/// <summary>
/// Process the ownership-mapping request for a single user
/// </summary>
/// <param name="siteSignIn"></param>
/// <param name="thisOwnershipChange"></param>
/// <param name="workingList_allKnownUsers"></param>
/// <param name="knownDataSources"></param>
private void Execute_ProvisionOwnership_SingleUserChange_inner(
TableauServerSignIn siteSignIn,
ProvisioningChangeContentOwnership thisOwnershipChange,
WorkingListSiteUsers workingList_allKnownUsers,
ICollection <SiteDatasource> knownDataSources,
ICollection <SiteFlow> knownFlows)
{
var userOldOwner = workingList_allKnownUsers.FindUserByName(thisOwnershipChange.OldOwnerName);
if (userOldOwner == null)
{
throw new Exception("201202-415: Could not find user: "******"201202-416: Could not find user: " + userNewOwner.Name);
}
//------------------------------------------------------------------------------------
//Check the ownership of each of these types of content, and update from the
//old owner to the designated new owner
//------------------------------------------------------------------------------------
Execute_ProvisionOwnership_SingleUserChange_Workbooks(siteSignIn, userOldOwner, userNewOwner);
Execute_ProvisionOwnership_SingleUserChange_Datasources(siteSignIn, knownDataSources, userOldOwner, userNewOwner);
Execute_ProvisionOwnership_SingleUserChange_Flows(siteSignIn, userOldOwner, userNewOwner, knownFlows);
}
/// <summary>
/// Add a specific user into the Server Site's group
/// </summary>
/// <param name="userEmail"></param>
/// <param name="thisProvisionGroup"></param>
/// <param name="siteUsersList"></param>
private void Execute_ProvisionGroups_SingleGroup_AddUser(
TableauServerSignIn siteSignIn,
string userEmail,
SiteGroup siteGroup,
WorkingListSiteUsers siteUsersList)
{
var siteUserToAddToGroup = siteUsersList.FindUserByName(userEmail);
//Sanity test. If the user is not a member of the site, they cannot be added to a group
if (siteUserToAddToGroup == null)
{
CSVRecord_ErrorUpdatingUser(userEmail, "", "", "User not on site. Cannot be added to group");
_statusLogs.AddError("User not on site. Cannot be added to group, " + userEmail);
return; //FAILED
}
switch (_provisionInstructions.ActionForMissingGroupMembers)
{
case ProvisionUserInstructions.MissingGroupMemberAction.Add:
//Call the server and add the user
var addUserToGroup = new SendAddUserToGroup(siteSignIn, siteUserToAddToGroup.Id, siteGroup.Id);
bool userGroupAddSuccess = addUserToGroup.ExecuteRequest();
if (userGroupAddSuccess)
{
//SUCCESS
CSVRecord_GroupModified_WithUser(siteGroup.Name, "added member", siteUserToAddToGroup.Name, "");
_statusLogs.AddStatus("Group membership: Added " + siteUserToAddToGroup.Name + " to group " + siteGroup.Name);
}
else
{
CSVRecord_ErrorUpdatingUser(userEmail, "", "", "User could not be added to group " + siteGroup.Name);
_statusLogs.AddError("Group membership error: Failed to add " + siteUserToAddToGroup.Name + " to group " + siteGroup.Name);
}
return;
case ProvisionUserInstructions.MissingGroupMemberAction.Report:
//We are instructed to NOT REALLY add the user, jsut report
CSVRecord_GroupModified_WithUser(siteGroup.Name, "SIMULATED added member", siteUserToAddToGroup.Name, "");
return;
default:
IwsDiagnostics.Assert(false, "814-433: Unknown action");
throw new Exception("814-433: Unknown action");
}
}
/// <summary>
/// Handle the provisioning for a single user
/// </summary>
/// <param name="userToProvision"></param>
/// <param name="siteSignIn"></param>
/// <param name="workingListUnexaminedUsers"></param>
private void Execute_ProvisionUsers_SingleUser(
ProvisioningUser userToProvision,
TableauServerSignIn siteSignIn,
WorkingListSiteUsers workingListUnexaminedUsers,
WorkingListSiteUsers workingList_allKnownUsers)
{
//See if a user with this name already exists
var foundExistingUser = workingListUnexaminedUsers.FindUserByName(userToProvision.UserName);
ProvisionUserInstructions.MissingUserAction missingUserAction;
ProvisionUserInstructions.UnexpectedUserAction unexpectedUserAction;
//Get the instructions based on the desired Auth model for the user we are provisioning
switch (userToProvision.UserAuthenticationParsed)
{
case SiteUserAuth.Default:
missingUserAction = _provisionInstructions.ActionForMissingDefaultAuthUsers;
unexpectedUserAction = _provisionInstructions.ActionForUnexpectedDefaultAuthUsers;
break;
case SiteUserAuth.SAML:
missingUserAction = _provisionInstructions.ActionForMissingSamlUsers;
unexpectedUserAction = _provisionInstructions.ActionForUnexpectedSamlUsers;
break;
case SiteUserAuth.OpenID:
missingUserAction = _provisionInstructions.ActionForMissingOpenIdUsers;
unexpectedUserAction = _provisionInstructions.ActionForUnexpectedOpenIdUsers;
break;
default:
var unknownAuthType = userToProvision.UserAuthentication;
if (unknownAuthType == null)
{
unknownAuthType = "";
}
IwsDiagnostics.Assert(false, "814-1204: Unknown auth type, " + unknownAuthType);
throw new Exception("814-1204: Unknown auth type, " + unknownAuthType);
}
//===============================================================================================
//CASE 1: The user does NOT exist. So add them
//===============================================================================================
if (foundExistingUser == null)
{
Execute_ProvisionUsers_SingleUser_AddUser(siteSignIn, userToProvision, missingUserAction, workingList_allKnownUsers);
return;
}
//===============================================================================================
//CASE 2a: The user EXISTS but is not the right AUTH; update them
//===============================================================================================
if (string.Compare(foundExistingUser.SiteAuthentication, userToProvision.UserAuthentication, true) != 0)
{
//Update the user
Execute_ProvisionUsers_SingleUser_ModifyUser(siteSignIn, userToProvision, foundExistingUser);
