/// -----------------------------------------------------------------------------
        /// <summary>
        /// DeleteButonVisible returns a boolean indicating if the delete button for
        /// the specified UserID, RoleID pair should be shown
        /// </summary>
        /// <remarks>
        /// </remarks>
        /// <param name="UserID">The ID of the user to check delete button visibility for</param>
        /// <param name="RoleID">The ID of the role to check delete button visibility for</param>
        /// <history>
        ///     [anurse]	01/13/2007	Created
        /// </history>
        /// -----------------------------------------------------------------------------
        public bool DeleteButtonVisible(int UserID, int RoleID)
        {
            //[DNN-4285] Check if the role can be removed (only handles case of Administrator and Administrator Role
            bool canDelete = RoleController.CanRemoveUserFromRole(PortalSettings, UserID, RoleID);

            if (RoleID == PortalSettings.AdministratorRoleId && canDelete)
            {
                //User can only delete if in Admin role
                canDelete = PortalSecurity.IsInRole(PortalSettings.AdministratorRoleName);
            }
            return(canDelete);
        }
        public UserRoleDto SaveUserRole(int portalId, UserInfo currentUserInfo, UserRoleDto userRoleDto, bool notifyUser,
                                        bool isOwner)
        {
            PortalSettings portalSettings = this.PortalSettings;

            if (this.PortalSettings.PortalId != portalId)
            {
                portalSettings = this.GetPortalSettings(portalId);
            }

            if (!UserRoleDto.AllowExpiredRole(portalSettings, userRoleDto.UserId, userRoleDto.RoleId))
            {
                userRoleDto.StartTime = userRoleDto.ExpiresTime = Null.NullDate;
            }

            var user = UserController.Instance.GetUserById(portalId, userRoleDto.UserId);
            var role = RoleController.Instance.GetRoleById(portalId, userRoleDto.RoleId);

            if (role == null || role.Status != RoleStatus.Approved)
            {
                throw new Exception(Localization.GetString("RoleIsNotApproved", Constants.LocalResourcesFile));
            }

            if (currentUserInfo.IsSuperUser || currentUserInfo.Roles.Contains(portalSettings.AdministratorRoleName) ||
                (!currentUserInfo.IsSuperUser && !currentUserInfo.Roles.Contains(portalSettings.AdministratorRoleName) &&
                 role.RoleType != RoleType.Administrator))
            {
                if (role.SecurityMode != SecurityMode.SocialGroup && role.SecurityMode != SecurityMode.Both)
                {
                    isOwner = false;
                }

                RoleController.AddUserRole(user, role, portalSettings, RoleStatus.Approved, userRoleDto.StartTime,
                                           userRoleDto.ExpiresTime, notifyUser, isOwner);
                var addedRole = RoleController.Instance.GetUserRole(portalId, userRoleDto.UserId, userRoleDto.RoleId);

                return(new UserRoleDto
                {
                    UserId = addedRole.UserID,
                    RoleId = addedRole.RoleID,
                    DisplayName = addedRole.FullName,
                    RoleName = addedRole.RoleName,
                    StartTime = addedRole.EffectiveDate,
                    ExpiresTime = addedRole.ExpiryDate,
                    AllowExpired = UserRoleDto.AllowExpiredRole(portalSettings, user.UserID, role.RoleID),
                    AllowDelete = RoleController.CanRemoveUserFromRole(portalSettings, user.UserID, role.RoleID)
                });
            }
            throw new Exception(Localization.GetString("InSufficientPermissions", Constants.LocalResourcesFile));
        }
        public HttpResponseMessage GetRoleUsers(string keyword, int roleId, int pageIndex, int pageSize)
        {
            try
            {
                var role = RoleController.Instance.GetRoleById(PortalId, roleId);
                if (role == null)
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.NotFound, Localization.GetString("RoleNotFound", Components.Constants.LocalResourcesFile)));
                }

                if (role.RoleID == PortalSettings.AdministratorRoleId && !IsAdmin())
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                       Localization.GetString("InvalidRequest", Components.Constants.LocalResourcesFile)));
                }

