protected void UpdateRequestsToViewState()
{
if (!CollectionUtils.IsNullOrEmpty(userRepeaterList.Items) && !CollectionUtils.IsNullOrEmpty(_modelState.Requests))
{
for (int i = 0; i < userRepeaterList.Items.Count; ++i)
{
RepeaterItem repeaterItem = userRepeaterList.Items[i];
AccountAuthorizationRequest request = _modelState.Requests[i];
TextBox commentsBox = (TextBox)repeaterItem.FindControl("commentsTextBox");
request.Response.AuthorizationComments = commentsBox.Text;
Repeater flowsRepeater = (Repeater)repeaterItem.FindControl("flowRepeaterList");
for (int j = 0; j < flowsRepeater.Items.Count; ++j)
{
RepeaterItem flowRepeaterItem = flowsRepeater.Items[j];
CheckBox allowCheckBox = (CheckBox)flowRepeaterItem.FindControl("allowCheckBox");
Label allowCheckTag = (Label)flowRepeaterItem.FindControl("allowCheckTag");
string flowName = allowCheckTag.Text;
foreach (AccountAuthorizationRequestFlow requestFlow in request.RequestedFlows)
{
if (string.Equals(flowName, requestFlow.FlowName, StringComparison.InvariantCultureIgnoreCase))
{
requestFlow.AccessGranted = allowCheckBox.Checked;
break;
}
}
}
}
}
}
public void ProcessSubmit(string transactionId)
{
GetServiceImplementation(out _transactionManager);
GetServiceImplementation(out _accountAuthorizationRequestManager);
GetServiceImplementation(out _serializationHelper);
GetServiceImplementation(out _documentManager);
GetServiceImplementation(out _xmlValidationHelper);
IList <string> docIds = _transactionManager.GetAllUnprocessedDocumentDbIds(transactionId);
if (CollectionUtils.IsNullOrEmpty(docIds))
{
throw new ArgumentException("No authorization requests specified for transaction \"{0}\"",
transactionId);
}
if (docIds.Count > 1)
{
throw new ArgumentException("More than one authorization request was specified for transaction \"{0}\"",
transactionId);
}
AppendAuditLogEvent("Received {0} user Authorization request(s)", docIds.Count);
List <AccountAuthorizationRequest> requests = new List <AccountAuthorizationRequest>(docIds.Count);
foreach (string docId in docIds)
{
AccountAuthorizationRequest accountRequest = GetAccountAuthorizationRequest(transactionId, docId);
_accountAuthorizationRequestManager.Save(accountRequest);
_documentManager.SetDocumentStatus(transactionId, docId, CommonTransactionStatusCode.Processed,
"Processed " + docId.ToString());
}
}
public AccountAuthorizationRequest RejectRequest(AccountAuthorizationRequest request, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
ExceptionUtils.ThrowIfNull(request.Response, "request.Response");
if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
foreach (AccountAuthorizationRequestFlow flow in request.RequestedFlows)
{
flow.AccessGranted = false;
}
}
request.Response.AuthorizationAccountId = visit.Account.Id;
request.Response.DidCreateInNaas = false;
_accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, false);
string statusDetail = string.Format("{0} rejected authorization request from user \"{1} ({2})\": {3}",
visit.Account.NaasAccount, request.FullName, request.NaasAccount,
request.ToString());
ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail);
return(request);
}
private AccountAuthorizationRequest MapAccountAuthorizationRequest(IDataReader reader)
{
AccountAuthorizationRequest request = new AccountAuthorizationRequest();
int index = 0;
request.Id = reader.GetString(index++);
request.TransactionId = reader.GetString(index++);
request.RequestGeneratedOn = reader.GetDateTime(index++);
request.RequestType = reader.GetString(index++);
request.NaasAccount = reader.GetString(index++);
request.FullName = reader.GetString(index++);
request.OrganizationAffiliation = reader.GetString(index++);
request.TelephoneNumber = reader.GetString(index++);
request.EmailAddress = reader.GetString(index++);
request.AffiliatedNodeId = reader.GetString(index++);
request.AffiliatedCounty = reader.GetString(index++);
request.PurposeDescription = reader.GetString(index++);
