/// <summary> /// Set password /// </summary> /// <param name="user"></param> /// <param name="password"></param> public static void SetPassword(Simplified.Ring3.SystemUser user, string password) { string hashedPassword; Helper.GeneratePasswordHash(user.Username.ToLower(), password, out hashedPassword); user.Password = hashedPassword; }
/// <summary> /// Add company with a system user /// </summary> /// <param name="name"></param> /// <param name="email"></param> public static void AddCompany(string name, string username, string email, string password) { if (name == null) { throw new ArgumentNullException("name"); } if (username == null) { throw new ArgumentNullException("username"); } if (email == null) { throw new ArgumentNullException("email"); } if (string.IsNullOrEmpty(name)) { throw new ArgumentException("name"); } if (string.IsNullOrEmpty(email)) { throw new ArgumentException("email"); } // Check for duplicated email string emailLow = email.ToLowerInvariant(); if (!Utils.IsValidEmail(email)) { throw new ArgumentException("email", "Invalid email address"); } // Check if there is any system users that has this email. var dupEmail = Db.SQL<Simplified.Ring3.EmailAddress>("SELECT o FROM Simplified.Ring3.EmailAddress o WHERE o.EMail=? AND o.ToWhat IS Simplified.Ring3.SystemUser", emailLow).First; if (dupEmail != null) { throw new ArgumentException("email", "Duplicated email"); } // Check for duplicated username var dupUserName = Db.SQL<Simplified.Ring3.SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.Username=?", username).First; if (dupUserName != null) { throw new ArgumentException("username", "Duplicated username"); } Organization company = new Organization() { Name = name }; Simplified.Ring3.SystemUser systemUser = new Simplified.Ring3.SystemUser(); systemUser.WhatIs = company; systemUser.Username = username; SetPassword(systemUser, password); //// Add ability to also sign in with email //EmailAddress emailRel = new EmailAddress(); //emailRel.SetToWhat(systemUser); //emailRel.EMail = emailLow; //emailRel = new EMailAddress(); //emailRel.SetToWhat(company); //emailRel.EMail = emailLow; company.ImageURL = Utils.GetGravatarUrl(emailLow); }
/// <summary> /// Add System User as a Member of a SystemUserGroup /// </summary> /// <param name="user"></param> /// <param name="group"></param> public static void AddSystemUserToSystemUserGroup(Simplified.Ring3.SystemUser user, Simplified.Ring3.SystemUserGroup group) { Simplified.Ring3.SystemUserGroupMember systemUserGroupMember = new Simplified.Ring3.SystemUserGroupMember(); systemUserGroupMember.WhatIs = user; systemUserGroupMember.ToWhat = group; //systemUserGroupMember.SetSystemUser(user); //systemUserGroupMember.SetToWhat(group); //group.AddMember(systemUser); }
/// <summary> /// Check is user has permission to invoke action on an application /// </summary> /// <param name="user"></param> /// <param name="action"></param> /// <param name="settings"></param> /// <returns></returns> public static bool Check(SystemUser user, ActionType action, Settings settings) { // TODO: check action type if (user == null) { //TODO: an anonymouse user can have access to some functions return false; } return false; }
/// <summary> /// Remove System User as a Member of a SystemUserGroup /// </summary> /// <param name="user"></param> /// <param name="group"></param> public static void RemoveSystemUserFromSystemUserGroup(Simplified.Ring3.SystemUser user, Simplified.Ring3.SystemUserGroup group) { var removeGroup = Db.SQL <Simplified.Ring3.SystemUserGroupMember>("SELECT o FROM Simplified.Ring3.SystemUserGroupMember o WHERE o.WhatIs=? AND o.ToWhat=?", user, group).First; if (removeGroup != null) { removeGroup.Delete(); } //group.RemoveMember(user); }
public static void AddUserToGroup(SystemUser User, string GroupName) { SystemUserGroup group = Db.SQL<SystemUserGroup>("SELECT g FROM Simplified.Ring3.SystemUserGroup g WHERE g.Name = ?", GroupName).First; if (group == null) { group = new SystemUserGroup() { Name = GroupName }; } AddUserToGroup(User, group); }
