protected override void Handle(CreateSystemAdminRequest request, DtoResponse <SystemAccountDto> response) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.Email); var role = _roleRepository.GetInternalRoleKeyByName("System Admin"); if (role != null) { if (systemAccount == null) { var identityServiceResponse = _systemAccountIdentityServiceManager.Create(request.Username, request.Email); if (identityServiceResponse.Sucess) { systemAccount = _systemAccountFactory.CreateSystemAdmin(request.Email, new Email(request.Email)); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto>(systemAccount); response.DataTransferObject = systemAccountDto; systemAccount.AddRole(role); } else { var result = identityServiceResponse.ErrorMessage; var dataErrorInfo = new DataErrorInfo(result, ErrorLevel.Error); response.DataTransferObject = new SystemAccountDto(); response.DataTransferObject.AddDataErrorInfo(dataErrorInfo); } } else { var result = "System account already in use."; var dataErrorInfo = new DataErrorInfo(result, ErrorLevel.Error); response.DataTransferObject = new SystemAccountDto(); response.DataTransferObject.AddDataErrorInfo(dataErrorInfo); } } }
/// <summary> /// Handles the specified request. /// </summary> /// <param name="request">The request.</param> /// <param name="response">The response.</param> protected override void Handle(CreateSystemAdminRequest request, DtoResponse <SystemAccountDto> response) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.Email); var roleKey = _roleRepository.GetInternalRoleKeyByName("System Admin"); if (roleKey.HasValue) { if (systemAccount == null) { var result = _systemAccountIdentityServiceManager.Create(request.Email); if (result.Sucess) { var systemAccountFactory = new SystemAccountFactory(); systemAccount = systemAccountFactory.Create(Guid.Empty, request.Email, new Email(request.Email)); systemAccount.AddRole(roleKey.Value); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto> (systemAccount); response.DataTransferObject = systemAccountDto; } else { var dataErrorInfo = new DataErrorInfo(result.ErrorMessage, ErrorLevel.Error); response.DataTransferObject = new SystemAccountDto(); response.DataTransferObject.AddDataErrorInfo(dataErrorInfo); } } else { var dataErrorInfo = new DataErrorInfo("System Admin already exists.", ErrorLevel.Error); response.DataTransferObject = new SystemAccountDto(); response.DataTransferObject.AddDataErrorInfo(dataErrorInfo); } } }
/// <summary> /// Handles the specified request. /// </summary> /// <param name="request">The request.</param> /// <param name="response">The response.</param> protected override void Handle(CreateOrganizationAdminRequest request, CreateOrganizationAdminResponse response) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.Email); var addRole = false; if (systemAccount == null) { var result = _systemAccountIdentityServiceManager.Create(request.Email); if (result.Sucess) { var systemAccountFactory = new SystemAccountFactory(); systemAccount = systemAccountFactory.Create(request.OrganizationKey, request.Email, new Email(request.Email)); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto> (systemAccount); response.SystemAccountDto = systemAccountDto; addRole = true; } else { var dataErrorInfo = new DataErrorInfo(result.ErrorMessage, ErrorLevel.Error); response.SystemAccountDto = new SystemAccountDto(); response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } else { var result = _systemAccountIdentityServiceManager.ResetPassword(systemAccount.Identifier); if (result.Sucess) { var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto> (systemAccount); response.SystemAccountDto = systemAccountDto; addRole = true; } else { var dataErrorInfo = new DataErrorInfo(result.ErrorMessage, ErrorLevel.Error); response.SystemAccountDto = new SystemAccountDto(); response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } if (addRole) { var role = _roleFactory.Create("Default Organization Admin", request.OrganizationKey); role.AddPermision(BasicAccessPermission.AccessUserInterfacePermission); role.AddPermision(OrganizationPermission.OrganizationViewPermission); role.AddPermision(OrganizationPermission.OrganizationEditPermission); role.AddPermision(StaffPermission.StaffAddRolePermission); role.AddPermision(StaffPermission.StaffCreateAccountPermission); role.AddPermision(StaffPermission.StaffEditPermission); role.AddPermision(StaffPermission.StaffLinkAccountPermission); role.AddPermision(StaffPermission.StaffRemoveRolePermission); role.AddPermision(StaffPermission.StaffViewPermission); role.AddPermision(RolePermission.RoleAddPermissionPermission); role.AddPermision(RolePermission.RoleEditPermission); role.AddPermision(RolePermission.RoleRemovePermissionPermission); role.AddPermision(RolePermission.RoleViewPermission); systemAccount.AddRole(role.Key); } }
