internal static bool IsUserInternal(IAaaUser user)
{
var emailAddress = user.EmailAddress;
_Logger.LogDebug("STOpsConsole-IsUserInternal: {0} - {1} - {2}", emailAddress, user.UserId, user.UUID);
if (string.IsNullOrWhiteSpace(emailAddress))
{
_Logger.LogDebug("STOpsConsole-IsUserInternal no email address treat as external: {0} - {1}", emailAddress, user.UUID);
return false;
}
return emailAddress.EndsWith("@thomsonreuters.com", StringComparison.OrdinalIgnoreCase)
|| emailAddress.EndsWith("@thomson.com", StringComparison.OrdinalIgnoreCase)
|| emailAddress.EndsWith("@reuters.com", StringComparison.OrdinalIgnoreCase)
|| emailAddress.EndsWith("@apac.reuters.com", StringComparison.OrdinalIgnoreCase)
|| emailAddress.EndsWith("@fxall.com", StringComparison.OrdinalIgnoreCase)
|| emailAddress.EndsWith("@tradeweb.com", StringComparison.OrdinalIgnoreCase);
}
public static PermissionSetting GetUserPermission(IAaaUser user)
{
try
{
var permission = GetUserPermissionFromCache(user.UUID);
if (permission == null)
{
var req = new UserPreferencesReq
{
uuid = user.UUID,
preferences = new List<preference>(1) { new preference { dactName = "APP.SYSTEMTEST.PERMISSION", prefName = "APP.SYSTEMTEST.PERMISSION" } }
};
using (var userInfoServiceclient = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply))
{
var svcResp = userInfoServiceclient.GetUserPreferencesReq(req);
if (svcResp != null)
{
var setting = svcResp.preferences.FirstOrDefault().value;
//setting = @"{""writeaccess"": [
// """"
// ],
// ""readaccess"": [
// """"
// ]
// }";
permission = JsonConvert.DeserializeObject<PermissionSetting>(setting);
AddUserPermissionToCache(user.UUID, permission);
return permission;
}
return new PermissionSetting();
}
}
return permission;
}
catch (Exception ex)
{
_Logger.LogError("STOpsConsole-Error getting user preference from UserInfoService: {0}", ex.Message);
return new PermissionSetting();
}
}
private static bool IsAllowToUploadMetadataAaa(IAaaUser user, List<string> prodList = null)
{
var valid = false;
// if not provide product list check permission for Eikon Product as default
if (prodList == null)
{
prodList = new List<string>{Products.EST};
}
prodList.Add(Products.All);
foreach (var prod in prodList)
{
valid = GetUserPermission(user).WriteAccess.Contains(prod);
if(valid) break;
}
return valid;
}
private static bool IsAllowToGetStatsAaa(IAaaUser user, List<string> prodList = null)
{
var valid = false;
// if not provide product list check permission for Eikon Product as default
if (prodList == null)
{
prodList = new List<string> { Products.EST };
}
prodList.Add(Products.All);
foreach (var prod in prodList)
{
valid = GetUserPermission(user).ReadAccess.Contains(prod);
if (valid) break;
}
_Logger.LogDebug("STOpsConsole-IsAllowToGetStatsAaa: {0} - {1}",user.UUID, valid);
return valid;
}
internal static bool IsLocationInScope(IAaaUser user, string searchLocationID)
{
if (IsUserInternal(user)) return true;
//location xx is hardcoded for getting min interval
if (string.Compare(user.LocationAccountId, searchLocationID, true) == 0 || searchLocationID == "xx") return true;
if (string.IsNullOrEmpty(user.LocationAccountId) || string.IsNullOrEmpty(searchLocationID))
{
_Logger.LogWarn("STOpsConsole-IsLocationInScope - empty location user {0}, [User-{1}/Search-{2}]", user.UUID, user.LocationAccountId,searchLocationID);
return false;
}
using (var uisCilent = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply))
