private void TakeUsersRights(List <LdapSettings.AccessRight> currentUserRights)
{
var current = LdapCurrentAcccessSettings.Load();
if (current.CurrentAccessRights == null || !current.CurrentAccessRights.Any())
{
Logger.Debug("TakeUsersRights() CurrentAccessRights is empty, skipping");
return;
}
SetProgress(95, Resource.LdapSettingsStatusRemovingOldRights);
foreach (var right in current.CurrentAccessRights)
{
foreach (var user in right.Value)
{
var userId = Guid.Parse(user);
if (_currentUser != null && _currentUser.ID == userId)
{
Logger.DebugFormat("TakeUsersRights() Attempting to take admin rights from yourself `{0}`, skipping", user);
if (currentUserRights != null)
{
currentUserRights.Add(right.Key);
}
}
else
{
Logger.DebugFormat("TakeUsersRights() Taking admin rights ({0}) from '{1}'", right.Key, user);
Web.Core.WebItemSecurity.SetProductAdministrator(LdapSettings.AccessRightsGuids[right.Key], userId, false);
}
}
}
current.CurrentAccessRights = null;
current.Save();
}
private void InitLdapRights()
{
if (LdapRights != null)
{
return;
}
var ldapRightsSettings = LdapCurrentAcccessSettings.Load();
LdapRights = ldapRightsSettings.CurrentAccessRights == null
? new List <string>()
: ldapRightsSettings.CurrentAccessRights.SelectMany(r => r.Value).Distinct().ToList();
}
protected override void Do()
{
try
{
if (OperationType == LdapOperationType.Save)
{
SetProgress(10, Resource.LdapSettingsStatusSavingSettings);
LDAPSettings.IsDefault = LDAPSettings.Equals(LDAPSettings.GetDefault());
if (!LDAPSettings.Save())
{
Logger.Error("Can't save LDAP settings.");
Error = Resource.LdapSettingsErrorCantSaveLdapSettings;
return;
}
}
if (LDAPSettings.EnableLdapAuthentication)
{
Logger.Debug("SyncLDAP()");
SyncLDAP();
if (!string.IsNullOrEmpty(Error))
{
return;
}
}
else
{
Logger.Debug("TurnOffLDAP()");
TurnOffLDAP();
((LdapCurrentUserPhotos)LdapCurrentUserPhotos.Load().GetDefault()).Save();
((LdapCurrentAcccessSettings)LdapCurrentAcccessSettings.Load().GetDefault()).Save();
//не снимать права при выключении
//var rights = new List<LdapSettings.AccessRight>();
//TakeUsersRights(rights);
//if (rights.Count > 0)
//{
// Warning = Resource.LdapSettingsErrorLostRights;
//}
}
}
catch (NovellLdapTlsCertificateRequestedException ex)
{
Logger.ErrorFormat(
"CheckSettings(acceptCertificate={0}, cert thumbprint: {1}): NovellLdapTlsCertificateRequestedException: {2}",
LDAPSettings.AcceptCertificate, LDAPSettings.AcceptCertificateHash, ex.ToString());
Error = Resource.LdapSettingsStatusCertificateVerification;
//TaskInfo.SetProperty(CERT_REQUEST, ex.CertificateConfirmRequest);
}
catch (TenantQuotaException e)
{
Logger.ErrorFormat("TenantQuotaException. {0}", e.ToString());
Error = Resource.LdapSettingsTenantQuotaSettled;
}
catch (FormatException e)
{
Logger.ErrorFormat("FormatException error. {0}", e.ToString());
Error = Resource.LdapSettingsErrorCantCreateUsers;
}
catch (Exception e)
{
Logger.ErrorFormat("Internal server error. {0}", e.ToString());
Error = Resource.LdapSettingsInternalServerError;
}
finally
{
SetProgress(99, Resource.LdapSettingsStatusDisconnecting, "");
Dispose();
}
SetProgress(100, OperationType == LdapOperationType.SaveTest ||
OperationType == LdapOperationType.SyncTest
? JsonConvert.SerializeObject(_ldapChanges)
: "", "");
}
private void GiveUsersRights(Dictionary <LdapSettings.AccessRight, string> accessRightsSettings, List <LdapSettings.AccessRight> currentUserRights)
{
var current = LdapCurrentAcccessSettings.Load();
var currentAccessRights = new Dictionary <LdapSettings.AccessRight, List <string> >();
var usersWithRightsFlat = current.CurrentAccessRights == null ? new List <string>() : current.CurrentAccessRights.SelectMany(x => x.Value).Distinct().ToList();
var step = 3.0 / accessRightsSettings.Count();
var currentPercent = 95.0;
foreach (var access in accessRightsSettings)
{
currentPercent += step;
var ldapGroups = Importer.FindGroupsByAttribute(LDAPSettings.GroupNameAttribute, access.Value.Split(',').Select(x => x.Trim()));
if (!ldapGroups.Any())
{
Logger.DebugFormat("GiveUsersRights() No ldap groups found for ({0}) access rights, skipping", access.Key);
continue;
}
foreach (var ldapGr in ldapGroups)
{
var gr = CoreContext.UserManager.GetGroupInfoBySid(ldapGr.Sid);
if (gr == null)
{
Logger.DebugFormat("GiveUsersRights() Couldn't find portal group for '{0}'", ldapGr.Sid);
continue;
}
var users = CoreContext.UserManager.GetUsersByGroup(gr.ID);
Logger.DebugFormat("GiveUsersRights() Found '{0}' users for group '{1}' ({2})", users.Count(), gr.Name, gr.ID);
foreach (var user in users)
{
if (!user.Equals(Constants.LostUser) && !user.IsVisitor())
{
if (!usersWithRightsFlat.Contains(user.ID.ToString()))
{
usersWithRightsFlat.Add(user.ID.ToString());
var cleared = false;
foreach (var r in Enum.GetValues(typeof(LdapSettings.AccessRight)).Cast <LdapSettings.AccessRight>())
{
var prodId = LdapSettings.AccessRightsGuids[r];
if (Web.Core.WebItemSecurity.IsProductAdministrator(prodId, user.ID))
{
cleared = true;
Web.Core.WebItemSecurity.SetProductAdministrator(prodId, user.ID, false);
}
}
if (cleared)
{
Logger.DebugFormat("GiveUsersRights() Cleared manually added user rights for '{0}'", user.DisplayUserName());
}
}
if (!currentAccessRights.ContainsKey(access.Key))
{
currentAccessRights.Add(access.Key, new List <string>());
}
currentAccessRights[access.Key].Add(user.ID.ToString());
SetProgress((int)currentPercent,
string.Format(Resource.LdapSettingsStatusGivingRights, UserFormatter.GetUserName(user, DisplayUserNameFormat.Default), access.Key));
Web.Core.WebItemSecurity.SetProductAdministrator(LdapSettings.AccessRightsGuids[access.Key], user.ID, true);
if (currentUserRights != null && currentUserRights.Contains(access.Key))
{
currentUserRights.Remove(access.Key);
}
}
}
}
}
current.CurrentAccessRights = currentAccessRights;
current.Save();
}