Exemplo n.º 1
0
        public void CreateUser(UsersObject newUser)
        {
            CPDatabase database = null;
            ADGroup ldapGroup = null;
            ADUser ldapUser = null;

            CloudPanelTransaction newUserTransaction = new CloudPanelTransaction();
            try
            {
                // Insert into database
                database = new CPDatabase();

                // Make sure the user doesn't already exist
                var foundUser = (from u in database.Users
                                 where u.UserPrincipalName == newUser.UserPrincipalName
                                 select u).FirstOrDefault();

                if (foundUser != null)
                    ThrowEvent(AlertID.FAILED, "User already exists " + newUser.UserPrincipalName);
                else
                {
                    // Get the company's OU where we need to save the user
                    var companyDistinguishedName = (from c in database.Companies
                                                    where !c.IsReseller
                                                    where c.CompanyCode == newUser.CompanyCode
                                                    select c.DistinguishedName).First();

                    // Check if they are using a custom user's OU
                    if (!string.IsNullOrEmpty(StaticSettings.UsersOU))
                        companyDistinguishedName = string.Format("OU={0},{1}", StaticSettings.UsersOU, companyDistinguishedName);

                    ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
                    UsersObject createdUser = ldapUser.NewUser(newUser, companyDistinguishedName, StaticSettings.AllowCustomNameAttribute);
                    newUserTransaction.NewUser(createdUser.UserPrincipalName);

                    // Add the users to the groups
                    ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
                    ldapGroup.AddMember("AllUsers@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");

                    if (newUser.IsCompanyAdmin)
                        ldapGroup.AddMember("Admins@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");

                    // Insert into database
                    User sqlUser = new User();
                    sqlUser.UserGuid = createdUser.UserGuid;
                    sqlUser.CompanyCode = createdUser.CompanyCode;
                    sqlUser.sAMAccountName = createdUser.sAMAccountName;
                    sqlUser.UserPrincipalName = createdUser.UserPrincipalName;
                    sqlUser.DistinguishedName = createdUser.DistinguishedName;
                    sqlUser.DisplayName = createdUser.DisplayName;
                    sqlUser.Firstname = createdUser.Firstname;
                    sqlUser.Middlename = createdUser.Middlename;
                    sqlUser.Lastname = createdUser.Lastname;
                    sqlUser.Email = string.Empty;
                    sqlUser.Department = createdUser.Department;
                    sqlUser.IsResellerAdmin = createdUser.IsResellerAdmin;
                    sqlUser.IsCompanyAdmin = createdUser.IsCompanyAdmin;
                    sqlUser.MailboxPlan = 0;
                    sqlUser.TSPlan = 0;
                    sqlUser.LyncPlan = 0;
                    sqlUser.Created = DateTime.Now;
                    sqlUser.AdditionalMB = 0;
                    sqlUser.ActiveSyncPlan = 0;
                    database.Users.Add(sqlUser);

                    // Insert permissions into database
                    if (createdUser.IsCompanyAdmin)
                    {
                        UserPermission newPermissions = new UserPermission();
                        newPermissions.UserID = sqlUser.ID;
                        newPermissions.EnableExchange = createdUser.EnableExchangePerm;
                        newPermissions.DisableExchange = createdUser.DisableExchangePerm;
                        newPermissions.AddDomain = createdUser.AddDomainPerm;
                        newPermissions.DeleteDomain = createdUser.DeleteDomainPerm;
                        newPermissions.EnableAcceptedDomain = createdUser.EnableAcceptedDomainPerm;
                        newPermissions.DisableAcceptedDomain = createdUser.DisableAcceptedDomainPerm;
                        database.UserPermissions.Add(newPermissions);
                    }

                    database.SaveChanges();
                }
            }
            catch (Exception ex)
            {
                ThrowEvent(AlertID.FAILED, ex.Message);

                // Rollback on error
                newUserTransaction.RollBack();
            }
            finally
            {
                if (ldapUser != null)
                    ldapUser.Dispose();

                if (ldapGroup != null)
                    ldapGroup.Dispose();

                if (database != null)
                    database.Dispose();
            }
        }
Exemplo n.º 2
0
        public void UpdateUser(UsersObject updateUser, bool isSuperOrResellerAdmin)
        {
            CPDatabase database = null;
            ADGroup ldapGroup = null;
            ADUser ldapUser = null;

            try
            {
                database = new CPDatabase();

