private static EditUserModel GetEditModel(int?userId)
        {
            // If no user ID provided, return logged in user.
            if (!userId.HasValue)
            {
                return(new EditUserModel(Membership.GetUser().GetUserEntity()));
            }

            var user = new UserEntity(userId.Value);

            if (user.IsNew)
            {
                throw new HttpException(404, SharedRes.Error.NotFound_User);
            }

            // Service admin can edit all users.
            if (RoleUtils.IsUserServiceAdmin())
            {
                return(new EditUserModel(user));
            }

            // Org admin can edit all user in his/her organization.
            if (RoleUtils.IsUserOrgAdmin() && user.OrganizationId == Membership.GetUser().GetUserId().OrganizationId)
            {
                return(new EditUserModel(user));
            }

            throw new HttpException(401, SharedRes.Error.Unauthorized_User);
        }
Esempio n. 2
0
    public static IQueryable <PurchaseHistoryEntity> WithPermissions(this IQueryable <PurchaseHistoryEntity> purchases)
    {
        var user = Membership.GetUser().GetUserEntity();

        if (RoleUtils.IsUserServiceAdmin())
        {
            return(purchases);
        }

        if (RoleUtils.IsUserOrgAdmin())
        {
            return(purchases.Where(x => x.Location.OrganizationId == user.OrganizationId));
        }

        return(purchases.Where(x => x.Location.UserAssignedLocations.Any(y => y.UserId == user.UserId)));
    }
Esempio n. 3
0
    public static IQueryable <TreatmentEntity> WithPermissions(this IQueryable <TreatmentEntity> treatments)
    {
        var user = Membership.GetUser().GetUserEntity();

        if (RoleUtils.IsUserServiceAdmin())
        {
            return(treatments);
        }

        if (RoleUtils.IsUserOrgAdmin())
        {
            return(treatments.Where(x => x.Patient.Location.OrganizationId == user.OrganizationId));
        }

        return(treatments.Where(x => x.Patient.Location.UserAssignedLocations.Any(y => y.UserId == user.UserId)));
    }
Esempio n. 4
0
    public static IQueryable <LocationEntity> WithPermissions(this IQueryable <LocationEntity> locations, int?organizationId = null)
    {
        var user = Membership.GetUser().GetUserEntity();

        if (RoleUtils.IsUserServiceAdmin())
        {
            return(organizationId.HasValue ? locations.Where(x => x.OrganizationId == organizationId.Value) : locations);
        }

        if (RoleUtils.IsUserOrgAdmin())
        {
            return(locations.Where(x => x.OrganizationId == user.OrganizationId));
        }

        return(locations.Where(x => x.UserAssignedLocations.Any(y => y.UserId == user.UserId)));
    }
Esempio n. 5
0
        /// <summary>
        /// Called by the Edit function this performs all of the proper permissions checks.
        /// </summary>
        /// <param name="locationId"></param>
        /// <param name="organizationId"></param>
        /// <returns>The LocationEntity for the specified locationId or a new entity if locationId is not specified and the current user has permission to add locations.</returns>
        private static LocationEntity GetLocation(int?locationId, int?organizationId)
        {
            LocationEntity location;

            if (locationId.HasValue)
            {
                location = new LocationEntity(locationId.Value);
                if (location.IsNew)
                {
                    throw new HttpException(404, SharedRes.Error.NotFound_Location);
                }

                if (!Permissions.UserHasPermission("Edit", location))
                {
                    throw new HttpException(401, SharedRes.Error.Unauthorized_Location);
                }
            }
            else
            {
                location = new LocationEntity
                {
                    IsActive       = true,
                    OrganizationId = Membership.GetUser().GetUserId().OrganizationId
                };
                if (RoleUtils.IsUserServiceAdmin())
                {
                    if (organizationId.HasValue)
                    {
                        location.OrganizationId = organizationId.Value;
                    }
                }
                else if (!RoleUtils.IsUserOrgAdmin())
                {
                    throw new HttpException(401, SharedRes.Error.Unauthorized_Location);
                }
            }

            return(location);
        }
Esempio n. 6
0
        public ActionResult Edit(int?organizationId, OrganizationEntity organizationModel)
        {
            OrganizationEntity organization;

            var user = Membership.GetUser().GetUserEntity();

            if (!organizationId.HasValue)
            {
                if (!RoleUtils.IsUserServiceAdmin())
                {
                    throw new HttpException(401, Error.Unauthorized_OrganizationAdd);
                }