/// <summary> /// Check is user has permission to invoke action on an application /// </summary> /// <param name="user"></param> /// <param name="action"></param> /// <param name="application"></param> /// <returns></returns> public static bool Check(SystemUser user, ActionType action, Software application) { if (user == null) { //TODO: an anonymouse user can have access to some functions return false; } SoftwarePermission permission = Db.SQL<SoftwarePermission>("SELECT o FROM Warehouse.SoftwarePermission o WHERE o.User=? AND o.Software=?", user, application).First; if (permission != null) { // TODO: Add what kind of check, CanRead, CanUpdate or CanDelete return true; } return false; }
/// <summary> /// Check is user has permission to invoke action /// </summary> /// <param name="user"></param> /// <param name="action"></param> /// <returns></returns> public static bool Check(SystemUser user, ActionType action) { if (user == null) { //TODO: an anonymouse user can have access to some functions return false; } if (action == ActionType.CreateOrganization) { // A system user may create organizations return true; } return false; // Access denied }
public static void AddUserToGroup(SystemUser User, SystemUserGroup Group) { if (User == null) { throw new ArgumentNullException("User"); } if (Group == null) { throw new ArgumentNullException("Group"); } if (IsMemberOfGroup(User, Group)) { return; } SystemUserGroupMember member = new SystemUserGroupMember() { SystemUser = User, SystemUserGroup = Group }; }
public static bool CanGetUri(SystemUser user, string uri, Request request) { // Check if there is any permission set for a url UriPermission per = Db.SQL<UriPermission>("SELECT o FROM Simplified.Ring5.UriPermission o WHERE o.Uri=?", uri).First; if (per == null) { // TODO: Check if user is part of Admin group, then allow acces? // No permission configuration for this url = DENY ACCESS return false; } UriPermission permission = Helper.GetPermission(user, uri); if (permission != null) { return permission.CanGet; } return false; }
/// <summary> /// Delete System user /// </summary> /// <param name="user"></param> public static void DeleteSystemUser(Simplified.Ring3.SystemUser user) { if (user == null) { throw new ArgumentNullException("user"); } // Remove Email adresses associated to the system user // Db.SlowSQL("DELETE FROM Simplified.Ring3.EmailAddress WHERE ToWhat=?", user); // Remove ResetPassword associated to the system user Sombody Db.SlowSQL("DELETE FROM Simplified.Ring6.ResetPassword WHERE User=?", user); // TODO: Should we also delete the Somebody (Person/Company)? // Remove system user group member (If system user is member of a system user group) Db.SlowSQL("DELETE FROM Simplified.Ring3.SystemUserGroupMember WHERE SystemUser=?", user); user.Delete(); }
public static void Register() { string redirectPageHtml = "/useradmin/viewmodels/RedirectPage.html"; Handle.GET("/useradmin/accessdenied", () => { return(new AccessDeniedPage()); }); // Create System user Handle.GET("/useradmin/admin/createuser", (Request request) => { MasterPage master = LauncherHooks.GetMaster(); Json page; if (!Helper.TryNavigateTo("/UserAdmin/admin/createuser", request, redirectPageHtml, out page)) { master.CurrentPage = page; } else { master.CurrentPage = new CreateUserPage() { Html = "/UserAdmin/viewmodels/partials/administrator/CreateUserPage.html", Uri = request.Uri }; } return(master); }); // Get System users Handle.GET("/useradmin/admin/users", (Request request) => { MasterPage master = LauncherHooks.GetMaster(); Json page; if (!Helper.TryNavigateTo("/useradmin/admin/users", request, redirectPageHtml, out page)) { master.CurrentPage = page; } else { master.CurrentPage = new ListUsersPage() { Html = "/UserAdmin/viewmodels/partials/administrator/ListUsersPage.html", Uri = request.Uri }; } return(master); }); Handle.GET("/UserAdmin/admin/users/{?