{
var locs = new List<LocationInfoRequest>();
locs.Add(new LocationInfoRequest { LocationAccountId = searchLocationID });
locs.Add(new LocationInfoRequest { LocationAccountId = user.LocationAccountId });
var locResp = uisCilent.GetLocations(locs);
var userULT = locResp.Where(x => x.LocationId == user.LocationAccountId).Select(y => y.UltimateParentId).SingleOrDefault();
var srchULT = locResp.Where(x => x.LocationId == searchLocationID).Select(y => y.UltimateParentId).SingleOrDefault();
if (string.Compare(userULT, srchULT, true) == 0)
{
_Logger.LogInfo("STOpsConsole-IsLocationInScope - ULT location matched for user {0}, [User-{1}:{3}/Search-{2}:{4}]",
user.UUID, user.LocationAccountId, searchLocationID,userULT,srchULT);
return true;
}
_Logger.LogInfo("STOpsConsole-IsLocationInScope - ULT location not matched for user {0}, [User-{1}:{3}/Search-{2}:{4}]",
user.UUID, user.LocationAccountId, searchLocationID, userULT, srchULT);
}
return false;
}
internal static KeyValuePair<FindLocationFilter, string> GetTopLocationScope(IAaaUser user)
{
var key = default(KeyValuePair<FindLocationFilter, string>);
try
{
var locationScope = GetLocationScopeFromCache(user.UUID);
if (locationScope == null)
{
using (
var uisCilent = new UserInfoServiceClient(RouterBindings.Local,
RouterAddresses.Local.RequestReply))
{
var locResp = uisCilent.GetUserInfoReq2(new UserInfoReq
{
uuid = user.UUID,
fields = new List<string>
{
"LocationAccountId",
"NearestLegalEntityId",
"UltimateParentId"
}
});
if (!locResp.OperationSuccessful)
{
_Logger.LogWarn("STOpsConsole-GetTopLocationScope - Failed response with {0} - {1}", locResp.ResponseCode,
locResp.ResponseMessage);
return key;
}
var locs = new Dictionary<string, string>();
locs.Add("lo",locResp.UserInfo.UserDetails.First(x => x.Key == "LocationAccountId").Value);
locs.Add("le",locResp.UserInfo.UserDetails.First(x => x.Key == "NearestLegalEntityId").Value);
locs.Add("up",locResp.UserInfo.UserDetails.First(x => x.Key == "UltimateParentId").Value);
var response = uisCilent.GetUserScope(new CheckUserScopeRequest
{
LoginUUID = user.UUID,
CheckLocationUUID = null,
LocationID = new List<string> { locs["up"], locs["le"], locs["lo"] },
AAAServiceCode = "CPAP_SNAPIN_MANAGE_ST_IRS"
});
if (!response.Success)
{
_Logger.LogWarn("STOpsConsole-GetTopLocationScope - Failed response with {0}", response.Message);
return key;
}
foreach (var scope in response.UserScope)
{
if (locs["up"] == scope.locationAccountIdField && scope.isInScopeField)
{
key = new KeyValuePair<FindLocationFilter, string>(FindLocationFilter.ULT, locs["up"]);
break;
}
if (locs["le"] == scope.locationAccountIdField && scope.isInScopeField)
{
key = new KeyValuePair<FindLocationFilter, string>(FindLocationFilter.LGL, locs["le"]);
break;
}
if (locs["lo"] == scope.locationAccountIdField && scope.isInScopeField)
{
key = new KeyValuePair<FindLocationFilter, string>(FindLocationFilter.LOC, locs["lo"]);
break;
}
}
AddLocationScopeToCache(user.UUID, new LocationScope
{
TopLocationScope = key
});
}
}
else
{
key = locationScope.TopLocationScope;
}
_Logger.LogInfo("STOpsConsole-GetTopLocationScope - User {0}, Key {1}, Value {2}", user.UUID, key.Key.ToString(), key.Value);
return key;
}
catch (Exception ex)
{
_Logger.LogError("STOpsConsole-GetTopLocationScope: Error get user scope from AAA service: {0}", ex.Message);
return key;
}
}
internal static bool IsUserInScope(IAaaUser user, string searchUuid)
