public ActionResult Delete(string id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
//Unable to find group based on parameter
ad_group_roles ad_group_roles = db.ad_group_roles.Where(x => x.group_name == id).FirstOrDefault();
if (ad_group_roles == null)
{
return(HttpNotFound());
}
//Get the Active Directory Group Roles and save it to the model
List <string> allRoles = GetRoleNames();
List <string> adGroupRoles = db.ad_group_roles.Where(x => x.group_name == id).Select(z => z.role_name).ToList();
ADGroupRolesViewModel model = new ADGroupRolesViewModel();
model.allRoles = allRoles;
model.groupName = id;
model.groupRoles = adGroupRoles;
return(View(model));
}
public ActionResult Create()
{
List <string> allRoles = GetRoleNames();
ADGroupRolesViewModel model = new ADGroupRolesViewModel();
model.allRoles = allRoles;
return(View(model));
}
public ActionResult Index()
{
List <ADGroupRolesViewModel> model = new List <ADGroupRolesViewModel>();
List <string> adGroupNames = db.ad_group_roles.Select(x => x.group_name).Distinct().ToList();
foreach (var adGroupName in adGroupNames)
{
List <string> adGroupRoles = db.ad_group_roles.Where(x => x.group_name == adGroupName).Select(z => z.role_name).ToList();
ADGroupRolesViewModel adGroupRole = new ADGroupRolesViewModel();
adGroupRole.groupName = adGroupName;
adGroupRole.groupRoles = adGroupRoles;
model.Add(adGroupRole);
}
return(View(model));
}
public ActionResult DeleteConfirmed(string id)
{
try
{
ADGroupRolesViewModel adGroupRolesViewModel = new ADGroupRolesViewModel();
adGroupRolesViewModel.groupName = id;
adGroupRolesViewModel.groupRoles = db.ad_group_roles.Where(x => x.group_name == id).Select(z => z.role_name).ToList();
//Get a list of all the accounts that belong to the selected AD Group Name
List <string> accounts = GetADAccounts(adGroupRolesViewModel.groupName);
if (accounts == null)
{
ModelState.AddModelError(id, "Failed to retrieve users belonging to the AD Group.");
return(View(id));
}
//Loop through list of PAL names and create accounts(if needed) and add permissions(if selected)
foreach (string account in accounts)
{
//Check to see if an identity account exists
bool userExists = AccountExists(account);
if (userExists)
{
if (adGroupRolesViewModel.groupRoles.Count > 0)
{
foreach (var role in adGroupRolesViewModel.groupRoles)
{
//Does the role come from the group that is being deleted
if (IsPermissionedByGroupToEdit(account, role, adGroupRolesViewModel.groupName))
{
//Does the role come from other groups that still apply the role
if (!IsPermissionedByOtherGroups(account, role, adGroupRolesViewModel.groupName))
{
var userId = UserManager.FindByName(account).Id;
if (UserManager.IsInRole(userId, role))
{
UserManager.RemoveFromRole(userId, role);
}
}
}
}
//If the account has no roles, delete it
var user = UserManager.FindByName(account);
var roles = UserManager.GetRoles(user.Id);
if (roles.Count == 0)
{
UserManager.Delete(user);
}
}
}
}
foreach (var role in adGroupRolesViewModel.groupRoles)
{
ad_group_roles searchGroup = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).Where(x => x.role_name == role).FirstOrDefault();
db.ad_group_roles.Attach(searchGroup);
db.Entry(searchGroup).State = EntityState.Deleted;
}
db.SaveChanges();
return(RedirectToAction("Index"));
}
catch (Exception ex)
{
Error error = new Error();
error.handleError(ex, "Exception occured during Group Authorization.");
ModelState.AddModelError(string.Empty, "There was a problem when attempting to delete a group. We are aware of the issue and will investigate. Please try permissioning a group again. If the issue continues contact an Administrator.");
return(View(id));
}
}
public ActionResult Edit(ADGroupRolesViewModel adGroupRolesViewModel)
{
try
{
if (ModelState.IsValid)
{
//Check to see that permissions were changed for the active directory group
//Get the current list of roles for the active directory group
List <string> adGroupRoles = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).Select(z => z.role_name).OrderBy(x => x).ToList();
//Sequence requires same order
adGroupRolesViewModel.groupRoles.OrderBy(x => x);
//If the selected Roles are different to whats on record we update account permissions
if (!adGroupRolesViewModel.groupRoles.SequenceEqual(adGroupRoles))
{
//Get a list of all the accounts that belong to the selected AD Group Name
List <string> accounts = GetADAccounts(adGroupRolesViewModel.groupName);
if (accounts == null)
{
ModelState.AddModelError(adGroupRolesViewModel.groupName, "Failed to retrieve users belonging to the AD Group.");
return(View(adGroupRolesViewModel));
}
//Compare newly selected roles and current and get a list of removed roles
List <string> removedRoles = adGroupRoles.Except(adGroupRolesViewModel.groupRoles).ToList();
//Compare current and newly selected roles and get a list of newly selected roles
List <string> newRoles = adGroupRolesViewModel.groupRoles.Except(adGroupRoles).ToList();
