protected void UpdateRequestsToViewState() { if (!CollectionUtils.IsNullOrEmpty(userRepeaterList.Items) && !CollectionUtils.IsNullOrEmpty(_modelState.Requests)) { for (int i = 0; i < userRepeaterList.Items.Count; ++i) { RepeaterItem repeaterItem = userRepeaterList.Items[i]; AccountAuthorizationRequest request = _modelState.Requests[i]; TextBox commentsBox = (TextBox)repeaterItem.FindControl("commentsTextBox"); request.Response.AuthorizationComments = commentsBox.Text; Repeater flowsRepeater = (Repeater)repeaterItem.FindControl("flowRepeaterList"); for (int j = 0; j < flowsRepeater.Items.Count; ++j) { RepeaterItem flowRepeaterItem = flowsRepeater.Items[j]; CheckBox allowCheckBox = (CheckBox)flowRepeaterItem.FindControl("allowCheckBox"); Label allowCheckTag = (Label)flowRepeaterItem.FindControl("allowCheckTag"); string flowName = allowCheckTag.Text; foreach (AccountAuthorizationRequestFlow requestFlow in request.RequestedFlows) { if (string.Equals(flowName, requestFlow.FlowName, StringComparison.InvariantCultureIgnoreCase)) { requestFlow.AccessGranted = allowCheckBox.Checked; break; } } } } } }
public void ProcessSubmit(string transactionId) { GetServiceImplementation(out _transactionManager); GetServiceImplementation(out _accountAuthorizationRequestManager); GetServiceImplementation(out _serializationHelper); GetServiceImplementation(out _documentManager); GetServiceImplementation(out _xmlValidationHelper); IList <string> docIds = _transactionManager.GetAllUnprocessedDocumentDbIds(transactionId); if (CollectionUtils.IsNullOrEmpty(docIds)) { throw new ArgumentException("No authorization requests specified for transaction \"{0}\"", transactionId); } if (docIds.Count > 1) { throw new ArgumentException("More than one authorization request was specified for transaction \"{0}\"", transactionId); } AppendAuditLogEvent("Received {0} user Authorization request(s)", docIds.Count); List <AccountAuthorizationRequest> requests = new List <AccountAuthorizationRequest>(docIds.Count); foreach (string docId in docIds) { AccountAuthorizationRequest accountRequest = GetAccountAuthorizationRequest(transactionId, docId); _accountAuthorizationRequestManager.Save(accountRequest); _documentManager.SetDocumentStatus(transactionId, docId, CommonTransactionStatusCode.Processed, "Processed " + docId.ToString()); } }
public AccountAuthorizationRequest RejectRequest(AccountAuthorizationRequest request, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); ExceptionUtils.ThrowIfNull(request.Response, "request.Response"); if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { foreach (AccountAuthorizationRequestFlow flow in request.RequestedFlows) { flow.AccessGranted = false; } } request.Response.AuthorizationAccountId = visit.Account.Id; request.Response.DidCreateInNaas = false; _accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, false); string statusDetail = string.Format("{0} rejected authorization request from user \"{1} ({2})\": {3}", visit.Account.NaasAccount, request.FullName, request.NaasAccount, request.ToString()); ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail); return(request); }
private AccountAuthorizationRequest MapAccountAuthorizationRequest(IDataReader reader) { AccountAuthorizationRequest request = new AccountAuthorizationRequest(); int index = 0; request.Id = reader.GetString(index++); request.TransactionId = reader.GetString(index++); request.RequestGeneratedOn = reader.GetDateTime(index++); request.RequestType = reader.GetString(index++); request.NaasAccount = reader.GetString(index++); request.FullName = reader.GetString(index++); request.OrganizationAffiliation = reader.GetString(index++); request.TelephoneNumber = reader.GetString(index++); request.EmailAddress = reader.GetString(index++); request.AffiliatedNodeId = reader.GetString(index++); request.AffiliatedCounty = reader.GetString(index++); request.PurposeDescription = reader.GetString(index++); request.RequestedNodeIds = reader.GetString(index++).Split(','); if (!reader.IsDBNull(index)) { AccountAuthorizationResponse response = new AccountAuthorizationResponse(); response.AuthorizationAccountId = reader.GetString(index++); response.AuthorizationComments = reader.GetString(index++); response.AuthorizationGeneratedOn = reader.GetDateTime(index++); response.DidCreateInNaas = DbUtils.ToBool(reader.GetString(index++)); request.Response = response; } return(request); }
