public static void ValidateCanEditFlowById(NodeVisit visit, string flowId)
{
if (!visit.IsFlowPermittedById(flowId, FlowRoleType.Modify))
{
ThrowInsuficientPrivileges();
}
}
public void Delete(ConfigItem item, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
if (!item.IsEditable)
{
throw new InvalidOperationException("The item cannot be saved since it is not editable.");
}
lock (_lockObject)
{
TransactionTemplate.Execute(delegate
{
_configDao.Delete(item.Id);
lock (_lockObject)
{
if (_configItems.ContainsKey(item.Id.ToUpper()))
{
_configItems.Remove(item.Id.ToUpper());
}
}
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} deleted configuration value: {1}.",
visit.Account.NaasAccount, item.ToString());
return(null);
});
}
}
public static void ValidateCanViewFlowByName(NodeVisit visit, string flowName)
{
if (!visit.IsFlowPermittedByName(flowName, FlowRoleType.View))
{
ThrowInsuficientPrivileges();
}
}
public IList <ScheduledItemExecuteStatus> GetScheduledItemExecuteStatus(NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Program);
IList <ScheduledItemExecuteStatus> scheduledItemExecuteStatus = _scheduleDao.GetScheduledItemExecuteStatus();
return(FilterSchedulesForUser(visit, scheduledItemExecuteStatus));
}
public void Remove(UserAccount instance, NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Admin);
if (!CanRemoveUser(instance.NaasAccount, visit))
{
throw new InvalidOperationException(string.Format("The user \"{0}\" cannot be removed from the node",
instance.NaasAccount));
}
TransactionTemplate.Execute(delegate
{
_accountDao.Delete(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} removed account: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to remove user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
throw;
}
}
public IList <DataFlow> GetFlows(NodeVisit visit, bool loadDataServices)
{
ValidateByRole(visit, SystemRoleType.Program);
IList <DataFlow> flows = GetAllDataFlows(loadDataServices, false);
return(FilterFlowsForUser(visit, flows));
}
public IList <DataFlow> GetProtectedFlows(NodeVisit visit, bool loadDataServices)
{
ValidateByRole(visit, SystemRoleType.Program);
IList <DataFlow> flows = _flowDao.GetAllProtectedDataFlows(loadDataServices);
return(FilterFlowsForUser(visit, flows));
}
public UserAccount Get(string username, NodeVisit visit)
{
try
{
if (visit != null)
{
ValidateByRole(visit, SystemRoleType.Program);
}
UserAccount account = _accountDao.GetByName(username);
if (account == null)
{
throw new ArgumentException(string.Format("The user \"{0}\" was not found in the database", username));
}
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.",
(visit != null) ? visit.Account.NaasAccount : null, account.ToString());
return(account);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.",
(visit != null) ? visit.Account.NaasAccount : null, username);
throw;
}
}
public IDictionary <string, SimpleListDisplayInfo> GetListInfo(NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Program);
Dictionary <string, SimpleListDisplayInfo> dict =
new Dictionary <string, SimpleListDisplayInfo>();
IList <SimpleFlowNotification> flowNotifications =
_notificationDao.GetAllSimpleFlowNotificationsForUsername(visit.Account.NaasAccount);
if (!CollectionUtils.IsNullOrEmpty(flowNotifications))
{
foreach (SimpleFlowNotification flowNotification in flowNotifications)
{
dict.Add(flowNotification.FlowCode, new SimpleListDisplayInfo(flowNotification.FlowCode,
flowNotification.FlowDescription,
flowNotification.NotificationType));
}
}
// Add in any missing flows
IList <DataFlow> flows = _flowDao.GetAllDataFlows(false, false);
if (!CollectionUtils.IsNullOrEmpty(flows))
{
foreach (DataFlow flow in flows)
{
if (!dict.ContainsKey(flow.FlowName))
{
dict.Add(flow.FlowName, new SimpleListDisplayInfo(flow.FlowName, flow.Description,
NotificationType.None));
}
}
}
FilterFlowsForUser(visit, dict);
return(dict);
}
public Activity GetActivityEntries(Activity activity, NodeVisit visit)
