : AuthorizationHandler<CanIncrementMoveRequirement>, IAuthorizationHandler
     {
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CanIncrementMoveRequirement requirement)
         {
-            if (context.User.HasClaim(c =>
-                c.Type == CiteClaimTypes.CanIncrementMove.ToString() &&
-                c.Value.Contains(requirement.EvaluationId.ToString())
-            ))
+            var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;
+            var canIncrement = requirement.DbContext.TeamUsers
+                .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId &&
+                    tu.UserId.ToString() == userId &&
+                    tu.CanIncrementMove);
+            if (canIncrement)
             {
                 context.Succeed(requirement);
             }
 
@@ -3,28 +3,34 @@
 
 using Microsoft.AspNetCore.Authorization;
 using System;
+using System.Linq;
 using System.Threading.Tasks;
+using Cite.Api.Data;
 
 namespace Cite.Api.Infrastructure.Authorization
 {
     public class CanModifyRequirement : IAuthorizationRequirement
     {
         public readonly Guid EvaluationId;
+        public readonly CiteContext DbContext;
 
-        public CanModifyRequirement(Guid evaluationId)
+        public CanModifyRequirement(Guid evaluationId, CiteContext dbContext)
         {
             EvaluationId = evaluationId;
+            DbContext = dbContext;
         }
     }
 
     public class CanModifyHandler : AuthorizationHandler<CanModifyRequirement>, IAuthorizationHandler
     {
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CanModifyRequirement requirement)
         {
-            if (context.User.HasClaim(c =>
-                c.Type == CiteClaimTypes.CanModify.ToString() &&
-                c.Value.Contains(requirement.EvaluationId.ToString())
-            ))
+            var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;
+            var canModify = requirement.DbContext.TeamUsers
+                .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId &&
+                    tu.UserId.ToString() == userId &&
+                    tu.CanModify);
+            if (canModify)
             {
                 context.Succeed(requirement);
             }
 
@@ -3,28 +3,34 @@
 
 using Microsoft.AspNetCore.Authorization;
 using System;
+using System.Linq;
 using System.Threading.Tasks;
+using Cite.Api.Data;
 
 namespace Cite.Api.Infrastructure.Authorization
 {
     public class CanSubmitRequirement : IAuthorizationRequirement
     {
         public readonly Guid EvaluationId;
+        public readonly CiteContext DbContext;
 
-        public CanSubmitRequirement(Guid evaluationId)
+        public CanSubmitRequirement(Guid evaluationId, CiteContext dbContext)
         {
             EvaluationId = evaluationId;
+            DbContext = dbContext;
         }
     }
 
     public class CanSubmitHandler : AuthorizationHandler<CanSubmitRequirement>, IAuthorizationHandler
     {
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CanSubmitRequirement requirement)
         {
-            if (context.User.HasClaim(c =>
-                c.Type == CiteClaimTypes.CanSubmit.ToString() &&
-                c.Value.Contains(requirement.EvaluationId.ToString())
-            ))
+            var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;
+            var canSubmit = requirement.DbContext.TeamUsers
+                .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId &&
+                    tu.UserId.ToString() == userId &&
+                    tu.CanSubmit);
+            if (canSubmit)
             {
                 context.Succeed(requirement);
             }
 
@@ -3,28 +3,34 @@
 
 using Microsoft.AspNetCore.Authorization;
 using System;
+using System.Linq;
 using System.Threading.Tasks;
+using Cite.Api.Data;
 
 namespace Cite.Api.Infrastructure.Authorization
 {
     public class EvaluationObserverRequirement : IAuthorizationRequirement
     {
         public readonly Guid EvaluationId;
+        public readonly CiteContext DbContext;
 
