public async Task <ActionResult> GetRoles([DataSourceRequest] DataSourceRequest request)
{
var poolId = Client.SecurityPoolId;
var roles = await _poolManager.GetRolesAsync(poolId);
var model = roles.ProjectTo <RoleViewModel>();
return(Json(model.ToDataSourceResult(request)));
}
public async Task <IActionResult> Roles(string roleId = null, bool create = false)
{
var site = base.Site;
var poolId = site.SecurityPoolId;
if (create == false && roleId == null)
{
var roles = await _poolManager.GetRolesAsync(poolId);
roleId = roles?.FirstOrDefault()?.Id;
}
ViewData["ClientId"] = site.ClientId;
ViewData["SiteId"] = site.Id;
ViewData["PoolId"] = poolId;
ViewData["RoleId"] = roleId;
ViewData["ShowPools"] = false;
return(View());
}
private async Task SyncUserRolesFromLdapGroups(TUser user, LdUser ldapUser)
{
var allRoles = new List <Role>();
//Find all roles for a directory. Meaning we need to query all pools to find all roles
var pools = await _directoryManager.GetDirectoryPoolsAsync(user.DirectoryId);
foreach (var pool in pools)
{
allRoles.AddRange(await _securityPoolManager.GetRolesAsync(pool.PoolId));
}
//Get only roles that were mapped from all roles founded.
var rolesMapped = _roleManager.QueryLdapMapping().Include(x => x.Role).Where(x => allRoles.Exists(y => y.Id == x.RoleId)).ToList();
if (!rolesMapped.Any())
{
return;
}
//Remove all roles from user that are mapped ONLY from the user-roles relationship
foreach (var mappedRole in rolesMapped)
{
//this should clear all roles for the user for clean insert. Should only clear roles that are mapped to Ldap groups
await _userManager.RemoveFromRoleAsync(user, mappedRole.Role);
}
//find the ldap roles assigned to the ldapuser that are listed in the collection of mapped roles
var rolesGroupAssignedInLdap = rolesMapped.Where(x => ldapUser.Groups.Any(y => y == x.DistinguishedName)).ToList();
if (!rolesGroupAssignedInLdap.Any())
{
return;
}
//add all group/roles from the Ldap user that were found in the mapped list.
foreach (var groupRole in rolesGroupAssignedInLdap)
{
await _roleManager.AddUserToRoleAsync(groupRole.Role, user.Id);
}
}
public async Task <IViewComponentResult> InvokeAsync(string siteId, string userId)
{
var site = await _siteManager.GetByIdAsync(siteId);
var allRoles = await _poolManager.GetRolesAsync(site.SecurityPoolId);
var userRoles = await _poolManager.GetUserRolesAsync(site.SecurityPoolId, userId);
// TODO - Ensure user's directory is mapped to this site's security pool
var model = allRoles.Select(x => new UserRoleViewModel
{
RoleId = x.Id,
RoleName = x.Name,
Selected = userRoles.Any(y => y.Id == x.Id)
}).ToList();
ViewData["UserId"] = userId;
return(View(model));
}
public async Task <IActionResult> FetchHierarchy([DataSourceRequest] DataSourceRequest request, string id, string clientId)
{
object model = null;
if (string.IsNullOrEmpty(id))
{
// client has been switched or initial request to the page
var client = await _clientManager.GetByIdAsync(clientId);
// HOTFIX: Directory manager requires tenantKey, not clientId
var directories = await _directoryManager.GetDirectoriesWithMapAsync(client.TenantKey);
model = directories.Select(x => new
{
id = $"{typeof(Directory).Name.ToString()}_{x.Id}", // id = [Directory]_[directoryId]
Name = x.Name,
hasChildren = x.DirectoryMap.Any()
});
}
else
{
// parse the tree node's string id to determine action
var nodeInfo = id.Split('_');