return;
}
//===============================================================================================
//CASE 2b: The user EXISTS but is not the right ROLE; update them
//===============================================================================================
else if (string.Compare(foundExistingUser.SiteRole, userToProvision.UserRole, true) != 0)
{
//==================================================================================================================================================================
//CASE 2b: Special case (to support Grant License on Sign In: If the user provisioning insturctions ALLOW
//NOTE: If the authentication schemes do not match, then move foward with modifying the user -- this is a more fundamental change, and we should honor it explicitly
//==================================================================================================================================================================
if (userToProvision.AllowPromotedRole)
{
var existingUserRoleRank = ProvisioningUser.CalculateRoleRank(foundExistingUser.SiteRole);
if (existingUserRoleRank > userToProvision.RoleRank)
{
_statusLogs.AddStatus("No action: Provisioning rule for this user allow keeping existing higher ranked role. User: "******", " + foundExistingUser.SiteRole);
return;
}
}
//CASE 2c: Update the user because the provisioning Role differs from the existing user's Role
Execute_ProvisionUsers_SingleUser_ModifyUser(siteSignIn, userToProvision, foundExistingUser);
return;
}
//===============================================================================================
//CASE 3: The user exists and does NOT need to be modified
//===============================================================================================
_statusLogs.AddStatus("No action: User exists and has expected role and authentication. User: " + userToProvision.UserName);
}
/// <summary>
/// Provisioning for a single group
/// </summary>
/// <param name="siteSignIn"></param>
/// <param name="thisProvisionGroup"></param>
/// <param name="existingGroups"></param>
private void Execute_ProvisionGroups_SingleGroup(
TableauServerSignIn siteSignIn,
ProvisioningGroup thisProvisionGroup,
DownloadGroupsList existingGroups,
WorkingListSiteUsers siteUsersList)
{
_statusLogs.AddStatusHeader("Provision the group: " + thisProvisionGroup.GroupName);
var thisExistingGroup = existingGroups.FindGroupWithName(thisProvisionGroup.GroupName);
ICollection <SiteUser> existingUsersInGroup = new List <SiteUser>();
//If the Group does not exist on server then create it
if (thisExistingGroup == null)
{
var createGroup = new SendCreateGroup(siteSignIn, thisProvisionGroup.GroupName);
thisExistingGroup = createGroup.ExecuteRequest();
CSVRecord_GroupModified(thisExistingGroup.Name, "created group", "");
_statusLogs.AddStatus("Created group: " + thisExistingGroup.Name);
//--------------------------------------------------------------------------
//Do we need to update the group's Grant License?
//--------------------------------------------------------------------------
Execute_ProvisionGroups_SingleGroup_GrantLicenseUpdate(siteSignIn, thisProvisionGroup, thisExistingGroup);
}
else
{
//Download the members of the group
var downloadGroupMembers = new DownloadUsersListInGroup(siteSignIn, thisExistingGroup.Id);
downloadGroupMembers.ExecuteRequest();
existingUsersInGroup = downloadGroupMembers.Users;
//--------------------------------------------------------------------------
//Do we need to update the group's Grant License?
//--------------------------------------------------------------------------
Execute_ProvisionGroups_SingleGroup_GrantLicenseUpdate(siteSignIn, thisProvisionGroup, thisExistingGroup);
}
//====================================================================================
//Keep a list of the remaining users in the Server Site's group
//====================================================================================
var workingListUnexaminedUsers = new WorkingListSiteUsers(existingUsersInGroup);
//====================================================================================
//Go through each of the users we need to provision, and see if they are in the group
//already
//====================================================================================
foreach (var provisionThisUser in thisProvisionGroup.Members)
{
var userInGroup = workingListUnexaminedUsers.FindUserByName(provisionThisUser);
if (userInGroup != null)
{
//The user is already in the group, no need to add them
workingListUnexaminedUsers.RemoveUser(userInGroup);
}
else
{
//Add the user to the group
try
{
Execute_ProvisionGroups_SingleGroup_AddUser(siteSignIn, provisionThisUser, thisExistingGroup, siteUsersList);
}
catch (Exception exAddUserToGroup) //Unexpected error case
{
IwsDiagnostics.Assert(false, "811-700: Internal error adding user to group: " + exAddUserToGroup.Message);
_statusLogs.AddError("811-700: Internal error adding user to group: " + exAddUserToGroup.Message);
}
}
}
//==============================================================================
//Remove any remaining users that are in the Server Site's Group but not in
//our provisioning list
//==============================================================================
foreach (var unexpectedUser in workingListUnexaminedUsers.GetUsers())
{
try
{
Execute_ProvisionGroups_RemoveSingleUser(siteSignIn, unexpectedUser, thisExistingGroup);
}
catch (Exception exUnxpectedUsers)
{
_statusLogs.AddError("Error removing unexpected user in GROUP " + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message);
CSVRecord_ErrorUpdatingUser(unexpectedUser.Name, unexpectedUser.SiteRole, unexpectedUser.SiteAuthentication, "Error removing unexpected user in GROUP" + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message);
}
}
}