-        public EvaluationObserverRequirement(Guid evaluationId)
+        public EvaluationObserverRequirement(Guid evaluationId, CiteContext dbContext)
         {
             EvaluationId = evaluationId;
+            DbContext = dbContext;
         }
     }
 
     public class EvaluationObserverHandler : AuthorizationHandler<EvaluationObserverRequirement>, IAuthorizationHandler
     {
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EvaluationObserverRequirement requirement)
         {
-            if (context.User.HasClaim(c =>
-                c.Type == CiteClaimTypes.EvaluationObserver.ToString() &&
-                c.Value.Contains(requirement.EvaluationId.ToString())
-            ))
+            var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;
+            var isObserver = requirement.DbContext.TeamUsers
+                .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId &&
+                    tu.UserId.ToString() == userId &&
+                    tu.IsObserver);
+            if (isObserver)
             {
                 context.Succeed(requirement);
             }
 
@@ -3,32 +3,34 @@
 
 using Microsoft.AspNetCore.Authorization;
 using System;
+using System.Linq;
 using System.Threading.Tasks;
+using Cite.Api.Data;
 
 namespace Cite.Api.Infrastructure.Authorization
 {
     public class EvaluationUserRequirement : IAuthorizationRequirement
     {
         public readonly Guid EvaluationId;
+        public readonly CiteContext DbContext;
 
-        public EvaluationUserRequirement(Guid evaluationId)
+        public EvaluationUserRequirement(Guid evaluationId, CiteContext dbContext)
         {
             EvaluationId = evaluationId;
+            DbContext = dbContext;
         }
     }
 
     public class EvaluationUserHandler : AuthorizationHandler<EvaluationUserRequirement>, IAuthorizationHandler
     {
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EvaluationUserRequirement requirement)
         {
+            var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;
+            var isEvaluationUser = requirement.DbContext.TeamUsers
+                .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId && tu.UserId.ToString() == userId);
             if (context.User.HasClaim(c => c.Type == CiteClaimTypes.SystemAdmin.ToString()) ||
                 context.User.HasClaim(c => c.Type == CiteClaimTypes.ContentDeveloper.ToString()) ||
-                (
-                    context.User.HasClaim(c =>
-                        c.Type == CiteClaimTypes.EvaluationUser.ToString() &&
-                        c.Value.Contains(requirement.EvaluationId.ToString())
-                    )
-                )
+                isEvaluationUser
             )
             {
                 context.Succeed(requirement);
 
@@ -3,28 +3,32 @@
 
 using Microsoft.AspNetCore.Authorization;
 using System;
+using System.Linq;
 using System.Threading.Tasks;
+using Cite.Api.Data;
 
 namespace Cite.Api.Infrastructure.Authorization
 {
     public class TeamUserRequirement : IAuthorizationRequirement
     {
         public readonly Guid TeamId;
+        public readonly CiteContext DbContext;
 
-        public TeamUserRequirement(Guid teamId)
+        public TeamUserRequirement(Guid teamId, CiteContext dbContext)
         {
             TeamId = teamId;
+            DbContext = dbContext;
         }
     }
 
     public class TeamUserHandler : AuthorizationHandler<TeamUserRequirement>, IAuthorizationHandler
     {
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TeamUserRequirement requirement)
         {
-            if (context.User.HasClaim(c =>
-                c.Type == CiteClaimTypes.TeamUser.ToString() &&
-                c.Value.Contains(requirement.TeamId.ToString()))
-            )
+            var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;
+            var isTeamUser = requirement.DbContext.TeamUsers
+                .Any(tu => tu.TeamId == requirement.TeamId && tu.UserId.ToString() == userId);
+            if (isTeamUser)
             {
                 context.Succeed(requirement);
             }
 
@@ -119,7 +119,7 @@ private async Task<IEnumerable<Task>> GetAverageSubmissionTasks(
             else if (submission.TeamId != null)
             {
                 var teamType = await _db.Teams.Select(t => t.TeamType).SingleOrDefaultAsync(t => t.Id == submission.TeamId);
-                if (teamType.ShowTeamTypeAverage)
+                if (teamType != null && teamType.ShowTeamTypeAverage)
                 {
                     // create the task to send the teamType average
                     var averageSubmission = await _submissionService.GetTypeAverageAsync(_mapper.Map<ViewModels.Submission>(submission), cancellationToken);
 
