public Yield GetGroupUsers(DreamContext context, DreamMessage request, Result <DreamMessage> response) { PermissionsBL.CheckUserAllowed(DekiContext.Current.User, Permissions.READ); GroupBE group = GetGroupFromUrl(); DreamMessage responseMsg = null; uint totalCount; uint queryCount; var usersInGroup = UserBL.GetUsersByQuery(context, group.Id, out totalCount, out queryCount); XDoc ret = new XDoc("users"); ret.Attr("count", usersInGroup.Count()); ret.Attr("querycount", queryCount); ret.Attr("totalcount", totalCount); ret.Attr("href", DekiContext.Current.ApiUri.At("groups", group.Id.ToString(), "users")); foreach (UserBE member in usersInGroup) { ret.Add(UserBL.GetUserXml(member, null, Utils.ShowPrivateUserInfo(member))); } responseMsg = DreamMessage.Ok(ret); response.Return(responseMsg); yield break; }
public static XDoc GetGroupXmlVerbose(GroupBE group, string relation) { XDoc groupXml = GetGroupXml(group, relation); ServiceBE authService = ServiceBL.GetServiceById(group.ServiceId); if (authService != null) { groupXml.Add(ServiceBL.GetServiceXml(authService, "authentication")); } groupXml.Start("users"); if (group.UserIdsList != null) { groupXml.Attr("count", group.UserIdsList.Length); } groupXml.Attr("href", DekiContext.Current.ApiUri.At("groups", group.Id.ToString(), "users")); groupXml.End(); //Permissions for the group RoleBE role = PermissionsBL.GetRoleById(group.RoleId); groupXml.Add(PermissionsBL.GetRoleXml(role, "group")); return(groupXml); }
public static GroupBE SetGroupMembers(GroupBE group, XDoc userList) { UserBE[] members = ProcessGroupMemberInput(group, userList); DbUtils.CurrentSession.GroupMembers_UpdateUsersInGroup(group.Id, members.Select(e => e.ID).ToList(), DateTime.UtcNow); // reload the group to ensure group members are set return(GetGroupById(group.Id)); }
public Yield DeleteGroup(DreamContext context, DreamMessage request, Result <DreamMessage> response) { PermissionsBL.CheckUserAllowed(DekiContext.Current.User, Permissions.ADMIN); GroupBE group = GetGroupFromUrl(); DbUtils.CurrentSession.Groups_Delete(group.Id); response.Return(DreamMessage.Ok()); yield break; }
public Yield PostGroupUsers(DreamContext context, DreamMessage request, Result <DreamMessage> response) { PermissionsBL.CheckUserAllowed(DekiContext.Current.User, Permissions.ADMIN); GroupBE group = GetGroupFromUrl(); group = GroupBL.AddGroupMembers(group, request.ToDocument()); response.Return(DreamMessage.Ok(GroupBL.GetGroupXmlVerbose(group, null))); yield break; }
public Yield GetGroup(DreamContext context, DreamMessage request, Result <DreamMessage> response) { PermissionsBL.CheckUserAllowed(DekiContext.Current.User, Permissions.READ); GroupBE group = GetGroupFromUrl(); DreamMessage responseMsg = DreamMessage.Ok(GroupBL.GetGroupXmlVerbose(group, null)); response.Return(responseMsg); yield break; }
public static XDoc GetGroupXml(GroupBE group, string relation) { XDoc groupXml = new XDoc(string.IsNullOrEmpty(relation) ? "group" : "group." + relation); groupXml.Attr("id", group.Id); groupXml.Attr("href", DekiContext.Current.ApiUri.At("groups", group.Id.ToString())); groupXml.Start("groupname").Value(group.Name).End(); return(groupXml); }
public Yield PostGroup(DreamContext context, DreamMessage request, Result <DreamMessage> response) { PermissionsBL.CheckUserAllowed(DekiContext.Current.User, Permissions.ADMIN); DreamMessage responseMsg = null; GroupBE group = GroupBL.PostGroupFromXml(request.ToDocument(), null, context.GetParam("authusername", null), context.GetParam("authpassword", null)); responseMsg = DreamMessage.Ok(GroupBL.GetGroupXmlVerbose(group, null)); response.Return(responseMsg); yield break; }
