Example #1
0
        protected void ButtonSubmit_Click(object sender, EventArgs e)
        {
            DateTime dateOfBirth = new DateTime(1800, 1, 1);  // null equivalent

            if (this.TextDateOfBirth.Text.Length > 0)
            {
                dateOfBirth = DateTime.Parse(this.TextDateOfBirth.Text);
            }

            string street = this.TextStreet1.Text;

            if (!string.IsNullOrEmpty(this.TextStreet2.Text))
            {
                street += "|" + this.TextStreet2.Text;
            }

            Person newPerson = Person.Create(this.TextName.Text, this.TextMail.Text, string.Empty, this.TextPhone.Text,
                                             street, this.TextPostal.Text, this.TextCity.Text, this.DropCountries.SelectedValue, dateOfBirth,
                                             (PersonGender)Enum.Parse(typeof(PersonGender), this.DropGenders.SelectedValue));

            DateTime            participationExpiry = Constants.DateTimeHigh;
            ParticipantMailType welcomeMailType     = ParticipantMailType.ParticipantAddedWelcome_NoExpiry;

            int participationDurationMonths = Int32.Parse(CurrentOrganization.Parameters.ParticipationDuration);

            if (participationDurationMonths < 1000)
            {
                participationExpiry = DateTime.Today.AddMonths(participationDurationMonths);
                welcomeMailType     = ParticipantMailType.ParticipantAddedWelcome;
            }

            Participation newParticipation = Participation.Create(newPerson, CurrentOrganization, participationExpiry);

            OutboundComm.CreateParticipantMail(welcomeMailType, newParticipation, CurrentUser);

            newPerson.LastLogonOrganizationId = CurrentOrganization.Identity;

            SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(newPerson,
                                                                new Swarmops.Logic.Support.LogEntries.PersonAddedLogEntry(newParticipation, CurrentUser));

            logEntry.CreateAffectedObject(newParticipation);
            logEntry.CreateAffectedObject(CurrentUser);

            // Clear form and make way for next person

            this.TextName.Text             = string.Empty;
            this.TextStreet1.Text          = string.Empty;
            this.TextStreet2.Text          = string.Empty;
            this.TextMail.Text             = string.Empty;
            this.TextPhone.Text            = string.Empty;
            this.TextPostal.Text           = string.Empty;
            this.TextCity.Text             = string.Empty;
            this.TextDateOfBirth.Text      = string.Empty;
            this.DropGenders.SelectedValue = "Unknown";

            this.TextName.Focus();
            this.LiteralLoadAlert.Text = Resources.Pages.Swarm.AddPerson_PersonSuccessfullyRegistered;
        }
Example #2
0
        protected void ButtonSubmit_Click(object sender, EventArgs e)
        {
            DateTime dateOfBirth = new DateTime(1800, 1, 1);  // null equivalent

            if (this.TextDateOfBirth.Text.Length > 0)
            {
                dateOfBirth = DateTime.Parse(this.TextDateOfBirth.Text);
            }

            string street = this.TextStreet1.Text;

            if (!string.IsNullOrEmpty(this.TextStreet2.Text))
            {
                street += "|" + this.TextStreet2.Text;
            }

            Person newPerson = Person.Create(this.TextName.Text, this.TextMail.Text, string.Empty, this.TextPhone.Text,
                                             street, this.TextPostal.Text, this.TextCity.Text, this.DropCountries.SelectedValue, dateOfBirth,
                                             (PersonGender)Enum.Parse(typeof(PersonGender), this.DropGenders.SelectedValue));

            Membership newMembership = Membership.Create(newPerson, CurrentOrganization, DateTime.Today.AddYears(1));

            OutboundComm.CreateMembershipLetter(ParticipantMailType.MemberAddedWelcome, newMembership, CurrentUser);

            SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(newPerson,
                                                                new Swarmops.Logic.Support.LogEntries.PersonAddedLogEntry(newMembership, CurrentUser));

            logEntry.CreateAffectedObject(newMembership);
            logEntry.CreateAffectedObject(CurrentUser);

            // Clear form and make way for next person

            this.TextName.Text             = string.Empty;
            this.TextStreet1.Text          = string.Empty;
            this.TextStreet2.Text          = string.Empty;
            this.TextMail.Text             = string.Empty;
            this.TextPhone.Text            = string.Empty;
            this.TextPostal.Text           = string.Empty;
            this.TextCity.Text             = string.Empty;
            this.TextDateOfBirth.Text      = string.Empty;
            this.DropGenders.SelectedValue = "Unknown";

            this.TextName.Focus();
            this.LiteralLoadAlert.Text = Resources.Pages.Swarm.AddPerson_PersonSuccessfullyRegistered;
        }
        public static AjaxCallResult Commence(int personId)
        {
            AuthenticationData authData = GetAuthenticationDataAndCulture();

            if (!authData.Authority.HasSystemAccess())
            {
                // Restrict impersonation to system-level access for now: it's a debugging tool

                return(new AjaxCallResult
                {
                    Success = false,
                    DisplayMessage = CommonV5.JavascriptEscape(Resources.Pages.Admin.CommenceImpersonation_Failed)
                });
            }

            // BEGIN IMPERSONATION

            Person impersonatedPerson = Person.FromIdentity(personId);

            SwarmopsLogEntry newEntry = SwarmopsLog.CreateEntry(impersonatedPerson,
                                                                new ImpersonationLogEntry {
                ImpersonatorPersonId = authData.CurrentUser.PersonId, Started = true
            });

            newEntry.CreateAffectedObject(authData.CurrentUser); // link impersonator to log entry for searchability

