public override async Task <string> RemoveUserAsync(string username)
{
if (string.IsNullOrEmpty(username))
{
throw new ArgumentException("Username cannot be null or empty", nameof(username));
}
_logger.LogDebug("Removing access for {Username}", username);
var user = await _userSearchService.SearchAsync(username);
if (string.IsNullOrEmpty(user?.UserPrincipalName))
{
_logger.LogInformation("Cannot locate UPN for for {Username}, cannot remove users access", username);
return("User not found");
}
// format the SharePoint login name format
string loginName = Constants.LoginNamePrefix + user.UserPrincipalName;
ISharePointClient restClient = await GetSharePointRestClientForUpdate();
var groups = await restClient.GetSiteGroupsAsync();
var siteGroups = groups.Data.Results;
StringBuilder response = new StringBuilder();
foreach (var siteGroup in siteGroups)
{
var getUsersResponse = await restClient.GetUsersInGroupAsync(siteGroup.Id);
var users = getUsersResponse.Data.Results.Where(_ => LoginNameComparer.Equals(_.LoginName, loginName));
foreach (var sharePointUser in users)
{
_logger.LogInformation("Removing {@User} from site group {@SiteGroup}", sharePointUser, siteGroup);
try
{
await restClient.RemoveUserFromSiteGroupAsync(siteGroup.Id, sharePointUser.Id);
}
catch (ApiException e)
{
var errorResponse = await e.GetContentAsAsync <SharePointErrorResponse>();
_logger.LogWarning(e, "Error removing user from Sharepoint group {@Error}", errorResponse);
response.Append(response.Length != 0 ? ", " : "Error removing user from site group(s): ");
response.Append(siteGroup.Title);
}
}
}
return(response.ToString());
}
public override async Task <bool> UserHasAccessAsync(string username, CancellationToken cancellationToken)
{
if (string.IsNullOrEmpty(username))
{
throw new ArgumentException("Username cannot be null or empty", nameof(username));
}
Logger.Debug("Checking {Username} has access to project", username);
var user = await _userSearchService.SearchAsync(username);
if (string.IsNullOrEmpty(user?.UserPrincipalName))
{
Logger.Information("Cannot locate UPN for for {Username}, cannot check users access", username);
return(false);
}
// format the SharePoint login name format
string loginName = Constants.LoginNamePrefix + user.UserPrincipalName;
ISharePointClient restClient = await GetSharePointRestClient();
var groups = await restClient.GetSiteGroupsAsync(cancellationToken);
var siteGroups = groups.Data.Results;
// service account does not have permission to view membership of "Excel Services Viewers"
// TODO: make this configurable
foreach (var siteGroup in siteGroups)
{
try
{
var getUsersResponse = await restClient.GetUsersInGroupAsync(siteGroup.Id, cancellationToken);
var groupMember = getUsersResponse.Data.Results.Any(_ => LoginNameComparer.Equals(_.LoginName, loginName));
if (groupMember)
{
Logger.Debug("{@User} has access because they are in site group {@SiteGroup}", user, siteGroup);
return(true);
}
}
catch (ApiException e) when(e.StatusCode == HttpStatusCode.Forbidden)
{
// we dont have access to all site groups
Logger.Debug(e, "No access to {@SiteGroup}, unable to check access", siteGroup);
}
}
return(false);
}
public override async Task <bool> UserHasAccessAsync(string username)
{
if (string.IsNullOrEmpty(username))
{
throw new ArgumentException("Username cannot be null or empty", nameof(username));
}
var user = await _userSearchService.SearchAsync(username);
if (string.IsNullOrEmpty(user?.UserPrincipalName))
{
_logger.LogInformation("Cannot locate UPN for for {Username}, cannot check users access", username);
return(false);
}
// format the SharePoint login name format
string loginName = Constants.LoginNamePrefix + user.UserPrincipalName;
ISharePointClient restClient = await GetSharePointRestClient();
var groups = await restClient.GetSiteGroupsAsync();
var siteGroups = groups.Data.Results;
foreach (var siteGroup in siteGroups)
{
var getUsersResponse = await restClient.GetUsersInGroupAsync(siteGroup.Id);
var groupMember = getUsersResponse.Data.Results.Any(_ => LoginNameComparer.Equals(_.LoginName, loginName));
if (groupMember)
{
_logger.LogInformation("{@User} has access because they are in site group {@SiteGroup}", user, siteGroup);
return(true);
}
}
return(false);
}