public static void InitializeSecurity(SRPUser u, int TID, string newPassword) { var MTID = Core.Utilities.Tenant.GetMasterID(); u.TenID = TID; u.MustResetPassword = true; u.Insert(); var g = new SRPGroup(); g.GID = 0; g.GroupName = "Superuser group"; g.GroupDescription = "All permissions enabled."; g.TenID = TID; g.Insert(); var PermissionID_LIST = "1000,2000,2100,2200,3000,4000,4100,4200,4300,4400,4500,4600,4700,4800,4900,5000,5100,5200,5300,8000"; SRPGroup.UpdatePermissions(g.GID, PermissionID_LIST, ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username); SRPGroup.UpdateMemberUsers(g.GID, u.Uid.ToString(), ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username); var Message = "Summer Reading Program - Your account has been created"; // TODO security - this should not email the password in cleartext string baseUrl = WebTools.GetBaseUrl(HttpContext.Current.Request); var EmailBody = "<h1>Dear " + u.FirstName + ",</h1><br><br>Your account has been created and has full administrative access to your organization's reading rogram. <br>This is your current account information. Please make sure you reset your password as soon as you are able to log back in.<br><br>" + "Username: "******"<br>Password: "******"<br><br>If you have any questions regarding your account please contact " + SRPSettings.GetSettingValue("ContactName") + " at " + SRPSettings.GetSettingValue("ContactEmail") + "." + "<br><br><br><a href='" + baseUrl + "'>" + baseUrl + "</a> <br> "; new EmailService().SendEmail(u.EmailAddress, Message, EmailBody); }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/Modules/Security/Default.aspx"; if(e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if(e.CommandName.ToLower() == "refresh") { try { odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.RefreshOK; } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if(e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") { try { SRPUser obj = new SRPUser(); obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text; obj.NewPassword = ((TextBox)((DetailsView)sender).FindControl("Password")).Text; obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; //((TextBox)((DetailsView)sender).FindControl("Password")).Attributes["value"] = obj.Password; obj.IsActive = true; obj.MustResetPassword = true; obj.IsDeleted = false; obj.AddedDate = DateTime.Now; obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session obj.LastModDate = obj.AddedDate; obj.LastModUser = obj.AddedUser; obj.TenID = (int)CRTenantID; if(obj.IsValid(BusinessRulesValidationMode.INSERT)) { obj.Insert(); if(e.CommandName.ToLower() == "addandback") { Response.Redirect(returnURL); } lblUID.Text = obj.Uid.ToString(); odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.AddedOK; } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if(e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { int pk = int.Parse(((DetailsView)sender).Rows[0].Cells[1].Text); SRPUser obj = new SRPUser(pk); obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text; obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; obj.IsActive = ((CheckBox)((DetailsView)sender).FindControl("IsActive")).Checked; obj.MustResetPassword = ((CheckBox)((DetailsView)sender).FindControl("MustResetPassword")).Checked; //((TextBox)((DetailsView)sender).FindControl("Password")).Attributes.Add("value", obj.Password); //obj.IsDeleted = ((TextBox)((DetailsView)sender).FindControl("IsDeleted")).Text; //obj.LastPasswordReset = ((TextBox)((DetailsView)sender).FindControl("LastPasswordReset")).Text; //obj.DeletedDate = ((TextBox)((DetailsView)sender).FindControl("DeletedDate")).Text; //obj.LastModDate = ((TextBox)((DetailsView)sender).FindControl("LastModDate")).Text; //obj.LastModUser = ((TextBox)((DetailsView)sender).FindControl("LastModUser")).Text; //obj.AddedDate = ((TextBox)((DetailsView)sender).FindControl("AddedDate")).Text; //obj.AddedUser = ((TextBox)((DetailsView)sender).FindControl("AddedUser")).Text; obj.LastModDate = DateTime.Now; obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session if(obj.IsValid(BusinessRulesValidationMode.UPDATE)) { obj.Update(); SaveGroups((DetailsView)sender, obj); //SavePermissions((DetailsView)sender, obj); //SaveFolders((DetailsView)sender, obj); if(e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.SaveOK; } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if(e.CommandName.ToLower() == "loginhistory") { int key = Convert.ToInt32(lblUID.Text); Session["UID"] = key; Response.Redirect("~/ControlRoom/Modules/Security/LoginHistory.aspx"); //Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/LoginHistory.aspx", key)); } //if (e.CommandName.ToLower() == "audituser") //{ // int key = Convert.ToInt32(lblUID.Text); // Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/UserAudit.aspx", key)); //} }