}", (string userid, Request request) => { //return Db.Scope<Json>(() => { Json page; MasterPage master = LauncherHooks.GetMaster(); if (!Helper.TryNavigateTo("/UserAdmin/admin/users/{?}", request, redirectPageHtml, out page)) { master.CurrentPage = page; return(master); } // Get system user Simplified.Ring3.SystemUser user = Db.SQL <Simplified.Ring3.SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.ObjectID = ?", userid).First; if (user == null) { // TODO: Return a "User not found" page return(master); //return (ushort)System.Net.HttpStatusCode.NotFound; } SystemUser systemUser = Helper.GetCurrentSystemUser(); SystemUserGroup adminGroup = Db.SQL <Simplified.Ring3.SystemUserGroup>("SELECT o FROM Simplified.Ring3.SystemUserGroup o WHERE o.Name = ?", Program.AdminGroupName).First; // Check if current user has permission to get this user instance if (Helper.IsMemberOfGroup(systemUser, adminGroup)) { if (user.WhoIs is Person) { master.CurrentPage = Db.Scope <string, Simplified.Ring3.SystemUser, Json>((uri, personUser) => { return(new EditPersonPage() { Html = "/UserAdmin/viewmodels/partials/administrator/EditPersonPage.html", Uri = uri, Data = personUser }); }, request.Uri, user); return(master); } else if (user.WhoIs is Organization) { Db.Scope <string, Simplified.Ring3.SystemUser, Json>((uri, companyUser) => { return(new EditCompanyPage() { Html = "/UserAdmin/viewmodels/partials/administrator/EditCompanyPage.html", Uri = uri, Data = companyUser }); }, request.Uri, user); } } else if (user == systemUser) { // User can edit it's self } else { // No rights // User trying to view another's users data // User has no permission, redirect to app's root page master.CurrentPage = new RedirectPage() { Html = redirectPageHtml, RedirectUrl = "/useradmin" }; return(master); } return(master); }); // Get System user //Handle.GET("/useradmin/admin/_users/{?}", (string userid, Request request) => { // Json page; // MasterPage master = LauncherHooks.GetMaster(); // if (!Helper.TryNavigateTo("/UserAdmin/admin/users/{?}", request, redirectPageHtml, out page)) { // master.CurrentPage = page; // return master; // } // // Get system user // Simplified.Ring3.SystemUser user = Db.SQL<Simplified.Ring3.SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.ObjectID = ?", userid).First; // if (user == null) { // // TODO: Return a "User not found" page // return master; // //return (ushort)System.Net.HttpStatusCode.NotFound; // } // SystemUser systemUser = Helper.GetCurrentSystemUser(); // SystemUserGroup adminGroup = Db.SQL<Simplified.Ring3.SystemUserGroup>("SELECT o FROM Simplified.Ring3.SystemUserGroup o WHERE o.Name = ?", Program.AdminGroupName).First; // // Check if current user has permission to get this user instance // if (Helper.IsMemberOfGroup(systemUser, adminGroup)) { // if (user.WhoIs is Person) { // master.CurrentPage = Db.Scope<string, Simplified.Ring3.SystemUser, Json>((uri, personUser) => { // return new EditPersonPage() { // Html = "/UserAdmin/viewmodels/partials/administrator/EditPersonPage.html", // Uri = uri, // Data = personUser // }; // }, request.Uri, user); // return master; // } // else if (user.WhoIs is Organization) { // Db.Scope<string, Simplified.Ring3.SystemUser, Json>((uri, companyUser) => { // return new EditCompanyPage() { // Html = "/UserAdmin/viewmodels/partials/administrator/EditCompanyPage.html", // Uri = uri, // Data = companyUser // }; // }, // request.Uri, user); // } // } // else if (user == systemUser) { // // User can edit it's self // } // else { // // No rights // // User trying to view another's users data // // User has no permission, redirect to app's root page // master.CurrentPage = new RedirectPage() { // Html = redirectPageHtml, // RedirectUrl = "/useradmin" // }; // return master; // } // return (ushort)System.Net.HttpStatusCode.NotFound; //}); // Reset password Handle.GET("/useradmin/user/resetpassword?{?