protected override void Handle(CreateOrganizationAdminRequest request, CreateOrganizationAdminResponse response) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.Email); var organization = _organizationRepository.GetByKey(request.OrganizationKey); if (systemAccount == null) { var identityServiceResponse = _systemAccountIdentityServiceManager.Create(request.Username, request.Email); if (identityServiceResponse.Sucess) { systemAccount = _systemAccountFactory.Create(organization, request.Email, new Email(request.Email)); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto>(systemAccount); response.SystemAccountDto = systemAccountDto; var role = _roleFactory.Create(organization, "Default Organization Admin"); role.AddPermision(BasicAccessPermission.AccessUserInterfacePermission); role.AddPermision(OrganizationPermission.OrganizationViewPermission); role.AddPermision(OrganizationPermission.OrganizationEditPermission); role.AddPermision(StaffPermission.StaffAddRolePermission); role.AddPermision(StaffPermission.StaffCreateAccountPermission); role.AddPermision(StaffPermission.StaffEditPermission); role.AddPermision(StaffPermission.StaffLinkAccountPermission); role.AddPermision(StaffPermission.StaffRemoveRolePermission); role.AddPermision(StaffPermission.StaffViewPermission); role.AddPermision(RolePermission.RoleAddPermissionPermission); role.AddPermision(RolePermission.RoleEditPermission); role.AddPermision(RolePermission.RoleRemovePermissionPermission); role.AddPermision(RolePermission.RoleViewPermission); role.AddPermision(PatientPermission.PatientEditPermission); role.AddPermision(PatientPermission.PatientViewPermission); role.AddPermision(AssessmentPermission.AssessmentEditPermission); role.AddPermision(AssessmentPermission.AssessmentViewPermission); role.AddPermision(StaffPermission.ResetPasswordPermission); systemAccount.AddRole(role); } else { var result = identityServiceResponse.ErrorMessage; var dataErrorInfo = new DataErrorInfo(result, ErrorLevel.Error); response.SystemAccountDto = new SystemAccountDto(); response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } else { _systemAccountIdentityServiceManager.ResetPassword(systemAccount.Email.Address); } }
public void ProcessRequest(HttpContext context) { // var identity = _currentClaimsPrincipalService.GetCurrentPrincipal ().Identity; var identity = _currentClaimsPrincipalService.GetCurrentPrincipal().Identity as IClaimsIdentity; var nameIdentifier = identity.Claims.First(c => c.ClaimType == ClaimTypes.NameIdentifier).Value; // check this for security reason if (identity.IsAuthenticated) { var staffKeyString = context.Request["staffKey"]; var staffKey = string.IsNullOrEmpty(staffKeyString) ? 0 : long.Parse(staffKeyString); var account = _accountRepository.GetByIdentifier(nameIdentifier); // check this for security reason if (account.StaffMembers.Any(x => x.Key == staffKey)) { var staff = _staffRepository.GetByKey(staffKey); _signOnService.LoginAs(staff); context.Response.Redirect("~/Client.aspx"); } } }
protected override void Handle(CreateOrganizationAdminRequest request, CreateOrganizationAdminResponse response) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.Email); if (systemAccount == null) { using (var httpClient = new HttpClient { BaseAddress = new Uri(request.BaseIdentityServerUri) }) { httpClient.SetToken("Session", request.Token); var httpResponseMessage = httpClient.GetAsync("api/membership/Create/" + request.Username + "?email=" + request.Email).Result; if (httpResponseMessage.StatusCode == HttpStatusCode.OK) { var membershipUserDto = httpResponseMessage.Content.ReadAsAsync <MembershipUserDto>().Result; var systemAccountFactory = new SystemAccountFactory(); systemAccount = systemAccountFactory.Create(request.OrganizationKey, membershipUserDto.NameIdentifier, new Email(membershipUserDto.Email)); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto>(systemAccount); response.SystemAccountDto = systemAccountDto; } else { var result = httpResponseMessage.Content.ReadAsStringAsync().Result; var dataErrorInfo = new DataErrorInfo(result, ErrorLevel.Error); response.SystemAccountDto = new SystemAccountDto(); response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } } else { //Reset password.... } //if (request.SystemAccountDto.CreateNew) //{ // var systemAccount = _systemAccountRepository.GetByIdentifier(request.SystemAccountDto.Identifier); // if (systemAccount != null) // account existing // { // var dataErrorInfo = new DataErrorInfo(string.Format("Cannot create account because an account with the email {0} already exists.", request.SystemAccountDto.Identifier), ErrorLevel.Error); // response.SystemAccountDto = request.SystemAccountDto; // response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); // } // else // { // // 1. create member login in Identity server // // 2. Create System account in domain // // 3. assign system account to the new staff or patient // // 4. error handling: if the login/account is taken or cannot create new login // using (var httpClient = new HttpClient {BaseAddress = new Uri(request.BaseIdentityServerUri)}) // { // httpClient.SetToken("Session", request.Token); // var httpResponseMessage = httpClient.GetAsync("api/membership/Create/" + request.SystemAccountDto.Username + "?email=" + request.SystemAccountDto.Email).Result; // if (httpResponseMessage.StatusCode == HttpStatusCode.OK) // { // var membershipUserDto = httpResponseMessage.Content.ReadAsAsync<MembershipUserDto>().Result; // var systemAccountFactory = new SystemAccountFactory(); // systemAccount = systemAccountFactory.Create(request.OrganizationKey, membershipUserDto.NameIdentifier, new Email(membershipUserDto.Email)); // if (request.StaffKey != Guid.Empty) // { // systemAccount.AssignToStaff(request.StaffKey); // } // if (request.PatientKey != Guid.Empty) // { // systemAccount.AssignToPatient(request.PatientKey); // Guid? portalRoleKey; // using (var connection = _dbConnectionFactory.CreateConnection()) // { // portalRoleKey = connection.Query<Guid?>("SELECT [RoleKey] FROM [SecurityModule].[Role] WHERE Name=@Name", new {Name = "Patient Portal"}).FirstOrDefault(); // } // if (portalRoleKey.HasValue) // { // systemAccount.AddRole(portalRoleKey.Value); // } // else // { // Logger.Error("Cannot find Patient portal built in role."); // } // } // var systemAccountDto = Mapper.Map<SystemAccount, SystemAccountDto>(systemAccount); // response.SystemAccountDto = systemAccountDto; // } // else // { // var result = httpResponseMessage.Content.ReadAsStringAsync().Result; // var dataErrorInfo = new DataErrorInfo(result, ErrorLevel.Error); // response.SystemAccountDto = request.SystemAccountDto; // response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); // } // } // } //} //else //{ // var systemAccount = _systemAccountRepository.GetByIdentifier(request.SystemAccountDto.Identifier); // if (systemAccount != null) // account existing // { // if (systemAccount.StaffKey == null) // { // systemAccount.AssignToStaff(request.StaffKey); // var systemAccountDto = Mapper.Map<SystemAccount, SystemAccountDto>(systemAccount); // response.SystemAccountDto = systemAccountDto; // } // else // { // var dataErrorInfo = new DataErrorInfo(string.Format("Cannot link account because an account with the email {0} has been assigned to another staff.", request.SystemAccountDto.Identifier), ErrorLevel.Error); // response.SystemAccountDto = request.SystemAccountDto; // response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); // } // } // else // { // var dataErrorInfo = new DataErrorInfo(string.Format("Cannot link account because an account with the email {0} does not exist.", request.SystemAccountDto.Identifier), ErrorLevel.Error); // response.SystemAccountDto = request.SystemAccountDto; // response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); // } //} }
protected override void Handle(AssignAccountRequest request, AssignAccountResponse response) { if (request.SystemAccountDto.CreateNew) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.SystemAccountDto.Identifier); var staff = _staffRepository.GetByKey(request.StaffKey); if (systemAccount != null) // account existing { var dataErrorInfo = new DataErrorInfo(string.Format("Cannot create account because an account with the email {0} already exists.", request.SystemAccountDto.Identifier), ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } else { // 1. create member login in Identity server // 2. Create System account in domain // 3. assign system account to the new staff // 4. error handling: if the login/account is taken or cannot create new login if (staff != null) { var identityServerResponse = _systemAccountIdentityServiceManager.Create(request.SystemAccountDto.Username, request.SystemAccountDto.Email); if (identityServerResponse.Sucess) { var organization = _organizationRepository.GetByKey(UserContext.OrganizationKey); systemAccount = _systemAccountFactory.Create(organization, request.SystemAccountDto.Email, new