/// <summary> /// Initializes a new instance of the <see cref="SystemRole"/> class. /// </summary> /// <param name="name">The name.</param> /// <param name="description">The description.</param> /// <param name="systemRoleType">Type of the system role.</param> protected internal SystemRole( string name, string description, SystemRoleType systemRoleType ) { Check.IsNotNullOrWhitespace ( name, "Name is required." ); Check.IsNotNull ( systemRoleType, "System role type is required." ); _name = name; _description = description; _systemRoleType = systemRoleType; _grantedSystemPermissions = new List<SystemRolePermission> (); _grantedSystemRoleRelationships = new List<SystemRoleRelationship> (); }
public UserAccessPolicy CreatePolicy(SystemRoleType userRole, string userId, string flowName, FlowRoleType flowRoleType) { if ((flowRoleType == FlowRoleType.None) || !IsFlowRoleTypePermittedForUserRole(userRole, flowRoleType)) { throw new ArgumentException(string.Format("Invalid user role (\"{0}\") specified for flow role (\"{0}\")", EnumUtils.ToDescription(userRole), EnumUtils.ToDescription(flowRoleType))); } return(new UserAccessPolicy(userId, ServiceRequestAuthorizationType.Flow, flowName, flowRoleType)); }
/// <summary> /// Assign system role. /// </summary> /// <param name="systemRole"> /// The system role. /// </param> /// <param name="systemRoleType"> /// The system role type. /// </param> private void AssignSystemRole(SystemRole systemRole, SystemRoleType systemRoleType) { CheckRoleAssignment(systemRole, systemRoleType); var staffSystemRole = new StaffSystemRole(systemRole) { Staff = this }; _systemRoles.Add(staffSystemRole); NotifyItemAdded(() => SystemRoles, staffSystemRole); }
/// <summary> /// Validate that the input admin visitor has at least minimumRole permissions. Throw an /// UnauthorizedAccessException() if visitor is not validated. /// </summary> public static void ValidateByRole(NodeVisit visit, SystemRoleType minimumRole) { if (visit == null) { throw new ArgumentException("Input visit is null."); } if ((visit.Account == null) || string.IsNullOrEmpty(visit.Account.Id) || ((visit.Account.Role != SystemRoleType.Admin) && ((Int32)visit.Account.Role) < ((Int32)minimumRole))) { ThrowInsuficientPrivileges(); } }
/// <summary> /// Checks the role assignment. /// </summary> /// <param name="systemRole">The system role.</param> /// <param name="systemRoleType">Type of the system role.</param> private void CheckRoleAssignment(SystemRole systemRole, SystemRoleType systemRoleType) { Check.IsNotNull(systemRole, "System role is required."); if (systemRole.SystemRoleType != systemRoleType) { throw new ArgumentException(string.Format(( string )"The type of the role is not a {0} role. ", ( object )systemRoleType)); } StaffSystemRole existingStaffSystemRole = (from sr in _systemRoles where sr.SystemRole.Key == systemRole.Key select sr).FirstOrDefault(); if (existingStaffSystemRole != null) { throw new InvalidOperationException("The same has already been Assigned."); } }
protected bool IsFlowRoleTypePermittedForUserRole(SystemRoleType userRole, FlowRoleType flowRole) { switch (userRole) { case SystemRoleType.Admin: return(true); case SystemRoleType.Program: return((flowRole == FlowRoleType.Endpoint) || (flowRole == FlowRoleType.View) || (flowRole == FlowRoleType.Modify)); case SystemRoleType.Authed: return(flowRole == FlowRoleType.Endpoint); default: return(false); } }
