public IActionResult Index() { if (!ClaimsAuthorizationHelper.IsUserDepartmentAdmin()) { Unauthorized(); } var model = new PermissionsView(); var permissions = _permissionsService.GetAllPermissionsForDepartment(DepartmentId); int val = (int)PermissionTypes.AddPersonnel; if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.AddPersonnel)) { model.AddUsers = permissions.First(x => x.PermissionType == (int)PermissionTypes.AddPersonnel).Action; } if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.RemovePersonnel)) { model.RemoveUsers = permissions.First(x => x.PermissionType == (int)PermissionTypes.RemovePersonnel).Action; } if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateCall)) { model.CreateCall = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateCall).Action; } else { model.CreateCall = 3; } var userAddPermissions = new List <dynamic>(); userAddPermissions.Add(new { Id = 0, Name = "Department Admins" }); userAddPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); model.AddUserPermissions = new SelectList(userAddPermissions, "Id", "Name"); var userDeletePermissions = new List <dynamic>(); userDeletePermissions.Add(new { Id = 0, Name = "Department Admins" }); userDeletePermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); model.RemoveUserPermissions = new SelectList(userDeletePermissions, "Id", "Name"); var createCallPermissions = new List <dynamic>(); createCallPermissions.Add(new { Id = 3, Name = "Everyone" }); createCallPermissions.Add(new { Id = 0, Name = "Department Admins" }); createCallPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createCallPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateCallPermissions = new SelectList(createCallPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateTraining)) { model.CreateTraining = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateTraining).Action; } var createTrainingPermissions = new List <dynamic>(); createTrainingPermissions.Add(new { Id = 0, Name = "Department Admins" }); createTrainingPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createTrainingPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateTrainingPermissions = new SelectList(createTrainingPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateDocument)) { model.CreateDocument = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateDocument).Action; } else { model.CreateDocument = 3; } var createDocumentPermissions = new List <dynamic>(); createDocumentPermissions.Add(new { Id = 3, Name = "Everyone" }); createDocumentPermissions.Add(new { Id = 0, Name = "Department Admins" }); createDocumentPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createDocumentPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateDocumentPermissions = new SelectList(createDocumentPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateCalendarEntry)) { model.CreateCalendarEntry = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateCalendarEntry).Action; } else { model.CreateCalendarEntry = 3; } var createCalendarEntryPermissions = new List <dynamic>(); createCalendarEntryPermissions.Add(new { Id = 3, Name = "Everyone" }); createCalendarEntryPermissions.Add(new { Id = 0, Name = "Department Admins" }); createCalendarEntryPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createCalendarEntryPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateCalendarEntryPermissions = new SelectList(createCalendarEntryPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateNote)) { model.CreateNote = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateNote).Action; } else { model.CreateNote = 3; } var createNotePermissions = new List <dynamic>(); createNotePermissions.Add(new { Id = 3, Name = "Everyone" }); createNotePermissions.Add(new { Id = 0, Name = "Department Admins" }); createNotePermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createNotePermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateNotePermissions = new SelectList(createNotePermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateLog)) { model.CreateLog = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateLog).Action; } else { model.CreateLog = 3; } var createLogPermissions = new List <dynamic>(); createLogPermissions.Add(new { Id = 3, Name = "Everyone" }); createLogPermissions.Add(new { Id = 0, Name = "Department Admins" }); createLogPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createLogPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateLogPermissions = new SelectList(createLogPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateShift)) { model.CreateShift = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateShift).Action; } var createShiftPermissions = new List <dynamic>(); createShiftPermissions.Add(new { Id = 0, Name = "Department Admins" }); createShiftPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createShiftPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateShiftPermissions = new SelectList(createShiftPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.ViewPersonalInfo)) { model.ViewPersonalInfo = permissions.First(x => x.PermissionType == (int)PermissionTypes.ViewPersonalInfo).Action; } else { model.ViewPersonalInfo = 3; } var viewPersonalInfoPermissions = new List <dynamic>(); viewPersonalInfoPermissions.Add(new { Id = 3, Name = "Everyone" }); viewPersonalInfoPermissions.Add(new { Id = 0, Name = "Department Admins" }); viewPersonalInfoPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); viewPersonalInfoPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.ViewPersonalInfoPermissions = new SelectList(viewPersonalInfoPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.AdjustInventory)) { model.AdjustInventory = permissions.First(x => x.PermissionType == (int)PermissionTypes.AdjustInventory).Action; } else { model.AdjustInventory = 3; } var adjustInventoryPermissions = new List <dynamic>(); adjustInventoryPermissions.Add(new { Id = 3, Name = "Everyone" }); adjustInventoryPermissions.Add(new { Id = 0, Name = "Department Admins" }); adjustInventoryPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); adjustInventoryPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.AdjustInventoryPermissions = new SelectList(adjustInventoryPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CanSeePersonnelLocations)) { model.ViewPersonnelLocation = permissions.First(x => x.PermissionType == (int)PermissionTypes.CanSeePersonnelLocations).Action; model.LockViewPersonneLocationToGroup = permissions.First(x => x.PermissionType == (int)PermissionTypes.CanSeePersonnelLocations).LockToGroup; } else { model.ViewPersonnelLocation = 3; } var viewPersonnelLocationPermissions = new List <dynamic>(); viewPersonnelLocationPermissions.Add(new { Id = 3, Name = "Everyone" }); viewPersonnelLocationPermissions.Add(new { Id = 0, Name = "Department Admins" }); viewPersonnelLocationPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); viewPersonnelLocationPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.ViewPersonnelLocationPermissions = new SelectList(viewPersonnelLocationPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CanSeeUnitLocations)) { model.ViewUnitLocation = permissions.First(x => x.PermissionType == (int)PermissionTypes.CanSeeUnitLocations).Action; model.LockViewUnitLocationToGroup = permissions.First(x => x.PermissionType == (int)PermissionTypes.CanSeeUnitLocations).LockToGroup; } else { model.ViewUnitLocation = 3; } var viewUnitLocationPermissions = new List <dynamic>(); viewUnitLocationPermissions.Add(new { Id = 3, Name = "Everyone" }); viewUnitLocationPermissions.Add(new { Id = 0, Name = "Department Admins" }); viewUnitLocationPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); viewUnitLocationPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.ViewUnitLocationPermissions = new SelectList(viewUnitLocationPermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.CreateMessage)) { model.CreateMessage = permissions.First(x => x.PermissionType == (int)PermissionTypes.CreateMessage).Action; } else { model.CreateMessage = 3; } var createMessagePermissions = new List <dynamic>(); createMessagePermissions.Add(new { Id = 3, Name = "Everyone" }); createMessagePermissions.Add(new { Id = 0, Name = "Department Admins" }); createMessagePermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); createMessagePermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.CreateMessagePermissions = new SelectList(createMessagePermissions, "Id", "Name"); if (permissions.Any(x => x.PermissionType == (int)PermissionTypes.ViewGroupUsers)) { model.ViewGroupsUsers = permissions.First(x => x.PermissionType == (int)PermissionTypes.ViewGroupUsers).Action; } else { model.ViewGroupsUsers = 3; } var viewGroupUsersPermissions = new List <dynamic>(); viewGroupUsersPermissions.Add(new { Id = 3, Name = "Everyone" }); viewGroupUsersPermissions.Add(new { Id = 0, Name = "Department Admins" }); viewGroupUsersPermissions.Add(new { Id = 1, Name = "Department and Group Admins" }); viewGroupUsersPermissions.Add(new { Id = 2, Name = "Department Admins and Select Roles" }); model.ViewGroupUsersPermissions = new SelectList(viewGroupUsersPermissions, "Id", "Name"); return(View(model)); }
