Feature In Progress - Add no access page

CHANGELOG.md

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased][unreleased]
 
+### Added
+
+- Redirect unauthorised users to a new "no access" page giving them directions on how to get access to FIAT
+
 ### Changed
 
 - Updated the contacts page to include disclaimer text for the trust contacts
@@ -14,6 +18,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Updated the landing page to add more information and links to other services
 - Renamed the anti forgery cookie to a static name
 - Updated wording for links on the landing page to tell users they open in new tabs
+- Make cookies, accessibility statement and privacy notice pages available to users without FIAT access
+- Hide header and footer areas on pages available to users without FIAT access
+- Fix Privacy page having incorrect width
+- Improve security by changing SameSite setting for the login cookie to current Microsoft recommendation of Lax
+- Update name of cookie consent cookie to be consistent with application name and what is displayed in the Cookie UI
 
 ## [Release-11][release-11] (production-2024-10-17.3654)
 

DfE.FindInformationAcademiesTrusts/Authorization/AutomationAuthorizationHandler.cs

@@ -1,5 +1,6 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
+using DfE.FindInformationAcademiesTrusts.Extensions;
 using DfE.FindInformationAcademiesTrusts.Options;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Authorization.Infrastructure;

DfE.FindInformationAcademiesTrusts/Configuration/FiatCookies.cs

@@ -0,0 +1,8 @@
+namespace DfE.FindInformationAcademiesTrusts.Configuration;
+
+public static class FiatCookies
+{
+    public const string Antiforgery = ".FindInformationAcademiesTrusts.Antiforgery";
+    public const string CookieConsent = ".FindInformationAcademiesTrusts.CookieConsent";
+    public const string Login = ".FindInformationAcademiesTrusts.Login";
+}

DfE.FindInformationAcademiesTrusts/Configuration/UserRoles.cs

@@ -0,0 +1,6 @@
+namespace DfE.FindInformationAcademiesTrusts.Configuration;
+
+public static class UserRoles
+{
+    public const string AuthorisedFiatUser = "User.Role.Authorised";
+}

DfE.FindInformationAcademiesTrusts/CookiesHelper.cs

@@ -1,10 +1,10 @@
-using Microsoft.AspNetCore.Mvc.ViewFeatures;
+using DfE.FindInformationAcademiesTrusts.Configuration;
+using Microsoft.AspNetCore.Mvc.ViewFeatures;
 
 namespace DfE.FindInformationAcademiesTrusts;
 
 public static class CookiesHelper
 {
-    public const string ConsentCookieName = ".FindInformationAcademiesTrust.CookieConsent";
     public const string DeleteCookieTempDataName = "DeleteCookie";
     public const string CookieChangedTempDataName = "CookieResponse";
     public const string ReturnPathQuery = "returnPath";
@@ -22,8 +22,8 @@ public static bool OptionalCookiesAreAccepted(HttpContext context, ITempDataDict
             return false;
         }
 
-        return context.Request.Cookies.ContainsKey(ConsentCookieName) &&
-               bool.Parse(context.Request.Cookies[ConsentCookieName]!);
+        return context.Request.Cookies.ContainsKey(FiatCookies.CookieConsent) &&
+               bool.Parse(context.Request.Cookies[FiatCookies.CookieConsent]!);
     }
 
     public static string ReturnPath(HttpContext context)
@@ -35,7 +35,7 @@ public static string ReturnPath(HttpContext context)
 
     public static bool ShowCookieBanner(HttpContext context, ITempDataDictionary tempData)
     {
-        return !context.Request.Cookies.ContainsKey(ConsentCookieName) &&
+        return !context.Request.Cookies.ContainsKey(FiatCookies.CookieConsent) &&
                tempData[DeleteCookieTempDataName] is null;
     }
 }

DfE.FindInformationAcademiesTrusts/Extensions/ClaimsPrincipleExtensions.cs

@@ -0,0 +1,12 @@
+using System.Security.Claims;
+using DfE.FindInformationAcademiesTrusts.Configuration;
+
+namespace DfE.FindInformationAcademiesTrusts.Extensions;
+
+public static class ClaimsPrincipleExtensions
+{
+    public static bool HasAccessToFiat(this ClaimsPrincipal user)
+    {
+        return user.IsInRole(UserRoles.AuthorisedFiatUser);
+    }
+}

DfE.FindInformationAcademiesTrusts/EnvironmentExtensions.cs → DfE.FindInformationAcademiesTrusts/Extensions/EnvironmentExtensions.cs

@@ -1,4 +1,4 @@
-namespace DfE.FindInformationAcademiesTrusts;
+namespace DfE.FindInformationAcademiesTrusts.Extensions;
 
 public static class EnvironmentExtensions
 {

DfE.FindInformationAcademiesTrusts/Pages/Accessibility.cshtml

@@ -1,5 +1,5 @@
 @page
-@model DfE.FindInformationAcademiesTrusts.Pages.Shared.ContentPageModel
+@model DfE.FindInformationAcademiesTrusts.Pages.Shared.AnonymousPageModel
 
 @{
   Layout = "_ContentLayout";