{
LogicAuditBaseManager.ValidateByRole(visit, SystemRoleType.Program);
activity.Entries = _activityDao.GetActivityEntries(activity.Id);
return(activity);
}
public void Visit(AstNode node, NodeVisit cb)
{
if (node == null)
{
return;
}
//else
VisitInfoTable[node.Key].Visit.Perform(node, cb);
}
public void Visit(AstNode node, NodeVisit cb)
{
if (node == null)
{
return;
}
//else
CurrentPolicy.Visit(node, cb);
}
public string LogAudit(NodeMethod method, string flowName, string operation, string transactionId,
NodeVisit visit, string messageFormat, params object[] args)
{
Activity activity = new Activity(method, flowName, operation, ActivityType.Audit, transactionId,
(visit == null) ? string.Empty : visit.IP, messageFormat, args);
activity.ModifiedById = (visit == null) ? AccountManager.AdminAccount.Id : visit.Account.Id;
return(Log(activity));
}
/// <summary>
/// Make a generic Endpoint visit
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="visit"></param>
/// <returns>Activity</returns>
protected void AuthenticateEndpointActivity(AuthEndpointVisit visit, ActivityType activityType,
NodeMethod method, out NodeVisit nodeVisit,
out string userToken, out Activity activity)
{
if (visit == null)
{
throw new ArgumentNullException("visit");
}
activity = new Activity(method, null, null, activityType, null, visit.IP, "Visit from endpoint version {0} for method {1}.",
visit.Version, method.ToString());
UserAccount userAccount = AccountManager.GetByName(visit.Credentials.UserName);
if ((userAccount != null) && !userAccount.IsActive)
{
var message = string.Format("The user account \"{0}\" is not active on this node.",
visit.Credentials.UserName);
activity.AppendFormat(message);
throw new ArgumentException(message);
}
activity.AppendFormat("Attempting to authenticate {0} from IP {1} using {2}.",
visit.Credentials.UserName, visit.IP, visit.AuthMethod);
// Get a token or fail trying
userToken = AuthProvider.AuthenticateUser(visit.Credentials, visit.IP,
visit.AuthMethod);
activity.AppendFormat("Successfully authenticated {0} with user token {1}.",
visit.Credentials.UserName, userToken);
//Always returns an account
bool wasCreated;
userAccount =
AccountManager.GetOrCreate(visit.Credentials.UserName, true, out wasCreated);
//Update the activity to created by the current user
activity.ModifiedById = userAccount.Id;
IDictionary <string, string> flowsIdToNameMap = _flowManager.GetAllFlowsIdToNameMap();
nodeVisit = new NodeVisit(userAccount, visit.IP, flowsIdToNameMap);
if (wasCreated)
{
activity.AppendFormat("Successfully created local user account for {0}.",
visit.Credentials.UserName);
}
else
{
activity.AppendFormat("Successfully got local user account for {0}.",
visit.Credentials.UserName);
}
}
public string LogError(NodeMethod method, string flowName, string operation, ActivityType type, Exception exception,
NodeVisit visit, string messageFormat, params object[] args)
{
Activity activity = new Activity(method, flowName, operation, type, null, (visit == null) ? string.Empty : visit.IP,
messageFormat, args);
activity.ModifiedById = (visit == null) ? AccountManager.AdminAccount.Id : visit.Account.Id;
activity.AppendFormat("EXCEPTION: {0}", ExceptionUtils.GetDeepExceptionMessage(exception));
return(Log(activity));
}
internal static bool CanEditAnyFlow()
{
NodeVisit adminVisit = VisitHelper.GetVisit();
if ((adminVisit != null) && (adminVisit.Account != null))
{
return(adminVisit.CanEditAnyFlow());
}
return(false);
}
internal static bool CanViewFlowByName(string flowName)
{
NodeVisit adminVisit = VisitHelper.GetVisit();
if ((adminVisit != null) && (adminVisit.Account != null))
{
return(adminVisit.IsFlowPermittedByName(flowName, FlowRoleType.View));
}
return(false);
}
internal static string GetCurrentUsername()
{
NodeVisit visit = VisitHelper.GetVisit();
if ((visit != null) && (visit.Account != null))
{
return(visit.Account.NaasAccount);
}
return(null);
}
internal static bool CanEditFlowById(string flowId)
{