request.RequestedNodeIds = reader.GetString(index++).Split(',');
if (!reader.IsDBNull(index))
{
AccountAuthorizationResponse response = new AccountAuthorizationResponse();
response.AuthorizationAccountId = reader.GetString(index++);
response.AuthorizationComments = reader.GetString(index++);
response.AuthorizationGeneratedOn = reader.GetDateTime(index++);
response.DidCreateInNaas = DbUtils.ToBool(reader.GetString(index++));
request.Response = response;
}
return(request);
}
protected AuthorizationResponse GetAuthorizationResponse(AccountAuthorizationRequest request, bool doAccept)
{
AuthorizationResponse response = new AuthorizationResponse();
response.GeneratedOn = request.Response.AuthorizationGeneratedOn;
response.NaasUsername = request.NaasAccount;
response.AccountCreatedInNaas = request.Response.DidCreateInNaas;
response.Comments = request.Response.AuthorizationComments;
if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
response.AuthorizationList = new AuthorizationItem[request.RequestedFlows.Count];
for (int i = 0; i < request.RequestedFlows.Count; ++i)
{
AccountAuthorizationRequestFlow requestFlow = request.RequestedFlows[i];
AuthorizationItem authorizationItem = new AuthorizationItem();
authorizationItem.AccessGranted = doAccept ? requestFlow.AccessGranted : false;
authorizationItem.RequestedDataSourceName = requestFlow.FlowName;
response.AuthorizationList[i] = authorizationItem;
}
}
else
{
response.AuthorizationList = new AuthorizationItem[0];
}
return(response);
}
protected AccountAuthorizationRequest GetAccountAuthorizationRequest(string transactionId, string docId)
{
byte[] content = _documentManager.GetUncompressedContent(transactionId, docId);
ValidateAuthorizationRequestXml(content);
AuthorizationRequest request;
try
{
request = _serializationHelper.Deserialize <AuthorizationRequest>(content);
}
catch (Exception ex)
{
throw new InvalidDataException(string.Format("Could not deserialize authorization request document content for document id: \"{0}\"",
docId), ex);
}
if (_accountAuthorizationRequestManager.HasOpenRequestForUser(request.NaasUsername))
{
throw new ArgumentException(string.Format("There is already an open authorization request for the user: {0}", request.NaasUsername));
}
if ((request.GeneratedOn < DateTime.Now.AddYears(-2)) || (request.GeneratedOn > DateTime.Now.AddYears(1)))
{
throw new ArgumentException(string.Format("The request GeneratedOn date is invalid: {0}", request.GeneratedOn));
}
bool existsInNaas =
_accountAuthorizationRequestManager.ValidateUserExistance(request.NaasUsername, request.AffiliatedNodeId,
request.RequestedDataSourceNames);
AccountAuthorizationRequest accountRequest = new AccountAuthorizationRequest();
accountRequest.AffiliatedCounty = request.AffiliatedCounty;
accountRequest.AffiliatedNodeId = request.AffiliatedNodeId;
accountRequest.EmailAddress = request.EmailAddress;
accountRequest.FullName = request.FullName;
accountRequest.NaasAccount = request.NaasUsername;
accountRequest.OrganizationAffiliation = request.OrganizationAffiliation;
accountRequest.PurposeDescription = request.PurposeDescription;
accountRequest.RequestedNodeIds = request.RequestedNodeIds;
accountRequest.RequestGeneratedOn = request.GeneratedOn;
accountRequest.TelephoneNumber = request.TelephoneNumber;
accountRequest.RequestType = request.RequestType;
if (!CollectionUtils.IsNullOrEmpty(request.RequestedDataSourceNames))
{
List <AccountAuthorizationRequestFlow> flowList =
new List <AccountAuthorizationRequestFlow>(request.RequestedDataSourceNames.Length);
foreach (string flowName in request.RequestedDataSourceNames)
{
flowList.Add(new AccountAuthorizationRequestFlow(flowName));
}
accountRequest.RequestedFlows = flowList;
}
accountRequest.TransactionId = transactionId;
return(accountRequest);
}
public void Save(AccountAuthorizationRequest item)
{
_accountAuthorizationRequestDao.Save(item);
// If the user already exists in the node and has all requested permissions,
// bypass notifying the node admin.