Email(request.SystemAccountDto.Email)); systemAccount.AssignToStaff(staff); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto>(systemAccount); response.SystemAccountDto = systemAccountDto; } else { var result = identityServerResponse.ErrorMessage; var dataErrorInfo = new DataErrorInfo(result, ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } else { Logger.Error(string.Format("Tried assigning invalid staff {0} to systemaccount {1}", request.StaffKey, systemAccount.Key)); response.SystemAccountDto.AddDataErrorInfo(new DataErrorInfo("Invalid staff key.", ErrorLevel.Error)); } } } else { var systemAccount = _systemAccountRepository.GetByIdentifier(request.SystemAccountDto.Identifier); var staff = _staffRepository.GetByKey(request.StaffKey); if (systemAccount != null) // account existing { if (systemAccount.Staff == null) { systemAccount.AssignToStaff(staff); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto>(systemAccount); response.SystemAccountDto = systemAccountDto; } else { var dataErrorInfo = new DataErrorInfo(string.Format("Cannot link account because an account with the email {0} has been assigned to another staff.", request.SystemAccountDto.Identifier), ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } else { var dataErrorInfo = new DataErrorInfo(string.Format("Cannot link account because an account with the email {0} does not exist.", request.SystemAccountDto.Identifier), ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } }
/// <summary> /// Handles the specified request. /// </summary> /// <param name="request">The request.</param> /// <param name="response">The response.</param> /// <exception cref="System.InvalidOperationException">Cannot find Patient portal built in role.</exception> protected override void Handle(AssignAccountRequest request, AssignAccountResponse response) { if (request.SystemAccountDto.CreateNew) { var systemAccount = _systemAccountRepository.GetByIdentifier(request.SystemAccountDto.Identifier); if (systemAccount != null) { // account existing var dataErrorInfo = new DataErrorInfo(string.Format("Cannot create account because an account with the email {0} already exists.", request.SystemAccountDto.Identifier), ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } else { var identityServiceResponse = _systemAccountIdentityServiceManager.Create(request.SystemAccountDto.Email); if (identityServiceResponse.Sucess) { var systemAccountFactory = new SystemAccountFactory(); systemAccount = systemAccountFactory.Create(request.OrganizationKey, request.SystemAccountDto.Email, new Email(request.SystemAccountDto.Email)); if (request.StaffKey != Guid.Empty) { systemAccount.AssignToStaff(request.StaffKey); } if (request.PatientKey != Guid.Empty) { systemAccount.AssignToPatient(request.PatientKey); Guid?portalRoleKey; using (var connection = _dbConnectionFactory.CreateConnection()) { portalRoleKey = connection.Query <Guid?> ("SELECT [RoleKey] FROM [SecurityModule].[Role] WHERE Name=@Name", new { Name = "Patient Portal" }).FirstOrDefault(); } if (portalRoleKey.HasValue) { systemAccount.AddRole(portalRoleKey.Value); } else { throw new InvalidOperationException("Cannot find Patient portal built in role."); } } var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto> (systemAccount); response.SystemAccountDto = systemAccountDto; } else { var result = identityServiceResponse.ErrorMessage; //// remove the message from the JSON var identityError = (IdentityServerError)JsonConvert.DeserializeObject(result, typeof(IdentityServerError)); var dataErrorInfo = new DataErrorInfo(identityError.Message, ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } } else { var systemAccount = _systemAccountRepository.GetByIdentifier(request.SystemAccountDto.Identifier); if (systemAccount != null) { // account existing if (systemAccount.StaffKey == null) { systemAccount.AssignToStaff(request.StaffKey); var systemAccountDto = Mapper.Map <SystemAccount, SystemAccountDto> (systemAccount); response.SystemAccountDto = systemAccountDto; } else { var dataErrorInfo = new DataErrorInfo( string.Format( "Cannot link account because an account with the email {0} has been assigned to another staff.", request.SystemAccountDto.Identifier), ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } else { var dataErrorInfo = new DataErrorInfo(string.Format("Cannot link account because an account with the email {0} does not exist.", request.SystemAccountDto.Identifier), ErrorLevel.Error); response.SystemAccountDto = request.SystemAccountDto; response.SystemAccountDto.AddDataErrorInfo(dataErrorInfo); } } }