private void EnsureValidConfigurationIfCreating(PCMSOrganizationModel pcms)
{
if (pcms.MasterEncryptionKey == null)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.MasterEncryptionKey));
}
if (Convert.FromBase64String(pcms.MasterEncryptionKey).Length != AES_KEY_SIZE_BYTES)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.MasterEncryptionKey));
}
if (pcms.PCMSBridgeUserPassword == null)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.PCMSBridgeUserPassword));
}
if (pcms.AWSAccessKeyID == null)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.AWSAccessKeyID));
}
if (pcms.AWSSecretAccessKey == null)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.AWSSecretAccessKey));
}
if (pcms.AWSS3BucketName == null)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.AWSS3BucketName));
}
if (pcms.AWSS3Region == null)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.AWSS3Region));
}
}
private void ConfigureEDiscoveryAndLEO(OrganizationModel organizationModel, PCMSOrganizationModel pcms)
{
if (pcms.EDiscoveryActive != null)
{
organizationModel.WriteForFolder("eDiscovery[isactive]", pcms.EDiscoveryActive);
}
if (pcms.LEOActive != null)
{
organizationModel.WriteForFolder("LEOUpload[isactive]", pcms.LEOActive);
}
}
private void EnsureValidConfigurationBasic(PCMSOrganizationModel pcms)
{
// validate configuration
if (pcms == null)
{
throw new ArgumentNullException(nameof(pcms));
}
if (pcms.CountyID == 0)
{
throw new ArgumentNullException(nameof(PCMSOrganizationModel.CountyID));
}
}
private void ConfigureEvents(OrganizationModel organizationModel, PCMSOrganizationModel pcms)
{
organizationModel.WriteForFolder("_events", new List <EventQueueMapBase> {
new EventQueueManager()
}, withTypeName: true);
organizationModel.WriteForFolder("_imagegen[options]", new List <ImageGenMessage>
{
new ImageGenMessage
{
Format = ImageFormatEnum.PNG,
AlternativeViewSizeType = "Thumbnail",
MaxHeight = 100
}
});
}
private OrganizationIdentifier CreateOrganizationIdentifier(PCMSOrganizationModel pcms)
{
return(new OrganizationIdentifier(pcms.UseOrganizationKey ?? $"PCMS:{pcms.CountyID}"));
}
public async Task <bool> OrganizationExists(PCMSOrganizationModel pcms)
{
var organizationModel = await api.Organization.GetAsync(CreateOrganizationIdentifier(pcms));
return(organizationModel != null);
}
private async Task ConfigureBackendAsync(OrganizationModel organizationModel, PCMSOrganizationModel pcms)
{
// create a private folder to store backend configuration
var privateFolder = new FolderModel(new FolderIdentifier(organizationModel.Identifier, ":private"))
.InitializeEmptyMetadata()
.InitializeEmptyPrivileges();
// write the backend configuration into the folder's metadata
var backendConfiguration = new BackendConfiguration
{
DriverTypeName = "Documents.Backends.Drivers.Encryption.Driver, Documents.Backends.Drivers.Encryption",
ConfigurationJSON = JsonConvert.SerializeObject(new
{
NextDriverTypeName = "Documents.Backends.Drivers.S3.Driver, Documents.Backends.Drivers.S3",
MasterKey = pcms.MasterEncryptionKey,
NextDriverConfigurationJson = JsonConvert.SerializeObject(new
{
AWSRegion = pcms.AWSS3Region,
BucketName = pcms.AWSS3BucketName,
pcms.AWSSecretAccessKey,
pcms.AWSAccessKeyID
})
})
};
privateFolder.Write(MetadataKeyConstants.BACKEND_CONFIGURATION, backendConfiguration);
privateFolder.WriteACLs("read", idSystem);
privateFolder.WriteACLs("write", idSystem);
privateFolder.WriteACLs("gateway", idSystem, idOrganizationMember);
privateFolder.Write("synchronize", new
{
ConnectionString = pcms.PCMSDBConnectionString,
pcms.CountyID,
LastChangeLogID = 0,
LastAccountChangeLogID = 0
});
if (organizationModel.Read <bool?>("synchronize[isactive]") == null)
{
organizationModel.Write("synchronize[isactive]", true);
}
await api.Folder.PutAsync(privateFolder);
}
private async Task ConfigureSuggestedPathsFolder(OrganizationModel organizationModel, PCMSOrganizationModel pcms)
{
var suggestedPathsFolderIdentifier = new FolderIdentifier(organizationModel.Identifier, ":suggestedpaths");
var suggestedPathsFolder = await api.Folder.GetAsync(suggestedPathsFolderIdentifier)
