public ActionResult Delete(string id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } //Unable to find group based on parameter ad_group_roles ad_group_roles = db.ad_group_roles.Where(x => x.group_name == id).FirstOrDefault(); if (ad_group_roles == null) { return(HttpNotFound()); } //Get the Active Directory Group Roles and save it to the model List <string> allRoles = GetRoleNames(); List <string> adGroupRoles = db.ad_group_roles.Where(x => x.group_name == id).Select(z => z.role_name).ToList(); ADGroupRolesViewModel model = new ADGroupRolesViewModel(); model.allRoles = allRoles; model.groupName = id; model.groupRoles = adGroupRoles; return(View(model)); }
public ActionResult Create() { List <string> allRoles = GetRoleNames(); ADGroupRolesViewModel model = new ADGroupRolesViewModel(); model.allRoles = allRoles; return(View(model)); }
public ActionResult Index() { List <ADGroupRolesViewModel> model = new List <ADGroupRolesViewModel>(); List <string> adGroupNames = db.ad_group_roles.Select(x => x.group_name).Distinct().ToList(); foreach (var adGroupName in adGroupNames) { List <string> adGroupRoles = db.ad_group_roles.Where(x => x.group_name == adGroupName).Select(z => z.role_name).ToList(); ADGroupRolesViewModel adGroupRole = new ADGroupRolesViewModel(); adGroupRole.groupName = adGroupName; adGroupRole.groupRoles = adGroupRoles; model.Add(adGroupRole); } return(View(model)); }
public ActionResult DeleteConfirmed(string id) { try { ADGroupRolesViewModel adGroupRolesViewModel = new ADGroupRolesViewModel(); adGroupRolesViewModel.groupName = id; adGroupRolesViewModel.groupRoles = db.ad_group_roles.Where(x => x.group_name == id).Select(z => z.role_name).ToList(); //Get a list of all the accounts that belong to the selected AD Group Name List <string> accounts = GetADAccounts(adGroupRolesViewModel.groupName); if (accounts == null) { ModelState.AddModelError(id, "Failed to retrieve users belonging to the AD Group."); return(View(id)); } //Loop through list of PAL names and create accounts(if needed) and add permissions(if selected) foreach (string account in accounts) { //Check to see if an identity account exists bool userExists = AccountExists(account); if (userExists) { if (adGroupRolesViewModel.groupRoles.Count > 0) { foreach (var role in adGroupRolesViewModel.groupRoles) { //Does the role come from the group that is being deleted if (IsPermissionedByGroupToEdit(account, role, adGroupRolesViewModel.groupName)) { //Does the role come from other groups that still apply the role if (!IsPermissionedByOtherGroups(account, role, adGroupRolesViewModel.groupName)) { var userId = UserManager.FindByName(account).Id; if (UserManager.IsInRole(userId, role)) { UserManager.RemoveFromRole(userId, role); } } } } //If the account has no roles, delete it var user = UserManager.FindByName(account); var roles = UserManager.GetRoles(user.Id); if (roles.Count == 0) { UserManager.Delete(user); } } } } foreach (var role in adGroupRolesViewModel.groupRoles) { ad_group_roles searchGroup = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).Where(x => x.role_name == role).FirstOrDefault(); db.ad_group_roles.Attach(searchGroup); db.Entry(searchGroup).State = EntityState.Deleted; } db.SaveChanges(); return(RedirectToAction("Index")); } catch (Exception ex) { Error error = new Error(); error.handleError(ex, "Exception occured during Group Authorization."); ModelState.AddModelError(string.Empty, "There was a problem when attempting to delete a group. We are aware of the issue and will investigate. Please try permissioning a group again. If the issue continues contact an Administrator."); return(View(id)); } }
public ActionResult Edit(ADGroupRolesViewModel adGroupRolesViewModel) { try { if (ModelState.IsValid) { //Check to see that permissions were changed for the active directory group //Get the current list of roles for the active directory group List <string> adGroupRoles = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).Select(z => z.role_name).OrderBy(x => x).ToList(); //Sequence requires same order adGroupRolesViewModel.groupRoles.OrderBy(x => x); //If the selected Roles are different to whats on record we update account permissions if (!adGroupRolesViewModel.groupRoles.SequenceEqual(adGroupRoles)) { //Get a list of all the accounts that belong to the selected AD Group Name List <string> accounts = GetADAccounts(adGroupRolesViewModel.groupName); if (accounts == null) { ModelState.AddModelError(adGroupRolesViewModel.groupName, "Failed to retrieve users belonging to the AD Group."); return(View(adGroupRolesViewModel)); } //Compare newly selected roles and current and get a list of removed roles List <string> removedRoles = adGroupRoles.Except(adGroupRolesViewModel.groupRoles).ToList(); //Compare current and newly selected roles and get a list of newly selected roles List <string> newRoles = adGroupRolesViewModel.groupRoles.Except(adGroupRoles).ToList(); //Loop