public async Task <IActionResult> ExistingMember([FromBody] TenantMember memb) { if ((User == null) || (!User.IsInRole("ief"))) { return(new UnauthorizedObjectResult("Unauthorized")); } var tenantName = memb.tenantName.ToUpper(); var tenantId = await GetTenantIdFromNameAsync(memb.tenantName); if (tenantId == null) { return(new NotFoundObjectResult(new { userMessage = "Tenant does not exist", status = 404, version = 1.0 })); } var http = await _graph.GetClientAsync(); if (await IsMemberAsync(tenantId, memb.userId, true)) // skip already an admin { return(new JsonResult(new { tenantId, name = tenantName, roles = new string[] { "admin", "member" } })); } else if (await IsMemberAsync(tenantId, memb.userId, false)) { return(new JsonResult(new { tenantId, name = tenantName, roles = new string[] { "member" } })); } return(new NotFoundObjectResult(new { userMessage = "User is not a member of this tenant", status = 404, version = 1.0 })); }
public async Task <IActionResult> Member([FromBody] TenantMember memb) { _logger.LogTrace("Member: {0}", memb.tenantName); if ((User == null) || (!User.IsInRole("ief"))) { return(new UnauthorizedObjectResult("Unauthorized")); } _logger.LogTrace("Authorized"); var tenantName = memb.tenantName.ToUpper(); var tenantId = await GetTenantIdFromNameAsync(memb.tenantName); _logger.LogTrace("Tenant id: {0}", tenantId); if (tenantId == null) { return(new NotFoundObjectResult(new { userMessage = "Tenant does not exist", status = 404, version = 1.0 })); } var http = await _graph.GetClientAsync(); if (await IsMemberAsync(tenantId, memb.userId, true)) // skip already an admin { return(new JsonResult(new { tenantId, roles = new string[] { "admin", "member" } })); } else if (await IsMemberAsync(tenantId, memb.userId, false)) { return(new JsonResult(new { tenantId, roles = new string[] { "member" } })); } else { var resp = await http.PostAsync( $"{Graph.BaseUrl}groups/{tenantId}/members/$ref", new StringContent( $"{{\"@odata.id\": \"https://graph.microsoft.com/v1.0/directoryObjects/{memb.userId}\"}}", System.Text.Encoding.UTF8, "application/json")); if (!resp.IsSuccessStatusCode) { return(BadRequest("Add member failed")); } return(new JsonResult(new { tenantId, roles = new string[] { "member" }, isNewMember = true })); } }
public async Task <IActionResult> ExistingMember([FromBody] TenantMember memb) { if ((User == null) || (!User.IsInRole("ief"))) { return(new UnauthorizedObjectResult("Unauthorized")); } var ts = await GetTenantsForUser(memb.userId); var tenant = ts.FirstOrDefault(t => t.tenantName == memb.tenantName); if (tenant != null) { return(new JsonResult(new { tenant.tenantId, name = tenant.tenantName, requireMFA = await IsMFARequired(tenant.tenantId), tenant.roles, // .Aggregate((a, s) => $"{a},{s}"), allTenants = ts.Select(t => t.tenantName) // .Aggregate((a, s) => $"{a},{s}") })); } return(new NotFoundObjectResult(new { userMessage = "User is not a member of this tenant", status = 404, version = 1.0 })); }
public async Task <IActionResult> ExistingMember([FromBody] TenantMember memb) { if ((User == null) || (!User.IsInRole("ief"))) { return(new UnauthorizedObjectResult("Unauthorized")); } Member tenant = null; IEnumerable <Member> ts = null; if (!String.IsNullOrEmpty(memb.userId)) // for an AAD user new to B2C this could be empty { ts = await GetTenantsForUser(memb.userId); if (ts != null) { tenant = ts.FirstOrDefault(t => t.tenantName == memb.tenantName); } } if (tenant != null) { var t = await _ext.GetAsync(new TenantDetails() { id = tenant.tenantId }); return(new JsonResult(new { tenant.tenantId, name = tenant.tenantName, requireMFA = t.requireMFA, tenant.roles, // .Aggregate((a, s) => $"{a},{s}"), allTenants = ts.Select(t => t.tenantName) // .Aggregate((a, s) => $"{a},{s}") })); } else if (String.Equals("commonaad", memb.identityProvider)) // perhaps this tenant allows users from same directory as creator { var id = await GetTenantIdFromNameAsync(memb.tenantName); if (!String.IsNullOrEmpty(id)) { var t = await _ext.GetAsync(new TenantDetails() { id = id }); if (String.Equals(memb.directoryId, t.directoryId) && t.allowSameIssuerMembers) { return(new JsonResult(new { id, name = memb.tenantName, requireMFA = t.requireMFA, roles = new string[] { "member" }, allTenants = new string[] { memb.tenantName }, newUser = String.IsNullOrEmpty(memb.userId) })); } } } return(new NotFoundObjectResult(new { userMessage = "User is not a member of this tenant", status = 404, version = 1.0 })); }