public static IEnumerable <t_aim> GetAims(IEnumerable <t_aim> aims, IidUser user)
{
return(aims.Where(e =>
e.active == true ||
user.IsInRole(Role.SystemAdministrator) ||
e.createdby_userid == user.Id
) // TODO: Security check on aims => activities.
.OrderBy(e => e.sort));
}
public async Task <IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
if (error != null)
{
return(Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error)));
}
if (!User.Identity.IsAuthenticated)
{
return(new ChallengeResult(provider, this));
}
ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
if (externalLogin == null)
{
return(InternalServerError());
}
if (externalLogin.LoginProvider != provider)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
return(new ChallengeResult(provider, this));
}
IidUser user = await UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider,
externalLogin.ProviderKey));
bool hasRegistered = user != null;
if (hasRegistered)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
// ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager,
// OAuthDefaults.AuthenticationType);
//ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager,
// CookieAuthenticationDefaults.AuthenticationType);
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager);
AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName);
//Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);
Authentication.SignIn(properties, oAuthIdentity, null);
}
else
{
IEnumerable <Claim> claims = externalLogin.GetClaims();
ClaimsIdentity identity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType);
Authentication.SignIn(identity);
}
return(Ok());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
ApplicationUserManager userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationSignInManager signInManager = context.OwinContext.Get <ApplicationSignInManager>();
SignInStatus result = await signInManager.PasswordSignInAsync(context.UserName, context.Password, false, true);
IidUser user = await userManager.FindByEmailAsync(context.UserName);
switch (result)
{
case SignInStatus.Success:
//ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
// OAuthDefaults.AuthenticationType);
//ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
// CookieAuthenticationDefaults.AuthenticationType);
ClaimsIdentity identity = await user.GenerateUserIdentityAsync(userManager);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(identity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(identity);
break;
case SignInStatus.Failure:
context.SetError("invalid_attempt", "The user name or password is incorrect.");
break;
case SignInStatus.LockedOut:
context.SetError("locked_out", user.LastTimeBox.Value.ToUniversalTime().ToString());
break;
case SignInStatus.RequiresVerification:
context.SetError("reset_password", "Reset password email has been sent.");
break;
}
}
protected UserSecurityAccess SecurityGuard(IidUser user, int CountryId, int ActivityId, int SiteId)
{
// This function will pass determine if a given user has update or view access to a given entity
// It will return a 2 if update access, 1 if view only access, and a 0 if no access is allowed.
// First check user role - System Administrators have access to everything and we can return
if (user.IsInRole(Role.SystemAdministrator))
{
return(UserSecurityAccess.Update);
}
// default to no access allowed
UserSecurityAccess returnAccess = UserSecurityAccess.NoAccess;
// default these roles for URC to have view access
if (user.IsInRole(Role.ActivityLeader) ||
user.IsInRole(Role.Coach) ||
user.IsInRole(Role.CountryDirector) ||
user.IsInRole(Role.OtherStaff))
{
returnAccess = UserSecurityAccess.ViewOnly;
}
int Country = 0;
int AdminLevel1 = 0;
int AdminLevel2 = 0;
int AdminLevel3 = 0;
int AdminLevel4 = 0;
// If SiteId is passed in, we need to look up administrative divisions
if (SiteId != 0)
{
Site site = new Site(SiteId);
Country = site.CountryId;
AdminLevel1 = site.AdministrativeDivisionId1 ?? 0;
AdminLevel2 = site.AdministrativeDivisionId1 ?? 0;
AdminLevel3 = site.AdministrativeDivisionId1 ?? 0;
AdminLevel4 = site.AdministrativeDivisionId1 ?? 0;
}
// Get Activity Country if Activity is passed in and Country is not
if (ActivityId != 0 && CountryId == 0)
{
Activity act = new Activity(ActivityId, false);
CountryId = act.CountryId;
}
// Loop thru all user permissions until an update permission if matched, or until all entries have been examined
foreach (Permission perm in user.Permissions)
{
switch (perm.PermissionType)
{
case PermissionType.Country:
if (CountryId == perm.ObjectId)
{
if (perm.UpdateAccess)
{
return(UserSecurityAccess.Update); //Done we found an update
}
else
{
returnAccess = UserSecurityAccess.ViewOnly;
}
}
break;
case PermissionType.Activity:
if (ActivityId == perm.ObjectId)
{
if (perm.UpdateAccess)
{
return(UserSecurityAccess.Update); //Done we found an update
}
else
{
returnAccess = UserSecurityAccess.ViewOnly;
}
}
break;
case PermissionType.AdministrativeDivision:
// if (AdminLevel1 == perm.ObjectId || AdminLevel2 == perm.ObjectId || AdminLevel3 == perm.ObjectId || AdminLevel4 = perm.ObjectId)
if (AdminLevel1 == perm.ObjectId ||
AdminLevel2 == perm.ObjectId ||
AdminLevel3 == perm.ObjectId ||
AdminLevel4 == perm.ObjectId)
{
if (perm.UpdateAccess)
{
return(UserSecurityAccess.Update); //Done we found an update
}
else
{
returnAccess = UserSecurityAccess.ViewOnly;
}
}
break;
case PermissionType.Site:
if (SiteId == perm.ObjectId)
{
if (perm.UpdateAccess)
{
return(UserSecurityAccess.Update); //Done we found an update
}
else
{
returnAccess = UserSecurityAccess.ViewOnly;
}
}
break;
}
}
return(returnAccess);
}