through list of PAL names and create accounts(if needed) and add permissions(if selected) foreach (string account in accounts) { //Check to see if an identity account exists bool userExists = AccountExists(account); if (userExists) { if (removedRoles.Count > 0) { foreach (var role in removedRoles) { //Does the removed role come from the group that is being edited if (IsPermissionedByGroupToEdit(account, role, adGroupRolesViewModel.groupName)) { //Does the removed role come from other groups that still apply the role if (!IsPermissionedByOtherGroups(account, role, adGroupRolesViewModel.groupName)) { var userId = UserManager.FindByName(account).Id; if (UserManager.IsInRole(userId, role)) { UserManager.RemoveFromRole(userId, role); } } } } } //For every new role assign the user the role if they aren't assigned it yet if (newRoles.Count > 0) { foreach (var role in newRoles) { var userId = UserManager.FindByName(account).Id; if (!UserManager.IsInRole(userId, role)) { UserManager.AddToRole(userId, role); } } } } } //For all the removed roles, remove the record to the ad_group_roles table foreach (var role in removedRoles) { ad_group_roles searchGroup = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).Where(x => x.role_name == role).FirstOrDefault(); db.ad_group_roles.Attach(searchGroup); db.Entry(searchGroup).State = EntityState.Deleted; } //For all the new roles, add a record to the ad_group_roles table foreach (var role in newRoles) { ad_group_roles ad = new ad_group_roles(); ad.group_name = adGroupRolesViewModel.groupName; ad.role_name = role; db.ad_group_roles.Add(ad); } db.SaveChanges(); return(RedirectToAction("Index")); } } return(View(adGroupRolesViewModel)); } catch (Exception ex) { Error error = new Error(); error.handleError(ex, "Exception occured during Group Authorization."); ModelState.AddModelError(string.Empty, "There was a problem when attempting to permission a group. We are aware of the issue and will investigate. Please try permissioning a group again. If the issue continues contact an Administrator."); List <string> allRoles = GetRoleNames(); adGroupRolesViewModel.allRoles = allRoles; return(View(adGroupRolesViewModel)); } }
public ActionResult Create(ADGroupRolesViewModel adGroupRolesViewModel) { try { adGroupRolesViewModel.allRoles = GetRoleNames(); if (ModelState.IsValid) { //Check to see if the AD Group Name already exists in the database ad_group_roles existing = db.ad_group_roles.Where(x => x.group_name == adGroupRolesViewModel.groupName).FirstOrDefault(); if (existing != null) { ModelState.AddModelError(adGroupRolesViewModel.groupName, "Active Directory Group is already authorized."); return(View(adGroupRolesViewModel)); } //Get a list of all the accounts that belong to the AD Group Name List <string> accounts = GetADAccounts(adGroupRolesViewModel.groupName); if (accounts == null) { ModelState.AddModelError(adGroupRolesViewModel.groupName, "Failed to retrieve users belonging to the AD Group."); return(View(adGroupRolesViewModel)); } //Loop through list of PAL names and create accounts(if needed) and add permissions(if selected) foreach (string account in accounts) { //Check to see if an identity account exists bool userExists = AccountExists(account); if (!userExists) { //Create an identity account for the supplied PAL username CreateAccount(account); } //Check if account exists before attempting to apply permissions //CreateAccount function doesn't create an account if no associated email can be found //Check if any roles were selected, can authorize a group without setting roles if (adGroupRolesViewModel.groupRoles != null && AccountExists(account)) { //Get the user id of the account var userId = UserManager.FindByName(account).Id; //For all the selected roles, assign the role to the user foreach (var role in adGroupRolesViewModel.groupRoles) { if (!UserManager.IsInRole(userId, role)) { UserManager.AddToRole(userId, role); } } } } //Check if any roles were selected if (adGroupRolesViewModel.groupRoles != null) { //For all the selected roles, save a record to the ad_group_roles table foreach (var role in adGroupRolesViewModel.groupRoles) { ad_group_roles ad = new ad_group_roles(); ad.group_name = adGroupRolesViewModel.groupName; ad.role_name = role; db.ad_group_roles.Add(ad); } db.SaveChanges(); } return(RedirectToAction("Index")); } return(View(adGroupRolesViewModel)); } catch (Exception ex) { Error error = new Error(); error.handleError(ex, "Exception occured during Group Authorization."); ModelState.AddModelError(string.Empty, "There was a problem when attempting to authorize a group. We are aware of the issue and will investigate. Please try authorizing a group again. If the issue continues contact an Administrator."); List <string> allRoles = GetRoleNames(); adGroupRolesViewModel.allRoles = allRoles; return(View(adGroupRolesViewModel)); } }