}", (string query, Request request) => { NameValueCollection queryCollection = HttpUtility.ParseQueryString(query); string token = queryCollection.Get("token"); MasterPage master = LauncherHooks.GetMaster(); if (token == null) { // TODO: master.CurrentPage = null; // (ushort)System.Net.HttpStatusCode.NotFound; return(master); } // Retrive the resetPassword instance ResetPassword resetPassword = Db.SQL <Simplified.Ring6.ResetPassword>("SELECT o FROM Simplified.Ring6.ResetPassword o WHERE o.Token=? AND o.Expire>?", token, DateTime.UtcNow).First; if (resetPassword == null) { // TODO: Show message "Reset token already used or expired" master.CurrentPage = null; // (ushort)System.Net.HttpStatusCode.NotFound; return(master); } if (resetPassword.User == null) { // TODO: Show message "User deleted" master.CurrentPage = null; // (ushort)System.Net.HttpStatusCode.NotFound; return(master); } Simplified.Ring3.SystemUser systemUser = resetPassword.User; ResetPasswordPage page = new ResetPasswordPage() { Html = "/UserAdmin/viewmodels/partials/user/ResetPasswordPage.html", Uri = "/useradmin/user/resetpassword" //Uri = request.Uri // TODO: }; page.resetPassword = resetPassword; if (systemUser.WhoIs != null) { page.FullName = systemUser.WhoIs.FullName; } else { page.FullName = systemUser.Username; } master.CurrentPage = page; return(master); }); }
//static public bool IsMemberOfAdminGroup(Simplified.Ring3.SystemUser user) { // if (user == null) return false; // Simplified.Ring3.SystemUser Group adminGroup = Db.SQL<Simplified.Ring3.SystemUser Group>("SELECT o FROM Simplified.Ring3.SystemUser Group o WHERE o.Name=?", Program.AdminGroupName).First; // return IsMemberOfGroup(user, adminGroup); //} public static bool IsMemberOfGroup(SystemUser user, SystemUserGroup basedOnGroup) { if (user == null) return false; if (basedOnGroup == null) return false; var groups = Db.SQL<SystemUserGroup>("SELECT o.SystemUserGroup FROM Simplified.Ring3.SystemUserGroupMember o WHERE o.SystemUser=?", user); foreach (var groupItem in groups) { bool flag = IsBasedOnGroup(groupItem, basedOnGroup); if (flag) { return true; } } return false; }
/// <summary> /// Add Person with a system user /// </summary> /// <param name="firstName"></param> /// <param name="lastname"></param> /// <param name="email"></param> public static Simplified.Ring3.SystemUser AddPerson(string firstName, string lastname, string username, string password) { if (firstName == null) { throw new ArgumentNullException("firstname"); } if (lastname == null) { throw new ArgumentNullException("lastname"); } if (username == null) { throw new ArgumentNullException("username"); } //if (email == null) { // throw new ArgumentNullException("email"); //} if (string.IsNullOrEmpty(firstName)) { throw new ArgumentException("firstname"); } if (string.IsNullOrEmpty(lastname)) { throw new ArgumentException("lastname"); } //if (string.IsNullOrEmpty(email)) { // throw new ArgumentException("email"); //} // Validation // Check for duplicated email string usernameLow = username.ToLowerInvariant(); //if (!Utils.IsValidEmail(email)) { // throw new ArgumentException("email", "Invalid email address"); //} // Check if there is any system users that has this email. //var dupEmail = Db.SQL<Simplified.Ring3.EmailAddress>("SELECT o FROM Simplified.Ring3.EmailAddress o WHERE o.EMail=? AND o.ToWhat IS Simplified.Ring3.SystemUser", emailLow).First; //if (dupEmail != null) { // throw new ArgumentException("email", "Duplicated email"); //} // Check for duplicated username var dupUserName = Db.SQL <Simplified.Ring3.SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.Username=?", username).First; if (dupUserName != null) { throw new ArgumentException("username", "Duplicated username"); } Person person = new Person() { FirstName = firstName, LastName = lastname }; Simplified.Ring3.SystemUser systemUser = new Simplified.Ring3.SystemUser(); systemUser.WhatIs = person; systemUser.Username = username; SetPassword(systemUser, password); // Add ability to also sign in with email //EmailAddress emailRel = new EmailAddress(); //emailRel.SetToWhat(systemUser); //emailRel.EMail = emailLow.ToLowerInvariant(); person.ImageURL = Utils.GetGravatarUrl(usernameLow); return(systemUser); }