                organization = new OrganizationEntity();
            }
            else
            {
                if (RoleUtils.IsUserServiceAdmin() ||
                    (RoleUtils.IsUserOrgAdmin() && organizationId.Value == user.OrganizationId))
                {
                    organization = new OrganizationEntity(organizationId.Value);
                    if (organization.IsNew)
                    {
                        throw new HttpException(404, Error.NotFound_Organization);
                    }
                }
                else
                {
                    throw new HttpException(401, Error.Unauthorized_OrganizationEdit);
                }
            }

            if (ModelState.IsValid)
            {
                // Organization admin can edit name.
                organization.Name = organizationModel.Name;

                if (RoleUtils.IsUserServiceAdmin())
                {
                    // Only service admin can change other properties.

                    // NOTE! For now disallowing setting type to "Host". There can be only
                    // one "Host".
                    if (organizationModel.OrganizationType == OrganizationType.Host)
                    {
                        throw new HttpException(401, Error.Unauthorized_OrganizationHost);
                    }

                    organization.OrganizationType = organizationModel.OrganizationType;
                    organization.IsActive         = organizationModel.IsActive;

                    if (!organizationId.HasValue)
                    {
                        organization.UniqueIdentifier = OrganizationUtils.CreateUid();
                    }
                }

                organization.Save();
            }

            return((Request.IsAjaxRequest() || ControllerContext.IsChildAction)
                                           ? (ActionResult) new EmptyResult()
                                           : RedirectToAction("View"));
        }
        private IQueryable <UserEntity> GetListModel(int?locationId, int?organizationId)
        {
            LinqMetaData m = new LinqMetaData();

            var user = Membership.GetUser().GetUserEntity();

            if (!organizationId.HasValue)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    if (!locationId.HasValue)
                    {
                        // Service admin gets all users.
                        return(m.User);
                    }

                    // Location specified, so just users assigned to that location.
                    return(m.User
                           .Where(
                               x =>
                               x.UserAssignedLocations.Any(
                                   y => y.LocationId == locationId.Value)));
                }

                // Other users assume their organization ID.
                organizationId = user.OrganizationId;
            }

            // View needs this for building URLs.
            ViewData.Add("organizationId", organizationId.Value);
            var organization = new OrganizationEntity(organizationId.Value);

            if (organization.IsNew)
            {
                throw new HttpException(404, SharedRes.Error.NotFound_Organization);
            }
            ViewData.Add("organization", organization);

            if (!locationId.HasValue)
            {
                if (RoleUtils.IsUserServiceAdmin() || RoleUtils.IsUserOrgAdmin())
                {
                    // All users for the specified organization.
                    return(new LinqMetaData().User.Where(u => u.OrganizationId == organizationId.Value));
                }

                // Other users only see unrestricted users at their assigned locations.
                // TODO: Decide if we even want to allow this.
                var query = from ual1 in m.UserAssignedLocation
                            join ual2 in m.UserAssignedLocation on ual1.LocationId equals ual2.LocationId
                            join usr in m.User on ual2.UserId equals usr.UserId
                            where ual1.UserId == user.UserId && !usr.UserAccountRestrictions.Any()
                            select usr;
                return(query);
            }

            var location = new LocationEntity(locationId.Value);

            if (location.IsNew || location.OrganizationId != organizationId.Value)
            {
                throw new HttpException(404, SharedRes.Error.NotFound_Location);
            }
            ViewData.Add("location", location);

            // View needs this for building URLs.
            ViewData.Add("locationId", locationId.Value);

            var users = m.User
                        .Where(
                x =>
                x.UserAssignedLocations.Any(
                    y => y.LocationId == locationId.Value));

            // Service admin can see all users for any organization.
            if (RoleUtils.IsUserServiceAdmin())
            {
                return(users);
            }

            // Other users must be from the organization.
            if (organizationId.Value != user.OrganizationId)
            {
                throw new HttpException(401, SharedRes.Error.Unauthorized_User);
            }

            // Organization admin can see all the users of the organization.
            if (RoleUtils.IsUserOrgAdmin())
            {
                return(users);
            }