//Loop through list of PAL names and create accounts(if needed) and add permissions(if selected)
foreach (string account in accounts)
{
//Check to see if an identity account exists
bool userExists = AccountExists(account);
if (userExists)
{
if (removedRoles.Count > 0)
{
foreach (var role in removedRoles)
{
//Does the removed role come from the group that is being edited
if (IsPermissionedByGroupToEdit(account, role, adGroupRolesViewModel.groupName))
{
//Does the removed role come from other groups that still apply the role
if (!IsPermissionedByOtherGroups(account, role, adGroupRolesViewModel.groupName))
{
var userId = UserManager.FindByName(account).Id;
if (UserManager.IsInRole(userId, role))
{
UserManager.RemoveFromRole(userId, role);
}
}
}
}
}
//For every new role assign the user the role if they aren't assigned it yet
if (newRoles.Count > 0)
{
foreach (var role in newRoles)
{
var userId = UserManager.FindByName(account).Id;
if (!UserManager.IsInRole(userId, role))
{
UserManager.AddToRole(userId, role);
}
}
}
}
}
//For all the removed roles, remove the record to the ad_group_roles table
foreach (var role in removedRoles)
{
ad_group_roles searchGroup = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).Where(x => x.role_name == role).FirstOrDefault();
db.ad_group_roles.Attach(searchGroup);
db.Entry(searchGroup).State = EntityState.Deleted;
}
//For all the new roles, add a record to the ad_group_roles table
foreach (var role in newRoles)
{
ad_group_roles ad = new ad_group_roles();
ad.group_name = adGroupRolesViewModel.groupName;
ad.role_name = role;
db.ad_group_roles.Add(ad);
}
db.SaveChanges();
return(RedirectToAction("Index"));
}
}
return(View(adGroupRolesViewModel));
}
catch (Exception ex)
{
Error error = new Error();
error.handleError(ex, "Exception occured during Group Authorization.");
ModelState.AddModelError(string.Empty, "There was a problem when attempting to permission a group. We are aware of the issue and will investigate. Please try permissioning a group again. If the issue continues contact an Administrator.");
List <string> allRoles = GetRoleNames();
adGroupRolesViewModel.allRoles = allRoles;
return(View(adGroupRolesViewModel));
}
}
public ActionResult Create(ADGroupRolesViewModel adGroupRolesViewModel)
{
try
{
adGroupRolesViewModel.allRoles = GetRoleNames();
if (ModelState.IsValid)
{
//Check to see if the AD Group Name already exists in the database
ad_group_roles existing = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).FirstOrDefault();
if (existing != null)
{
ModelState.AddModelError(adGroupRolesViewModel.groupName, "Active Directory Group is already authorized.");
return(View(adGroupRolesViewModel));
}
//Get a list of all the accounts that belong to the AD Group Name
List <string> accounts = GetADAccounts(adGroupRolesViewModel.groupName);
if (accounts == null)
{
ModelState.AddModelError(adGroupRolesViewModel.groupName, "Failed to retrieve users belonging to the AD Group.");
return(View(adGroupRolesViewModel));
}
//Loop through list of PAL names and create accounts(if needed) and add permissions(if selected)
foreach (string account in accounts)
{
//Check to see if an identity account exists
bool userExists = AccountExists(account);
if (!userExists)
{
//Create an identity account for the supplied PAL username
CreateAccount(account);
}
//Check if account exists before attempting to apply permissions
//CreateAccount function doesn't create an account if no associated email can be found
//Check if any roles were selected, can authorize a group without setting roles
if (adGroupRolesViewModel.groupRoles != null && AccountExists(account))
{
//Get the user id of the account
var userId = UserManager.FindByName(account).Id;
//For all the selected roles, assign the role to the user
foreach (var role in adGroupRolesViewModel.groupRoles)
{
if (!UserManager.IsInRole(userId, role))
{
UserManager.AddToRole(userId, role);
}
}
}
}
//Check if any roles were selected
if (adGroupRolesViewModel.groupRoles != null)
{
//For all the selected roles, save a record to the ad_group_roles table
foreach (var role in adGroupRolesViewModel.groupRoles)
{
ad_group_roles ad = new ad_group_roles();
ad.group_name = adGroupRolesViewModel.groupName;
ad.role_name = role;
db.ad_group_roles.Add(ad);
}
db.SaveChanges();
}
return(RedirectToAction("Index"));
}
return(View(adGroupRolesViewModel));
}
catch (Exception ex)
{
Error error = new Error();
error.handleError(ex, "Exception occured during Group Authorization.");
ModelState.AddModelError(string.Empty, "There was a problem when attempting to authorize a group. We are aware of the issue and will investigate. Please try authorizing a group again. If the issue continues contact an Administrator.");
List <string> allRoles = GetRoleNames();
adGroupRolesViewModel.allRoles = allRoles;
return(View(adGroupRolesViewModel));
}
}