/// <summary> /// Add company with a system user /// </summary> /// <param name="name"></param> /// <param name="email"></param> public static void AddCompany(string name, string username, string email, string password) { if (name == null) { throw new ArgumentNullException("name"); } if (username == null) { throw new ArgumentNullException("username"); } if (email == null) { throw new ArgumentNullException("email"); } if (string.IsNullOrEmpty(name)) { throw new ArgumentException("name"); } if (string.IsNullOrEmpty(email)) { throw new ArgumentException("email"); } // Check for duplicated email string emailLow = email.ToLowerInvariant(); if (!Utils.IsValidEmail(email)) { throw new ArgumentException("email", "Invalid email address"); } // Check if there is any system users that has this email. var dupEmail = Db.SQL <Simplified.Ring3.EmailAddress>("SELECT o FROM Simplified.Ring3.EmailAddress o WHERE o.EMail=? AND o.ToWhat IS Simplified.Ring3.SystemUser", emailLow).First; if (dupEmail != null) { throw new ArgumentException("email", "Duplicated email"); } // Check for duplicated username var dupUserName = Db.SQL <Simplified.Ring3.SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.Username=?", username).First; if (dupUserName != null) { throw new ArgumentException("username", "Duplicated username"); } Organization company = new Organization() { Name = name }; Simplified.Ring3.SystemUser systemUser = new Simplified.Ring3.SystemUser(); systemUser.WhatIs = company; systemUser.Username = username; SetPassword(systemUser, password); //// Add ability to also sign in with email //EmailAddress emailRel = new EmailAddress(); //emailRel.SetToWhat(systemUser); //emailRel.EMail = emailLow; //emailRel = new EMailAddress(); //emailRel.SetToWhat(company); //emailRel.EMail = emailLow; company.ImageURL = Utils.GetGravatarUrl(emailLow); }
/// <summary> /// Add Person with a system user /// </summary> /// <param name="firstName"></param> /// <param name="lastname"></param> /// <param name="email"></param> public static Simplified.Ring3.SystemUser AddPerson(string firstName, string lastname, string username, string password) { if (firstName == null) { throw new ArgumentNullException("firstname"); } if (lastname == null) { throw new ArgumentNullException("lastname"); } if (username == null) { throw new ArgumentNullException("username"); } //if (email == null) { // throw new ArgumentNullException("email"); //} if (string.IsNullOrEmpty(firstName)) { throw new ArgumentException("firstname"); } if (string.IsNullOrEmpty(lastname)) { throw new ArgumentException("lastname"); } //if (string.IsNullOrEmpty(email)) { // throw new ArgumentException("email"); //} // Validation // Check for duplicated email string usernameLow = username.ToLowerInvariant(); //if (!Utils.IsValidEmail(email)) { // throw new ArgumentException("email", "Invalid email address"); //} // Check if there is any system users that has this email. //var dupEmail = Db.SQL<Simplified.Ring3.EmailAddress>("SELECT o FROM Simplified.Ring3.EmailAddress o WHERE o.EMail=? AND o.ToWhat IS Simplified.Ring3.SystemUser", emailLow).First; //if (dupEmail != null) { // throw new ArgumentException("email", "Duplicated email"); //} // Check for duplicated username var dupUserName = Db.SQL<Simplified.Ring3.SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.Username=?", username).First; if (dupUserName != null) { throw new ArgumentException("username", "Duplicated username"); } Person person = new Person() { FirstName = firstName, LastName = lastname }; Simplified.Ring3.SystemUser systemUser = new Simplified.Ring3.SystemUser(); systemUser.WhatIs = person; systemUser.Username = username; SetPassword(systemUser, password); // Add ability to also sign in with email //EmailAddress emailRel = new EmailAddress(); //emailRel.SetToWhat(systemUser); //emailRel.EMail = emailLow.ToLowerInvariant(); person.ImageURL = Utils.GetGravatarUrl(usernameLow); return systemUser; }