{
if (IsUserInternal(user))
{
return true;
}
return string.IsNullOrEmpty(searchUuid) ? true : IsUserInScopeAaa(user.UUID, searchUuid);
}
internal static List<string> GetDisableTests(IAaaUser user)
{
return GetUserPermission(user).DisableTests;
}
internal static bool IsAllowToGetStats(IAaaUser user, List<string> prodList = null)
{
if (GetCurrentPlatform() == Envs.Local || IsUserInternal(user))
{
return true;
}
return IsAllowToGetStatsAaa(user, prodList);
}
internal static bool IsAllowToUploadMetadata(IAaaUser user, List<string> prodList = null)
{
if (GetCurrentPlatform() == Envs.Local)
{
return true;
}
return IsAllowToUploadMetadataAaa(user, prodList);
}
private string FindMachineInstall(FindMachineInstallRequest req, IAaaUser aaaUser, ILogger logger)
{
IDictionary<string, FindUserEntity> userDetailDic = new Dictionary<string, FindUserEntity>();
req.Product = "est";
var findUserReq = new FindUserRequest
{
Filter = FindUserFilter.All,
SearchString = req.SearchString,
};
// For external user, the auto suggest will only show the users under the user's location scope
var canOnlySeeYourOwnAccount = false;
if (!Permission.IsUserInternal(aaaUser))
{
var scope = Permission.GetTopLocationScope(aaaUser);
if (!scope.Equals(default(KeyValuePair<FindLocationFilter, string>)))
{
findUserReq.LocationScope = scope;
}
else if (aaaUser.UserId.Contains(req.SearchString) ||
aaaUser.EmailAddress.Contains(req.SearchString) ||
aaaUser.UUID.Contains(req.SearchString) ||
aaaUser.FullName.Contains(req.SearchString))
{
canOnlySeeYourOwnAccount = true;
}
else
{
logger.LogWarn("STOpsConsole - FindMachineInstall - external user {0} has no eligible scope.", aaaUser.UserId);
return "{ \"items\":[]}";
}
}
using (var userInfoServiceclient = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply))
{
var svcResp = userInfoServiceclient.FindUser(findUserReq);
if (svcResp == null || svcResp.Users.Count == 0)
{
return "{ \"items\":[]}";
}
var machInstReq = new MachInstInfoRequest
{
uuids = new List<string>(),
filter = req.Filter,
product = req.Product
};
//If user can see only his own account due to the scope. Will filter out the list of find user.
if (canOnlySeeYourOwnAccount)
{
var user = svcResp.Users.SingleOrDefault(x => x.Uuid == aaaUser.UUID);
if (user != null)
{
userDetailDic[user.Uuid] = user;
machInstReq.uuids.Add(user.Uuid);
}
else
{
return "{ \"items\":[]}";
}
}
else
{
foreach (FindUserEntity user in svcResp.Users)
{
userDetailDic[user.Uuid] = user;
machInstReq.uuids.Add(user.Uuid);
}
}
FindMachInstResponse findMachInstResponse = new FindMachInstResponse() { Items = new List<FindMachInstInfoItem>() };
using (var opsConsoleServiceClient = new OpsConsoleServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply))
{
MachInstInfoResponse machInstResp = opsConsoleServiceClient.GetMachineInstallInfo(machInstReq);
foreach (MachInstInfoItem machInsInfo in machInstResp.Items)
{
FindMachInstInfoItem findMachInstInfoItem = new FindMachInstInfoItem
{
UUID = machInsInfo.uuid,
FirstName = userDetailDic[machInsInfo.uuid].FirstName,
LastName = userDetailDic[machInsInfo.uuid].LastName,
EmailAddress = userDetailDic[machInsInfo.uuid].Email
//MachInstInfoList = machInsInfo.machInstInfoList
};
findMachInstResponse.Items.Add(findMachInstInfoItem);
findMachInstResponse.Product = machInstResp.product;
}
}
return JsonConvert.SerializeObject(findMachInstResponse) ?? "{}";
}
}
