private bool CanAccessOwner(int businessId, int ownerId) { // validate that the current user can access this record string userId = UserAccountHelper.GetUserId(_httpContext); bool isBusiness = UserAccountHelper.IsBusiness(_httpContext); // not a business user if (string.IsNullOrEmpty(userId) || !isBusiness) { return(false); } // get business & owner record HetOwner owner = _context.HetOwner.AsNoTracking() .Include(x => x.Business) .ThenInclude(x => x.HetBusinessUser) .FirstOrDefault(x => x.BusinessId == businessId && x.OwnerId == ownerId); // get user HetBusinessUser user = owner?.Business?.HetBusinessUser .FirstOrDefault(x => x.BceidUserId.Equals(userId, StringComparison.InvariantCultureIgnoreCase)); // no access to business or business doesn't exist return(user != null); }
/// <summary> /// Get user record using the user id from the http context /// </summary> /// <param name="context"></param> /// <param name="httpContext"></param> /// <returns></returns> public static User GetUser(DbAppContext context, HttpContext httpContext) { User user = new User(); // is this a business? bool isBusinessUser = IsBusiness(httpContext); string userId = GetUserId(httpContext); if (!isBusinessUser) { HetUser tmpUser = context.HetUser.AsNoTracking() .FirstOrDefault(x => x.SmUserId.ToLower().Equals(userId.ToLower())); if (tmpUser != null) { user.Id = tmpUser.UserId; user.SmUserId = tmpUser.SmUserId; user.GivenName = tmpUser.GivenName; user.Surname = tmpUser.Surname; user.DisplayName = tmpUser.GivenName + " " + tmpUser.Surname; user.UserGuid = tmpUser.Guid; user.BusinessUser = false; user.SmAuthorizationDirectory = tmpUser.SmAuthorizationDirectory; user.AgreementCity = tmpUser.AgreementCity; } } else { HetBusinessUser tmpUser = context.HetBusinessUser.AsNoTracking() .FirstOrDefault(x => x.BceidUserId.ToLower().Equals(userId.ToLower())); if (tmpUser != null) { // get business HetBusiness business = context.HetBusiness.AsNoTracking() .First(x => x.BusinessId == tmpUser.BusinessId); user.Id = tmpUser.BusinessUserId; user.SmUserId = tmpUser.BceidUserId; user.GivenName = tmpUser.BceidFirstName; user.Surname = tmpUser.BceidLastName; user.DisplayName = tmpUser.BceidDisplayName; user.UserGuid = tmpUser.BceidGuid; user.BusinessUser = true; user.BusinessId = tmpUser.BusinessId; user.BusinessGuid = business.BceidBusinessGuid; user.SmAuthorizationDirectory = "BCeID"; } } return(user); }
public virtual IActionResult UsersCurrentGet() { _logger.LogDebug("Get Current User"); // get the current user id string businessGuid = _context.SmBusinessGuid; string userId = _context.SmUserId; _logger.LogDebug("User Id: {0}", userId); _logger.LogDebug("Business Guid: {0}", businessGuid); // not found - return an HTTP 401 error response if (string.IsNullOrEmpty(userId)) { return(StatusCode(401)); } User user = new User(); if (string.IsNullOrEmpty(businessGuid)) { HetUser currentUser = _context.HetUser .Include(x => x.District) .Include(x => x.HetUserRole) .ThenInclude(y => y.Role) .ThenInclude(z => z.HetRolePermission) .ThenInclude(z => z.Permission) .First(x => x.SmUserId == userId); // remove inactive roles for (int i = currentUser.HetUserRole.Count - 1; i >= 0; i--) { if (currentUser.HetUserRole.ElementAt(i).EffectiveDate > DateTime.UtcNow || (currentUser.HetUserRole.ElementAt(i).ExpiryDate != null && currentUser.HetUserRole.ElementAt(i).ExpiryDate < DateTime.UtcNow)) { currentUser.HetUserRole.Remove(currentUser.HetUserRole.ElementAt(i)); } } user.Id = currentUser.UserId; user.SmUserId = currentUser.SmUserId; user.GivenName = currentUser.GivenName; user.Surname = currentUser.Surname; user.DisplayName = currentUser.GivenName + " " + currentUser.Surname; user.UserGuid = currentUser.Guid; user.BusinessUser = false; user.District = currentUser.District; user.HetUserDistrict = currentUser.HetUserDistrict; user.HetUserRole = currentUser.HetUserRole; user.SmAuthorizationDirectory = currentUser.SmAuthorizationDirectory; // set environment user.Environment = "Development"; if (_env.IsProduction()) { user.Environment = "Production"; } else if (_env.IsStaging()) { user.Environment = "Test"; } else if (_env.IsEnvironment("Training")) { user.Environment = "Training"; } else if (_env.IsEnvironment("UAT")) { user.Environment = "UAT"; } } else { HetBusinessUser tmpUser = _context.HetBusinessUser.AsNoTracking() .Include(x => x.HetBusinessUserRole) .ThenInclude(y => y.Role) .ThenInclude(z => z.HetRolePermission) .ThenInclude(z => z.Permission) .FirstOrDefault(x => x.BceidUserId.Equals(userId, StringComparison.InvariantCultureIgnoreCase)); if (tmpUser != null) { // get business HetBusiness business = _context.HetBusiness.AsNoTracking() .First(x => x.BusinessId == tmpUser.BusinessId); user.Id = tmpUser.BusinessUserId; user.SmUserId = tmpUser.BceidUserId; user.GivenName = tmpUser.BceidFirstName; user.Surname = tmpUser.BceidLastName; user.DisplayName = tmpUser.BceidDisplayName; user.UserGuid = tmpUser.BceidGuid; user.BusinessUser = true; user.BusinessId = tmpUser.BusinessId; user.BusinessGuid = business.BceidBusinessGuid; user.SmAuthorizationDirectory = "BCeID"; int id = 0; foreach (HetBusinessUserRole role in tmpUser.HetBusinessUserRole) { id++; HetUserRole userRole = new HetUserRole { UserRoleId = id, UserId = role.BusinessUserId, RoleId = role.RoleId, Role = role.Role }; if (user.HetUserRole == null) { user.HetUserRole = new List <HetUserRole>(); } user.HetUserRole.Add(userRole); } } } return(new ObjectResult(new HetsResponse(user))); }