            // Other users can only see unrestricted users in their location.
            if (user.UserAssignedLocations.Count(l => l.LocationId == locationId.Value) > 0)
            {
                return(users.Where(u => !u.UserAccountRestrictions.Any()));
            }

            throw new HttpException(401, SharedRes.Error.Unauthorized_User);
        }
        public ActionResult Edit(int userId, EditUserModel model)
        {
            var user = new UserEntity(userId);

            if (user.IsNew)
            {
                throw new HttpException(404, SharedRes.Error.NotFound_User);
            }

            if (!RoleUtils.IsUserServiceAdmin() && !RoleUtils.IsUserOrgAdmin())
            {
                throw new HttpException(401, SharedRes.Error.Unauthorized_UserEdit);
            }

            if (RoleUtils.IsUserOrgAdmin() && user.OrganizationId != Membership.GetUser().GetUserId().OrganizationId)
            {
                throw new HttpException(401, SharedRes.Error.Unauthorized_OrganizationEdit);
            }

            if (ModelState.IsValid)
            {
                // Validate submitted role.
                if (!model.Role.HasValue || !(OrganizationUtils.GetAllowedRoles(model.OrganizationId).Any(r => r.RoleId == model.Role)))
                {
                    throw new HttpException(417, ControllerRes.Account.Invalid_RoleSpecified);
                }

                // Locations are only valid for non-admin users.
                bool isAdmin = RoleUtils.IsRoleForAdmin(model.Role.Value);
                if (!isAdmin)
                {
                    // Validate submitted locations are locations of the organization.
                    if (model.Locations.Except(new LinqMetaData().Location.Where(l => l.OrganizationId == model.OrganizationId).Select(l => l.LocationId).ToList()).Any())
                    {
                        throw new HttpException(404, SharedRes.Error.NotFound_Location);
                    }
                }

                // Set flag to indicate whether or not it's a pending registration.
                // Not using the posted back value in the model for security reasons.
                bool isPendingRegistration = user.UserAccountRestrictions.Count > 0 && user.UserAccountRestrictions[0].AccountRestriction.AccountRestrictionType == AccountRestrictionType.NewUser;

                // If not pending registration and username changed, validate username is unique.
                // Also, set flag to indicate if it's the current user changing own username.
                bool isCurrentUsernameChange = false;
                if (!isPendingRegistration && user.Username != model.UserName)
                {
                    if (UserUtils.IsUsernameUsed(model.UserName))
                    {
                        throw new HttpException(417, ControllerRes.Account.Invalid_DuplicateUsername);
                    }

                    isCurrentUsernameChange = Membership.GetUser().GetUserId().Id == userId;
                }

                // Set flag to indicate whether or not the email address in a registration
                // has changed.
                bool isRegistrationChange = isPendingRegistration && user.EmailAddress != model.EmailAddress;

                Transaction transaction = new Transaction(IsolationLevel.ReadCommitted, "user add");

                try
                {
                    transaction.Add(user);

                    // Username is empty in pending registrations and can't be changed.
                    // And current user username change isn't a simple change; don't do here.
                    if (!isPendingRegistration && !isCurrentUsernameChange)
                    {
                        user.Username = model.UserName;
                    }

                    user.EmailAddress = model.EmailAddress;
                    user.FirstName    = model.FirstName;
                    user.LastName     = model.LastName;

                    if (RoleUtils.IsUserServiceAdmin())
                    {
                        user.IsActive = model.IsActive;
                    }

                    // Did role change?
                    if (user.Roles.Count == 0 || user.Roles[0].RoleId != model.Role.Value)
                    {
                        user.Roles.DeleteMulti();
                        var userRole = user.Roles.AddNew();
                        userRole.RoleId = model.Role.Value;
                    }

                    int[] newLocations = new int[0];
                    int[] oldLocations;

                    if (!isAdmin)
                    {
                        // User is not an admin. So find the set of locations user has been added to,
                        // and the set of location user has been removed from.
                        newLocations = model.Locations.Except(user.UserAssignedLocations.Select(l => l.LocationId)).ToArray();
                        oldLocations = user.UserAssignedLocations.Select(l => l.LocationId).Except(model.Locations).ToArray();
                    }
                    else
                    {
                        // User is admin. So user will be removed from all locations (admins aren't
                        // assigned to locations).
                        oldLocations = user.UserAssignedLocations.Select(l => l.LocationId).ToArray();
                    }

                    if (oldLocations.Length > 0)
                    {
                        user.UserAssignedLocations.DeleteMulti(UserAssignedLocationFields.UserId == user.UserId & UserAssignedLocationFields.LocationId == oldLocations);
                    }

                    if (newLocations.Length > 0)
                    {
                        foreach (var loc in newLocations)
                        {
                            var assignedLocation = user.UserAssignedLocations.AddNew();
                            assignedLocation.LocationId = loc;
                        }
                    }

