private bool CanAccessOwner(int businessId, int ownerId)
{
// validate that the current user can access this record
string userId = UserAccountHelper.GetUserId(_httpContext);
bool isBusiness = UserAccountHelper.IsBusiness(_httpContext);
// not a business user
if (string.IsNullOrEmpty(userId) || !isBusiness)
{
return(false);
}
// get business & owner record
HetOwner owner = _context.HetOwner.AsNoTracking()
.Include(x => x.Business)
.ThenInclude(x => x.HetBusinessUser)
.FirstOrDefault(x => x.BusinessId == businessId &&
x.OwnerId == ownerId);
// get user
HetBusinessUser user = owner?.Business?.HetBusinessUser
.FirstOrDefault(x => x.BceidUserId.Equals(userId, StringComparison.InvariantCultureIgnoreCase));
// no access to business or business doesn't exist
return(user != null);
}
/// <summary>
/// Get user record using the user id from the http context
/// </summary>
/// <param name="context"></param>
/// <param name="httpContext"></param>
/// <returns></returns>
public static User GetUser(DbAppContext context, HttpContext httpContext)
{
User user = new User();
// is this a business?
bool isBusinessUser = IsBusiness(httpContext);
string userId = GetUserId(httpContext);
if (!isBusinessUser)
{
HetUser tmpUser = context.HetUser.AsNoTracking()
.FirstOrDefault(x => x.SmUserId.ToLower().Equals(userId.ToLower()));
if (tmpUser != null)
{
user.Id = tmpUser.UserId;
user.SmUserId = tmpUser.SmUserId;
user.GivenName = tmpUser.GivenName;
user.Surname = tmpUser.Surname;
user.DisplayName = tmpUser.GivenName + " " + tmpUser.Surname;
user.UserGuid = tmpUser.Guid;
user.BusinessUser = false;
user.SmAuthorizationDirectory = tmpUser.SmAuthorizationDirectory;
user.AgreementCity = tmpUser.AgreementCity;
}
}
else
{
HetBusinessUser tmpUser = context.HetBusinessUser.AsNoTracking()
.FirstOrDefault(x => x.BceidUserId.ToLower().Equals(userId.ToLower()));
if (tmpUser != null)
{
// get business
HetBusiness business = context.HetBusiness.AsNoTracking()
.First(x => x.BusinessId == tmpUser.BusinessId);
user.Id = tmpUser.BusinessUserId;
user.SmUserId = tmpUser.BceidUserId;
user.GivenName = tmpUser.BceidFirstName;
user.Surname = tmpUser.BceidLastName;
user.DisplayName = tmpUser.BceidDisplayName;
user.UserGuid = tmpUser.BceidGuid;
user.BusinessUser = true;
user.BusinessId = tmpUser.BusinessId;
user.BusinessGuid = business.BceidBusinessGuid;
user.SmAuthorizationDirectory = "BCeID";
}
}
return(user);
}
public virtual IActionResult UsersCurrentGet()
{
_logger.LogDebug("Get Current User");
// get the current user id
string businessGuid = _context.SmBusinessGuid;
string userId = _context.SmUserId;
_logger.LogDebug("User Id: {0}", userId);
_logger.LogDebug("Business Guid: {0}", businessGuid);
// not found - return an HTTP 401 error response
if (string.IsNullOrEmpty(userId))
{
return(StatusCode(401));
}
User user = new User();
if (string.IsNullOrEmpty(businessGuid))
{
HetUser currentUser = _context.HetUser
.Include(x => x.District)
.Include(x => x.HetUserRole)
.ThenInclude(y => y.Role)
.ThenInclude(z => z.HetRolePermission)
.ThenInclude(z => z.Permission)
.First(x => x.SmUserId == userId);
// remove inactive roles
for (int i = currentUser.HetUserRole.Count - 1; i >= 0; i--)
{
if (currentUser.HetUserRole.ElementAt(i).EffectiveDate > DateTime.UtcNow ||
