public void CreateUser(UsersObject newUser)
{
CPDatabase database = null;
ADGroup ldapGroup = null;
ADUser ldapUser = null;
CloudPanelTransaction newUserTransaction = new CloudPanelTransaction();
try
{
// Insert into database
database = new CPDatabase();
// Make sure the user doesn't already exist
var foundUser = (from u in database.Users
where u.UserPrincipalName == newUser.UserPrincipalName
select u).FirstOrDefault();
if (foundUser != null)
ThrowEvent(AlertID.FAILED, "User already exists " + newUser.UserPrincipalName);
else
{
// Get the company's OU where we need to save the user
var companyDistinguishedName = (from c in database.Companies
where !c.IsReseller
where c.CompanyCode == newUser.CompanyCode
select c.DistinguishedName).First();
// Check if they are using a custom user's OU
if (!string.IsNullOrEmpty(StaticSettings.UsersOU))
companyDistinguishedName = string.Format("OU={0},{1}", StaticSettings.UsersOU, companyDistinguishedName);
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
UsersObject createdUser = ldapUser.NewUser(newUser, companyDistinguishedName, StaticSettings.AllowCustomNameAttribute);
newUserTransaction.NewUser(createdUser.UserPrincipalName);
// Add the users to the groups
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.AddMember("AllUsers@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");
if (newUser.IsCompanyAdmin)
ldapGroup.AddMember("Admins@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");
// Insert into database
User sqlUser = new User();
sqlUser.UserGuid = createdUser.UserGuid;
sqlUser.CompanyCode = createdUser.CompanyCode;
sqlUser.sAMAccountName = createdUser.sAMAccountName;
sqlUser.UserPrincipalName = createdUser.UserPrincipalName;
sqlUser.DistinguishedName = createdUser.DistinguishedName;
sqlUser.DisplayName = createdUser.DisplayName;
sqlUser.Firstname = createdUser.Firstname;
sqlUser.Middlename = createdUser.Middlename;
sqlUser.Lastname = createdUser.Lastname;
sqlUser.Email = string.Empty;
sqlUser.Department = createdUser.Department;
sqlUser.IsResellerAdmin = createdUser.IsResellerAdmin;
sqlUser.IsCompanyAdmin = createdUser.IsCompanyAdmin;
sqlUser.MailboxPlan = 0;
sqlUser.TSPlan = 0;
sqlUser.LyncPlan = 0;
sqlUser.Created = DateTime.Now;
sqlUser.AdditionalMB = 0;
sqlUser.ActiveSyncPlan = 0;
database.Users.Add(sqlUser);
// Insert permissions into database
if (createdUser.IsCompanyAdmin)
{
UserPermission newPermissions = new UserPermission();
newPermissions.UserID = sqlUser.ID;
newPermissions.EnableExchange = createdUser.EnableExchangePerm;
newPermissions.DisableExchange = createdUser.DisableExchangePerm;
newPermissions.AddDomain = createdUser.AddDomainPerm;
newPermissions.DeleteDomain = createdUser.DeleteDomainPerm;
newPermissions.EnableAcceptedDomain = createdUser.EnableAcceptedDomainPerm;
newPermissions.DisableAcceptedDomain = createdUser.DisableAcceptedDomainPerm;
database.UserPermissions.Add(newPermissions);
}
database.SaveChanges();
}
}
catch (Exception ex)
{
ThrowEvent(AlertID.FAILED, ex.Message);
// Rollback on error
newUserTransaction.RollBack();
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (ldapGroup != null)
ldapGroup.Dispose();
if (database != null)
database.Dispose();
}
}
public void UpdateUser(UsersObject updateUser, bool isSuperOrResellerAdmin)
{
CPDatabase database = null;
ADGroup ldapGroup = null;
ADUser ldapUser = null;
try
{
database = new CPDatabase();
// Get the user from the database
var foundUser = (from u in database.Users
where u.UserPrincipalName == updateUser.UserPrincipalName
select u).FirstOrDefault();
if (foundUser == null)
ThrowEvent(AlertID.FAILED, "Unknown user " + updateUser.UserPrincipalName);
else
{
this.logger.Debug("Found user " + foundUser.UserPrincipalName + " in the database. Continuing...");
// Update the user values
foundUser.Firstname = updateUser.Firstname;
foundUser.Middlename = updateUser.Middlename;
foundUser.Lastname = updateUser.Lastname;
foundUser.DisplayName = updateUser.DisplayName;
foundUser.Department = updateUser.Department;
// Update user in Active Directory
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapUser.UpdateUser(updateUser, StaticSettings.AllowCustomNameAttribute);
// Only update these values if super admin or reseller admin is modifying the user
if (isSuperOrResellerAdmin)
{
this.logger.Debug("Super admin or reseller is updating user so we can check comapny admin permissions and reseller permissions");
foundUser.IsCompanyAdmin = updateUser.IsCompanyAdmin;
foundUser.IsResellerAdmin = updateUser.IsResellerAdmin;
// Get permissions from database
var userPermissions = (from p in database.UserPermissions
where p.UserID == foundUser.ID
select p).FirstOrDefault();
// If the user is no longer a company admin then remove permissions from the database
if (userPermissions != null && !updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " is no longer a comapny admin. Need to remove rights from database and security group");
database.UserPermissions.Remove(userPermissions);
// Remove from Admins@ security group
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.RemoveMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
}
else if (userPermissions != null && updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " is a company admin. Need to update company admin rights in database.");
// If user permissions was found and the user is company admin then update the values
userPermissions.EnableExchange = updateUser.EnableExchangePerm;
userPermissions.DisableExchange = updateUser.DisableExchangePerm;
userPermissions.AddDomain = updateUser.AddDomainPerm;
userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
}
else if (userPermissions == null && updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " does not have any existing company admin rights. We need to add them to the database.");
// No existing permissions were found and we need to add to database
userPermissions = new UserPermission();
userPermissions.UserID = foundUser.ID;
userPermissions.EnableExchange = updateUser.EnableExchangePerm;
userPermissions.DisableExchange = updateUser.DisableExchangePerm;
userPermissions.AddDomain = updateUser.AddDomainPerm;
userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
database.UserPermissions.Add(userPermissions);
// Add to Admins@ security group
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.AddMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
}
}
else
this.logger.Debug("User making changes to " + updateUser.UserPrincipalName + " is not a super admin or reseller admin. We cannot update company admin or reseller admin permissions unless the user making changes is a super or reseller admin.");
// Update database
database.SaveChanges();
}
}
catch (Exception ex)
{
this.logger.Debug("Error updating user " + updateUser.UserPrincipalName, ex);
ThrowEvent(AlertID.FAILED, ex.Message);
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (ldapGroup != null)
ldapGroup.Dispose();
if (database != null)
database.Dispose();
}
}