/// <summary>
/// Called when the "Submit" button in the UI gets pressed.
/// Writes data passed from the UI into the ID stored in <see cref="TargetIdSlot"/>, if present.
/// </summary>
private void TryWriteToTargetId(string newFullName, string newJobTitle, List <string> newAccessList)
{
if (TargetIdSlot.Item is not {
Valid: true
} targetIdEntity || !PrivilegedIdIsAuthorized())
{
return;
}
var cardSystem = EntitySystem.Get <IdCardSystem>();
cardSystem.TryChangeFullName(targetIdEntity, newFullName);
cardSystem.TryChangeJobTitle(targetIdEntity, newJobTitle);
if (!newAccessList.TrueForAll(x => AccessLevels.Contains(x)))
{
Logger.Warning("Tried to write unknown access tag.");
return;
}
var accessSystem = EntitySystem.Get <AccessSystem>();
accessSystem.TrySetTags(targetIdEntity, newAccessList);
}
protected void Page_Load(object sender, EventArgs e)
{
HeaderAuthBoxMessage = string.Empty;
ParagraphAuthBoxMessage = string.Empty;
AuthenticationMessage = string.Empty;
//If the user is not loggedin, redirect to Login page.
if (HttpContext.Current.Session == null || HttpContext.Current.Session.Contents["UserData"] == null)
{
Response.Redirect(GetHomepageLink("login"));
}
//but if the user is actually logged in we only need to check if he was granted elevated-access(s)
else
{
//Get a local copy of the user's session.
CurrentSession = (UserSession)HttpContext.Current.Session.Contents["UserData"];
//Initialize the list of current user-permissions (user-access-levels!)
InitAccessLevels();
//Initialize the redirection flag to true. This is responsible for redirecting the user.
//In the default state, the user must be redirected unless the request was valid and the redirection_flag was set to false.
redirectionFlag = true;
/*
* The Users must pass the following autentiaction criteria
* PrimarySipAccount = EffectiveSipAccount, which means he is not viewing another's user account (X Person) and this X person seems to have some elevated access permissions.
* The asked permission actually exists - in the query string and in the system!
* The asked permission was actually granted for the current user.
**/
//Mode 1: Non-delegee requests access
if (!string.IsNullOrEmpty(CurrentSession.User.SipAccount) && CurrentSession.DelegeeUserAccount == null)
{
if (!string.IsNullOrEmpty(Request.QueryString["access"]) && AccessLevels.Contains(Request.QueryString["access"].ToLower()))
{
//Case 1: The user asks for Admin or Accounting access
//Should pass "access" and "access" should be coherent within our own system
//Shouldn't pass the other variables, such as: identity (see the case of "identity" below.
//The following condition covers the case in which the user is asking an elevated access-permission
if (string.IsNullOrEmpty(Request.QueryString["identity"]))
{
accessParam = Request.QueryString["access"].ToLower();
HeaderAuthBoxMessage = "You have requested an elevated access";
ParagraphAuthBoxMessage = "Please note that you must authenticate your information before proceeding any further.";
//if the user was authenticated already
if (CurrentSession.ActiveRoleName != Functions.NormalUserRoleName && (CurrentSession.IsSiteAdmin || CurrentSession.IsSiteAccountant || CurrentSession.IsDeveloper || CurrentSession.IsDepartmentHead))
{
Response.Redirect(GetHomepageLink(CurrentSession.ActiveRoleName));
}
//if the user has the elevated-access-permission s/he is asking for, we fill the access text value in a hidden field in this page's form
else if (
(accessParam == Functions.SiteAdminRoleName && CurrentSession.IsSiteAdmin) ||
(accessParam == Functions.SiteAccountantRoleName && CurrentSession.IsSiteAccountant) ||
(accessParam == Functions.SystemAdminRoleName && CurrentSession.IsSystemAdmin) ||
(accessParam == Functions.DepartmentHeadRoleName && CurrentSession.IsDepartmentHead) ||
CurrentSession.IsDeveloper)
{
//set the value of hidden field in this page to the value of passed access variable.
this.ACCESS_LEVEL_FIELD.Value = accessParam;
//The user WOULD HAvE BEEN redirected if s/he weren't granted the elevated-access-permission s/he is asking for. But in this case, they passed the redirection.
redirectionFlag = false;
}
}
//Case 2: The user asks for Delegee access
if (!string.IsNullOrEmpty(Request.QueryString["identity"]))
{
accessParam = Request.QueryString["access"].ToLower();
identityParam = Request.QueryString["identity"];
HeaderAuthBoxMessage = "You have requested to manage a delegee account";
ParagraphAuthBoxMessage = "Please note that you must authenticate your information before proceeding any further.";
bool userDelegeeCaseMatch = (CurrentSession.IsUserDelegate && accessParam == Functions.UserDelegeeRoleName && CurrentSession.UserDelegateRoles.Find(role => role.ManagedUserSipAccount == identityParam) != null);
bool departmentDelegeeCaseMatch = (CurrentSession.IsDepartmentDelegate && accessParam == Functions.DepartmentDelegeeRoleName && CurrentSession.DepartmentDelegateRoles.Find(role => role.ManagedUserSipAccount == identityParam) != null);
bool siteDelegeeCaseMatch = (CurrentSession.IsSiteDelegate && accessParam == Functions.SiteDelegeeRoleName && CurrentSession.SiteDelegateRoles.Find(role => role.ManagedUserSipAccount == identityParam) != null);
//if the user has the elevated-access-permission s/he is asking for, we fill the access text value in a hidden field in this page's form
if (userDelegeeCaseMatch || departmentDelegeeCaseMatch || siteDelegeeCaseMatch || CurrentSession.IsDeveloper)
{
//set the value of hidden field in this page to the value of passed access variable.
this.ACCESS_LEVEL_FIELD.Value = accessParam;
this.DELEGEE_IDENTITY.Value = identityParam;
//SwitchToDelegeeAndRedirect(identityParam);
//The user WOULD HAVE BEEN redirected if s/he weren't granted the elevated-access-permission s/he is asking for. But in this case, they passed the redirection.
redirectionFlag = false;
}
}
}
}
//The following condition covers the case in which the user is asking to drop the already granted elevated-access-permission
if (!string.IsNullOrEmpty(Request.QueryString["action"]))
{
dropParam = Request.QueryString["action"].ToLower();
//Case 1: Drop Admin or Accounting Access
if (dropParam == "drop")
{
DropAccess(dropParam);
redirectionFlag = false;
}
else
{
redirectionFlag = true;
}
}
//if the user was not granted any elevated-access permission or he is currently in a manage-delegee mode, redirect him/her to the Users Dashboard page.
//Or if the redirection_flag was not set to FALSE so far, we redurect the user to the USER DASHBOARD
if (redirectionFlag == true)
{
Response.Redirect(GetHomepageLink(Functions.NormalUserRoleName));
}
}
sipAccount = ((UserSession)HttpContext.Current.Session.Contents["UserData"]).User.SipAccount;
}//END OF PAGE_LOAD