protected override void OnParameterChanged(object sender, NotifyCollectionChangedEventArgs e) { if (base.Parameter.Any(a => a.Key == DataModelName)) { this.CurrentDataModel = (User)(base.Parameter.FirstOrDefault(a => a.Key == DataModelName).Value as User).Clone(); var tmp = Utility.Security.AESDecrypt(CurrentDataModel.SecurityPassword); CurrentDataModel.SecurityPassword = tmp; CurrentDataModel.ConfirmSecurityPassword = tmp; foreach (var v in dbContext.UserRoleDb.GetList(a => a.UserId == CurrentDataModel.Id)) { SelectedRoleList.Add(RoleList.FirstOrDefault(a => a.Id == v.RoleId)); } SelectedRoleList.CollectionChanged += SelectedRoleList_CollectionChanged; CurrentDataModel.PropertyChanged += CurrentDataModel_PropertyChanged; } }
/// <summary> /// Gets a list of forms the user is authorised for and in what states. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="roleList">The list of roles.</param> /// <returns>A list of forms the user is authorised for and in what states, serialized as JSON.</returns> /// <remarks> /// A user is deemed to be authorised for a form if they have <see cref="AccessLevel.Read"/> access or greater /// to the form in at least one state. /// </remarks> public virtual UserFormAccessList GetAuthorisedForms(SecureSession session, RoleList roleList) { session = session ?? new SecureSession(); var organisationIds = session.AuthenticatedUser == null ? new string[0] : session.AuthenticatedUser.Organisations.Select(o => o.Key).ToArray(); Dictionary<string, string> roles = this.DetermineRolesForUser(session, roleList); var applicationEntitlements = this.securityService.GetApplicationEntitlements(organisationIds, null).GroupBy(e => new { e.ProductId, e.ProductVersion }); if (this.IsAdministrator(session)) { UserFormAccessList returnList = new UserFormAccessList(); foreach (var entitlement in applicationEntitlements) { List<string> allStates = entitlement.Select(e => e.StateName).Distinct().ToList(); returnList.Add(new UserFormAccess(entitlement.Key.ProductId, allStates)); } return returnList; } UserFormAccessList formAccessList = new UserFormAccessList(); string originatorRoleId = roleList.FirstOrDefault(r => r.RoleName == SecurityConstants.OriginatorRoleName && r.SystemDefined).Id; string assigneeRoleId = roleList.FirstOrDefault(r => r.RoleName == SecurityConstants.AssigneeRoleName && r.SystemDefined).Id; foreach (var entitlements in applicationEntitlements) { List<string> explicitStates = entitlements.Where(e => roles.ContainsKey(e.RoleId) && e.AccessLevel > AccessLevel.NoAccess) .Select(e => e.StateName).ToList(); List<string> ownedStates = new List<string>(); List<string> originatorStates = new List<string>(); if (session.AuthenticatedUser != null) { ownedStates = entitlements.Where(e => e.RoleId == assigneeRoleId && e.AccessLevel > AccessLevel.NoAccess).Select(e => e.StateName).ToList(); originatorStates = entitlements.Where(e => e.RoleId == originatorRoleId && e.AccessLevel > AccessLevel.NoAccess).Select(e => e.StateName).ToList(); } if (explicitStates.Count > 0 || ownedStates.Count > 0 || originatorStates.Count > 0) { Dictionary<string, List<string>> implicitStates = new Dictionary<string, List<string>> { { SecurityConstants.AssigneeRoleName, ownedStates }, { SecurityConstants.OriginatorRoleName, originatorStates } }; formAccessList.Add(new UserFormAccess(entitlements.Key.ProductId, explicitStates, implicitStates)); } } return formAccessList; }