protected AuthorizationResponse GetAuthorizationResponse(AccountAuthorizationRequest request, bool doAccept) { AuthorizationResponse response = new AuthorizationResponse(); response.GeneratedOn = request.Response.AuthorizationGeneratedOn; response.NaasUsername = request.NaasAccount; response.AccountCreatedInNaas = request.Response.DidCreateInNaas; response.Comments = request.Response.AuthorizationComments; if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { response.AuthorizationList = new AuthorizationItem[request.RequestedFlows.Count]; for (int i = 0; i < request.RequestedFlows.Count; ++i) { AccountAuthorizationRequestFlow requestFlow = request.RequestedFlows[i]; AuthorizationItem authorizationItem = new AuthorizationItem(); authorizationItem.AccessGranted = doAccept ? requestFlow.AccessGranted : false; authorizationItem.RequestedDataSourceName = requestFlow.FlowName; response.AuthorizationList[i] = authorizationItem; } } else { response.AuthorizationList = new AuthorizationItem[0]; } return(response); }
protected AccountAuthorizationRequest GetAccountAuthorizationRequest(string transactionId, string docId) { byte[] content = _documentManager.GetUncompressedContent(transactionId, docId); ValidateAuthorizationRequestXml(content); AuthorizationRequest request; try { request = _serializationHelper.Deserialize <AuthorizationRequest>(content); } catch (Exception ex) { throw new InvalidDataException(string.Format("Could not deserialize authorization request document content for document id: \"{0}\"", docId), ex); } if (_accountAuthorizationRequestManager.HasOpenRequestForUser(request.NaasUsername)) { throw new ArgumentException(string.Format("There is already an open authorization request for the user: {0}", request.NaasUsername)); } if ((request.GeneratedOn < DateTime.Now.AddYears(-2)) || (request.GeneratedOn > DateTime.Now.AddYears(1))) { throw new ArgumentException(string.Format("The request GeneratedOn date is invalid: {0}", request.GeneratedOn)); } bool existsInNaas = _accountAuthorizationRequestManager.ValidateUserExistance(request.NaasUsername, request.AffiliatedNodeId, request.RequestedDataSourceNames); AccountAuthorizationRequest accountRequest = new AccountAuthorizationRequest(); accountRequest.AffiliatedCounty = request.AffiliatedCounty; accountRequest.AffiliatedNodeId = request.AffiliatedNodeId; accountRequest.EmailAddress = request.EmailAddress; accountRequest.FullName = request.FullName; accountRequest.NaasAccount = request.NaasUsername; accountRequest.OrganizationAffiliation = request.OrganizationAffiliation; accountRequest.PurposeDescription = request.PurposeDescription; accountRequest.RequestedNodeIds = request.RequestedNodeIds; accountRequest.RequestGeneratedOn = request.GeneratedOn; accountRequest.TelephoneNumber = request.TelephoneNumber; accountRequest.RequestType = request.RequestType; if (!CollectionUtils.IsNullOrEmpty(request.RequestedDataSourceNames)) { List <AccountAuthorizationRequestFlow> flowList = new List <AccountAuthorizationRequestFlow>(request.RequestedDataSourceNames.Length); foreach (string flowName in request.RequestedDataSourceNames) { flowList.Add(new AccountAuthorizationRequestFlow(flowName)); } accountRequest.RequestedFlows = flowList; } accountRequest.TransactionId = transactionId; return(accountRequest); }
public void Save(AccountAuthorizationRequest item) { _accountAuthorizationRequestDao.Save(item); // If the user already exists in the node and has all requested permissions, // bypass notifying the node admin. try { CheckForAlreadyValidAuthorizationRequest(item); } catch (Exception) { } }