try
{
CheckForAlreadyValidAuthorizationRequest(item);
}
catch (Exception)
{
}
}
public void Save(AccountAuthorizationRequest item)
{
if (item == null)
{
throw new ArgumentException("Null item");
}
string id = null;
TransactionTemplate.Execute(delegate
{
string authorizationAccountId = null, authorizationComments = null;
DateTime authorizationGeneratedOn = DbUtils.DB_MIN_DATE;
string didCreateInNaas = null;
if (item.Response != null)
{
authorizationAccountId = item.Response.AuthorizationAccountId;
authorizationComments = item.Response.AuthorizationComments;
authorizationGeneratedOn = item.Response.AuthorizationGeneratedOn;
didCreateInNaas = DbUtils.ToDbBool(item.Response.DidCreateInNaas);
}
if (string.IsNullOrEmpty(item.Id))
{
id = IdProvider.Get();
DoInsert(TABLE_NAME, MAP_AUTH_REQUEST_COLUMNS, id, item.TransactionId, item.RequestGeneratedOn, item.RequestType,
item.NaasAccount, item.FullName, item.OrganizationAffiliation, item.TelephoneNumber,
item.EmailAddress, item.AffiliatedNodeId, item.AffiliatedCounty, item.PurposeDescription,
StringUtils.Join(",", item.RequestedNodeIds), authorizationAccountId,
authorizationComments, authorizationGeneratedOn, didCreateInNaas);
}
else
{
id = item.Id;
DoSimpleUpdateOne(TABLE_NAME, "Id", id, MAP_AUTH_REQUEST_COLUMNS,
id, item.TransactionId, item.RequestGeneratedOn, item.RequestType,
item.NaasAccount, item.FullName, item.OrganizationAffiliation, item.TelephoneNumber,
item.EmailAddress, item.AffiliatedNodeId, item.AffiliatedCounty, item.PurposeDescription,
StringUtils.Join(",", item.RequestedNodeIds), authorizationAccountId,
authorizationComments, authorizationGeneratedOn, didCreateInNaas);
}
// Update flow requests
DeleteAllFlowsForRequest(id);
SaveRequestedFlows(id, item.RequestedFlows);
return(null);
});
if (string.IsNullOrEmpty(item.Id))
{
item.Id = id;
}
}
protected void DoUpdateRequest(CommandEventArgs e, bool doAccept)
{
HtmlGenericControl itemPageErrorDiv = null;
try
{
if (!CollectionUtils.IsNullOrEmpty(userRepeaterList.Items) && !CollectionUtils.IsNullOrEmpty(_modelState.Requests))
{
UpdateRequestsToViewState();
int index;
AccountAuthorizationRequest request = GetRequest(e, out index);
itemPageErrorDiv = (HtmlGenericControl)userRepeaterList.Items[index].FindControl("itemDivPageError");
if (doAccept)
{
bool atleastOneFlowChecked = false;
if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
foreach (AccountAuthorizationRequestFlow flow in request.RequestedFlows)
{
if (flow.AccessGranted)
{
atleastOneFlowChecked = true;
break;
}
}
}
if (!atleastOneFlowChecked)
{
SetDivPageError(itemPageErrorDiv, "Please allow the user access to at least one requested flow.");
return;
}
_accountAuthorizationRequestManagerService.AcceptRequest(request, VisitHelper.GetVisit());
}
else
{
_accountAuthorizationRequestManagerService.RejectRequest(request, VisitHelper.GetVisit());
}
_modelState.Requests.RemoveAt(index);
divPageNote.Visible = true;
divPageNote.InnerText = string.Format("The request from user \"{0}\" has been {1}.", request.NaasAccount, doAccept ? "accepted" : "rejected");
}
userRepeaterList.DataSource = _modelState.Requests;
userRepeaterList.DataBind();
}
catch (Exception ex)
{
SetDivPageError(itemPageErrorDiv, ex);
}
}
protected ICollection <DataFlow> FlowList(object dataItem)
{
AccountAuthorizationRequest request = (AccountAuthorizationRequest)dataItem;
if (CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