@@ -58,8 +58,8 @@ public ActionService(
         public async Task<IEnumerable<ViewModels.Action>> GetByEvaluationTeamAsync(Guid evaluationId, Guid teamId, CancellationToken ct)
         {
             // must be on the specified Team or an observer for the specified Evaluation
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(teamId))).Succeeded &&
-                !(await _authorizationService.AuthorizeAsync(_user, null, new EvaluationObserverRequirement(evaluationId))).Succeeded
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(teamId, _context))).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new EvaluationObserverRequirement(evaluationId, _context))).Succeeded
             )
                 throw new ForbiddenException();
 
@@ -92,7 +92,7 @@ public ActionService(
 
         public async Task<IEnumerable<ViewModels.Action>> GetByEvaluationMoveTeamAsync(Guid evaluationId, int moveNumber, Guid teamId, CancellationToken ct)
         {
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(teamId))).Succeeded)
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(teamId, _context))).Succeeded)
                 throw new ForbiddenException();
 
             var actionEntities = await _context.Actions
@@ -114,7 +114,7 @@ public ActionService(
             if (item == null)
                 throw new EntityNotFoundException<ActionEntity>();
 
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(item.TeamId))).Succeeded)
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(item.TeamId, _context))).Succeeded)
                 throw new ForbiddenException();
 
             return _mapper.Map<ViewModels.Action>(item);
@@ -124,7 +124,7 @@ public ActionService(
         {
             // user must be on the requested team or a content developer
             if (
-                !(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(action.TeamId))).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(action.TeamId, _context))).Succeeded &&
                 !(await _authorizationService.AuthorizeAsync(_user, null, new ContentDeveloperRequirement())).Succeeded
             )
                 throw new ForbiddenException();
@@ -147,7 +147,7 @@ public ActionService(
         {
             // user must be on the requested team or a content developer
             if (
-                !(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(action.TeamId))).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(action.TeamId, _context))).Succeeded &&
                 !(await _authorizationService.AuthorizeAsync(_user, null, new ContentDeveloperRequirement())).Succeeded
             )
                 throw new ForbiddenException();
@@ -175,7 +175,7 @@ public ActionService(
                 throw new EntityNotFoundException<ActionEntity>();
 
             // user must be on the requested team
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(actionToUpdate.TeamId))).Succeeded)
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(actionToUpdate.TeamId, _context))).Succeeded)
                 throw new ForbiddenException();
 
             actionToUpdate.IsChecked = value;
@@ -194,7 +194,7 @@ public async Task<bool> DeleteAsync(Guid id, CancellationToken ct)
 
             // user must be on the requested team or a content developer
             if (
-                !(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(actionToDelete.TeamId))).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new TeamUserRequirement(actionToDelete.TeamId, _context))).Succeeded &&
                 !(await _authorizationService.AuthorizeAsync(_user, null, new ContentDeveloperRequirement())).Succeeded
             )
                 throw new ForbiddenException();
 
@@ -195,7 +195,8 @@ public EvaluationService(
 
         public async Task<ViewModels.Evaluation> UpdateAsync(Guid id, ViewModels.Evaluation evaluation, CancellationToken ct)
         {
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new CanIncrementMoveRequirement(id))).Succeeded)
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new ContentDeveloperRequirement())).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new CanIncrementMoveRequirement(id, _context))).Succeeded)
                 throw new ForbiddenException();
 
             var evaluationToUpdate = await _context.Evaluations.SingleOrDefaultAsync(v => v.Id == id, ct);
@@ -267,7 +268,8 @@ public EvaluationService(
 
         public async Task<ViewModels.Evaluation> UpdateSituationAsync(Guid id, EvaluationSituation evaluationSituation, CancellationToken ct)
         {
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new CanIncrementMoveRequirement(id))).Succeeded)
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new ContentDeveloperRequirement())).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new CanIncrementMoveRequirement(id, _context))).Succeeded)
                 throw new ForbiddenException();
 
             var evaluationToUpdate = await _context.Evaluations.SingleOrDefaultAsync(v => v.Id == id, ct);
@@ -287,7 +289,8 @@ public EvaluationService(
 