public Yield DeleteGroupUser(DreamContext context, DreamMessage request, Result <DreamMessage> response) { PermissionsBL.CheckUserAllowed(DekiContext.Current.User, Permissions.ADMIN); GroupBE group = GetGroupFromUrl(); UserBE user = GetUserFromUrlMustExist(); group = GroupBL.RemoveGroupMember(group, user); response.Return(DreamMessage.Ok(GroupBL.GetGroupXmlVerbose(group, null))); yield break; }
private IList <GroupBE> Groups_GetInternal(string where, string functionDescription, bool lookupCount, uint?limit, uint?offset, out uint totalCount, out uint queryCount) { totalCount = queryCount = 0; uint totalCountTemp = 0, queryCountTemp = 0; List <GroupBE> groups = new List <GroupBE>(); string totalCountQuery = lookupCount ? "select count(*) as totalcount from groups" : string.Empty; string queryCountQuery = lookupCount ? "select count(*) as querycount from groups " + where : string.Empty; string limitOffsetQuery = string.Empty; if (limit != null || offset != null) { limitOffsetQuery = string.Format("limit {0} offset {1}", limit ?? int.MaxValue, offset ?? 0); } string query = string.Format(@" /* GroupDA::{0} */ SET group_concat_max_len = @@max_allowed_packet; select groups.*, ( select cast(group_concat( user_groups.user_id, '') as char) from user_groups join users on users.user_id = user_groups.user_id where user_groups.group_id = groups.group_id group by user_groups.group_id ) as group_userids from groups {1} {2}; {3}; {4}; ", functionDescription, where.TrimEnd(new char[] { ';' }), limitOffsetQuery, totalCountQuery, queryCountQuery); Catalog.NewQuery(query) .Execute(delegate(IDataReader dr) { while (dr.Read()) { GroupBE group = Groups_Populate(dr); groups.Add(group); } if (dr.NextResult() && dr.Read()) { totalCountTemp = DbUtils.Convert.To <uint>(dr["totalcount"], 0); } if (dr.NextResult() && dr.Read()) { queryCountTemp = DbUtils.Convert.To <uint>(dr["querycount"], 0); } }); totalCount = totalCountTemp; queryCount = queryCountTemp; return(groups); }
public void Groups_Update(GroupBE group) { Catalog.NewQuery(@" /* Groups_Update */ UPDATE groups set group_role_id = ?ROLEID, group_name = ?NAME where group_id = ?GROUPID;") .With("GROUPID", group.Id) .With("ROLEID", group.RoleId) .With("NAME", group.Name) .Execute(); }
private GroupBE Groups_Populate(IDataReader dr) { GroupBE group = new GroupBE(); group.CreatorUserId = dr.Read <uint>("group_creator_user_id"); group.Id = dr.Read <uint>("group_id"); group.Name = dr.Read <string>("group_name"); group.RoleId = dr.Read <uint>("group_role_id"); group.ServiceId = dr.Read <uint>("group_service_id"); group.TimeStamp = dr.Read <DateTime>("group_last_edit"); group.UserIds = dr.Read <string>("group_userids"); return(group); }
public uint Groups_Insert(GroupBE group) { uint groupId = Catalog.NewQuery(@" /* Groups_Insert */ insert IGNORE into `groups` (`group_name`, `group_role_id`, `group_service_id`, `group_creator_user_id`, `group_last_edit`) values (?NAME, ?ROLEID, ?SERVICEID, ?CREATORUSERID, ?TIMESTAMP); select LAST_INSERT_ID();") .With("NAME", group.Name) .With("ROLEID", group.RoleId) .With("SERVICEID", group.ServiceId) .With("CREATORUSERID", group.CreatorUserId) .With("TIMESTAMP", group.TimeStamp) .ReadAsUInt() ?? 0; return(groupId); }
public static GroupBE AddGroupMembers(GroupBE group, XDoc userList) { UserBE[] newMembers = ProcessGroupMemberInput(group, userList); if (ArrayUtil.IsNullOrEmpty(newMembers)) { return(group); } var members = GetMemberUsers(group).ToList(); members.AddRange(newMembers); DbUtils.CurrentSession.GroupMembers_UpdateUsersInGroup(group.Id, members.Select(e => e.ID).ToList(), DateTime.UtcNow); return(GetGroupById(group.Id)); }