return(_modelState.Flows.Values);
}
else
{
SortedList <string, DataFlow> list = new SortedList <string, DataFlow>();
foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows)
{
DataFlow dataFlow;
if (_modelState.Flows.TryGetValue(requestedFlow.FlowName.ToUpper(), out dataFlow))
{
list.Add(requestedFlow.FlowName, dataFlow);
}
}
return(list.Values);
}
}
public void DoRequestUpdate(AccountAuthorizationRequest request, string adminName, bool doAccept)
{
request.Response.AuthorizationGeneratedOn = DateTime.Now;
AuthorizationResponse response = GetAuthorizationResponse(request, doAccept);
byte[] authorizationResponsContent = _serializationHelper.Serialize(response);
Document document = new Document(response.GetType().Name + ".xml", CommonContentType.XML, authorizationResponsContent);
string statusDetail = string.Format("{0} {1} authorization request from user \"{2} ({3})\"",
adminName, doAccept ? "accepted" : "rejected",
request.FullName, request.NaasAccount);
TransactionTemplate.Execute(delegate
{
Save(request);
_documentManager.AddDocument(request.TransactionId, CommonTransactionStatusCode.Completed,
statusDetail, document);
_transactionDao.SetTransactionStatus(request.TransactionId, CommonTransactionStatusCode.Completed,
statusDetail, true);
return(null);
});
}
protected void userRepeaterList_ItemDataBound(object sender, RepeaterItemEventArgs e)
{
AccountAuthorizationRequest request = (AccountAuthorizationRequest)e.Item.DataItem;
Repeater flowsRepeater = (Repeater)e.Item.FindControl("flowRepeaterList");
ICollection <DataFlow> flows = FlowList(e.Item.DataItem);
if (CollectionUtils.IsNullOrEmpty(flows))
{
flowsRepeater.Visible = false;
Control noFlowsControl = e.Item.FindControl("noFlowsLabel");
noFlowsControl.Visible = true;
}
else
{
flowsRepeater.DataSource = flows;
flowsRepeater.DataBind();
int i = 0;
foreach (DataFlow dataFlow in flows)
{
RepeaterItem flowRepeaterItem = flowsRepeater.Items[i];
foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows)
{
if (string.Equals(requestedFlow.FlowName, dataFlow.FlowName, StringComparison.InvariantCultureIgnoreCase))
{
CheckBox allowCheckBox = (CheckBox)flowRepeaterItem.FindControl("allowCheckBox");
allowCheckBox.Checked = requestedFlow.AccessGranted;
break;
}
}
Label allowCheckTag = (Label)flowRepeaterItem.FindControl("allowCheckTag");
allowCheckTag.Text = dataFlow.FlowName;
++i;
}
}
TextBox commentsBox = (TextBox)e.Item.FindControl("commentsTextBox");
commentsBox.Text = request.Response.AuthorizationComments ?? string.Empty;
}
protected void LoadRequests()
{
NodeVisit visit = VisitHelper.GetVisit();
IList <AccountAuthorizationRequest> requests =
_accountAuthorizationRequestManagerService.GetOpenUserRequests(visit);
if (!CollectionUtils.IsNullOrEmpty(requests))
{
bool hasPreviousRequests = !CollectionUtils.IsNullOrEmpty(_modelState.Requests);
foreach (AccountAuthorizationRequest request in requests)
{
AccountAuthorizationRequest previousRequest = null;
if (hasPreviousRequests)
{
foreach (AccountAuthorizationRequest pRequest in _modelState.Requests)
{
if (pRequest.Id == request.Id)
{
previousRequest = pRequest;
break;
}
}
}
if (previousRequest != null)
{
request.Response = previousRequest.Response;
request.RequestedFlows = previousRequest.RequestedFlows;
}
else
{
request.Response = new AccountAuthorizationResponse();
if (CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