var nodeType = nodeInfo[0];
switch (nodeType)
{
case "Directory":
var directoryId = nodeInfo[1];
var poolMaps = await _directoryManager.GetDirectoryPoolsAsync(directoryId);
var pools = new List <Identity.Models.SecurityPool>();
foreach (var pool in poolMaps)
{
var poolObject = await _poolManager.GetByIdAsync(pool.PoolId);
pools.Add(poolObject);
}
model = pools.Select(x => new
{
id = $"{typeof(Identity.Models.SecurityPool).Name.ToString()}_{x.PoolId}_{directoryId}", // id = [secPool]_[poolId]_[directoryId]
Name = x.Name,
hasChildren = (_poolManager.GetRolesQuery(x.PoolId)).Any()
});
break;
case "SecurityPool":
var poolId = nodeInfo[1];
var roles = await _poolManager.GetRolesAsync(poolId);
directoryId = nodeInfo[2];
model = roles.Select(x => new
{
id = $"{typeof(Role).Name.ToString()}_{x.Id}_{poolId}_{directoryId}", // id = [role]_[roleid]_[poolId]_[directoryId]
Name = x.Name,
hasChildren = false
});
break;
default:
break;
}
}
return(new JsonResult(model, new Newtonsoft.Json.JsonSerializerSettings {
ContractResolver = new CamelCasePropertyNamesContractResolver()
}));
// return Json(model.ToDataSourceResult(request));
}
public async Task <IViewComponentResult> InvokeAsync(IList <SecurityClaimConfig> configurations, string componentId = null)
{
IEnumerable <User> users = new List <User>();
IEnumerable <Role> roles = new List <Role>();
IList <SecurityClaimConfigViewModel> securityViewModel = new List <SecurityClaimConfigViewModel>();
string defaultId = "resourceSecurity_" + Guid.NewGuid().ToString("N").Substring(0, 10);
foreach (SecurityClaimConfig config in configurations)
{
SecurityClaimConfigViewModel configModel = new SecurityClaimConfigViewModel();
//get user in directory
if (config.AllowUsers)
{
var directory = await _directoryManager.GetDefaultMappedDirectoryAsync(config.SecurityPoolId);
configModel.Users = await _directoryManager.GetUsersAsync(directory.Id);
if (!string.IsNullOrEmpty(config.AllowUsersLabel))
{
configModel.UsersLabel = config.AllowUsersLabel;
}
configModel.SelectedUsers = (await _userManager.GetClaimObjectsAsync(config.Claim)).Select(x => x.UserId).ToList();
configModel.AllowUsers = config.AllowUsers;
}
//get roles in pool
if (config.AllowRoles)
{
configModel.Roles = await _poolManager.GetRolesAsync(config.SecurityPoolId);
if (!string.IsNullOrEmpty(config.AllowRolesLabel))
{
configModel.RolesLabel = config.AllowRolesLabel;
}
configModel.SelectedRoles = _roleManager.QueryRoleClaims().Where(x => x.ClaimType == config.Claim.Type && x.ClaimValue == config.Claim.Value).ToList();
configModel.AllowRoles = config.AllowRoles;
}
//groups
if (config.AllowGroups)
{
if (!string.IsNullOrEmpty(config.AllowGroupsLabel))
{
configModel.GroupsLabel = config.AllowGroupsLabel;
}
configModel.Groups = await _groupManager.GetGroupsOwnedByUser(_adminContextAccessor.GetContext().UserContext.UserId);
configModel.SelectedGroups = (await _groupManager.GetGroupClaimsAsync(config.Claim)).Select(x => x.GroupId).ToList();
configModel.AllowGroups = config.AllowGroups;
}
configModel.ResourceType = config.ResourceType;
configModel.Title = config.Title;
configModel.Description = config.Description;
configModel.Claim = config.Claim;
securityViewModel.Add(configModel);
}
ViewData["ComponentId"] = componentId ?? defaultId;
return(View("~/UI/Views/Components/SecurityUserRoleClaims/UserRoleClaimsView.cshtml", securityViewModel));
}