public static GroupBE RemoveGroupMember(GroupBE group, UserBE user) { List <UserBE> members = new List <UserBE>(); foreach (UserBE u in GetMemberUsers(group)) { if (u.ID != user.ID) { members.Add(u); } } DbUtils.CurrentSession.GroupMembers_UpdateUsersInGroup(group.Id, members.Select(e => e.ID).ToList(), DateTime.UtcNow); return(GetGroupById(group.Id)); }
private static UserBE[] ProcessGroupMemberInput(GroupBE group, XDoc userList) { if (!userList.HasName("users")) { throw new GroupExpectedUserRootNodeInvalidArgumentException(); } ServiceBE service = ServiceBL.GetServiceById(group.ServiceId); if (service == null) { throw new GroupServiceNotFoundFatalException(group.ServiceId, group.Name); } //Changing members of an external group is not supported. You may modify members in the external provider instead. if (!ServiceBL.IsLocalAuthService(service)) { throw new ExternalGroupMemberInvalidOperationException(); } UserBE[] members = ReadUserListXml(userList); ValidateGroupMemberList(service, members); return(members); }
private GroupBE Groups_Populate(IDataReader dr) { GroupBE group = new GroupBE(); group.CreatorUserId = dr.Read<uint>("group_creator_user_id"); group.Id = dr.Read<uint>("group_id"); group.Name = dr.Read<string>("group_name"); group.RoleId = dr.Read<uint>("group_role_id"); group.ServiceId = dr.Read<uint>("group_service_id"); group.TimeStamp = dr.Read<DateTime>("group_last_edit"); group.UserIds = dr.Read<string>("group_userids"); return group; }
public uint Groups_Insert(GroupBE group) { uint groupId = Catalog.NewQuery(@" /* Groups_Insert */ insert IGNORE into `groups` (`group_name`, `group_role_id`, `group_service_id`, `group_creator_user_id`, `group_last_edit`) values (?NAME, ?ROLEID, ?SERVICEID, ?CREATORUSERID, ?TIMESTAMP); select LAST_INSERT_ID();") .With("NAME", group.Name) .With("ROLEID", group.RoleId) .With("SERVICEID", group.ServiceId) .With("CREATORUSERID", group.CreatorUserId) .With("TIMESTAMP", group.TimeStamp) .ReadAsUInt() ?? 0; return groupId; }
private static IEnumerable <UserBE> GetMemberUsers(GroupBE group) { return((group.UserIdsList == null || !group.UserIdsList.Any()) ? new UserBE[0] : DbUtils.CurrentSession.Users_GetByIds(group.UserIdsList)); }
public static GroupBE PostGroupFromXml(XDoc groupDoc, GroupBE groupToProcess, string externalusername, string externalpassword) { GroupBE group = null; string groupName = string.Empty; ServiceBE groupService = null; RoleBE groupRole = null; UserBE[] groupMembers = null; uint? groupId = null; ParseGroupXml(groupDoc, out groupId, out groupName, out groupService, out groupRole, out groupMembers); //Create new group if (groupToProcess == null && (groupId == null || groupId == 0)) { if (groupService == null) { groupService = ServiceBL.RetrieveLocalAuthService(); } //External groups should be confirmed with the auth provider if (groupService != null && !ServiceBL.IsLocalAuthService(groupService)) { //username+password from request query params are used here group = ExternalServiceSA.BuildGroupFromAuthService(groupService, groupToProcess, groupName, externalusername, externalpassword); if (group == null) { throw new ExternalGroupNotFoundException(groupName); } } //Does this group already exist? GroupBE tempGroup = GetGroupByName(groupName); if (tempGroup != null) { throw new GroupExistsWithServiceConflictException(groupName, tempGroup.ServiceId); } ValidateGroupMemberList(groupService, groupMembers); // Insert the group GroupBE newGroup = new GroupBE(); newGroup.Name = groupName; newGroup.RoleId = groupRole.ID; newGroup.ServiceId = groupService.Id; newGroup.CreatorUserId = DekiContext.Current.User.ID; newGroup.TimeStamp = DateTime.UtcNow; uint newGroupId = DbUtils.CurrentSession.Groups_Insert(newGroup); if (newGroupId == 0) { group = null; } else { DbUtils.CurrentSession.GroupMembers_UpdateUsersInGroup(newGroupId, groupMembers.Select(e => e.ID).ToList(), newGroup.TimeStamp); // reload the group to ensure group members are set group = GetGroupById(newGroupId); } } //Edit existing group else { if (groupId != null) { groupToProcess = GetGroupById(groupId.Value); } if (groupToProcess == null) { throw new GroupIdNotFoundException(groupId); } group = groupToProcess; //Change the role? if (group.RoleId != groupRole.ID) { group.RoleId = groupRole.ID; } //Rename the group? if (group.Name != groupName && !string.IsNullOrEmpty(groupName)) { GroupBE tempGroup = GetGroupByName(groupName); if (tempGroup != null) { throw new GroupExistsWithServiceConflictException(groupName, tempGroup.ServiceId); } if (!ServiceBL.IsLocalAuthService(group.ServiceId)) { //TODO MaxM: allow renaming of external groups throw new ExternalGroupRenameNotImplementedException(); } //Set the new name of the group. group.Name = groupName; } DbUtils.CurrentSession.Groups_Update(group); //TODO (MaxM): Update group list as well? group = GetGroupById(group.Id); } if (group == null) { throw new GroupCreateUpdateFatalException(); } return(group); }
public static UserBE BuildUserFromAuthService(ServiceBE serviceInfo, UserBE knownUser, string usernameToBuild, bool bypassAuthentication, string authusername, string password, out List <GroupBE> externalGroups) { externalGroups = null; if (serviceInfo == null || string.IsNullOrEmpty(usernameToBuild)) { return(null); } //Dont perform external lookup for disabled users if (knownUser != null && !knownUser.UserActive) { return(knownUser); } var errMsg = DekiResources.UNABLE_TO_AUTH_WITH_SERVICE(serviceInfo.Type, serviceInfo.SID, serviceInfo.Uri); if (knownUser != null && !string.IsNullOrEmpty(knownUser.ExternalName)) { usernameToBuild = knownUser.ExternalName; } UserBE ret = null; DreamMessage response = null; if (serviceInfo.Uri == null) { throw new ExternalServiceNotStartedFatalException(serviceInfo.Type, serviceInfo.SID); } try { Plug dekiExternalAuthPlug; //bypassAuthentication is used when you only need user details but not to necessarily authenticate if (bypassAuthentication) { //An external auth service's GET: user/{username} does not necessarily require authentication to lookup users but it may. It's up to the service //to decide if anon requests are allowed. dekiExternalAuthPlug = Plug.New(serviceInfo.Uri).At(USER_INFO).At(XUri.Encode(usernameToBuild)); } else { //Credentials are always needed for GET: authenticate. The user details of the auth'd user is returned with same format as GET: user/{username} dekiExternalAuthPlug = Plug.New(serviceInfo.Uri).At(AUTHENTICATE_PATH); } //Always include credentials with the request if they're supplied if (!string.IsNullOrEmpty(authusername)) { dekiExternalAuthPlug = dekiExternalAuthPlug.WithCredentials(authusername, password ?? string.Empty); } response = dekiExternalAuthPlug.GetAsync().Wait(); } catch (Exception x) { throw new ExternalServiceResponseException(errMsg, DreamMessage.InternalError(x)); } if (response.IsSuccessful) { XDoc userXml = response.ToDocument(); if (userXml == null || userXml.IsEmpty) { throw new ExternalAuthResponseFatalException(); } string nameFromAuthProvider = userXml["@name"].Contents; if (!nameFromAuthProvider.EqualsInvariantIgnoreCase(usernameToBuild)) { throw new ExternalServiceUnexpecteUsernameFatalException(userXml["@name"].AsText, usernameToBuild); } ret = knownUser ?? new UserBE(); ret.Email = string.IsNullOrEmpty(userXml["email"].AsText) ? (ret.Email ?? string.Empty) : userXml["email"].AsText; //Build the realname (exposed as 'fullname' in user xml) by saving it as '{firstname} {lastname}' string externalFirstName = userXml["firstname"].AsText ?? string.Empty; string externalLastName = userXml["lastname"].AsText ?? string.Empty; string