private static UriPermission GetPermission(SystemUser user, string uri) { if (user == null || string.IsNullOrEmpty(uri)) { return null; } UriPermission permission = Db.SQL<UriPermission>("SELECT o.Permission FROM Simplified.Ring5.SystemUserUriPermission o WHERE o.Permission.Uri=? AND o.SystemUser=?", uri, user).First; if (permission != null) { return permission; } // Check user group var groups = Db.SQL<Simplified.Ring3.SystemUserGroupMember>("SELECT o FROM Simplified.Ring3.SystemUserGroupMember o WHERE o.SystemUser=?", user); foreach (var group in groups) { permission = GetPermissionFromGroup(group.SystemUserGroup, uri); if (permission != null) { return permission; } } return null; }
/// <summary> /// Check if signed in user is an admin of the warehouse /// </summary> /// <param name="user"></param> /// <returns></returns> static public bool IsAdmin(SystemUser user) { if (user == null) return false; return SystemUser.IsMemberOfGroup(user, Security.WarehouseAdminGroupName); }
/// <summary> /// Check if user is an admin /// </summary> /// <param name="user"></param> /// <returns></returns> public static bool IsAdmin(SystemUser user) { if (user == null) return false; string allowedSystemUserGroup = "Admin (System Users)"; // TODO: Create playground keeper group? return SystemUser.IsMemberOfGroup(user, allowedSystemUserGroup); }
/// <summary> /// Signs in SystemUser without checking password /// </summary> /// <param name="systemUser">Instance of SystemUser to sign in</param> /// <returns>Newly created SystemUserSession</returns> public static SystemUserSession SignInSystemUser(SystemUser systemUser) { if (systemUser == null) { return null; } SystemUserSession userSession = null; Db.Transact(() => { SystemUserTokenKey token = new SystemUserTokenKey(); token.Created = token.LastUsed = DateTime.UtcNow; token.Token = CreateAuthToken(systemUser.Username); token.User = systemUser; userSession = AssureSystemUserSession(token); }); return userSession; }
/// <summary> /// Registers new SystemUser and creates related Person, EmailAddress, EmailAddressRelation objects. /// NOTE: This method does no checks for username or email duplications, and does not commit changes! /// </summary> /// <param name="Username"></param> /// <param name="Email"></param> /// <param name="Password"></param> /// <returns>Newly created SystemUser instance</returns> public static SystemUser RegisterSystemUser(string Username, string Email, string Password) { string hash; string salt = Convert.ToBase64String(GenerateSalt(16)); Person person = new Person(); string relationTypeName = "Primary"; EmailAddressRelationType type = Db.SQL<EmailAddressRelationType>("SELECT t FROM Simplified.Ring3.EmailAddressRelationType t WHERE t.Name = ?", relationTypeName).First; GeneratePasswordHash(Username.ToLower(), Password, salt, out hash); if (type == null) { type = new EmailAddressRelationType() { Name = relationTypeName }; } EmailAddress email = new EmailAddress() { Name = Email }; EmailAddressRelation relation = new EmailAddressRelation() { ContactInfo = email, Somebody = person, ContactInfoRelationType = type }; SystemUser user = new SystemUser() { Username = Username, WhoIs = person, Password = hash, PasswordSalt = salt }; return user; }
public static bool IsMemberOfGroup(SystemUser User, SystemUserGroup Group) { if (User == null || Group == null) { return false; } SystemUserGroupMember group = Db.SQL<SystemUserGroupMember>("SELECT o FROM Simplified.Ring3.SystemUserGroupMember o WHERE o.SystemUser = ? AND o.SystemUserGroup = ?", User, Group).First; return group != null; }
public static bool IsMemberOfGroup(SystemUser User, string GroupName) { SystemUserGroup group = Db.SQL<SystemUserGroup>("SELECT g FROM Simplified.Ring3.SystemUserGroup g WHERE g.Name = ?", GroupName).First; return IsMemberOfGroup(User, group); }