/// <summary> /// Process the ownership-mapping request for a single user /// </summary> /// <param name="siteSignIn"></param> /// <param name="thisOwnershipChange"></param> /// <param name="workingList_allKnownUsers"></param> /// <param name="knownDataSources"></param> private void Execute_ProvisionOwnership_SingleUserChange_inner( TableauServerSignIn siteSignIn, ProvisioningChangeContentOwnership thisOwnershipChange, WorkingListSiteUsers workingList_allKnownUsers, ICollection <SiteDatasource> knownDataSources, ICollection <SiteFlow> knownFlows) { var userOldOwner = workingList_allKnownUsers.FindUserByName(thisOwnershipChange.OldOwnerName); if (userOldOwner == null) { throw new Exception("201202-415: Could not find user: "******"201202-416: Could not find user: " + userNewOwner.Name); } //------------------------------------------------------------------------------------ //Check the ownership of each of these types of content, and update from the //old owner to the designated new owner //------------------------------------------------------------------------------------ Execute_ProvisionOwnership_SingleUserChange_Workbooks(siteSignIn, userOldOwner, userNewOwner); Execute_ProvisionOwnership_SingleUserChange_Datasources(siteSignIn, knownDataSources, userOldOwner, userNewOwner); Execute_ProvisionOwnership_SingleUserChange_Flows(siteSignIn, userOldOwner, userNewOwner, knownFlows); }
/// <summary> /// Add a specific user into the Server Site's group /// </summary> /// <param name="userEmail"></param> /// <param name="thisProvisionGroup"></param> /// <param name="siteUsersList"></param> private void Execute_ProvisionGroups_SingleGroup_AddUser( TableauServerSignIn siteSignIn, string userEmail, SiteGroup siteGroup, WorkingListSiteUsers siteUsersList) { var siteUserToAddToGroup = siteUsersList.FindUserByName(userEmail); //Sanity test. If the user is not a member of the site, they cannot be added to a group if (siteUserToAddToGroup == null) { CSVRecord_ErrorUpdatingUser(userEmail, "", "", "User not on site. Cannot be added to group"); _statusLogs.AddError("User not on site. Cannot be added to group, " + userEmail); return; //FAILED } switch (_provisionInstructions.ActionForMissingGroupMembers) { case ProvisionUserInstructions.MissingGroupMemberAction.Add: //Call the server and add the user var addUserToGroup = new SendAddUserToGroup(siteSignIn, siteUserToAddToGroup.Id, siteGroup.Id); bool userGroupAddSuccess = addUserToGroup.ExecuteRequest(); if (userGroupAddSuccess) { //SUCCESS CSVRecord_GroupModified_WithUser(siteGroup.Name, "added member", siteUserToAddToGroup.Name, ""); _statusLogs.AddStatus("Group membership: Added " + siteUserToAddToGroup.Name + " to group " + siteGroup.Name); } else { CSVRecord_ErrorUpdatingUser(userEmail, "", "", "User could not be added to group " + siteGroup.Name); _statusLogs.AddError("Group membership error: Failed to add " + siteUserToAddToGroup.Name + " to group " + siteGroup.Name); } return; case ProvisionUserInstructions.MissingGroupMemberAction.Report: //We are instructed to NOT REALLY add the user, jsut report CSVRecord_GroupModified_WithUser(siteGroup.Name, "SIMULATED added member", siteUserToAddToGroup.Name, ""); return; default: IwsDiagnostics.Assert(false, "814-433: Unknown action"); throw new Exception("814-433: Unknown action"); } }
/// <summary> /// Handle the provisioning for a single user /// </summary> /// <param name="userToProvision"></param> /// <param name="siteSignIn"></param> /// <param name="workingListUnexaminedUsers"></param> private void Execute_ProvisionUsers_SingleUser( ProvisioningUser userToProvision, TableauServerSignIn siteSignIn, WorkingListSiteUsers workingListUnexaminedUsers, WorkingListSiteUsers workingList_allKnownUsers) { //See if a user with this name already exists var foundExistingUser = workingListUnexaminedUsers.FindUserByName(userToProvision.UserName); ProvisionUserInstructions.MissingUserAction missingUserAction; ProvisionUserInstructions.UnexpectedUserAction unexpectedUserAction; //Get the instructions based on the desired Auth model for the user we are provisioning switch (userToProvision.UserAuthenticationParsed) { case SiteUserAuth.Default: missingUserAction = _provisionInstructions.ActionForMissingDefaultAuthUsers; unexpectedUserAction = _provisionInstructions.ActionForUnexpectedDefaultAuthUsers; break; case SiteUserAuth.SAML: missingUserAction = _provisionInstructions.ActionForMissingSamlUsers; unexpectedUserAction = _provisionInstructions.ActionForUnexpectedSamlUsers; break; case SiteUserAuth.OpenID: missingUserAction = _provisionInstructions.ActionForMissingOpenIdUsers; unexpectedUserAction = _provisionInstructions.ActionForUnexpectedOpenIdUsers; break; default: var unknownAuthType = userToProvision.UserAuthentication; if (unknownAuthType == null) { unknownAuthType = ""; } IwsDiagnostics.Assert(false, "814-1204: Unknown auth type, " + unknownAuthType); throw new Exception("814-1204: Unknown auth type, " + unknownAuthType); } //=============================================================================================== //CASE 1: The user does NOT exist. So add them //=============================================================================================== if (foundExistingUser == null) { Execute_ProvisionUsers_SingleUser_AddUser(siteSignIn, userToProvision, missingUserAction, workingList_allKnownUsers); return; } //=============================================================================================== //CASE 2a: The user EXISTS but is not the right AUTH; update them //=============================================================================================== if (string.Compare(foundExistingUser.SiteAuthentication, userToProvision.UserAuthentication, true) != 0) { //Update the user