(currentUser.HetUserRole.ElementAt(i).ExpiryDate != null &&
currentUser.HetUserRole.ElementAt(i).ExpiryDate < DateTime.UtcNow))
{
currentUser.HetUserRole.Remove(currentUser.HetUserRole.ElementAt(i));
}
}
user.Id = currentUser.UserId;
user.SmUserId = currentUser.SmUserId;
user.GivenName = currentUser.GivenName;
user.Surname = currentUser.Surname;
user.DisplayName = currentUser.GivenName + " " + currentUser.Surname;
user.UserGuid = currentUser.Guid;
user.BusinessUser = false;
user.District = currentUser.District;
user.HetUserDistrict = currentUser.HetUserDistrict;
user.HetUserRole = currentUser.HetUserRole;
user.SmAuthorizationDirectory = currentUser.SmAuthorizationDirectory;
// set environment
user.Environment = "Development";
if (_env.IsProduction())
{
user.Environment = "Production";
}
else if (_env.IsStaging())
{
user.Environment = "Test";
}
else if (_env.IsEnvironment("Training"))
{
user.Environment = "Training";
}
else if (_env.IsEnvironment("UAT"))
{
user.Environment = "UAT";
}
}
else
{
HetBusinessUser tmpUser = _context.HetBusinessUser.AsNoTracking()
.Include(x => x.HetBusinessUserRole)
.ThenInclude(y => y.Role)
.ThenInclude(z => z.HetRolePermission)
.ThenInclude(z => z.Permission)
.FirstOrDefault(x => x.BceidUserId.Equals(userId, StringComparison.InvariantCultureIgnoreCase));
if (tmpUser != null)
{
// get business
HetBusiness business = _context.HetBusiness.AsNoTracking()
.First(x => x.BusinessId == tmpUser.BusinessId);
user.Id = tmpUser.BusinessUserId;
user.SmUserId = tmpUser.BceidUserId;
user.GivenName = tmpUser.BceidFirstName;
user.Surname = tmpUser.BceidLastName;
user.DisplayName = tmpUser.BceidDisplayName;
user.UserGuid = tmpUser.BceidGuid;
user.BusinessUser = true;
user.BusinessId = tmpUser.BusinessId;
user.BusinessGuid = business.BceidBusinessGuid;
user.SmAuthorizationDirectory = "BCeID";
int id = 0;
foreach (HetBusinessUserRole role in tmpUser.HetBusinessUserRole)
{
id++;
HetUserRole userRole = new HetUserRole
{
UserRoleId = id,
UserId = role.BusinessUserId,
RoleId = role.RoleId,
Role = role.Role
};
if (user.HetUserRole == null)
{
user.HetUserRole = new List <HetUserRole>();
}
user.HetUserRole.Add(userRole);
}
}
}
return(new ObjectResult(new HetsResponse(user)));
}
/// <summary>
/// Get business user record
/// </summary>
/// <param name="context"></param>
/// <param name="httpContext"></param>
/// <param name="userId"></param>
/// <param name="businessGuid"></param>
/// <param name="guid"></param>
/// <returns></returns>
public static HetBusinessUser GetBusinessUser(DbAppContext context, HttpContext httpContext, string userId, string businessGuid, string guid = null)
{
// find the business
HetBusiness business = context.HetBusiness.AsNoTracking()
.FirstOrDefault(x => x.BceidBusinessGuid.ToLower().Trim() == businessGuid.ToLower().Trim());
// setup the business
if (business == null)
{
business = new HetBusiness
{
BceidBusinessGuid = businessGuid.ToLower().Trim(),
AppCreateUserDirectory = "BCeID",
AppCreateUserGuid = guid,
AppCreateUserid = userId,
AppCreateTimestamp = DateTime.UtcNow,
AppLastUpdateUserDirectory = "BCeID",
AppLastUpdateUserGuid = guid,
AppLastUpdateUserid = userId,
AppLastUpdateTimestamp = DateTime.UtcNow
};
// get additional business data
