private async Task CheckAccessToUserAsync(User user, string permissionKey)
{
var allowedGroupIds = await GetAllowedGroupIdsForLoggedInUserAsync(permissionKey);
//Check whether the given user is any any role from allowed group Ids.
var accessAllowed = user.GroupRoles.Any(cr => allowedGroupIds.Contains(cr.Group));
if (!accessAllowed)
{
throw new UnauthorizedAccessException();
}
}
public async Task <DocumentUpdateResultDto> CreateAsync(UserDto userDto, bool isBulkImport = false)
{
var result = new DocumentUpdateResultDto();
try
{
ValidateUser(userDto);
await CheckForDuplicatesAsync(userDto.Email, userDto.AlternateId);
await ValidatePINAsync(userDto.PIN, userDto.GroupRoles.Select(cr => cr.GroupId).ToList());
var roleAssignments = await CreateUserGroupRolesFromDtoAsync(userDto.GroupRoles,
isBulkImport?BulkData.PermissionKey : Permission_New);
ValidateUserRoles(roleAssignments);
var tag = userDto.Tag?.Trim();
if (string.IsNullOrEmpty(tag))
{
tag = await GetUniqueTagAsync(userDto.FirstName);
}
else
{
await ValidateTagUniquenessAsync(userDto.Tag);
}
var user = new User
{
FirstName = userDto.FirstName,
LastName = userDto.LastName,
FullName = string.Format("{0} {1}", userDto.FirstName, userDto.LastName),
NormalizedFullName = string.Format("{0} {1}", userDto.FirstName, userDto.LastName).ToUpper(),
Culture = userDto.Culture,
PIN = !string.IsNullOrWhiteSpace(userDto.PIN) ? CryptographicProvider.GenerateUserPINHash(userDto.PIN) : null,
TimeZone = userDto.TimeZone,
MobileNumber = new MobileNumber
{
IddCode = userDto.MobileNumber?.IddCode,
Number = userDto.MobileNumber?.Number
},
AlternateId = userDto.AlternateId,
Email = userDto.Email,
UserName = userDto.Email,
NormalizedUserName = userDto.Email.ToUpper(),
NormalizedEmail = userDto.Email.ToUpper(),
AccessExpiryDate = userDto.AccessExpiryDate,
GroupRoles = roleAssignments,
UserLocation = new UserLocation
{
Country = userDto.UserLocation?.Country,
State = userDto.UserLocation?.State,
City = userDto.UserLocation?.City
},
Tag = tag,
ImageBlobId = userDto.ImageBlobId,
PasswordHash = userDto.PasswordHash
};
if (userDto.Purposes != null && userDto.Purposes.Count > 0)
{
user.Purposes = new List <string>();
user.Purposes.AddRange(userDto.Purposes);
}
await _identityService.CreateUserAsync(user);
var userUpdateMessageDto = new UserUpdateMessageDto
{
UserId = user.Id,
GroupRoles = userDto.GroupRoles
};
//await _platformServiceBusService.TriggerPodAccessDefinitionGenerationAsync(userUpdateMessageDto);
result.IsSucceeded = true;
result.Id = user.Id;
result.ETag = user.ETag;
result.UpdatedById = user.UpdatedById;
result.UpdatedOnUtc = user.UpdatedOnUtc;
}
catch (Exception e)
{
Console.WriteLine(e);
result.IsSucceeded = false;
result.ErrorCode = e.Message;
}
return(result);
}