                // Get the user from the database
                var foundUser = (from u in database.Users
                                 where u.UserPrincipalName == updateUser.UserPrincipalName
                                 select u).FirstOrDefault();

                if (foundUser == null)
                    ThrowEvent(AlertID.FAILED, "Unknown user " + updateUser.UserPrincipalName);
                else
                {
                    this.logger.Debug("Found user " + foundUser.UserPrincipalName + " in the database. Continuing...");

                    // Update the user values
                    foundUser.Firstname = updateUser.Firstname;
                    foundUser.Middlename = updateUser.Middlename;
                    foundUser.Lastname = updateUser.Lastname;
                    foundUser.DisplayName = updateUser.DisplayName;
                    foundUser.Department = updateUser.Department;

                    // Update user in Active Directory
                    ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
                    ldapUser.UpdateUser(updateUser, StaticSettings.AllowCustomNameAttribute);

                    // Only update these values if super admin or reseller admin is modifying the user
                    if (isSuperOrResellerAdmin)
                    {
                        this.logger.Debug("Super admin or reseller is updating user so we can check comapny admin permissions and reseller permissions");

                        foundUser.IsCompanyAdmin = updateUser.IsCompanyAdmin;
                        foundUser.IsResellerAdmin = updateUser.IsResellerAdmin;

                        // Get permissions from database
                        var userPermissions = (from p in database.UserPermissions
                                               where p.UserID == foundUser.ID
                                               select p).FirstOrDefault();

                        // If the user is no longer a company admin then remove permissions from the database
                        if (userPermissions != null && !updateUser.IsCompanyAdmin)
                        {
                            this.logger.Debug("User " + updateUser.UserPrincipalName + " is no longer a comapny admin. Need to remove rights from database and security group");

                            database.UserPermissions.Remove(userPermissions);

                            // Remove from Admins@ security group
                            ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
                            ldapGroup.RemoveMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
                        }
                        else if (userPermissions != null && updateUser.IsCompanyAdmin)
                        {
                            this.logger.Debug("User " + updateUser.UserPrincipalName + " is a company admin. Need to update company admin rights in database.");

                            // If user permissions was found and the user is company admin then update the values
                            userPermissions.EnableExchange = updateUser.EnableExchangePerm;
                            userPermissions.DisableExchange = updateUser.DisableExchangePerm;
                            userPermissions.AddDomain = updateUser.AddDomainPerm;
                            userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
                            userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
                            userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
                        }
                        else if (userPermissions == null && updateUser.IsCompanyAdmin)
                        {
                            this.logger.Debug("User " + updateUser.UserPrincipalName + " does not have any existing company admin rights. We need to add them to the database.");

                            // No existing permissions were found and we need to add to database
                            userPermissions = new UserPermission();
                            userPermissions.UserID = foundUser.ID;
                            userPermissions.EnableExchange = updateUser.EnableExchangePerm;
                            userPermissions.DisableExchange = updateUser.DisableExchangePerm;
                            userPermissions.AddDomain = updateUser.AddDomainPerm;
                            userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
                            userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
                            userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
                            database.UserPermissions.Add(userPermissions);

                            // Add to Admins@ security group
                            ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
                            ldapGroup.AddMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
                        }
                    }
                    else
                        this.logger.Debug("User making changes to " + updateUser.UserPrincipalName + " is not a super admin or reseller admin. We cannot update company admin or reseller admin permissions unless the user making changes is a super or reseller admin.");

                    // Update database
                    database.SaveChanges();
                }
            }
            catch (Exception ex)
            {
                this.logger.Debug("Error updating user " + updateUser.UserPrincipalName, ex);
                ThrowEvent(AlertID.FAILED, ex.Message);
            }
            finally
            {
                if (ldapUser != null)
                    ldapUser.Dispose();

                if (ldapGroup != null)
                    ldapGroup.Dispose();

                if (database != null)
                    database.Dispose();
            }
        }