string legalName = httpContext.Request.Headers[ConstSiteMinderBusinessLegalName];
string businessNumber = httpContext.Request.Headers[ConstSiteMinderBusinessNumber];
if (!string.IsNullOrEmpty(legalName))
{
business.BceidLegalName = legalName;
}
if (!string.IsNullOrEmpty(businessNumber))
{
business.BceidBusinessNumber = businessNumber;
}
// save record
context.HetBusiness.Add(business);
context.SaveChanges();
}
else
{
// update business information
string legalName = httpContext.Request.Headers[ConstSiteMinderBusinessLegalName];
string businessNumber = httpContext.Request.Headers[ConstSiteMinderBusinessNumber];
if (!string.IsNullOrEmpty(legalName))
{
business.BceidLegalName = legalName;
}
if (!string.IsNullOrEmpty(businessNumber))
{
business.BceidBusinessNumber = businessNumber;
}
business.AppLastUpdateUserDirectory = "BCeID";
business.AppLastUpdateUserGuid = guid;
business.AppLastUpdateUserid = userId;
business.AppLastUpdateTimestamp = DateTime.UtcNow;
context.SaveChanges();
}
// ok - now find the user
HetBusinessUser user = context.HetBusinessUser
.FirstOrDefault(x => x.BusinessId == business.BusinessId &&
x.BceidUserId == userId);
if (user == null)
{
// auto register the user
user = new HetBusinessUser
{
BceidUserId = userId,
BceidGuid = guid,
BusinessId = business.BusinessId,
AppCreateUserDirectory = "BCeID",
AppCreateUserGuid = guid,
AppCreateUserid = userId,
AppCreateTimestamp = DateTime.UtcNow,
AppLastUpdateUserDirectory = "BCeID",
AppLastUpdateUserGuid = guid,
AppLastUpdateUserid = userId,
AppLastUpdateTimestamp = DateTime.UtcNow
};
// get additional user data
string displayName = httpContext.Request.Headers[ConstSiteMinderUserDisplayName];
string email = httpContext.Request.Headers[ConstSiteMinderEmail];
if (!string.IsNullOrEmpty(displayName))
{
user.BceidDisplayName = displayName;
}
if (!string.IsNullOrEmpty(email))
{
user.BceidEmail = email;
}
// add the "Business Logon" role
HetBusinessUserRole userRole = new HetBusinessUserRole
{
RoleId = StatusHelper.GetRoleId("Business BCeID", context),
EffectiveDate = DateTime.UtcNow.AddMinutes(-10),
AppCreateUserDirectory = "BCeID",
AppCreateUserGuid = guid,
AppCreateUserid = userId,
AppCreateTimestamp = DateTime.UtcNow,
AppLastUpdateUserDirectory = "BCeID",
AppLastUpdateUserGuid = guid,
AppLastUpdateUserid = userId,
AppLastUpdateTimestamp = DateTime.UtcNow
};
user.HetBusinessUserRole.Add(userRole);
// save record
context.HetBusinessUser.Add(user);
context.SaveChanges();
}
else
{
// update the user
string displayName = httpContext.Request.Headers[ConstSiteMinderUserDisplayName];
string email = httpContext.Request.Headers[ConstSiteMinderEmail];
if (!string.IsNullOrEmpty(displayName))
{
user.BceidDisplayName = displayName;
}
if (!string.IsNullOrEmpty(email))
{
user.BceidEmail = email;
}
context.SaveChanges();
}
// get complete user record (with roles) and return
user = context.HetBusinessUser.AsNoTracking()
.Where(x => x.BusinessId == business.BusinessId &&
x.BceidUserId == userId)
.Include(u => u.HetBusinessUserRole)
.ThenInclude(r => r.Role)
.ThenInclude(rp => rp.HetRolePermission)
.ThenInclude(p => p.Permission)
.FirstOrDefault();
// detach user and return
if (user != null)
{
context.Entry(user).State = EntityState.Detached;
}
return(user);
}