                    // If the registration email has changed, update the email address in the account
                    // restriction.
                    if (isRegistrationChange)
                    {
                        user.UserAccountRestrictions[0].AccountRestriction.EmailAddress = model.EmailAddress;
                    }

                    // Is current user changing own username?
                    if (isCurrentUsernameChange)
                    {
                        // Changing the current user's username requres special handling because the
                        // forms-auth cookies must be updated with the new username. The delegate will
                        // be invoked to save the new username updating the datbase. In this case, it
                        // needs to be done within the transaction created here.
                        //
                        // Have already validated the username as unique. So the only reason for this
                        // to fail is with some exception thrown, which will be handled in the "catch".
                        Membership.GetUser().ChangeUsername(model.UserName,
                                                            delegate(string username)
                        {
                            user.Username = username;
                            user.Save(true);
                            // ReSharper disable AccessToDisposedClosure
                            transaction.Commit();
                            // ReSharper restore AccessToDisposedClosure
                        });
                    }
                    else
                    {
                        user.Save(true);
                        transaction.Commit();
                    }
                }
                catch (Exception)
                {
                    transaction.Rollback();
                    throw new HttpException(500, SharedRes.Error.Error_DatabaseUnknown);
                }
                finally
                {
                    transaction.Dispose();
                }

                // If registration email has changed, need to re-send the registration email.
                if (isRegistrationChange)
                {
                    SendRegistrationEmail(model, user.UserAccountRestrictions[0].AccountRestriction.RestrictionKey);
                }
            }

            return((Request.IsAjaxRequest() || ControllerContext.IsChildAction)
                                           ? (ActionResult) new EmptyResult()
                                           : View(GetEditModel(userId)));
        }
Esempio n. 9
0
        public override bool UserHasPermission(string username, string permissionName, CommonEntityBase entity)
        {
            var user = Membership.GetUser(username).GetUserEntity();

            var location = entity as LocationEntity;

            if (location != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (RoleUtils.IsUserOrgAdmin() && location.OrganizationId == user.OrganizationId)
                {
                    return(true);
                }

                if (location.UserAssignedLocations.Any(x => x.UserId == user.UserId) && permissionName == "View")
                {
                    return(true);
                }
            }

            var organization = entity as OrganizationEntity;

            if (organization != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (RoleUtils.IsUserOrgAdmin() && organization.OrganizationId == user.OrganizationId)
                {
                    return(true);
                }

                if (organization.OrganizationId == user.OrganizationId && permissionName == "View")
                {
                    return(true);
                }
            }

            var patient = entity as PatientEntity;

            if (patient != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (RoleUtils.IsUserOrgAdmin() && patient.Location.OrganizationId == user.OrganizationId)
                {
                    return(true);
                }

                if (patient.Location.UserAssignedLocations.Any(x => x.UserId == user.UserId))
                {
                    return(true);
                }
            }

            var treatment = entity as TreatmentEntity;

            if (treatment != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (RoleUtils.IsUserOrgAdmin() && treatment.Patient.Location.OrganizationId == user.OrganizationId)
                {
                    return(true);
                }

                if (treatment.Patient.Location.UserAssignedLocations.Any(x => x.UserId == user.UserId))
                {
                    return(true);
                }
            }

            var device = entity as DeviceEntity;

            if (device != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (RoleUtils.IsUserOrgAdmin() && device.Location.OrganizationId == user.OrganizationId)
                {
                    return(true);
                }

                if (device.Location.UserAssignedLocations.Any(x => x.UserId == user.UserId))
                {
                    return(true);
                }
            }

            var usr = entity as UserEntity;

            if (usr != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (RoleUtils.IsUserOrgAdmin() && usr.OrganizationId == user.OrganizationId)
                {
                    return(true);
                }

                if (usr.UserAssignedLocations.Select(x => x.LocationId).Intersect(user.UserAssignedLocations.Select(y => y.LocationId)).Any())
                {
                    return(true);
                }
            }

            var card = entity as CreditCardEntity;

            if (card != null)
            {
                if (RoleUtils.IsUserServiceAdmin())
                {
                    return(true);
                }

                if (card.UserCreditCards.Any(x => x.UserId == user.UserId))
                {
                    return(true);
                }
            }

            return(false);
        }