NodeVisit adminVisit = VisitHelper.GetVisit();
if ((adminVisit != null) && (adminVisit.Account != null))
{
return(adminVisit.IsFlowPermittedById(flowId, FlowRoleType.Modify));
}
return(false);
}
public int Compare(NodeVisit x, NodeVisit y)
{
var result = x.EstimatedArrivalAtDestination.CompareTo(y.EstimatedArrivalAtDestination);
if (result == 0)
{
result = network.GetNodeId(x.Node).CompareTo(network.GetNodeId(y.Node));
}
return(result);
}
public void Delete(DataProviderInfo instance, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
TransactionTemplate.Execute(delegate
{
_dataProviderDao.Delete(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} deleted data source: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
public DataService GetService(string serviceId, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Program);
DataService service = _serviceDao.GetDataService(serviceId);
if (service != null)
{
ValidateCanViewFlowById(visit, service.FlowId);
}
return(service);
}
public ScheduledItem RunNow(string scheduleId, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Program);
ScheduledItem item = _scheduleDao.GetScheduledItem(scheduleId);
if (item == null)
{
throw new ArgumentException(string.Format("Cannot load a schedule with id \"{0}\"", scheduleId));
}
return(RunNow(item, visit));
}
public UserAccount GetOrCreateUser(string username, NodeVisit visit,
out NaasUserInfo naasUserInfo)
{
ValidateByRole(visit, SystemRoleType.Admin);
bool wasCreated;
UserAccount userAccount = _accountManager.GetOrCreate(username, true, out wasCreated);
naasUserInfo = _naasManager.GetNaasUserInfo(username);
return(userAccount);
}
public void DeleteFlow(DataFlow instance, NodeVisit visit)
{
ValidateCanEditFlowById(visit, instance.Id);
TransactionTemplate.Execute(delegate
{
_flowDao.Delete(instance);
ActivityManager.LogAudit(NodeMethod.None, instance.FlowName, visit, "{0} deleted data flow: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
public int DeleteActivities(ActivitySearchParams search, NodeVisit visit)
{
LogicAuditBaseManager.ValidateByRole(visit, SystemRoleType.Admin);
bool addFlowIsNullQuery;
if (!FilterSearchParamsForVisit(search, visit, out addFlowIsNullQuery))
{
return(0);
}
return(_activityDao.DeleteActivities(search, addFlowIsNullQuery));
}
public bool UserExistsInNAAS(string userName, NodeVisit visit, out string affiliate, out bool canDelete, out bool canRemove)
{
canRemove = CanRemoveUser(userName, visit);
if (_naasManager.UserExists(userName, out affiliate, out canDelete))
{
if (canDelete)
{
canDelete = CanDeleteUser(userName, visit);
}
return(true);
}
return(false);
}
public void Delete(ScheduledItem instance, NodeVisit visit)
{
ValidateCanEditFlowById(visit, instance.FlowId);
string flowName = _flowManager.GetDataFlowNameById(instance.FlowId);
TransactionTemplate.Execute(delegate
{
_scheduleDao.Delete(instance.Id);
ActivityManager.LogAudit(NodeMethod.None, flowName, instance.Name, visit, "{0} deleted scheduled item: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
/// <summary>
/// Validate that the input admin visitor has at least minimumRole permissions. Throw an
/// UnauthorizedAccessException() if visitor is not validated.
/// </summary>
public static void ValidateByRole(NodeVisit visit, SystemRoleType minimumRole)
{
if (visit == null)
{
throw new ArgumentException("Input visit is null.");
}
if ((visit.Account == null) || string.IsNullOrEmpty(visit.Account.Id) ||
((visit.Account.Role != SystemRoleType.Admin) && ((Int32)visit.Account.Role) < ((Int32)minimumRole)))
{
ThrowInsuficientPrivileges();
}
}
protected IList <ScheduledItemExecuteStatus> FilterSchedulesForUser(NodeVisit visit, IList <ScheduledItemExecuteStatus> schedules)
{
if (!CollectionUtils.IsNullOrEmpty(schedules))
{
for (int i = schedules.Count - 1; i >= 0; --i)
{
ScheduledItemExecuteStatus schedule = schedules[i];
if (!CanUserViewFlowById(visit, schedule.FlowId))
{
schedules.RemoveAt(i);
}
}
}
return(schedules);
}
