public static void InitializeSecurity(SRPUser u, int TID, string newPassword) {
var MTID = Core.Utilities.Tenant.GetMasterID();
u.TenID = TID;
u.MustResetPassword = true;
u.Insert();
var g = new SRPGroup();
g.GID = 0;
g.GroupName = "Superuser group";
g.GroupDescription = "All permissions enabled.";
g.TenID = TID;
g.Insert();
var PermissionID_LIST = "1000,2000,2100,2200,3000,4000,4100,4200,4300,4400,4500,4600,4700,4800,4900,5000,5100,5200,5300,8000";
SRPGroup.UpdatePermissions(g.GID, PermissionID_LIST, ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username);
SRPGroup.UpdateMemberUsers(g.GID, u.Uid.ToString(), ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username);
var Message = "Summer Reading Program - Your account has been created";
// TODO security - this should not email the password in cleartext
string baseUrl = WebTools.GetBaseUrl(HttpContext.Current.Request);
var EmailBody =
"<h1>Dear " + u.FirstName + ",</h1><br><br>Your account has been created and has full administrative access to your organization's reading rogram. <br>This is your current account information. Please make sure you reset your password as soon as you are able to log back in.<br><br>" +
"Username: "******"<br>Password: "******"<br><br>If you have any questions regarding your account please contact " + SRPSettings.GetSettingValue("ContactName") +
" at " + SRPSettings.GetSettingValue("ContactEmail") + "." +
"<br><br><br><a href='" + baseUrl + "'>" + baseUrl + "</a> <br> ";
new EmailService().SendEmail(u.EmailAddress, Message, EmailBody);
}
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) {
string returnURL = "~/ControlRoom/Modules/Security/Default.aspx";
if(e.CommandName.ToLower() == "back") {
Response.Redirect(returnURL);
}
if(e.CommandName.ToLower() == "refresh") {
try {
odsSRPUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
MasterPage.PageMessage = SRPResources.RefreshOK;
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if(e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") {
try {
SRPUser obj = new SRPUser();
obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text;
obj.NewPassword = ((TextBox)((DetailsView)sender).FindControl("Password")).Text;
obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text;
obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text;
obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text;
obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text;
obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text;
obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text;
//((TextBox)((DetailsView)sender).FindControl("Password")).Attributes["value"] = obj.Password;
obj.IsActive = true;
obj.MustResetPassword = true;
obj.IsDeleted = false;
obj.AddedDate = DateTime.Now;
obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
obj.LastModDate = obj.AddedDate;
obj.LastModUser = obj.AddedUser;
obj.TenID = (int)CRTenantID;
if(obj.IsValid(BusinessRulesValidationMode.INSERT)) {
obj.Insert();
if(e.CommandName.ToLower() == "addandback") {
Response.Redirect(returnURL);
}
lblUID.Text = obj.Uid.ToString();
odsSRPUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
MasterPage.PageMessage = SRPResources.AddedOK;
} else {
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) {
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
MasterPage.PageError = message;
}
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if(e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") {
try {
int pk = int.Parse(((DetailsView)sender).Rows[0].Cells[1].Text);
SRPUser obj = new SRPUser(pk);
obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text;
obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text;
obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text;
obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text;
obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text;
obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text;
obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text;
obj.IsActive = ((CheckBox)((DetailsView)sender).FindControl("IsActive")).Checked;
obj.MustResetPassword = ((CheckBox)((DetailsView)sender).FindControl("MustResetPassword")).Checked;
//((TextBox)((DetailsView)sender).FindControl("Password")).Attributes.Add("value", obj.Password);
//obj.IsDeleted = ((TextBox)((DetailsView)sender).FindControl("IsDeleted")).Text;
//obj.LastPasswordReset = ((TextBox)((DetailsView)sender).FindControl("LastPasswordReset")).Text;
//obj.DeletedDate = ((TextBox)((DetailsView)sender).FindControl("DeletedDate")).Text;
//obj.LastModDate = ((TextBox)((DetailsView)sender).FindControl("LastModDate")).Text;
//obj.LastModUser = ((TextBox)((DetailsView)sender).FindControl("LastModUser")).Text;
//obj.AddedDate = ((TextBox)((DetailsView)sender).FindControl("AddedDate")).Text;
//obj.AddedUser = ((TextBox)((DetailsView)sender).FindControl("AddedUser")).Text;
obj.LastModDate = DateTime.Now;
obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
if(obj.IsValid(BusinessRulesValidationMode.UPDATE)) {
obj.Update();
SaveGroups((DetailsView)sender, obj);
//SavePermissions((DetailsView)sender, obj);
//SaveFolders((DetailsView)sender, obj);
if(e.CommandName.ToLower() == "saveandback") {
Response.Redirect(returnURL);
}
odsSRPUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
MasterPage.PageMessage = SRPResources.SaveOK;
} else {
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) {
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
MasterPage.PageError = message;
}
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if(e.CommandName.ToLower() == "loginhistory") {
int key = Convert.ToInt32(lblUID.Text);
Session["UID"] = key;
Response.Redirect("~/ControlRoom/Modules/Security/LoginHistory.aspx");
//Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/LoginHistory.aspx", key));
}
//if (e.CommandName.ToLower() == "audituser")
//{
// int key = Convert.ToInt32(lblUID.Text);
// Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/UserAudit.aspx", key));
//}
}
