protected override void OnParameterChanged(object sender, NotifyCollectionChangedEventArgs e)
{
if (base.Parameter.Any(a => a.Key == DataModelName))
{
this.CurrentDataModel = (User)(base.Parameter.FirstOrDefault(a => a.Key == DataModelName).Value as User).Clone();
var tmp = Utility.Security.AESDecrypt(CurrentDataModel.SecurityPassword);
CurrentDataModel.SecurityPassword = tmp;
CurrentDataModel.ConfirmSecurityPassword = tmp;
foreach (var v in dbContext.UserRoleDb.GetList(a => a.UserId == CurrentDataModel.Id))
{
SelectedRoleList.Add(RoleList.FirstOrDefault(a => a.Id == v.RoleId));
}
SelectedRoleList.CollectionChanged += SelectedRoleList_CollectionChanged;
CurrentDataModel.PropertyChanged += CurrentDataModel_PropertyChanged;
}
}
/// <summary>
/// Gets a list of forms the user is authorised for and in what states.
/// </summary>
/// <param name="session">Contains session and user information used to determine access rights.</param>
/// <param name="roleList">The list of roles.</param>
/// <returns>A list of forms the user is authorised for and in what states, serialized as JSON.</returns>
/// <remarks>
/// A user is deemed to be authorised for a form if they have <see cref="AccessLevel.Read"/> access or greater
/// to the form in at least one state.
/// </remarks>
public virtual UserFormAccessList GetAuthorisedForms(SecureSession session, RoleList roleList)
{
session = session ?? new SecureSession();
var organisationIds = session.AuthenticatedUser == null ? new string[0] : session.AuthenticatedUser.Organisations.Select(o => o.Key).ToArray();
Dictionary<string, string> roles = this.DetermineRolesForUser(session, roleList);
var applicationEntitlements = this.securityService.GetApplicationEntitlements(organisationIds, null).GroupBy(e => new { e.ProductId, e.ProductVersion });
if (this.IsAdministrator(session))
{
UserFormAccessList returnList = new UserFormAccessList();
foreach (var entitlement in applicationEntitlements)
{
List<string> allStates = entitlement.Select(e => e.StateName).Distinct().ToList();
returnList.Add(new UserFormAccess(entitlement.Key.ProductId, allStates));
}
return returnList;
}
UserFormAccessList formAccessList = new UserFormAccessList();
string originatorRoleId = roleList.FirstOrDefault(r => r.RoleName == SecurityConstants.OriginatorRoleName && r.SystemDefined).Id;
string assigneeRoleId = roleList.FirstOrDefault(r => r.RoleName == SecurityConstants.AssigneeRoleName && r.SystemDefined).Id;
foreach (var entitlements in applicationEntitlements)
{
List<string> explicitStates = entitlements.Where(e => roles.ContainsKey(e.RoleId) && e.AccessLevel > AccessLevel.NoAccess)
.Select(e => e.StateName).ToList();
List<string> ownedStates = new List<string>();
List<string> originatorStates = new List<string>();
if (session.AuthenticatedUser != null)
{
ownedStates = entitlements.Where(e => e.RoleId == assigneeRoleId && e.AccessLevel > AccessLevel.NoAccess).Select(e => e.StateName).ToList();
originatorStates = entitlements.Where(e => e.RoleId == originatorRoleId && e.AccessLevel > AccessLevel.NoAccess).Select(e => e.StateName).ToList();
}
if (explicitStates.Count > 0 || ownedStates.Count > 0 || originatorStates.Count > 0)
{
Dictionary<string, List<string>> implicitStates = new Dictionary<string, List<string>>
{
{ SecurityConstants.AssigneeRoleName, ownedStates },
{ SecurityConstants.OriginatorRoleName, originatorStates }
};
formAccessList.Add(new UserFormAccess(entitlements.Key.ProductId, explicitStates, implicitStates));
}
}
return formAccessList;
}
/// <summary>
/// Imports the roles.
