public async Task <IActionResult> AddAdmin(CreateSystemAdminViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
// find possible user from db
var foundUser = await _dbContext.Users.SingleOrDefaultAsync(a =>
a.CampusKerberos == model.UserLookup.ToLower() ||
a.NormalizedEmail == model.UserLookup.SafeToUpper());
// otherwise, create the user
if (foundUser == null)
{
// find user
Person user = null;
if (model.UserLookup.Contains("@"))
{
user = await _directorySearchService.GetByEmail(model.UserLookup.ToLower());
}
else
{
var directoryUser = await _directorySearchService.GetByKerberos(model.UserLookup.ToLower());
if (directoryUser != null && !directoryUser.IsInvalid)
{
user = directoryUser.Person;
}
}
// create user
if (user != null)
{
var userToCreate = new User
{
Email = user.Mail,
UserName = user.Mail,
CampusKerberos = user.Kerberos,
Name = user.FullName
};
var userPrincipal = new ClaimsPrincipal();
userPrincipal.AddIdentity(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, userToCreate.CampusKerberos),
new Claim(ClaimTypes.Name, userToCreate.Name)
}));
var loginInfo = new ExternalLoginInfo(userPrincipal, "UCDavis", userToCreate.CampusKerberos, null);
var createResult = await _userManager.CreateAsync(userToCreate);
if (createResult.Succeeded)
{
await _userManager.AddLoginAsync(userToCreate, loginInfo);
foundUser = userToCreate;
}
Log.Information($"Admin User Add: User added to db: {foundUser.CampusKerberos}");
}
}
ModelState.Clear();
TryValidateModel(model);
// find or create failed
if (foundUser == null)
{
ModelState.AddModelError("UserLookup", "User Not Found");
return(View(model));
}
var roles = await _userManager.GetRolesAsync(foundUser);
if (roles != null)
{
if (roles.Any(a => a.Contains(ApplicationRoleCodes.Admin)))
{
ModelState.AddModelError("UserLookup", "Already in role");
return(View(model));
}
}
// check model
if (!ModelState.IsValid)
{
return(View(model));
}
await _userManager.AddToRoleAsync(foundUser, ApplicationRoleCodes.Admin);
await _dbContext.SaveChangesAsync();
Log.Information($"Admin User Add: User: {foundUser.CampusKerberos} added by: {CurrentUserId}");
return(RedirectToAction("Index"));
}
public async Task <IActionResult> CreatePermission(CreateTeamPermissionViewModel model)
{
var team = await _context.Teams.SingleOrDefaultAsync(m => m.Slug == TeamSlug && m.IsActive);
if (team == null)
{
return(NotFound());
}
// find possible user from db
var foundUser = await _context.Users.SingleOrDefaultAsync(a =>
a.CampusKerberos == model.UserLookup.ToLower() ||
a.NormalizedEmail == model.UserLookup.SafeToUpper());
// otherwise, create the user
if (foundUser == null)
{
// find user
Person user = null;
if (model.UserLookup.Contains("@"))
{
user = await _directorySearchService.GetByEmail(model.UserLookup.ToLower());
}
else
{
var directoryUser = await _directorySearchService.GetByKerberos(model.UserLookup.ToLower());
if (directoryUser != null && !directoryUser.IsInvalid)
{
user = directoryUser.Person;
}
}
// create user
if (user != null)
{
var userToCreate = new User
{
Email = user.Mail,
UserName = user.Mail,
CampusKerberos = user.Kerberos,
Name = user.FullName
};
var userPrincipal = new ClaimsPrincipal();
userPrincipal.AddIdentity(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, userToCreate.CampusKerberos),
new Claim(ClaimTypes.Name, userToCreate.Name)
}));
var loginInfo = new ExternalLoginInfo(userPrincipal, "UCDavis", userToCreate.CampusKerberos, null);
var createResult = await _userManager.CreateAsync(userToCreate);
if (createResult.Succeeded)
{
await _userManager.AddLoginAsync(userToCreate, loginInfo);
foundUser = userToCreate;
}
}
}
ModelState.Clear();
TryValidateModel(model);
// find or create failed
if (foundUser == null)
{
ModelState.AddModelError("UserLookup", "User Not Found");
return(View(model));
}
// look for existing permissions
if (await _context.TeamPermissions.AnyAsync(a =>
a.TeamId == team.Id &&
a.UserId == foundUser.Id &&
a.RoleId == model.SelectedRole))
{
ModelState.AddModelError("UserLookup", "User with selected role already exists.");
return(View(model));
}
// check model
if (!ModelState.IsValid)
{
return(View(model));
}
// create permission and save it
var role = await _context.TeamRoles.SingleAsync(a => a.Id == model.SelectedRole);
var teamPermission = new TeamPermission
{
TeamId = team.Id,
Role = role,
UserId = foundUser.Id
};
_context.TeamPermissions.Add(teamPermission);
await _context.SaveChangesAsync();
// send user notification
try
{
await _emailService.SendNewTeamMemberNotice(team, foundUser, role);
}
catch (Exception ex)
{
Log.Error(ex, "New Member Notice email failed.");
}
return(RedirectToAction(nameof(Roles), new { team = team.Slug }));
}
public async Task <IActionResult> AddUserToDepartmentRole(string userId, int departmentId)
{
// check for existing user first
var user = await _userManager.FindByIdAsync(userId);
// check email too
if (user == null)
{
user = await _userManager.FindByEmailAsync(userId);
}
// check for user on directory
if (user == null)
{
var person = await _directorySearchService.GetByKerberos(userId);
if (person == null)
{
person = await _directorySearchService.GetByEmail(userId);
}
if (person == null)
{
ErrorMessage = "User not found.";
return(RedirectToAction(nameof(DepartmentUsers)));
}
// create user and login
var principal = new ClaimsPrincipal();
var login = new ExternalLoginInfo(
principal,
AspNetCore.Security.CAS.CasDefaults.AuthenticationScheme,
person.Kerberos,
AspNetCore.Security.CAS.CasDefaults.DisplayName);
user = new User
{
Id = person.Kerberos,
Email = person.Mail,
UserName = person.Kerberos,
FirstName = person.GivenName,
LastName = person.Surname,
Name = person.FullName,
};
await _userManager.CreateAsync(user);
await _userManager.AddLoginAsync(user, login);
}
var department = await _dbContext.Departments
.Include(d => d.MemberRoles)
.FirstOrDefaultAsync(d => d.Id == departmentId);
_dbContext.DepartmentRoles.Add(new DepartmentRole()
{
User = user,
Department = department,
Role = "Member",
});
await _dbContext.SaveChangesAsync();
return(RedirectToAction(nameof(DepartmentUsers)));
}