if (!CollectionUtils.IsNullOrEmpty(_modelState.Flows))
{
List <AccountAuthorizationRequestFlow> requestedFlows =
new List <AccountAuthorizationRequestFlow>(_modelState.Flows.Count);
foreach (DataFlow dataFlow in _modelState.Flows.Values)
{
requestedFlows.Add(new AccountAuthorizationRequestFlow(dataFlow.FlowName));
}
request.RequestedFlows = requestedFlows;
}
}
// Pre check Access Granted to flows that the user already has access to
IList <string> existingProtectedFlows =
_accountAuthorizationRequestManagerService.GetProtectedFlowNamesForUser(visit, request.NaasAccount);
if (!CollectionUtils.IsNullOrEmpty(existingProtectedFlows))
{
foreach (string protectedFlowName in existingProtectedFlows)
{
foreach (AccountAuthorizationRequestFlow requestFlow in request.RequestedFlows)
{
if (string.Equals(requestFlow.FlowName, protectedFlowName, StringComparison.InvariantCultureIgnoreCase))
{
requestFlow.AccessGranted = true;
break;
}
}
}
}
}
}
}
_modelState.Requests =
new SortableCollection <AccountAuthorizationRequest>(requests);
_modelState.Requests.Sort(_modelState.SortProperty, _modelState.SortAscending);
}
public AccountAuthorizationRequest AcceptRequest(AccountAuthorizationRequest request, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
ExceptionUtils.ThrowIfNull(request.Response, "request.Response");
IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap();
bool userExists = ValidateUserExistance(request.NaasAccount, request.AffiliatedNodeId,
null, upperFlowNameToIdMap);
string password = _accountManager.GenerateRandomPassword();
UserAccount userAccount = _accountDao.GetByName(request.NaasAccount);
List <UserAccessPolicy> policies = null;
if (userAccount == null)
{
userAccount = new UserAccount();
userAccount.ModifiedById = visit.Account.Id;
userAccount.NaasAccount = request.NaasAccount;
userAccount.Role = SystemRoleType.Authed;
}
else
{
if (!CollectionUtils.IsNullOrEmpty(userAccount.Policies))
{
policies = new List <UserAccessPolicy>(userAccount.Policies);
}
}
userAccount.IsActive = true;
if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows)
{
UserAccessPolicy curPolicy = GetPolicyForFlow(requestedFlow.FlowName, policies);
bool foundFlow = (curPolicy != null);
if (foundFlow && !requestedFlow.AccessGranted)
{
policies.Remove(curPolicy);
}
else if (!foundFlow && requestedFlow.AccessGranted)
{
UserAccessPolicy policy =
_accountPolicyManager.CreatePolicy(userAccount.Role, null, requestedFlow.FlowName,
FlowRoleType.Endpoint);
policy.ModifiedById = visit.Account.Id;
CollectionUtils.Add(policy, ref policies);
}
}
userAccount.Policies = policies;
}
_accountManager.Save(userAccount, true, password, visit);
request.Response.AuthorizationAccountId = visit.Account.Id;
request.Response.DidCreateInNaas = !userExists;
_accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, true);
string statusDetail = string.Format("{0} accepted authorization request from user \"{1} ({2})\": {3}",
visit.Account.NaasAccount, request.FullName, request.NaasAccount,
request.ToString());
ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail);
return(request);
}
/// <summary>
/// Check to see if the input request is already valid (user exists in NAAS and the node and already has access to
/// the requested flows. If so, automatically set the request to Accepted, thereby bypassing the need for
/// the node Admin to formally accept the request.