separator = externalLastName.Length > 0 && externalFirstName.Length > 0 ? ", " : string.Empty; // NOTE (maxm): Fullname sync is disabled for now. Refer to bug 7855 #if !DISABLE_REAL_NAME_SYNCHRONIZATION ret.RealName = string.Format("{0}{1}{2}", externalLastName, separator, externalFirstName); #endif ret.ServiceId = serviceInfo.Id; ret.Touched = DateTime.UtcNow; ret.ExternalName = string.IsNullOrEmpty(ret.ExternalName) ? nameFromAuthProvider : ret.ExternalName; ret.Name = string.IsNullOrEmpty(ret.Name) ? nameFromAuthProvider : ret.Name; //For new users, the name must be normalized and unique if (ret.ID == 0) { string nameFromExternalName = string.Empty; //Allow using a displayname from an external provider only for new accounts if (!userXml["@displayname"].IsEmpty) { nameFromExternalName = userXml["@displayname"].AsText; } else { nameFromExternalName = ret.ExternalName; } ret.Name = UserBL.NormalizeExternalNameToWikiUsername(nameFromExternalName); } //Build group objects out of the user's group membership list externalGroups = new List <GroupBE>(); IList <GroupBE> userGroups = DbUtils.CurrentSession.Groups_GetByUser(ret.ID); //Preserve local groups for existing users if (ret.ID != 0 && userGroups != null) { foreach (GroupBE g in userGroups) { if (ServiceBL.IsLocalAuthService(g.ServiceId)) { externalGroups.Add(g); } } } foreach (XDoc group in userXml["groups/group"]) { GroupBE g = new GroupBE(); g.Name = group["@name"].AsText; g.ServiceId = serviceInfo.Id; if (!string.IsNullOrEmpty(g.Name)) { externalGroups.Add(g); } } } else { switch (response.Status) { case DreamStatus.Unauthorized: if (bypassAuthentication) { DekiContext.Current.Instance.Log.Warn(string.Format("Attempted to lookup user info on auth provider '{0}' but failed since it required credentials", serviceInfo.Id)); } throw new ExternalServiceAuthenticationDeniedException(DekiWikiService.AUTHREALM, serviceInfo.Description); default: throw new ExternalServiceResponseException(errMsg, response); } } return(ret); }
public static GroupBE BuildGroupFromAuthService(ServiceBE serviceInfo, GroupBE knownGroup, string groupNameToBuild, string authusername, string password) { if (serviceInfo == null || string.IsNullOrEmpty(groupNameToBuild)) { return(null); } GroupBE ret = null; DreamMessage response = null; if (serviceInfo.Uri == null) { throw new ExternalServiceNotStartedFatalException(serviceInfo.Type, serviceInfo.SID); } var errMsg = DekiResources.GROUP_DETAILS_LOOKUP_FAILED(groupNameToBuild); try { Plug dekiExternalAuthPlug = Plug.New(serviceInfo.Uri).At(GROUP_INFO).At(XUri.Encode(groupNameToBuild)); //Always include credentials with the request if they're supplied if (!string.IsNullOrEmpty(authusername)) { dekiExternalAuthPlug = dekiExternalAuthPlug.WithCredentials(authusername, password ?? string.Empty); } response = dekiExternalAuthPlug.GetAsync().Wait(); } catch (Exception x) { throw new ExternalServiceResponseException(errMsg, DreamMessage.InternalError(x)); } if (response.IsSuccessful) { XDoc groupXml = response.ToDocument(); if (groupXml.HasName("group") && groupXml["@name"].Contents.EqualsInvariant(groupNameToBuild)) { if (knownGroup == null) { ret = new GroupBE(); } else { ret = knownGroup; } ret.Name = string.IsNullOrEmpty(ret.Name) ? groupNameToBuild : ret.Name; ret.ServiceId = serviceInfo.Id; } //TODO (MaxM): Consider looking up existing wiki users and associating them here. } else { switch (response.Status) { case DreamStatus.Unauthorized: throw new ExternalServiceAuthenticationDeniedException(DekiWikiService.AUTHREALM, serviceInfo.Description); case DreamStatus.InternalError: case DreamStatus.Forbidden: default: throw new ExternalServiceResponseException(errMsg, response); } } return(ret); }