            // Someone who has system level access can always impersonate => no further access control at this time

            // SECURITY CONSIDERATIONS: If somebody replaces/fires a superior? Trivially undoable at the database level

            DateTime  utcNow = DateTime.UtcNow;
            Authority impersonatingAuthority = Authority.FromLogin(impersonatedPerson, authData.CurrentOrganization);

            impersonatingAuthority.Impersonation = new Impersonation
            {
                ImpersonatedByPersonId = authData.CurrentUser.PersonId,
                ImpersonationStarted   = utcNow
            };

            FormsAuthentication.SetAuthCookie(impersonatingAuthority.ToEncryptedXml(), false);
            HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Admin.CommenceImpersonation_Success, utcNow))));
            return(new AjaxCallResult {
                Success = true
            });
        }
Example #4
0
        public static AjaxCallResult TerminateImpersonation()
        {
            AuthenticationData authData = GetAuthenticationDataAndCulture();

            if (!authData.Authority.ImpersonationActive)
            {
                return(new AjaxCallResult {
                    Success = false
                });                                          // no impersonation active. Race condition?
            }

            int    realUserPersonId = authData.Authority.Impersonation.ImpersonatedByPersonId;
            Person impersonator     = Person.FromIdentity(realUserPersonId);

            // Terminate impersonation and set new authority cookie from the impersonator data.
            // VERY SECURITY SENSITIVE: The identity as impersonator will be the new user.

            // TODO: LOG LOG LOG LOG

            SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(authData.CurrentUser,
                                                                new ImpersonationLogEntry
            {
                ImpersonatorPersonId = impersonator.Identity,
                Started = false
            });

            logEntry.CreateAffectedObject(impersonator); // link impersonator to log entry for searchability

            DateTime utcNow = DateTime.UtcNow;

            Authority authority =
                Authority.FromLogin(impersonator, authData.CurrentOrganization);

            FormsAuthentication.SetAuthCookie(authority.ToEncryptedXml(), false);
            HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Admin.CommenceImpersonation_Ended, utcNow))));

            // returning Success will force a reload, resetting dashboard to original user

            return(new AjaxCallResult {
                Success = true
            });
        }
Example #5
0
        public static AjaxInputCallResult SetPersonEditorData(int personId, string field, string newValue)
        {
            if (newValue == null || field == null)
            {
                throw new ArgumentNullException();
            }

            AuthenticationData authData = GetAuthenticationDataAndCulture();
            bool self = false;

            // Are we modifying ourselves?

            if (personId == 0)   // request self record
            {
                self     = true; // may make use of this later
                personId = authData.CurrentUser.Identity;
            }

            // Preliminary input validation

            if (string.IsNullOrEmpty(newValue))
            {
                if (field != "TwitterId") // These fields may be set to empty; default is disallow
                {
                    return(new AjaxInputCallResult
                    {
                        Success = false,
                        ObjectIdentity = personId,
                        DisplayMessage = Resources.Global.Global_FieldCannotBeEmpty,
                        FailReason = AjaxInputCallResult.ErrorInvalidFormat,
                        NewValue = GetPersonValue(personId, field)
                    });
                }
            }

            // Verify authority to see and change personal data

            Person affectedPerson = Person.FromIdentity(personId);

            if (!self)
            {
                if (!authData.Authority.CanSeePerson(affectedPerson) ||
                    !authData.Authority.HasAccess(new Access(authData.CurrentOrganization, affectedPerson.Geography,
                                                             AccessAspect.PersonalData)))
                {
                    throw new UnauthorizedAccessException();
                }
            }

            string oldValue;
            string displayMessage = string.Empty;

            while (newValue.Contains("  "))
            {
                newValue = newValue.Trim().Replace("  ", " ");  // double, triple, quadruple spaces reduced to one
            }

            switch (field)
            {
            case "Name":
                oldValue            = affectedPerson.Name;
                affectedPerson.Name = newValue;
                break;

            case "Mail":
                oldValue            = affectedPerson.Mail;
                affectedPerson.Mail = newValue;
                break;

            case "Phone":
                oldValue             = affectedPerson.Phone;
                affectedPerson.Phone = newValue;
                if (!Regex.IsMatch(newValue, @"^[0-9 \(\)\-\+]+$"))
                {
                    // using characters not typically seen in a phone number? Warn
                    displayMessage = Resources.Global.Master_EditPersonWarning_Phone;
                }
                break;

            case "TwitterId":
                if (newValue.StartsWith("@"))
                {
                    newValue = newValue.Substring(1);
                }
                oldValue = affectedPerson.TwitterId;
                affectedPerson.TwitterId = newValue;
                break;

            default:
                throw new ArgumentException("Unrecognized field in /Automation/SwarmFunctions.SetPersonEditorData");
            }

            SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(affectedPerson, new PersonalDataChangedLogEntry
            {
                ActingPersonId   = authData.CurrentUser.PersonId,
                AffectedPersonId = affectedPerson.PersonId,
                Field            = field,
                IpAddress        = SupportFunctions.GetMostLikelyRemoteIPAddress(),
                OldValue         = oldValue,
                NewValue         = newValue
            });

            if (!self)
            {
                logEntry.CreateAffectedObject(authData.CurrentUser);
            }

            return(new AjaxInputCallResult
            {
                ObjectIdentity = personId,
                Success = true,
                NewValue = newValue,
                DisplayMessage = displayMessage
            });
        }