         public async Task<ViewModels.Evaluation> SetCurrentMoveAsync(Guid id, int moveNumber, CancellationToken ct)
         {
-            if (!(await _authorizationService.AuthorizeAsync(_user, null, new CanIncrementMoveRequirement(id))).Succeeded)
+            if (!(await _authorizationService.AuthorizeAsync(_user, null, new ContentDeveloperRequirement())).Succeeded &&
+                !(await _authorizationService.AuthorizeAsync(_user, null, new CanIncrementMoveRequirement(id, _context))).Succeeded)
                 throw new ForbiddenException();
 
             var evaluationToUpdate = await _context.Evaluations
Original file line number	Diff line number	Diff line change
`@@ -3,28 +3,34 @@`
`3`	`3`
`4`	`4`	`using Microsoft.AspNetCore.Authorization;`
`5`	`5`	`using System;`
	`6`	`+using System.Linq;`
`6`	`7`	`using System.Threading.Tasks;`
	`8`	`+using Cite.Api.Data;`
`7`	`9`
`8`	`10`	`namespace Cite.Api.Infrastructure.Authorization`
`9`	`11`	`{`
`10`	`12`	`public class CanIncrementMoveRequirement : IAuthorizationRequirement`
`11`	`13`	`{`
`12`	`14`	`public readonly Guid EvaluationId;`
	`15`	`+ public readonly CiteContext DbContext;`
`13`	`16`
`14`		`- public CanIncrementMoveRequirement(Guid evaluationId)`
	`17`	`+ public CanIncrementMoveRequirement(Guid evaluationId, CiteContext dbContext)`
`15`	`18`	`{`
`16`	`19`	`EvaluationId = evaluationId;`
	`20`	`+ DbContext = dbContext;`
`17`	`21`	`}`
`18`	`22`	`}`
`19`	`23`
`20`	`24`	`public class CanIncrementMoveHandler : AuthorizationHandler<CanIncrementMoveRequirement>, IAuthorizationHandler`
`21`	`25`	`{`
`22`	`26`	`protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CanIncrementMoveRequirement requirement)`
`23`	`27`	`{`
`24`		`- if (context.User.HasClaim(c =>`
`25`		`- c.Type == CiteClaimTypes.CanIncrementMove.ToString() &&`
`26`		`- c.Value.Contains(requirement.EvaluationId.ToString())`
`27`		`- ))`
	`28`	`+ var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;`
	`29`	`+ var canIncrement = requirement.DbContext.TeamUsers`
	`30`	`+ .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId &&`
	`31`	`+ tu.UserId.ToString() == userId &&`
	`32`	`+ tu.CanIncrementMove);`
	`33`	`+ if (canIncrement)`
`28`	`34`	`{`
`29`	`35`	`context.Succeed(requirement);`
`30`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,32 +3,34 @@`
`3`	`3`
`4`	`4`	`using Microsoft.AspNetCore.Authorization;`
`5`	`5`	`using System;`
	`6`	`+using System.Linq;`
`6`	`7`	`using System.Threading.Tasks;`
	`8`	`+using Cite.Api.Data;`
`7`	`9`
`8`	`10`	`namespace Cite.Api.Infrastructure.Authorization`
`9`	`11`	`{`
`10`	`12`	`public class EvaluationUserRequirement : IAuthorizationRequirement`
`11`	`13`	`{`
`12`	`14`	`public readonly Guid EvaluationId;`
	`15`	`+ public readonly CiteContext DbContext;`
`13`	`16`
`14`		`- public EvaluationUserRequirement(Guid evaluationId)`
	`17`	`+ public EvaluationUserRequirement(Guid evaluationId, CiteContext dbContext)`
`15`	`18`	`{`
`16`	`19`	`EvaluationId = evaluationId;`
	`20`	`+ DbContext = dbContext;`
`17`	`21`	`}`
`18`	`22`	`}`
`19`	`23`
