예제 #1
0
        private void ProcessEditForm(int id, FormCollection collection)
        {
            var allowUpload = Settings.GetValueAsBool("S2", "S2Import.PersonExport");

            var jsonGridData = collection["gridData"];
            var gridData     = JsonConvert.DeserializeObject <List <GridDataRow> >(jsonGridData);

            var dataAccess = new People(DbContext);

            var results = dataAccess.Get(id);

            if (results.Failed)
            {
                EventLogger.LogSystemActivity(OwnedSystem,
                                              Severity.Error,
                                              string.Format("Error getting person with id of {0} from R1SM", id),
                                              results.Message);

                RedirectToAction("Index", "People");
            }

            var person = results.Entity;

            if (AllowRuleAdministration)
            {
                UpdateRoles(person, gridData);
            }

            // If an admin edited this we need to see if any of the RSM specific stuff has changed.
            if (User.IsInRole("admin"))
            {
                person.IsAdmin = collection.GetValueAsBool("IsAdmin");

                person.LockedOut = collection.GetValueAsBool("Person.LockedOut");

                person.username = collection["Person.username"];
                var newPass = collection["Person.password"];

                if ((newPass.Length > 0) && (newPass != person.password))
                {
                    // Get encryption and decryption key information from the configuration.
                    var cfg        = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
                    var machineKey = (MachineKeySection)cfg.GetSection("system.web/machineKey");

                    var hash = new HMACSHA512 {
                        Key = Utilities.HexToByte(machineKey.ValidationKey)
                    };

                    var hash1 = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(collection["Person.password"] + ".rSmSa1t" + newPass.Length.ToString())));
                    var hash2 = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(hash1 + "an0tH3r5alt!" + newPass.Length.ToString())));

                    person.password =
                        Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(hash2)));
                }

                EventLogger.LogUserActivity(Severity.Informational,
                                            User.Identity.Name + " modified access for " + person.DisplayName, "");
            }

            // Saving the person implies acceptance of the levels as assigned.
            person.NeedsApproval = false;
            person.Credentials   = collection["Person.Credentials"];
            person.NickFirst     = collection["Person.NickFirst"];
            DbContext.SubmitChanges();

            try
            {
                if (allowUpload)
                {
                    // Now update the S2 box with the new employee record.
                    this.API.SavePerson(person);
                }
                else
                {
                    person.NeedsUpload = true;
                    DbContext.SubmitChanges();
                }
            }
            catch
            {
                // If the update fails (likely due to a network issue)
                // queue up the person to be uploaded by the service later.
                person.NeedsUpload = true;
                DbContext.SubmitChanges();
            }
        }