public override async Task <ClaimsPrincipal> CreateAsync(TUser user) { if (user == null) { throw new ArgumentNullException("user"); } var userId = await UserManager.GetUserIdAsync(user); var userName = await UserManager.GetUserNameAsync(user); var profile = _userProfileService.GetProfileByUserId(userId); var id = new ClaimsIdentity( options.Cookies.ApplicationCookie.AuthenticationScheme, Options.ClaimsIdentity.UserNameClaimType, Options.ClaimsIdentity.RoleClaimType ); id.AddClaim(new Claim(Options.ClaimsIdentity.UserIdClaimType, userId)); id.AddClaim(new Claim(Options.ClaimsIdentity.UserNameClaimType, userName)); if (UserManager.SupportsUserSecurityStamp) { id.AddClaim(new Claim(Options.ClaimsIdentity.SecurityStampClaimType, await UserManager.GetSecurityStampAsync(user))); } if (UserManager.SupportsUserRole) { var roles = await _claimsRepository.GetRolesAsync(user); // UserManager.GetRolesAsync(user); foreach (var roleName in roles) { id.AddClaim(new Claim(Options.ClaimsIdentity.RoleClaimType, roleName)); } } ClaimsPrincipal principal = new ClaimsPrincipal(id); if (principal.Identity is ClaimsIdentity) { ClaimsIdentity identity = (ClaimsIdentity)principal.Identity; if (profile != null) { Claim displayNameClaim = new Claim("DisplayName", profile.FullName.AsFirstNameLastName); if (!identity.HasClaim(displayNameClaim.Type, displayNameClaim.Value)) { identity.AddClaim(displayNameClaim); } } Claim emailClaim = new Claim(ClaimTypes.Email, user.Email); if (!identity.HasClaim(emailClaim.Type, emailClaim.Value)) { identity.AddClaim(emailClaim); } if (_usersService.IsUserInRole(user.Id, _usersService.AdminRoleId)) { ClaimsLogic.AddSystemAdminClaims(id, userName, user.Id, "System Admin"); } else if (_usersService.IsUserInRole(user.Id, _usersService.AffiliateRoleId)) { ClaimsLogic.AddAffiliteClaims(id, userName, user.Id, profile.FullName.AsFirstNameLastName); } else { var department = _departmentsService.GetDepartmentForUser(userName); if (department == null) { return(null); } var group = _departmentGroupsService.GetGroupForUser(user.Id, department.DepartmentId); var departmentAdmin = department.IsUserAnAdmin(user.Id); var permissions = _permissionsService.GetAllPermissionsForDepartment(department.DepartmentId); var roles = _personnelRolesService.GetRolesForUser(user.Id, department.DepartmentId); ClaimsLogic.AddDepartmentClaim(id, department.DepartmentId, departmentAdmin); //ClaimsLogic.DepartmentName = department.Name; DateTime signupDate; if (department.CreatedOn.HasValue) { signupDate = department.CreatedOn.Value; } else { signupDate = DateTime.UtcNow; } //ClaimsLogic.DepartmentId = department.DepartmentId; var name = user.UserName; if (profile != null && !String.IsNullOrWhiteSpace(profile.LastName)) { name = profile.FullName.AsFirstNameLastName; } ClaimsLogic.AddGeneralClaims(id, userName, user.Id, name, department.DepartmentId, department.Name, user.Email, signupDate); bool isGroupAdmin = false; if (group != null) { isGroupAdmin = group.IsUserGroupAdmin(user.Id); } if (departmentAdmin) { var groups = _departmentGroupsService.GetAllGroupsForDepartment(department.DepartmentId); if (groups != null) { foreach (var departmentGroup in groups) { ClaimsLogic.AddGroupClaim(id, departmentGroup.DepartmentGroupId, true); } } } else { if (group != null) { ClaimsLogic.AddGroupClaim(id, group.DepartmentGroupId, isGroupAdmin); } } ClaimsLogic.AddCallClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddActionClaims(id); ClaimsLogic.AddLogClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddStaffingClaims(id); ClaimsLogic.AddPersonnelClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddUnitClaims(id, departmentAdmin); ClaimsLogic.AddUnitLogClaims(id); ClaimsLogic.AddMessageClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddRoleClaims(id, departmentAdmin); ClaimsLogic.AddProfileClaims(id); ClaimsLogic.AddReportsClaims(id); ClaimsLogic.AddGenericGroupClaims(id, departmentAdmin); ClaimsLogic.AddDocumentsClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddNotesClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddScheduleClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddShiftClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddTrainingClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddPIIClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddInventoryClaims(id, departmentAdmin, permissions, isGroupAdmin, roles); ClaimsLogic.AddConnectClaims(id, departmentAdmin); ClaimsLogic.AddCommandClaims(id, departmentAdmin); ClaimsLogic.AddProtocolClaims(id, departmentAdmin); } } return(principal); }