`20`	`24`	`public class EvaluationUserHandler : AuthorizationHandler<EvaluationUserRequirement>, IAuthorizationHandler`
`21`	`25`	`{`
`22`	`26`	`protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EvaluationUserRequirement requirement)`
`23`	`27`	`{`
	`28`	`+ var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;`
	`29`	`+ var isEvaluationUser = requirement.DbContext.TeamUsers`
	`30`	`+ .Any(tu => tu.Team.EvaluationId == requirement.EvaluationId && tu.UserId.ToString() == userId);`
`24`	`31`	`if (context.User.HasClaim(c => c.Type == CiteClaimTypes.SystemAdmin.ToString()) \|\|`
`25`	`32`	`context.User.HasClaim(c => c.Type == CiteClaimTypes.ContentDeveloper.ToString()) \|\|`
`26`		`- (`
`27`		`- context.User.HasClaim(c =>`
`28`		`- c.Type == CiteClaimTypes.EvaluationUser.ToString() &&`
`29`		`- c.Value.Contains(requirement.EvaluationId.ToString())`
`30`		`- )`
`31`		`- )`
	`33`	`+ isEvaluationUser`
`32`	`34`	`)`
`33`	`35`	`{`
`34`	`36`	`context.Succeed(requirement);`
Original file line number	Diff line number	Diff line change
`@@ -3,28 +3,32 @@`
`3`	`3`
`4`	`4`	`using Microsoft.AspNetCore.Authorization;`
`5`	`5`	`using System;`
	`6`	`+using System.Linq;`
`6`	`7`	`using System.Threading.Tasks;`
	`8`	`+using Cite.Api.Data;`
`7`	`9`
`8`	`10`	`namespace Cite.Api.Infrastructure.Authorization`
`9`	`11`	`{`
`10`	`12`	`public class TeamUserRequirement : IAuthorizationRequirement`
`11`	`13`	`{`
`12`	`14`	`public readonly Guid TeamId;`
	`15`	`+ public readonly CiteContext DbContext;`
`13`	`16`
`14`		`- public TeamUserRequirement(Guid teamId)`
	`17`	`+ public TeamUserRequirement(Guid teamId, CiteContext dbContext)`
`15`	`18`	`{`
`16`	`19`	`TeamId = teamId;`
	`20`	`+ DbContext = dbContext;`
`17`	`21`	`}`
`18`	`22`	`}`
`19`	`23`
`20`	`24`	`public class TeamUserHandler : AuthorizationHandler<TeamUserRequirement>, IAuthorizationHandler`
`21`	`25`	`{`
`22`	`26`	`protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TeamUserRequirement requirement)`
`23`	`27`	`{`
`24`		`- if (context.User.HasClaim(c =>`
`25`		`- c.Type == CiteClaimTypes.TeamUser.ToString() &&`
`26`		`- c.Value.Contains(requirement.TeamId.ToString()))`
`27`		`- )`
	`28`	`+ var userId = context.User.Identities.First().Claims.First(c => c.Type == "sub")?.Value;`
	`29`	`+ var isTeamUser = requirement.DbContext.TeamUsers`
	`30`	`+ .Any(tu => tu.TeamId == requirement.TeamId && tu.UserId.ToString() == userId);`
	`31`	`+ if (isTeamUser)`
`28`	`32`	`{`
`29`	`33`	`context.Succeed(requirement);`
`30`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ private async Task<IEnumerable<Task>> GetAverageSubmissionTasks(`
`119`	`119`	`else if (submission.TeamId != null)`
`120`	`120`	`{`
`121`	`121`	`var teamType = await _db.Teams.Select(t => t.TeamType).SingleOrDefaultAsync(t => t.Id == submission.TeamId);`
`122`		`- if (teamType.ShowTeamTypeAverage)`
	`122`	`+ if (teamType != null && teamType.ShowTeamTypeAverage)`
`123`	`123`	`{`
`124`	`124`	`// create the task to send the teamType average`
`125`	`125`	`var averageSubmission = await _submissionService.GetTypeAverageAsync(_mapper.Map<ViewModels.Submission>(submission), cancellationToken);`