/// </summary>
/// <param name="userId">The user making the request.</param>
/// <param name="roles">The list of roles to import.</param>
/// <param name="allRoles">A list of all roles already in the system.</param>
/// <param name="validationResults">A list of validation results.</param>
/// <param name="migrationResults">A list to which import results will be appended.</param>
/// <returns>A map of role ids, where the old id is the key and the new id is the value.</returns>
private Dictionary<string, string> ImportRoles(string userId, RoleList roles, RoleList allRoles, MigrationDataResults validationResults, MigrationDataResults migrationResults)
{
Dictionary<string, string> systemRoleMap = new Dictionary<string, string>();
foreach (Role role in roles)
{
if (role.SystemDefined)
{
string mappedValue = allRoles.FirstOrDefault(r => r.RoleName == role.RoleName).Id;
systemRoleMap.Add(role.Id, mappedValue);
migrationResults.AddNotification(role, MessageType.Information, string.Format(Messages.Import_RoleSkipped, role.RoleName));
continue;
}
if (!validationResults.GetNotificationsFor(role).CanImport)
{
migrationResults.AddNotification(role, MessageType.Information, string.Format(Messages.Import_RoleSkipped, role.RoleName));
continue;
}
this.manager.SaveRole(userId, role, true);
migrationResults.AddNotification(role, MessageType.Information, string.Format(Messages.Import_RoleSuccess, role.RoleName));
}
return systemRoleMap;
}
/// <summary>
/// Determines the applicable roles for <paramref name="session"/>.
/// </summary>
/// <param name="session">Contains session and user information used to determine access rights.</param>
/// <param name="roleList">The list of roles.</param>
/// <param name="application">The application, if relevant Defaults to <see langword="null"/>.</param>
/// <returns>The applicable roles for <paramref name="session"/>.</returns>
private Dictionary<string, string> DetermineRolesForUser(SecureSession session, RoleList roleList, Application application = null)
{
session = session ?? new SecureSession();
application = application ?? new Application();
Role publicRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.PublicRoleName);
Dictionary<string, string> roleDict = publicRole == null ? new Dictionary<string, string>() : new Dictionary<string, string> { { publicRole.Id, publicRole.RoleName } };
string compareTo = this.GetSessionUserId(session);
if (application.IsCreatedBy(compareTo))
{
Role originatorRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.OriginatorRoleName);
if (originatorRole != null)
{
roleDict.Add(originatorRole.Id, originatorRole.RoleName);
}
}
if (session.AuthenticatedUser == null)
{
return roleDict;
}
if (session.AuthenticatedUser.IsAdministrator())
{
foreach (var role in roleList)
{
if (roleDict.ContainsKey(role.Id))
{
continue;
}
roleDict.Add(role.Id, role.RoleName);
}
return roleDict;
}
foreach (var userRole in session.AuthenticatedUser.Roles)
{
if (roleList.Exists(role => role.Id == userRole.Key && role.Enabled))
{
roleDict.Add(userRole.Key, userRole.Value);
}
}
if (!string.IsNullOrEmpty(application.AssignedTo) && session.AuthenticatedUser.Id == application.AssignedTo)
{
Role assigneeRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.AssigneeRoleName);
if (assigneeRole != null)
{
roleDict.Add(assigneeRole.Id, assigneeRole.RoleName);
}
}
return roleDict;
}
/// <summary>
/// Adds and removes roles from the user <paramref name="sourceUser"/>, to match with <paramref name="targetUser"/>
/// </summary>
/// <param name="targetUser">The user that should be matched.</param>
/// <param name="sourceUser">The user to have roles added and removed.</param>
/// <param name="roles">The role list.</param>
/// <returns><see langword="true"/> if the user was updated, else <see langword="false"/>.</returns>
public static bool UpdateRoles(this User targetUser, UpdateUser sourceUser, RoleList roles)
{
var updated = false;
var addRoles = sourceUser.RoleUpdates.Where(x => x.OperationType == UpdateOperationType.Upsert);
foreach (var addRole in addRoles)
{
var role = roles.FirstOrDefault(r => r.Id == addRole.UpdateObject);
if (role == null || targetUser.Roles.ContainsKey(role.Id))
{
continue;
}
targetUser.Roles[role.Id] = role.RoleName;
updated = true;
}
var removeRoles = sourceUser.RoleUpdates.Where(x => x.OperationType == UpdateOperationType.Remove);
foreach (var removeRole in removeRoles)
{
if (!targetUser.Roles.ContainsKey(removeRole.UpdateObject))
{
continue;
}
targetUser.Roles.Remove(removeRole.UpdateObject);
updated = true;
}
return updated;
}