private ClaimsPrincipal DressUpPrincipal(String userName) { if (String.IsNullOrWhiteSpace(userName)) { return(null); } var identiy = new ResgridIdentity(); _usersService = ServiceLocator.Current.GetInstance <IUsersService>(); var user = _usersService.GetUserByName(userName); if (user == null) { return(null); } _departmentsService = ServiceLocator.Current.GetInstance <IDepartmentsService>(); _departmentGroupsService = ServiceLocator.Current.GetInstance <IDepartmentGroupsService>(); _userProfileService = ServiceLocator.Current.GetInstance <IUserProfileService>(); _permissionsService = ServiceLocator.Current.GetInstance <IPermissionsService>(); _personnelRolesService = ServiceLocator.Current.GetInstance <IPersonnelRolesService>(); var profile = _userProfileService.GetProfileByUserId(user.UserId); string fullName = String.Empty; if (profile == null || String.IsNullOrWhiteSpace(profile.FirstName)) { var pfile = ProfileBase.Create(user.UserName, true); fullName = pfile.GetPropertyValue("Name").ToString(); } else { fullName = string.Format("{0} {1}", profile.FirstName, profile.LastName); } identiy.FullName = fullName; identiy.UserName = userName; identiy.UserId = user.UserId; if (_usersService.IsUserInRole(user.UserId, _usersService.AdminRoleId)) { identiy.AddSystemAdminClaims(userName, user.UserId, fullName); } else if (_usersService.IsUserInRole(user.UserId, _usersService.AffiliateRoleId)) { identiy.AddAffiliteClaims(userName, user.UserId, fullName); } else { var department = _departmentsService.GetDepartmentForUser(userName); if (department == null) { return(null); } var group = _departmentGroupsService.GetGroupForUser(user.UserId, department.DepartmentId); var departmentAdmin = department.IsUserAnAdmin(user.UserId); var permissions = _permissionsService.GetAllPermissionsForDepartment(department.DepartmentId); var roles = _personnelRolesService.GetRolesForUser(user.UserId, department.DepartmentId); identiy.AddDepartmentClaim(department.DepartmentId, departmentAdmin); identiy.DepartmentName = department.Name; DateTime signupDate; if (department.CreatedOn.HasValue) { signupDate = department.CreatedOn.Value; } else { signupDate = DateTime.UtcNow; } identiy.DepartmentId = department.DepartmentId; string email = String.Empty; if (profile != null && !String.IsNullOrWhiteSpace(profile.MembershipEmail)) { email = profile.MembershipEmail; } else if (!String.IsNullOrWhiteSpace(user.Email)) { email = user.Email; } identiy.AddGeneralClaims(userName, user.UserId, fullName, department.DepartmentId, department.Name, email, signupDate); bool isGroupAdmin = false; if (group != null) { isGroupAdmin = group.IsUserGroupAdmin(user.UserId); } if (departmentAdmin) { var groups = _departmentGroupsService.GetAllGroupsForDepartment(department.DepartmentId); if (groups != null) { foreach (var departmentGroup in groups) { identiy.AddGroupClaim(departmentGroup.DepartmentGroupId, true); } } } else { if (group != null) { identiy.AddGroupClaim(group.DepartmentGroupId, isGroupAdmin); } } identiy.AddCallClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddActionClaims(); identiy.AddLogClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddStaffingClaims(); identiy.AddPersonnelClaims(departmentAdmin); identiy.AddUnitClaims(departmentAdmin); identiy.AddUnitLogClaims(); identiy.AddMessageClaims(); identiy.AddRoleClaims(departmentAdmin); identiy.AddProfileClaims(); identiy.AddReportsClaims(); identiy.AddGenericGroupClaims(departmentAdmin); identiy.AddDocumentsClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddNotesClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddScheduleClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddShiftClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddTrainingClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddPIIClaims(departmentAdmin, permissions, isGroupAdmin, roles); identiy.AddInventoryClaims(departmentAdmin, permissions, isGroupAdmin, roles); } return(new ClaimsPrincipal(identiy)); }