internal static bool IsUserInternal(IAaaUser user) { var emailAddress = user.EmailAddress; _Logger.LogDebug("STOpsConsole-IsUserInternal: {0} - {1} - {2}", emailAddress, user.UserId, user.UUID); if (string.IsNullOrWhiteSpace(emailAddress)) { _Logger.LogDebug("STOpsConsole-IsUserInternal no email address treat as external: {0} - {1}", emailAddress, user.UUID); return false; } return emailAddress.EndsWith("@thomsonreuters.com", StringComparison.OrdinalIgnoreCase) || emailAddress.EndsWith("@thomson.com", StringComparison.OrdinalIgnoreCase) || emailAddress.EndsWith("@reuters.com", StringComparison.OrdinalIgnoreCase) || emailAddress.EndsWith("@apac.reuters.com", StringComparison.OrdinalIgnoreCase) || emailAddress.EndsWith("@fxall.com", StringComparison.OrdinalIgnoreCase) || emailAddress.EndsWith("@tradeweb.com", StringComparison.OrdinalIgnoreCase); }
public static PermissionSetting GetUserPermission(IAaaUser user) { try { var permission = GetUserPermissionFromCache(user.UUID); if (permission == null) { var req = new UserPreferencesReq { uuid = user.UUID, preferences = new List<preference>(1) { new preference { dactName = "APP.SYSTEMTEST.PERMISSION", prefName = "APP.SYSTEMTEST.PERMISSION" } } }; using (var userInfoServiceclient = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply)) { var svcResp = userInfoServiceclient.GetUserPreferencesReq(req); if (svcResp != null) { var setting = svcResp.preferences.FirstOrDefault().value; //setting = @"{""writeaccess"": [ // """" // ], // ""readaccess"": [ // """" // ] // }"; permission = JsonConvert.DeserializeObject<PermissionSetting>(setting); AddUserPermissionToCache(user.UUID, permission); return permission; } return new PermissionSetting(); } } return permission; } catch (Exception ex) { _Logger.LogError("STOpsConsole-Error getting user preference from UserInfoService: {0}", ex.Message); return new PermissionSetting(); } }
private static bool IsAllowToUploadMetadataAaa(IAaaUser user, List<string> prodList = null) { var valid = false; // if not provide product list check permission for Eikon Product as default if (prodList == null) { prodList = new List<string>{Products.EST}; } prodList.Add(Products.All); foreach (var prod in prodList) { valid = GetUserPermission(user).WriteAccess.Contains(prod); if(valid) break; } return valid; }
private static bool IsAllowToGetStatsAaa(IAaaUser user, List<string> prodList = null) { var valid = false; // if not provide product list check permission for Eikon Product as default if (prodList == null) { prodList = new List<string> { Products.EST }; } prodList.Add(Products.All); foreach (var prod in prodList) { valid = GetUserPermission(user).ReadAccess.Contains(prod); if (valid) break; } _Logger.LogDebug("STOpsConsole-IsAllowToGetStatsAaa: {0} - {1}",user.UUID, valid); return valid; }
internal static bool IsLocationInScope(IAaaUser user, string searchLocationID) { if (IsUserInternal(user)) return true; //location xx is hardcoded for getting min interval if (string.Compare(user.LocationAccountId, searchLocationID, true) == 0 || searchLocationID == "xx") return true; if (string.IsNullOrEmpty(user.LocationAccountId) || string.IsNullOrEmpty(searchLocationID)) { _Logger.LogWarn("STOpsConsole-IsLocationInScope - empty location user {0}, [User-{1}/Search-{2}]", user.UUID, user.LocationAccountId,searchLocationID); return false; } using (var uisCilent = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply)) { var locs = new List<LocationInfoRequest>(); locs.Add(new LocationInfoRequest { LocationAccountId = searchLocationID }); locs.Add(new LocationInfoRequest { LocationAccountId = user.LocationAccountId }); var locResp = uisCilent.GetLocations(locs); var userULT = locResp.Where(x => x.LocationId == user.LocationAccountId).Select(y => y.UltimateParentId).SingleOrDefault(); var srchULT = locResp.Where(x => x.LocationId == searchLocationID).Select(y => y.UltimateParentId).SingleOrDefault(); if (string.Compare(userULT, srchULT, true) == 0) { _Logger.LogInfo("STOpsConsole-IsLocationInScope - ULT location matched for user {0}, [User-{1}:{3}/Search-{2}:{4}]", user.UUID, user.LocationAccountId, searchLocationID,userULT,srchULT); return true; } _Logger.LogInfo("STOpsConsole-IsLocationInScope - ULT location not matched for user {0}, [User-{1}:{3}/Search-{2}:{4}]", user.UUID, user.LocationAccountId, searchLocationID, userULT, srchULT); } return false; }