/// <summary> /// Imports the roles. /// </summary> /// <param name="userId">The user making the request.</param> /// <param name="roles">The list of roles to import.</param> /// <param name="allRoles">A list of all roles already in the system.</param> /// <param name="validationResults">A list of validation results.</param> /// <param name="migrationResults">A list to which import results will be appended.</param> /// <returns>A map of role ids, where the old id is the key and the new id is the value.</returns> private Dictionary<string, string> ImportRoles(string userId, RoleList roles, RoleList allRoles, MigrationDataResults validationResults, MigrationDataResults migrationResults) { Dictionary<string, string> systemRoleMap = new Dictionary<string, string>(); foreach (Role role in roles) { if (role.SystemDefined) { string mappedValue = allRoles.FirstOrDefault(r => r.RoleName == role.RoleName).Id; systemRoleMap.Add(role.Id, mappedValue); migrationResults.AddNotification(role, MessageType.Information, string.Format(Messages.Import_RoleSkipped, role.RoleName)); continue; } if (!validationResults.GetNotificationsFor(role).CanImport) { migrationResults.AddNotification(role, MessageType.Information, string.Format(Messages.Import_RoleSkipped, role.RoleName)); continue; } this.manager.SaveRole(userId, role, true); migrationResults.AddNotification(role, MessageType.Information, string.Format(Messages.Import_RoleSuccess, role.RoleName)); } return systemRoleMap; }
/// <summary> /// Determines the applicable roles for <paramref name="session"/>. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="roleList">The list of roles.</param> /// <param name="application">The application, if relevant Defaults to <see langword="null"/>.</param> /// <returns>The applicable roles for <paramref name="session"/>.</returns> private Dictionary<string, string> DetermineRolesForUser(SecureSession session, RoleList roleList, Application application = null) { session = session ?? new SecureSession(); application = application ?? new Application(); Role publicRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.PublicRoleName); Dictionary<string, string> roleDict = publicRole == null ? new Dictionary<string, string>() : new Dictionary<string, string> { { publicRole.Id, publicRole.RoleName } }; string compareTo = this.GetSessionUserId(session); if (application.IsCreatedBy(compareTo)) { Role originatorRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.OriginatorRoleName); if (originatorRole != null) { roleDict.Add(originatorRole.Id, originatorRole.RoleName); } } if (session.AuthenticatedUser == null) { return roleDict; } if (session.AuthenticatedUser.IsAdministrator()) { foreach (var role in roleList) { if (roleDict.ContainsKey(role.Id)) { continue; } roleDict.Add(role.Id, role.RoleName); } return roleDict; } foreach (var userRole in session.AuthenticatedUser.Roles) { if (roleList.Exists(role => role.Id == userRole.Key && role.Enabled)) { roleDict.Add(userRole.Key, userRole.Value); } } if (!string.IsNullOrEmpty(application.AssignedTo) && session.AuthenticatedUser.Id == application.AssignedTo) { Role assigneeRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.AssigneeRoleName); if (assigneeRole != null) { roleDict.Add(assigneeRole.Id, assigneeRole.RoleName); } } return roleDict; }
/// <summary> /// Adds and removes roles from the user <paramref name="sourceUser"/>, to match with <paramref name="targetUser"/> /// </summary> /// <param name="targetUser">The user that should be matched.</param> /// <param name="sourceUser">The user to have roles added and removed.</param> /// <param name="roles">The role list.</param> /// <returns><see langword="true"/> if the user was updated, else <see langword="false"/>.</returns> public static bool UpdateRoles(this User targetUser, UpdateUser sourceUser, RoleList roles) { var updated = false; var addRoles = sourceUser.RoleUpdates.Where(x => x.OperationType == UpdateOperationType.Upsert); foreach (var addRole in addRoles) { var role = roles.FirstOrDefault(r => r.Id == addRole.UpdateObject); if (role == null || targetUser.Roles.ContainsKey(role.Id)) { continue; } targetUser.Roles[role.Id] = role.RoleName; updated = true; } var removeRoles = sourceUser.RoleUpdates.Where(x => x.OperationType == UpdateOperationType.Remove); foreach (var removeRole in removeRoles) { if (!targetUser.Roles.ContainsKey(removeRole.UpdateObject)) { continue; } targetUser.Roles.Remove(removeRole.UpdateObject); updated = true; } return updated; }