?? new FolderModel(suggestedPathsFolderIdentifier)
.InitializeEmptyMetadata()
.InitializeEmptyPrivileges();
if (suggestedPathsFolder.Read <List <string> >("_paths") == null)
{
suggestedPathsFolder.Write("_paths", new string[0]);
await api.Folder.PutAsync(suggestedPathsFolder);
}
}
private async Task ConfigureBridgeUserAsync(OrganizationModel organizationModel, PCMSOrganizationModel pcms)
{
// create a user for the PCMS Documents Bridge
var user = await api.User.PutAsync(new UserModel
{
Identifier = new UserIdentifier(
organizationModel.Identifier,
$"{organizationModel.Identifier.OrganizationKey}:Bridge"
),
EmailAddress = "*****@*****.**",
FirstName = "PCMS",
LastName = "Bridge"
});
await api.User.AccessIdentifiersPutAsync(user.Identifier, new[] { idOrganizationMember, idOrganizationPCMSBridge, "x:pcms" });
await api.User.PasswordPutAsync(user.Identifier, pcms.PCMSBridgeUserPassword);
}
public async Task <OrganizationModel> OrganizationApply(PCMSOrganizationModel pcms)
{
EnsureValidConfigurationBasic(pcms);
var isOrganizationNew = false;
// create the organization
var organizationIdentifier = CreateOrganizationIdentifier(pcms);
var organizationModel = await api.Organization.GetAsync(organizationIdentifier);
if (organizationModel == null)
{
isOrganizationNew = true;
EnsureValidConfigurationIfCreating(pcms);
organizationModel = new OrganizationModel(organizationIdentifier)
{
Name = pcms.CountyName
}
.InitializeEmptyMetadata()
.InitializeEmptyPrivileges();
}
organizationModel.Write("type", "pcms");
// define user access identifiers
idSystem = "u:system";
idOrganizationMember = $"o:{organizationIdentifier.OrganizationKey}";
idOrganizationPCMSBridge = $"o:{organizationIdentifier.OrganizationKey}:bridge";
idDeleteDocuments = $"g:DocumentsDeleteGenerated";
organizationModel.WriteACLs("read", idSystem, idOrganizationMember);
organizationModel.WriteACLs("write", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLs("delete", idSystem);
organizationModel.WriteACLs("folder:create", idSystem, idOrganizationMember);
organizationModel.WriteACLs("user:create", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLs("user:read", idSystem, idOrganizationMember);
organizationModel.WriteACLs("user:write", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLs("user:delete", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLs("user:credentials", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLs("user:identifiers", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLs("user:impersonate", idSystem, idOrganizationPCMSBridge);
organizationModel.WriteACLsForFolder("create", idSystem, idOrganizationMember);
organizationModel.WriteACLsForFolder("read", idSystem, idOrganizationMember);
organizationModel.WriteACLsForFolder("write", idSystem, idOrganizationMember);
organizationModel.WriteACLsForFolder("delete", idSystem, idDeleteDocuments);
organizationModel.WriteACLsForFolder("file:create", idSystem, idOrganizationMember);
organizationModel.WriteACLsForFile("read", idSystem, idOrganizationMember);
organizationModel.WriteACLsForFile("write", idSystem, idOrganizationMember);
organizationModel.WriteACLsForFile("delete", idSystem, idDeleteDocuments);
this.ConfigureEDiscoveryAndLEO(organizationModel, pcms);
this.ConfigureEvents(organizationModel, pcms);
this.ConfigureSearch(organizationModel);
await api.Organization.PutAsync(organizationModel);
await this.ConfigureSuggestedPathsFolder(organizationModel, pcms);
// only write the BackendConfiguration when the organization is
// new. This prevents changing buckets with this tool, but
// it also prevents overwriting master keys
if (isOrganizationNew || pcms.OverrideBackendConfiguration)
{
await this.ConfigureBackendAsync(organizationModel, pcms);
}
if (isOrganizationNew || pcms.PCMSBridgeUserPassword != null)
{
await this.ConfigureBridgeUserAsync(organizationModel, pcms);
}
await this.ConfigureVideoWatermarkingAsync(organizationModel);
await this.ConfigureNotificationTemplatesAsync(organizationModel);
return(organizationModel);
}