internal static KeyValuePair<FindLocationFilter, string> GetTopLocationScope(IAaaUser user) { var key = default(KeyValuePair<FindLocationFilter, string>); try { var locationScope = GetLocationScopeFromCache(user.UUID); if (locationScope == null) { using ( var uisCilent = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply)) { var locResp = uisCilent.GetUserInfoReq2(new UserInfoReq { uuid = user.UUID, fields = new List<string> { "LocationAccountId", "NearestLegalEntityId", "UltimateParentId" } }); if (!locResp.OperationSuccessful) { _Logger.LogWarn("STOpsConsole-GetTopLocationScope - Failed response with {0} - {1}", locResp.ResponseCode, locResp.ResponseMessage); return key; } var locs = new Dictionary<string, string>(); locs.Add("lo",locResp.UserInfo.UserDetails.First(x => x.Key == "LocationAccountId").Value); locs.Add("le",locResp.UserInfo.UserDetails.First(x => x.Key == "NearestLegalEntityId").Value); locs.Add("up",locResp.UserInfo.UserDetails.First(x => x.Key == "UltimateParentId").Value); var response = uisCilent.GetUserScope(new CheckUserScopeRequest { LoginUUID = user.UUID, CheckLocationUUID = null, LocationID = new List<string> { locs["up"], locs["le"], locs["lo"] }, AAAServiceCode = "CPAP_SNAPIN_MANAGE_ST_IRS" }); if (!response.Success) { _Logger.LogWarn("STOpsConsole-GetTopLocationScope - Failed response with {0}", response.Message); return key; } foreach (var scope in response.UserScope) { if (locs["up"] == scope.locationAccountIdField && scope.isInScopeField) { key = new KeyValuePair<FindLocationFilter, string>(FindLocationFilter.ULT, locs["up"]); break; } if (locs["le"] == scope.locationAccountIdField && scope.isInScopeField) { key = new KeyValuePair<FindLocationFilter, string>(FindLocationFilter.LGL, locs["le"]); break; } if (locs["lo"] == scope.locationAccountIdField && scope.isInScopeField) { key = new KeyValuePair<FindLocationFilter, string>(FindLocationFilter.LOC, locs["lo"]); break; } } AddLocationScopeToCache(user.UUID, new LocationScope { TopLocationScope = key }); } } else { key = locationScope.TopLocationScope; } _Logger.LogInfo("STOpsConsole-GetTopLocationScope - User {0}, Key {1}, Value {2}", user.UUID, key.Key.ToString(), key.Value); return key; } catch (Exception ex) { _Logger.LogError("STOpsConsole-GetTopLocationScope: Error get user scope from AAA service: {0}", ex.Message); return key; } }
internal static bool IsUserInScope(IAaaUser user, string searchUuid) { if (IsUserInternal(user)) { return true; } return string.IsNullOrEmpty(searchUuid) ? true : IsUserInScopeAaa(user.UUID, searchUuid); }
internal static List<string> GetDisableTests(IAaaUser user) { return GetUserPermission(user).DisableTests; }
internal static bool IsAllowToGetStats(IAaaUser user, List<string> prodList = null) { if (GetCurrentPlatform() == Envs.Local || IsUserInternal(user)) { return true; } return IsAllowToGetStatsAaa(user, prodList); }
internal static bool IsAllowToUploadMetadata(IAaaUser user, List<string> prodList = null) { if (GetCurrentPlatform() == Envs.Local) { return true; } return IsAllowToUploadMetadataAaa(user, prodList); }
private string FindMachineInstall(FindMachineInstallRequest req, IAaaUser aaaUser, ILogger logger) { IDictionary<string, FindUserEntity> userDetailDic = new Dictionary<string, FindUserEntity>(); req.Product = "est"; var findUserReq = new FindUserRequest { Filter = FindUserFilter.All, SearchString = req.SearchString, }; // For external user, the auto suggest will only show the users under the user's location scope var canOnlySeeYourOwnAccount = false; if (!Permission.IsUserInternal(aaaUser)) { var scope = Permission.GetTopLocationScope(aaaUser); if (!scope.Equals(default(KeyValuePair<FindLocationFilter, string>))) { findUserReq.LocationScope = scope; } else if (aaaUser.UserId.Contains(req.SearchString) || aaaUser.EmailAddress.Contains(req.SearchString) || aaaUser.UUID.Contains(req.SearchString) || aaaUser.FullName.Contains(req.SearchString)) { canOnlySeeYourOwnAccount = true; } else { logger.LogWarn("STOpsConsole - FindMachineInstall - external user {0} has no eligible scope.", aaaUser.UserId); return "{ \"items\":[]}"; } } using (var userInfoServiceclient = new UserInfoServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply)) { var svcResp = userInfoServiceclient.FindUser(findUserReq); if (svcResp == null || svcResp.Users.Count == 0) { return "{ \"items\":[]}"; } var machInstReq = new MachInstInfoRequest { uuids = new List<string>(), filter = req.Filter, product = req.Product }; //If user can see only his own account due to the scope. Will filter out the list of find user. if (canOnlySeeYourOwnAccount) { var user = svcResp.Users.SingleOrDefault(x => x.Uuid == aaaUser.UUID); if (user != null) { userDetailDic[user.Uuid] = user; machInstReq.uuids.Add(user.Uuid); } else { return "{ \"items\":[]}"; } } else { foreach (FindUserEntity user in svcResp.Users) { userDetailDic[user.Uuid] = user; machInstReq.uuids.Add(user.Uuid); } } FindMachInstResponse findMachInstResponse = new FindMachInstResponse() { Items = new List<FindMachInstInfoItem>() }; using (var opsConsoleServiceClient = new OpsConsoleServiceClient(RouterBindings.Local, RouterAddresses.Local.RequestReply)) { MachInstInfoResponse machInstResp = opsConsoleServiceClient.GetMachineInstallInfo(machInstReq); foreach (MachInstInfoItem machInsInfo in machInstResp.Items) { FindMachInstInfoItem findMachInstInfoItem = new FindMachInstInfoItem { UUID = machInsInfo.uuid, FirstName = userDetailDic[machInsInfo.uuid].FirstName, LastName = userDetailDic[machInsInfo.uuid].LastName, EmailAddress = userDetailDic[machInsInfo.uuid].Email //MachInstInfoList = machInsInfo.machInstInfoList }; findMachInstResponse.Items.Add(findMachInstInfoItem); findMachInstResponse.Product = machInstResp.product; } } return JsonConvert.SerializeObject(findMachInstResponse) ?? "{}"; } }