/// <summary> /// Removes the system role. /// </summary> /// <param name="systemRole">The system role.</param> /// <param name="systemRoleType">Type of the system role.</param> private void RemoveSystemRole(SystemRole systemRole, SystemRoleType systemRoleType) { Check.IsNotNull(systemRole, "System role is required."); if (systemRole.SystemRoleType != systemRoleType) { throw new ArgumentException(string.Format(( string )"The type of the role is not a {0} role. ", ( object )systemRoleType)); } StaffSystemRole existingSystemRole = (from sa in _systemRoles where sa.SystemRole.Key == systemRole.Key select sa).FirstOrDefault(); if (existingSystemRole != null) { _systemRoles.Remove(existingSystemRole); } NotifyItemRemoved(() => SystemRoles, existingSystemRole); }
public string BulkAddUsers(ICollection <string> usernames, bool createInNaas, string defaultPassword, SystemRoleType defaultRole, ICollection <FlowNameAndRole> accessFlows, bool isUserActive, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); if (CollectionUtils.IsNullOrEmpty(usernames)) { throw new ArgumentException("usernames cannot be empty"); } // Create the parameter list: ByIndexOrNameDictionary <string> parameters = new ByIndexOrNameDictionary <string>(true); int i = 0; foreach (string username in usernames) { string key = string.Format("{0}{1}", BulkAddUsersConstants.PARAM_USERNAME_PREFIX, i.ToString()); parameters.Add(key, username); ++i; } parameters.Add(BulkAddUsersConstants.PARAM_CREATE_IN_NAAS, createInNaas.ToString()); if (!string.IsNullOrEmpty(defaultPassword)) { parameters.Add(BulkAddUsersConstants.PARAM_DEFAULT_PASSWORD, defaultPassword); } parameters.Add(BulkAddUsersConstants.PARAM_DEFAULT_ROLE, defaultRole.ToString()); parameters.Add(BulkAddUsersConstants.PARAM_IS_ACTIVE, isUserActive.ToString()); if (!CollectionUtils.IsNullOrEmpty(accessFlows)) { i = 0; foreach (FlowNameAndRole accessFlow in accessFlows) { string key = string.Format("{0}{1}", BulkAddUsersConstants.PARAM_FLOW_NAME_PREFIX, i.ToString()); parameters.Add(key, accessFlow.FlowName + BulkAddUsersConstants.PARAM_VALUE_SEPARATOR + accessFlow.FlowRole); ++i; } } // Create the task transaction and queue for running, the task will run asynchronously after // this method returns return(_transactionManager.QueueTask(_securityFlowName, _securityBulkAddUsersServiceName, visit.Account.Id, parameters)); }
/// <summary> /// Creates the system role. /// </summary> /// <param name="name">The name.</param> /// <param name="description">The description.</param> /// <param name="systemRoleType">Type of the system role.</param> /// <returns> /// A SystemRole /// </returns> public SystemRole CreateSystemRole( string name, string description, SystemRoleType systemRoleType ) { Check.IsNotNullOrWhitespace(name, "Name is required."); Check.IsNotNull(systemRoleType, "System role type is required."); SystemRole systemRole; var existingSystemRole = _systemRoleRepository.GetByName( name ); if (existingSystemRole != null) { systemRole = existingSystemRole; } else { systemRole = new SystemRole( name, description, systemRoleType ); _systemRoleRepository.MakePersistent( systemRole ); } return systemRole; }
/// <summary> /// Creates the system role. /// </summary> /// <param name="name">The name.</param> /// <param name="description">The description.</param> /// <param name="systemRoleType">Type of the system role.</param> /// <returns> /// A SystemRole /// </returns> public SystemRole CreateSystemRole(string name, string description, SystemRoleType systemRoleType) { Check.IsNotNullOrWhitespace(name, "Name is required."); Check.IsNotNull(systemRoleType, "System role type is required."); SystemRole systemRole; var existingSystemRole = _systemRoleRepository.GetByName(name); if (existingSystemRole != null) { systemRole = existingSystemRole; } else { systemRole = new SystemRole(name, description, systemRoleType); _systemRoleRepository.MakePersistent(systemRole); } return(systemRole); }
