예제 #1
0
        internal bool TryUpdateUser(string userId, IList <ClaimInfo> claims)
        {
            var user = userDataAccess.GetUser(userId);

            if (user == null)
            {
                return(false);
            }

            var isInternal = controllerHelper.IsInternalUser();
            var mgntRole   = controllerHelper.GetMgntRoleFromClaim();

            try
            {
                var userDataOnLogin = new User
                {
                    Id             = userId,
                    IsInternalUser = isInternal,
                    EiamRoles      = mgntRole,
                    UserExtId      = controllerHelper.GetFromClaim("/identity/claims/e-id/userExtId"),
                    Claims         = new JObject {
                        { "claims", JArray.FromObject(claims) }
                    },
                    FamilyName   = isInternal ? controllerHelper.GetFromClaim("/identity/claims/surname") : user.FamilyName,
                    FirstName    = isInternal ? controllerHelper.GetFromClaim("/identity/claims/givenname") : user.FirstName,
                    EmailAddress = isInternal ? controllerHelper.GetFromClaim("/identity/claims/emailaddress") : user.EmailAddress
                };

                // Prüfen User Änderung enthält, falls ja Daten aktualisieren
                if (HasUserChanges(userDataOnLogin, user))
                {
                    userDataAccess.UpdateUserOnLogin(userDataOnLogin, userId, loginSystem);
                }

                // Falls der Benutzer für M-C berechtigt ist, soll die Standardrolle zugewiesen werden
                if (!string.IsNullOrWhiteSpace(mgntRole) && mgntRole.Equals(AccessRoles.RoleMgntAllow))
                {
                    applicationRoleUserDataAccess.InsertRoleUser(roleIdentifier, userId);
                }
                else if (string.IsNullOrWhiteSpace(mgntRole))
                {
                    applicationRoleUserDataAccess.RemoveRolesUser(userId, roleIdentifier);
                }
            }
            catch (Exception ex)
            {
                Log.Error(ex, "Could not insert or update user on signin");
            }

            return(true);
        }
예제 #2
0
        public HttpResponseMessage SetUserRoles(string userId, [FromBody] ApiUserRolesPostData data)
        {
            var     response = new HttpResponseMessage(HttpStatusCode.OK);
            JObject result   = null;
            var     access   = this.GetManagementAccess();

            if (access.EiamRole != AccessRoles.RoleMgntAppo)
            {
                throw new ForbiddenException("Sie haben keine 'APPO' Rechte");
            }

            var userToEdit = userDataAccess.GetUser(userId);

            if (string.IsNullOrEmpty(userToEdit.EiamRoles))
            {
                throw new ForbiddenException("Der zu bearbeitende Benutzer hat keinen Zugriff auf den Management-Client");
            }

            using (var tran = new TransactionScope())
            {
                var existing  = userToEdit.Roles.Select(r => r.Id.ToString()).ToList();
                var removeIds = existing.Where(id => !data.RoleIds.Contains(id)).ToList();
                var insertIds = data.RoleIds.Where(id => !existing.Contains(id)).ToList();

                foreach (var roleId in insertIds)
                {
                    applicationRoleUserDataAccess.InsertRoleUser(Convert.ToInt32(roleId), userId, access.UserId);
                }

                foreach (var roleId in removeIds)
                {
                    applicationRoleUserDataAccess.RemoveRoleUser(Convert.ToInt32(roleId), userId, access.UserId);
                }

                tran.Complete();
            }


            result = new JObject {
                { "success", true }
            };


            response.Content = new JsonContent(result);
            return(response);
        }