public void Save(AccountAuthorizationRequest item) { if (item == null) { throw new ArgumentException("Null item"); } string id = null; TransactionTemplate.Execute(delegate { string authorizationAccountId = null, authorizationComments = null; DateTime authorizationGeneratedOn = DbUtils.DB_MIN_DATE; string didCreateInNaas = null; if (item.Response != null) { authorizationAccountId = item.Response.AuthorizationAccountId; authorizationComments = item.Response.AuthorizationComments; authorizationGeneratedOn = item.Response.AuthorizationGeneratedOn; didCreateInNaas = DbUtils.ToDbBool(item.Response.DidCreateInNaas); } if (string.IsNullOrEmpty(item.Id)) { id = IdProvider.Get(); DoInsert(TABLE_NAME, MAP_AUTH_REQUEST_COLUMNS, id, item.TransactionId, item.RequestGeneratedOn, item.RequestType, item.NaasAccount, item.FullName, item.OrganizationAffiliation, item.TelephoneNumber, item.EmailAddress, item.AffiliatedNodeId, item.AffiliatedCounty, item.PurposeDescription, StringUtils.Join(",", item.RequestedNodeIds), authorizationAccountId, authorizationComments, authorizationGeneratedOn, didCreateInNaas); } else { id = item.Id; DoSimpleUpdateOne(TABLE_NAME, "Id", id, MAP_AUTH_REQUEST_COLUMNS, id, item.TransactionId, item.RequestGeneratedOn, item.RequestType, item.NaasAccount, item.FullName, item.OrganizationAffiliation, item.TelephoneNumber, item.EmailAddress, item.AffiliatedNodeId, item.AffiliatedCounty, item.PurposeDescription, StringUtils.Join(",", item.RequestedNodeIds), authorizationAccountId, authorizationComments, authorizationGeneratedOn, didCreateInNaas); } // Update flow requests DeleteAllFlowsForRequest(id); SaveRequestedFlows(id, item.RequestedFlows); return(null); }); if (string.IsNullOrEmpty(item.Id)) { item.Id = id; } }
protected void DoUpdateRequest(CommandEventArgs e, bool doAccept) { HtmlGenericControl itemPageErrorDiv = null; try { if (!CollectionUtils.IsNullOrEmpty(userRepeaterList.Items) && !CollectionUtils.IsNullOrEmpty(_modelState.Requests)) { UpdateRequestsToViewState(); int index; AccountAuthorizationRequest request = GetRequest(e, out index); itemPageErrorDiv = (HtmlGenericControl)userRepeaterList.Items[index].FindControl("itemDivPageError"); if (doAccept) { bool atleastOneFlowChecked = false; if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { foreach (AccountAuthorizationRequestFlow flow in request.RequestedFlows) { if (flow.AccessGranted) { atleastOneFlowChecked = true; break; } } } if (!atleastOneFlowChecked) { SetDivPageError(itemPageErrorDiv, "Please allow the user access to at least one requested flow."); return; } _accountAuthorizationRequestManagerService.AcceptRequest(request, VisitHelper.GetVisit()); } else { _accountAuthorizationRequestManagerService.RejectRequest(request, VisitHelper.GetVisit()); } _modelState.Requests.RemoveAt(index); divPageNote.Visible = true; divPageNote.InnerText = string.Format("The request from user \"{0}\" has been {1}.", request.NaasAccount, doAccept ? "accepted" : "rejected"); } userRepeaterList.DataSource = _modelState.Requests; userRepeaterList.DataBind(); } catch (Exception ex) { SetDivPageError(itemPageErrorDiv, ex); } }
protected ICollection <DataFlow> FlowList(object dataItem) { AccountAuthorizationRequest request = (AccountAuthorizationRequest)dataItem; if (CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { return(_modelState.Flows.Values); } else { SortedList <string, DataFlow> list = new SortedList <string, DataFlow>(); foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows) { DataFlow dataFlow; if (_modelState.Flows.TryGetValue(requestedFlow.FlowName.ToUpper(), out dataFlow)) { list.Add(requestedFlow.FlowName, dataFlow); } } return(list.Values); } }
public void DoRequestUpdate(AccountAuthorizationRequest request, string adminName, bool doAccept) { request.Response.AuthorizationGeneratedOn = DateTime.Now; AuthorizationResponse response = GetAuthorizationResponse(request, doAccept); byte[] authorizationResponsContent = _serializationHelper.Serialize(response); Document document = new Document(response.GetType().Name + ".xml", CommonContentType.XML, authorizationResponsContent); string statusDetail = string.Format("{0} {1} authorization request from user \"{2} ({3})\"", adminName, doAccept ? "accepted" : "rejected", request.FullName, request.NaasAccount); TransactionTemplate.Execute(delegate { Save(request); _documentManager.AddDocument(request.TransactionId, CommonTransactionStatusCode.Completed, statusDetail, document); _transactionDao.SetTransactionStatus(request.TransactionId, CommonTransactionStatusCode.Completed, statusDetail, true); return(null); }); }
