internal bool TryUpdateUser(string userId, IList <ClaimInfo> claims) { var user = userDataAccess.GetUser(userId); if (user == null) { return(false); } var isInternal = controllerHelper.IsInternalUser(); var mgntRole = controllerHelper.GetMgntRoleFromClaim(); try { var userDataOnLogin = new User { Id = userId, IsInternalUser = isInternal, EiamRoles = mgntRole, UserExtId = controllerHelper.GetFromClaim("/identity/claims/e-id/userExtId"), Claims = new JObject { { "claims", JArray.FromObject(claims) } }, FamilyName = isInternal ? controllerHelper.GetFromClaim("/identity/claims/surname") : user.FamilyName, FirstName = isInternal ? controllerHelper.GetFromClaim("/identity/claims/givenname") : user.FirstName, EmailAddress = isInternal ? controllerHelper.GetFromClaim("/identity/claims/emailaddress") : user.EmailAddress }; // Prüfen User Änderung enthält, falls ja Daten aktualisieren if (HasUserChanges(userDataOnLogin, user)) { userDataAccess.UpdateUserOnLogin(userDataOnLogin, userId, loginSystem); } // Falls der Benutzer für M-C berechtigt ist, soll die Standardrolle zugewiesen werden if (!string.IsNullOrWhiteSpace(mgntRole) && mgntRole.Equals(AccessRoles.RoleMgntAllow)) { applicationRoleUserDataAccess.InsertRoleUser(roleIdentifier, userId); } else if (string.IsNullOrWhiteSpace(mgntRole)) { applicationRoleUserDataAccess.RemoveRolesUser(userId, roleIdentifier); } } catch (Exception ex) { Log.Error(ex, "Could not insert or update user on signin"); } return(true); }
public HttpResponseMessage SetUserRoles(string userId, [FromBody] ApiUserRolesPostData data) { var response = new HttpResponseMessage(HttpStatusCode.OK); JObject result = null; var access = this.GetManagementAccess(); if (access.EiamRole != AccessRoles.RoleMgntAppo) { throw new ForbiddenException("Sie haben keine 'APPO' Rechte"); } var userToEdit = userDataAccess.GetUser(userId); if (string.IsNullOrEmpty(userToEdit.EiamRoles)) { throw new ForbiddenException("Der zu bearbeitende Benutzer hat keinen Zugriff auf den Management-Client"); } using (var tran = new TransactionScope()) { var existing = userToEdit.Roles.Select(r => r.Id.ToString()).ToList(); var removeIds = existing.Where(id => !data.RoleIds.Contains(id)).ToList(); var insertIds = data.RoleIds.Where(id => !existing.Contains(id)).ToList(); foreach (var roleId in insertIds) { applicationRoleUserDataAccess.InsertRoleUser(Convert.ToInt32(roleId), userId, access.UserId); } foreach (var roleId in removeIds) { applicationRoleUserDataAccess.RemoveRoleUser(Convert.ToInt32(roleId), userId, access.UserId); } tran.Complete(); } result = new JObject { { "success", true } }; response.Content = new JsonContent(result); return(response); }