                var users = RoleController.Instance.GetUserRoles(PortalId, Null.NullString, role.RoleName);
                if (!string.IsNullOrEmpty(keyword))
                {
                    users =
                        users.Where(u => u.FullName.StartsWith(keyword, StringComparison.OrdinalIgnoreCase))
                        .ToList();
                }

                var totalRecords = users.Count;
                var startIndex   = pageIndex * pageSize;
                var portal       = PortalController.Instance.GetPortal(PortalId);
                var pagedData    = users.Skip(startIndex).Take(pageSize).Select(u => new UserRoleDto()
                {
                    UserId       = u.UserID,
                    RoleId       = u.RoleID,
                    DisplayName  = u.FullName,
                    StartTime    = u.EffectiveDate,
                    ExpiresTime  = u.ExpiryDate,
                    AllowExpired = AllowExpired(u.UserID, u.RoleID),
                    AllowDelete  = RoleController.CanRemoveUserFromRole(portal, u.UserID, u.RoleID)
                });

                return(Request.CreateResponse(HttpStatusCode.OK, new { users = pagedData, totalRecords }));
            }
            catch (Exception ex)
            {
                Logger.Error(ex);
                return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
            }
        }
Exemple #4
0
        public static UserRoleDto FromRoleInfo(PortalSettings portalSettings, UserRoleInfo userRole)
        {
            if (userRole == null)
            {
                return(null);
            }

            return(new UserRoleDto()
            {
                Id = userRole.UserRoleID,
                UserId = userRole.UserID,
                DisplayName = userRole.FullName,
                RoleId = userRole.RoleID,
                RoleName = userRole.RoleName,
                StartTime = userRole.EffectiveDate,
                ExpiresTime = userRole.ExpiryDate,
                AllowExpired = AllowExpiredRole(portalSettings, userRole.UserID, userRole.RoleID),
                AllowDelete = RoleController.CanRemoveUserFromRole(portalSettings, userRole.UserID, userRole.RoleID),
                AllowOwner = (userRole.SecurityMode == SecurityMode.SocialGroup) || (userRole.SecurityMode == SecurityMode.Both)
            });
        }
        public HttpResponseMessage AddUserToRole(UserRoleDto userRoleDto, bool notifyUser, bool isOwner)
        {
            try
            {
                Validate(userRoleDto);

                if (!AllowExpired(userRoleDto.UserId, userRoleDto.RoleId))
                {
                    userRoleDto.StartTime = userRoleDto.ExpiresTime = Null.NullDate;
                }
                HttpResponseMessage response;
                var user = GetUser(userRoleDto.UserId, out response);
                if (user == null)
                {
                    return(response);
                }

                var role = RoleController.Instance.GetRoleById(PortalId, userRoleDto.RoleId);
                if (role.SecurityMode != SecurityMode.SocialGroup && role.SecurityMode != SecurityMode.Both)
                {
                    isOwner = false;
                }
                if (role.Status != RoleStatus.Approved)
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                       Localization.GetString("CannotAssginUserToUnApprovedRole",
                                                                              Components.Constants.LocalResourcesFile)));
                }

                RoleController.AddUserRole(user, role, PortalSettings, RoleStatus.Approved, userRoleDto.StartTime,
                                           userRoleDto.ExpiresTime, notifyUser, isOwner);

                var addedUser = RoleController.Instance.GetUserRole(PortalId, userRoleDto.UserId, userRoleDto.RoleId);
                var portal    = PortalController.Instance.GetPortal(PortalId);

                return(Request.CreateResponse(HttpStatusCode.OK,
                                              new UserRoleDto
                {
                    UserId = addedUser.UserID,
                    RoleId = addedUser.RoleID,
                    DisplayName = addedUser.FullName,
                    StartTime = addedUser.EffectiveDate,
                    ExpiresTime = addedUser.ExpiryDate,
                    AllowExpired = AllowExpired(addedUser.UserID, addedUser.RoleID),
                    AllowDelete = RoleController.CanRemoveUserFromRole(portal, addedUser.UserID, addedUser.RoleID)
                }));
            }
            catch (ArgumentException ex)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message));
            }
            catch (SecurityException ex)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message));
            }
            catch (Exception ex)
            {
                Logger.Error(ex);
                return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
            }
        }