Execute_ProvisionUsers_SingleUser_ModifyUser(siteSignIn, userToProvision, foundExistingUser); return; } //=============================================================================================== //CASE 2b: The user EXISTS but is not the right ROLE; update them //=============================================================================================== else if (string.Compare(foundExistingUser.SiteRole, userToProvision.UserRole, true) != 0) { //================================================================================================================================================================== //CASE 2b: Special case (to support Grant License on Sign In: If the user provisioning insturctions ALLOW //NOTE: If the authentication schemes do not match, then move foward with modifying the user -- this is a more fundamental change, and we should honor it explicitly //================================================================================================================================================================== if (userToProvision.AllowPromotedRole) { var existingUserRoleRank = ProvisioningUser.CalculateRoleRank(foundExistingUser.SiteRole); if (existingUserRoleRank > userToProvision.RoleRank) { _statusLogs.AddStatus("No action: Provisioning rule for this user allow keeping existing higher ranked role. User: "******", " + foundExistingUser.SiteRole); return; } } //CASE 2c: Update the user because the provisioning Role differs from the existing user's Role Execute_ProvisionUsers_SingleUser_ModifyUser(siteSignIn, userToProvision, foundExistingUser); return; } //=============================================================================================== //CASE 3: The user exists and does NOT need to be modified //=============================================================================================== _statusLogs.AddStatus("No action: User exists and has expected role and authentication. User: " + userToProvision.UserName); }
/// <summary> /// Provisioning for a single group /// </summary> /// <param name="siteSignIn"></param> /// <param name="thisProvisionGroup"></param> /// <param name="existingGroups"></param> private void Execute_ProvisionGroups_SingleGroup( TableauServerSignIn siteSignIn, ProvisioningGroup thisProvisionGroup, DownloadGroupsList existingGroups, WorkingListSiteUsers siteUsersList) { _statusLogs.AddStatusHeader("Provision the group: " + thisProvisionGroup.GroupName); var thisExistingGroup = existingGroups.FindGroupWithName(thisProvisionGroup.GroupName); ICollection <SiteUser> existingUsersInGroup = new List <SiteUser>(); //If the Group does not exist on server then create it if (thisExistingGroup == null) { var createGroup = new SendCreateGroup(siteSignIn, thisProvisionGroup.GroupName); thisExistingGroup = createGroup.ExecuteRequest(); CSVRecord_GroupModified(thisExistingGroup.Name, "created group", ""); _statusLogs.AddStatus("Created group: " + thisExistingGroup.Name); //-------------------------------------------------------------------------- //Do we need to update the group's Grant License? //-------------------------------------------------------------------------- Execute_ProvisionGroups_SingleGroup_GrantLicenseUpdate(siteSignIn, thisProvisionGroup, thisExistingGroup); } else { //Download the members of the group var downloadGroupMembers = new DownloadUsersListInGroup(siteSignIn, thisExistingGroup.Id); downloadGroupMembers.ExecuteRequest(); existingUsersInGroup = downloadGroupMembers.Users; //-------------------------------------------------------------------------- //Do we need to update the group's Grant License? //-------------------------------------------------------------------------- Execute_ProvisionGroups_SingleGroup_GrantLicenseUpdate(siteSignIn, thisProvisionGroup, thisExistingGroup); } //==================================================================================== //Keep a list of the remaining users in the Server Site's group //==================================================================================== var workingListUnexaminedUsers = new WorkingListSiteUsers(existingUsersInGroup); //==================================================================================== //Go through each of the users we need to provision, and see if they are in the group //already //==================================================================================== foreach (var provisionThisUser in thisProvisionGroup.Members) { var userInGroup = workingListUnexaminedUsers.FindUserByName(provisionThisUser); if (userInGroup != null) { //The user is already in the group, no need to add them workingListUnexaminedUsers.RemoveUser(userInGroup); } else { //Add the user to the group try { Execute_ProvisionGroups_SingleGroup_AddUser(siteSignIn, provisionThisUser, thisExistingGroup, siteUsersList); } catch (Exception exAddUserToGroup) //Unexpected error case { IwsDiagnostics.Assert(false, "811-700: Internal error adding user to group: " + exAddUserToGroup.Message); _statusLogs.AddError("811-700: Internal error adding user to group: " + exAddUserToGroup.Message); } } } //============================================================================== //Remove any remaining users that are in the Server Site's Group but not in //our provisioning list //============================================================================== foreach (var unexpectedUser in workingListUnexaminedUsers.GetUsers()) { try { Execute_ProvisionGroups_RemoveSingleUser(siteSignIn, unexpectedUser, thisExistingGroup); } catch (Exception exUnxpectedUsers) { _statusLogs.AddError("Error removing unexpected user in GROUP " + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message); CSVRecord_ErrorUpdatingUser(unexpectedUser.Name, unexpectedUser.SiteRole, unexpectedUser.SiteAuthentication, "Error removing unexpected user in GROUP" + unexpectedUser.ToString() + ", " + exUnxpectedUsers.Message); } } }