public UserAccount BulkAddUser(string username, bool createInNaas, string defaultPassword, SystemRoleType defaultRole, ICollection <FlowNameAndRole> accessFlows, bool isUserActive, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); UserAccount usr = _accountDao.GetByName(username); if (usr == null) { usr = new UserAccount(); usr.NaasAccount = username; } usr.ModifiedById = visit.Account.Id; usr.IsActive = isUserActive; usr.Role = defaultRole; if (!CollectionUtils.IsNullOrEmpty(accessFlows)) { List <UserAccessPolicy> policies = new List <UserAccessPolicy>(accessFlows.Count); foreach (FlowNameAndRole accessFlow in accessFlows) { UserAccessPolicy policy = _accountPolicyManager.CreatePolicy(usr.Role, null, accessFlow.FlowName, accessFlow.FlowRole); policy.ModifiedById = visit.Account.Id; policies.Add(policy); } usr.Policies = _accountPolicyManager.CleanseFlowPoliciesForUser(usr.Role, policies); } else { usr.Policies = null; } if (string.IsNullOrEmpty(defaultPassword)) { defaultPassword = GenerateRandomPassword(); } return(Save(usr, createInNaas, defaultPassword, visit)); }
private static async Task <ApplicationUser> AssignUserToRole(UserManager <ApplicationUser> userManager, ApplicationUser user, SystemRoleType role) { var userInDb = await userManager.FindByNameAsync(user.UserName); if (userInDb != null) { return(null); } var result = await userManager.CreateAsync(user, "Admin1."); if (result.Succeeded) { await userManager.AddToRoleAsync(user, role.ToString()); return(userManager.FindByNameAsync(user.UserName).Result); } return(null); }
protected void OnAddUsers(object sender, EventArgs e) { if (!this.IsValid) { // Error on page, get out of here return; } try { IList <string> emails = GetUsernames(); ICollection <FlowNameAndRole> permissionedFlows = GetPermissionedFlows(); SystemRoleType role = EnumUtils.FromDescription <SystemRoleType>(roleCtrl.SelectedValue); string password = passwordCtrl.Text; bool createInNaas = createInNaasCheckBox.Checked; bool isActive = activeCtrl.Checked; if (emails.Count == 1) { _accountService.BulkAddUser(emails[0], createInNaas, password, role, permissionedFlows, isActive, VisitHelper.GetVisit()); ResponseRedirect("../Secure/SecurityUser.aspx"); } else { string transactionId = _accountService.BulkAddUsers(emails, createInNaas, password, role, permissionedFlows, isActive, VisitHelper.GetVisit()); _centralProcessor.WakeupProcessor(NodeMethod.Task); ResponseRedirect("../Secure/TaskDetails.aspx?id=" + transactionId); } } catch (Exception ex) { LOG.Error(ex.Message, ex); SetDivPageError(ex); } }
protected ICollection <FlowNameAndRole> GetPermissionedFlows() { SystemRoleType role = EnumUtils.FromDescription <SystemRoleType>(roleCtrl.SelectedValue); if (role == SystemRoleType.Admin) { return(null); // Everything is allowed } Repeater repeater = flowRepeaterList; List <FlowNameAndRole> permissionedFlows = null; foreach (RepeaterItem item in repeater.Items) { DropDownList flowRoleCtrl = item.FindControl("flowRoleCtrl") as DropDownList; Label flowCodeLabel = item.FindControl("FlowCode") as Label; HiddenField flowIsProtected = item.FindControl("flowIsProtected") as HiddenField; FlowRoleType flowRole = FlowRoleType.None; string flowName = null; if ((flowRoleCtrl != null) && (flowCodeLabel != null) && (flowIsProtected != null) && flowRoleCtrl.Visible) { flowName = flowCodeLabel.Text; flowRole = EnumUtils.FromDescription <FlowRoleType>(flowRoleCtrl.SelectedValue); if (flowRole != FlowRoleType.None) { bool flowIsProtectedValue = flowIsProtected.Value == true.ToString(); if (flowIsProtectedValue || ((flowRole == FlowRoleType.View) || (flowRole == FlowRoleType.Modify))) { FlowNameAndRole flowNameAndRole = new FlowNameAndRole(flowName, flowRole); CollectionUtils.Add(flowNameAndRole, ref permissionedFlows); } } } } return(permissionedFlows); }