/// </summary>
protected void CheckForAlreadyValidAuthorizationRequest(AccountAuthorizationRequest item)
{
UserAccount userAccount = null;
try
{
userAccount = _accountManager.GetByName(item.NaasAccount);
}
catch (Exception)
{
}
if ((userAccount != null) && userAccount.IsActive)
{
IList <string> protectedFlows = _flowManager.GetProtectedFlowNames();
bool hasAccessToAllRequestedFlows = true;
IList <AccountAuthorizationRequestFlow> requestedFlows = null;
if (!CollectionUtils.IsNullOrEmpty(protectedFlows))
{
if (CollectionUtils.IsNullOrEmpty(item.RequestedFlows))
{
// If item.RequestedFlows == null, this is a request to grant access to all protected flows
requestedFlows = new List <AccountAuthorizationRequestFlow>(protectedFlows.Count);
foreach (string flowName in protectedFlows)
{
requestedFlows.Add(new AccountAuthorizationRequestFlow(flowName));
}
}
else
{
// Deep copy the list so that we can update element without affecting the "real" request
// until we are sure we will accept the user
requestedFlows = new List <AccountAuthorizationRequestFlow>(item.RequestedFlows.Count);
foreach (AccountAuthorizationRequestFlow requestedFlow in item.RequestedFlows)
{
requestedFlows.Add(new AccountAuthorizationRequestFlow(requestedFlow.FlowName));
}
}
// Check that the user has access to all the requested flows:
IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap();
foreach (AccountAuthorizationRequestFlow requestedFlow in requestedFlows)
{
if (upperFlowNameToIdMap.ContainsKey(requestedFlow.FlowName.ToUpper()))
{
if (!HasPolicyForFlow(requestedFlow.FlowName, userAccount.Policies))
{
hasAccessToAllRequestedFlows = false;
break;
}
else
{
requestedFlow.AccessGranted = true;
}
}
}
}
if (hasAccessToAllRequestedFlows)
{
// Validate that the user is actually in NAAS
if (_naasManager.UserExists(userAccount.NaasAccount))
{
// Accept this user automatically
item.RequestedFlows = requestedFlows;
item.Response = new AccountAuthorizationResponse();
item.Response.AuthorizationAccountId = _accountManager.AdminAccount.Id;
item.Response.AuthorizationComments = "The node admin automatically accepted the request since all requested policies are currently active";
item.Response.DidCreateInNaas = false;
_accountAuthorizationRequestDao.DoRequestUpdate(item, _accountManager.AdminAccount.NaasAccount, true);
string statusDetail = string.Format("Automatically accepted authorization request from user \"{0} ({1})\" since all requested policies are currently active: {2}",
item.FullName, item.NaasAccount, item.ToString());
ActivityManager.LogAudit(NodeMethod.None, null, item.TransactionId, null, statusDetail);
}
}
}
}
protected string UserDisplayTitle(object dataItem)
{
AccountAuthorizationRequest request = (AccountAuthorizationRequest)dataItem;
return(string.Format("{0} ({1})", request.FullName, request.NaasAccount));
}
protected string RequestDateDisplayName(object dataItem)
{
AccountAuthorizationRequest request = (AccountAuthorizationRequest)dataItem;
return(string.Format("Requested: {0}", request.RequestGeneratedOn.ToShortDateString()));
}
private void PostMapAccountAuthorizationRequest(AccountAuthorizationRequest request)
{
request.RequestedFlows = GetRequestFlows(request.Id);
}