/// <summary> /// Get business user record /// </summary> /// <param name="context"></param> /// <param name="httpContext"></param> /// <param name="userId"></param> /// <param name="businessGuid"></param> /// <param name="guid"></param> /// <returns></returns> public static HetBusinessUser GetBusinessUser(DbAppContext context, HttpContext httpContext, string userId, string businessGuid, string guid = null) { // find the business HetBusiness business = context.HetBusiness.AsNoTracking() .FirstOrDefault(x => x.BceidBusinessGuid.ToLower().Trim() == businessGuid.ToLower().Trim()); // setup the business if (business == null) { business = new HetBusiness { BceidBusinessGuid = businessGuid.ToLower().Trim(), AppCreateUserDirectory = "BCeID", AppCreateUserGuid = guid, AppCreateUserid = userId, AppCreateTimestamp = DateTime.UtcNow, AppLastUpdateUserDirectory = "BCeID", AppLastUpdateUserGuid = guid, AppLastUpdateUserid = userId, AppLastUpdateTimestamp = DateTime.UtcNow }; // get additional business data string legalName = httpContext.Request.Headers[ConstSiteMinderBusinessLegalName]; string businessNumber = httpContext.Request.Headers[ConstSiteMinderBusinessNumber]; if (!string.IsNullOrEmpty(legalName)) { business.BceidLegalName = legalName; } if (!string.IsNullOrEmpty(businessNumber)) { business.BceidBusinessNumber = businessNumber; } // save record context.HetBusiness.Add(business); context.SaveChanges(); } else { // update business information string legalName = httpContext.Request.Headers[ConstSiteMinderBusinessLegalName]; string businessNumber = httpContext.Request.Headers[ConstSiteMinderBusinessNumber]; if (!string.IsNullOrEmpty(legalName)) { business.BceidLegalName = legalName; } if (!string.IsNullOrEmpty(businessNumber)) { business.BceidBusinessNumber = businessNumber; } business.AppLastUpdateUserDirectory = "BCeID"; business.AppLastUpdateUserGuid = guid; business.AppLastUpdateUserid = userId; business.AppLastUpdateTimestamp = DateTime.UtcNow; context.SaveChanges(); } // ok - now find the user HetBusinessUser user = context.HetBusinessUser .FirstOrDefault(x => x.BusinessId == business.BusinessId && x.BceidUserId == userId); if (user == null) { // auto register the user user = new HetBusinessUser { BceidUserId = userId, BceidGuid = guid, BusinessId = business.BusinessId, AppCreateUserDirectory = "BCeID", AppCreateUserGuid = guid, AppCreateUserid = userId, AppCreateTimestamp = DateTime.UtcNow, AppLastUpdateUserDirectory = "BCeID", AppLastUpdateUserGuid = guid, AppLastUpdateUserid = userId, AppLastUpdateTimestamp = DateTime.UtcNow }; // get additional user data string displayName = httpContext.Request.Headers[ConstSiteMinderUserDisplayName]; string email = httpContext.Request.Headers[ConstSiteMinderEmail]; if (!string.IsNullOrEmpty(displayName)) { user.BceidDisplayName = displayName; } if (!string.IsNullOrEmpty(email)) { user.BceidEmail = email; } // add the "Business Logon" role HetBusinessUserRole userRole = new HetBusinessUserRole { RoleId = StatusHelper.GetRoleId("Business BCeID", context), EffectiveDate = DateTime.UtcNow.AddMinutes(-10), AppCreateUserDirectory = "BCeID", AppCreateUserGuid = guid, AppCreateUserid = userId, AppCreateTimestamp = DateTime.UtcNow, AppLastUpdateUserDirectory = "BCeID", AppLastUpdateUserGuid = guid, AppLastUpdateUserid = userId, AppLastUpdateTimestamp = DateTime.UtcNow }; user.HetBusinessUserRole.Add(userRole); // save record context.HetBusinessUser.Add(user); context.SaveChanges(); } else { // update the user string displayName = httpContext.Request.Headers[ConstSiteMinderUserDisplayName]; string email = httpContext.Request.Headers[ConstSiteMinderEmail]; if (!string.IsNullOrEmpty(displayName)) { user.BceidDisplayName = displayName; } if (!string.IsNullOrEmpty(email)) { user.BceidEmail = email; } context.SaveChanges(); } // get complete user record (with roles) and return user = context.HetBusinessUser.AsNoTracking() .Where(x => x.BusinessId == business.BusinessId && x.BceidUserId == userId) .Include(u => u.HetBusinessUserRole) .ThenInclude(r => r.Role) .ThenInclude(rp => rp.HetRolePermission) .ThenInclude(p => p.Permission) .FirstOrDefault(); // detach user and return if (user != null) { context.Entry(user).State = EntityState.Detached; } return(user); }