protected void userRepeaterList_ItemDataBound(object sender, RepeaterItemEventArgs e) { AccountAuthorizationRequest request = (AccountAuthorizationRequest)e.Item.DataItem; Repeater flowsRepeater = (Repeater)e.Item.FindControl("flowRepeaterList"); ICollection <DataFlow> flows = FlowList(e.Item.DataItem); if (CollectionUtils.IsNullOrEmpty(flows)) { flowsRepeater.Visible = false; Control noFlowsControl = e.Item.FindControl("noFlowsLabel"); noFlowsControl.Visible = true; } else { flowsRepeater.DataSource = flows; flowsRepeater.DataBind(); int i = 0; foreach (DataFlow dataFlow in flows) { RepeaterItem flowRepeaterItem = flowsRepeater.Items[i]; foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows) { if (string.Equals(requestedFlow.FlowName, dataFlow.FlowName, StringComparison.InvariantCultureIgnoreCase)) { CheckBox allowCheckBox = (CheckBox)flowRepeaterItem.FindControl("allowCheckBox"); allowCheckBox.Checked = requestedFlow.AccessGranted; break; } } Label allowCheckTag = (Label)flowRepeaterItem.FindControl("allowCheckTag"); allowCheckTag.Text = dataFlow.FlowName; ++i; } } TextBox commentsBox = (TextBox)e.Item.FindControl("commentsTextBox"); commentsBox.Text = request.Response.AuthorizationComments ?? string.Empty; }
protected void LoadRequests() { NodeVisit visit = VisitHelper.GetVisit(); IList <AccountAuthorizationRequest> requests = _accountAuthorizationRequestManagerService.GetOpenUserRequests(visit); if (!CollectionUtils.IsNullOrEmpty(requests)) { bool hasPreviousRequests = !CollectionUtils.IsNullOrEmpty(_modelState.Requests); foreach (AccountAuthorizationRequest request in requests) { AccountAuthorizationRequest previousRequest = null; if (hasPreviousRequests) { foreach (AccountAuthorizationRequest pRequest in _modelState.Requests) { if (pRequest.Id == request.Id) { previousRequest = pRequest; break; } } } if (previousRequest != null) { request.Response = previousRequest.Response; request.RequestedFlows = previousRequest.RequestedFlows; } else { request.Response = new AccountAuthorizationResponse(); if (CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { if (!CollectionUtils.IsNullOrEmpty(_modelState.Flows)) { List <AccountAuthorizationRequestFlow> requestedFlows = new List <AccountAuthorizationRequestFlow>(_modelState.Flows.Count); foreach (DataFlow dataFlow in _modelState.Flows.Values) { requestedFlows.Add(new AccountAuthorizationRequestFlow(dataFlow.FlowName)); } request.RequestedFlows = requestedFlows; } } // Pre check Access Granted to flows that the user already has access to IList <string> existingProtectedFlows = _accountAuthorizationRequestManagerService.GetProtectedFlowNamesForUser(visit, request.NaasAccount); if (!CollectionUtils.IsNullOrEmpty(existingProtectedFlows)) { foreach (string protectedFlowName in existingProtectedFlows) { foreach (AccountAuthorizationRequestFlow requestFlow in request.RequestedFlows) { if (string.Equals(requestFlow.FlowName, protectedFlowName, StringComparison.InvariantCultureIgnoreCase)) { requestFlow.AccessGranted = true; break; } } } } } } } _modelState.Requests = new SortableCollection <AccountAuthorizationRequest>(requests); _modelState.Requests.Sort(_modelState.SortProperty, _modelState.SortAscending); }
public AccountAuthorizationRequest AcceptRequest(AccountAuthorizationRequest request, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); ExceptionUtils.ThrowIfNull(request.Response, "request.Response"); IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap(); bool userExists = ValidateUserExistance(request.NaasAccount, request.AffiliatedNodeId, null, upperFlowNameToIdMap); string password = _accountManager.GenerateRandomPassword(); UserAccount userAccount = _accountDao.GetByName(request.NaasAccount); List <UserAccessPolicy> policies = null; if (userAccount == null) { userAccount = new UserAccount(); userAccount.ModifiedById = visit.Account.Id; userAccount.NaasAccount = request.NaasAccount; userAccount.Role = SystemRoleType.Authed; } else { if (!CollectionUtils.IsNullOrEmpty(userAccount.Policies)) { policies = new List <UserAccessPolicy>(userAccount.Policies); } } userAccount.IsActive = true; if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows) { UserAccessPolicy curPolicy = GetPolicyForFlow(requestedFlow.FlowName, policies); bool foundFlow = (curPolicy != null); if (foundFlow && !requestedFlow.AccessGranted) { policies.Remove(curPolicy); } else if (!foundFlow && requestedFlow.AccessGranted) { UserAccessPolicy policy = _accountPolicyManager.CreatePolicy(userAccount.Role, null, requestedFlow.FlowName, FlowRoleType.Endpoint); policy.ModifiedById = visit.Account.Id; CollectionUtils.Add(policy, ref policies); } } userAccount.Policies = policies; } _accountManager.Save(userAccount, true, password, visit); request.Response.AuthorizationAccountId = visit.Account.Id; request.Response.DidCreateInNaas = !userExists; _accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, true); string statusDetail = string.Format("{0} accepted authorization request from user \"{1} ({2})\": {3}", visit.Account.NaasAccount, request.FullName, request.NaasAccount, request.ToString()); ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail); return(request); }
/// <summary> /// Check to see if the input request is already valid (user exists in NAAS and the node and already has access to /// the requested flows. If so, automatically set the request to Accepted, thereby bypassing the need for /// the node Admin to formally accept the request. /// </summary> protected void CheckForAlreadyValidAuthorizationRequest(AccountAuthorizationRequest item) { UserAccount userAccount = null; try { userAccount = _accountManager.GetByName(item.NaasAccount); } catch (Exception) { } if ((userAccount != null) && userAccount.IsActive) { IList <string> protectedFlows = _flowManager.GetProtectedFlowNames(); bool hasAccessToAllRequestedFlows = true; IList <AccountAuthorizationRequestFlow> requestedFlows = null; if (!CollectionUtils.IsNullOrEmpty(protectedFlows)) { if (CollectionUtils.IsNullOrEmpty(item.RequestedFlows)) { // If item.RequestedFlows == null, this is a request to grant access to all protected flows requestedFlows = new List <AccountAuthorizationRequestFlow>(protectedFlows.Count); foreach (string flowName in protectedFlows) { requestedFlows.Add(new AccountAuthorizationRequestFlow(flowName)); } } else { // Deep copy the list so that we can update element without affecting the "real" request // until we are sure we will accept the user requestedFlows = new List <AccountAuthorizationRequestFlow>(item.RequestedFlows.Count); foreach (AccountAuthorizationRequestFlow requestedFlow in item.RequestedFlows) { requestedFlows.Add(new AccountAuthorizationRequestFlow(requestedFlow.FlowName)); } } // Check that the user has access to all the requested flows: IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap(); foreach (AccountAuthorizationRequestFlow requestedFlow in requestedFlows) { if (upperFlowNameToIdMap.ContainsKey(requestedFlow.FlowName.ToUpper())) { if (!HasPolicyForFlow(requestedFlow.FlowName, userAccount.Policies)) { hasAccessToAllRequestedFlows = false; break; } else { requestedFlow.AccessGranted = true; } } } } if (hasAccessToAllRequestedFlows) { // Validate that the user is actually in NAAS if (_naasManager.UserExists(userAccount.NaasAccount)) { // Accept this user automatically item.RequestedFlows = requestedFlows; item.Response = new AccountAuthorizationResponse(); item.Response.AuthorizationAccountId = _accountManager.AdminAccount.Id; item.Response.AuthorizationComments = "The node admin automatically accepted the request since all requested policies are currently active"; item.Response.DidCreateInNaas = false; _accountAuthorizationRequestDao.DoRequestUpdate(item, _accountManager.AdminAccount.NaasAccount, true); string statusDetail = string.Format("Automatically accepted authorization request from user \"{0} ({1})\" since all requested policies are currently active: {2}", item.FullName, item.NaasAccount, item.ToString()); ActivityManager.LogAudit(NodeMethod.None, null, item.TransactionId, null, statusDetail); } } } }
protected string UserDisplayTitle(object dataItem) { AccountAuthorizationRequest request = (AccountAuthorizationRequest)dataItem; return(string.Format("{0} ({1})", request.FullName, request.NaasAccount)); }
protected string RequestDateDisplayName(object dataItem) { AccountAuthorizationRequest request = (AccountAuthorizationRequest)dataItem; return(string.Format("Requested: {0}", request.RequestGeneratedOn.ToShortDateString())); }
private void PostMapAccountAuthorizationRequest(AccountAuthorizationRequest request) { request.RequestedFlows = GetRequestFlows(request.Id); }