/// <summary> /// Assign system role. /// </summary> /// <param name="systemRole"> /// The system role. /// </param> /// <param name="systemRoleType"> /// The system role type. /// </param> private void AssignSystemRole( SystemRole systemRole, SystemRoleType systemRoleType ) { CheckRoleAssignment ( systemRole, systemRoleType ); var staffSystemRole = new StaffSystemRole ( systemRole ) { Staff = this }; _systemRoles.Add ( staffSystemRole ); NotifyItemAdded ( () => SystemRoles, staffSystemRole ); }
public IList <UserAccessPolicy> CleanseFlowPoliciesForUser(SystemRoleType userRole, IList <UserAccessPolicy> policies) { if (CollectionUtils.IsNullOrEmpty(policies)) { return(null); } if (userRole == SystemRoleType.Admin) { return(null); // Admin is allowed everything } List <UserAccessPolicy> cleansedPolicies = new List <UserAccessPolicy>(policies.Count); IList <string> protectedFlows = _flowManager.GetProtectedFlowNames(); foreach (UserAccessPolicy policy in policies) { if (policy.PolicyType != ServiceRequestAuthorizationType.Flow) { cleansedPolicies.Add(policy); } else { if (!IsFlowRoleTypePermittedForUserRole(userRole, policy.FlowRoleType)) { throw new ArgumentException(string.Format("Invalid user role (\"{0}\") specified for flow role (\"{0}\")", EnumUtils.ToDescription(userRole), EnumUtils.ToDescription(policy.FlowRoleType))); } bool isFlowProtected = (CollectionUtils.IndexOf(protectedFlows, policy.TypeQualifier, StringComparison.InvariantCultureIgnoreCase) >= 0); if (userRole == SystemRoleType.Authed) { DebugUtils.AssertDebuggerBreak(policy.FlowRoleType == FlowRoleType.Endpoint); if (isFlowProtected) { cleansedPolicies.Add(policy); } else { // Don't add, must be FlowRoleType.Endpoint and flow is not protected } } else if (userRole == SystemRoleType.Program) { if (isFlowProtected) { cleansedPolicies.Add(policy); } else { if ((policy.FlowRoleType == FlowRoleType.Modify) || (policy.FlowRoleType == FlowRoleType.View)) { // Only add in these cases, not if FlowRoleType == FlowRoleType.Endpoint // since flow is not protected cleansedPolicies.Add(policy); } } } else { throw new ArgumentException("Unrecognized user role specified: \"(0)\"", EnumUtils.ToDescription(userRole)); } } } return(CollectionUtils.IsNullOrEmpty(cleansedPolicies) ? null : cleansedPolicies); }
public void ValidateUserMinimumRole(NodeVisit visit, SystemRoleType minimumRole) { AccountManager.ValidateByRole(visit, minimumRole); }
protected ICollection <string> GetBulkAddUsersParams(DataRequest dataRequest, IFlowManager flowManager, out bool createInNaas, out string defaultPassword, out SystemRoleType defaultRole, out bool isUserActive, out ICollection <FlowNameAndRole> accessFlows) { if (CollectionUtils.IsNullOrEmpty(dataRequest.Parameters)) { throw new ArgumentException("No parameters were specified for the service"); } if (!dataRequest.Parameters.IsByName) { throw new ArgumentException("The parameters for the service must be \"by-name\""); } IDictionary <string, string> flowsNameToIdMap = flowManager.GetAllFlowsNameToIdMap(); createInNaas = true; defaultRole = SystemRoleType.Authed; defaultPassword = null; isUserActive = true; accessFlows = new List <FlowNameAndRole>(); List <string> usernames = new List <string>(); foreach (KeyValuePair <string, string> pair in dataRequest.Parameters.NameValuePairs) { string key = pair.Key.ToUpper(); if (key.StartsWith(BulkAddUsersConstants.PARAM_USERNAME_PREFIX)) { if (!StringUtils.Contains(pair.Value, usernames, StringComparison.InvariantCultureIgnoreCase)) { usernames.Add(pair.Value); } } else if (key.StartsWith(BulkAddUsersConstants.PARAM_FLOW_NAME_PREFIX)) { string[] flowParams = pair.Value.Split(new string[] { BulkAddUsersConstants.PARAM_VALUE_SEPARATOR }, StringSplitOptions.RemoveEmptyEntries); if ((flowParams.Length != 2) || string.IsNullOrEmpty(flowParams[0]) || string.IsNullOrEmpty(flowParams[1])) { throw new ArgumentException(string.Format("Invalid flow parameter specified: {0}", pair.Value)); } string flowId; if (!flowsNameToIdMap.TryGetValue(flowParams[0], out flowId)) { throw new ArgumentException(string.Format("A flow with the name \"{0}\" cannot be found", flowParams[0])); } accessFlows.Add(new FlowNameAndRole(flowParams[0], EnumUtils.ParseEnum <FlowRoleType>(flowParams[1]))); } else { switch (key) { case BulkAddUsersConstants.PARAM_CREATE_IN_NAAS: createInNaas = bool.Parse(pair.Value); break; case BulkAddUsersConstants.PARAM_DEFAULT_PASSWORD: defaultPassword = pair.Value; break; case BulkAddUsersConstants.PARAM_DEFAULT_ROLE: defaultRole = (SystemRoleType)Enum.Parse(typeof(SystemRoleType), pair.Value, true); break; case BulkAddUsersConstants.PARAM_IS_ACTIVE: isUserActive = bool.Parse(pair.Value); break; default: throw new ArgumentException(string.Format("An unrecognized key/value parameter was found: \"{0}\" = \"{1}\"", pair.Key, pair.Value)); } } } return(usernames); }
/// <summary> /// Removes the system role. /// </summary> /// <param name="systemRole">The system role.</param> /// <param name="systemRoleType">Type of the system role.</param> private void RemoveSystemRole( SystemRole systemRole, SystemRoleType systemRoleType ) { Check.IsNotNull ( systemRole, "System role is required." ); if ( systemRole.SystemRoleType != systemRoleType ) { throw new ArgumentException ( string.Format ( ( string )"The type of the role is not a {0} role. ", ( object )systemRoleType ) ); } StaffSystemRole existingSystemRole = ( from sa in _systemRoles where sa.SystemRole.Key == systemRole.Key select sa ).FirstOrDefault (); if ( existingSystemRole != null ) { _systemRoles.Remove ( existingSystemRole ); } NotifyItemRemoved ( () => SystemRoles, existingSystemRole ); }
public NAAS_USRMGR.UserTypeCode SystemRoleToNAASUserType(SystemRoleType role) { return(NAAS_USRMGR.UserTypeCode.user); // Per Mark }
/// <summary> /// Checks the role assignment. /// </summary> /// <param name="systemRole">The system role.</param> /// <param name="systemRoleType">Type of the system role.</param> private void CheckRoleAssignment( SystemRole systemRole, SystemRoleType systemRoleType ) { Check.IsNotNull ( systemRole, "System role is required." ); if ( systemRole.SystemRoleType != systemRoleType ) { throw new ArgumentException ( string.Format ( ( string )"The type of the role is not a {0} role. ", ( object )systemRoleType ) ); } StaffSystemRole existingStaffSystemRole = ( from sr in _systemRoles where sr.SystemRole.Key == systemRole.Key select sr ).FirstOrDefault (); if ( existingStaffSystemRole != null ) { throw new InvalidOperationException("The same has already been Assigned."); } }
public UserAccount() { _role = SystemRoleType.None; _policies = new SortableCollection <UserAccessPolicy>(); }