/// <summary>
/// Adds a copy of the lightbox asset to the lightbox, if it does not contain the asset
/// </summary>
public void AddAssetToLightbox(Lightbox lightbox, LightboxAsset lightboxAsset)
{
if (!lightbox.IsNull && !lightboxAsset.IsNull)
{
if (EntitySecurityManager.CanManageLightbox(User, lightbox))
{
if (!LightboxContainsAsset(lightbox, lightboxAsset.AssetId))
{
LightboxAsset lba = LightboxAsset.New();
lba.LightboxId = lightbox.LightboxId.GetValueOrDefault();
lba.AssetId = lightboxAsset.AssetId;
lba.Notes = lightboxAsset.Notes;
lba.CreateDate = DateTime.Now;
LightboxAsset.Update(lba);
AuditLogManager.LogAssetAction(lightboxAsset.AssetId, User, AuditAssetAction.AddedToLightbox);
AuditLogManager.LogUserAction(User, AuditUserAction.AddToLightbox, string.Format("Added AssetId: {0} to LightboxId: {1}", lightboxAsset.AssetId, lightbox.LightboxId.GetValueOrDefault()));
}
}
else
{
m_Logger.DebugFormat("User: {0} (UserId: {1}) tried to add AssetId: {2} to LightboxId: {3} but couldn't due to insufficient permissions to manage ths lightbox", User.FullName, User.UserId, lightboxAsset.AssetId, lightbox.LightboxId.GetValueOrDefault());
}
}
}
public void RemoveAssetFromLightbox(int lightboxId, int assetId, string additionalNotes)
{
Lightbox lb = GetLightboxById(lightboxId);
if (EntitySecurityManager.CanManageLightbox(User, lb))
{
if (LightboxContainsAsset(lb, assetId))
{
foreach (LightboxAsset lba in lb.GetLightboxAssetList())
{
if (lba.AssetId == assetId)
{
LightboxAsset.Delete(lba.LightboxAssetId);
AuditLogManager.LogAssetAction(assetId, User, AuditAssetAction.RemovedFromLightbox);
string notes = string.Format("Removed AssetId: {0} from LightboxId: {1}", assetId, lightboxId);
if (!StringUtils.IsBlank(additionalNotes))
{
notes += string.Format(". {0}", additionalNotes);
}
AuditLogManager.LogUserAction(User, AuditUserAction.RemoveFromLightbox, notes);
}
}
}
}
else
{
m_Logger.DebugFormat("User: {0} (UserId: {1}) tried to remove AssetId: {2} from LightboxId: {3} but couldn't due to insufficient permissions to manage ths lightbox", User.FullName, User.UserId, assetId, lightboxId);
}
}
/// <summary>
/// Delete asset and update audit log
/// </summary>
/// <param name="user">The user deleting the asset</param>
/// <param name="assetId">The ID of the asset to be deleted</param>
public static void DeleteAsset(User user, int assetId)
{
m_Logger.DebugFormat("DeleteAsset: {0}", assetId);
Asset asset = Asset.Get(assetId);
if (asset.IsNull)
{
return;
}
asset.IsDeleted = true;
Asset.Update(asset);
m_Logger.Debug(" -Flagged asset as deleted");
// Update the audit log
AuditLogManager.LogAssetAction(asset, user, AuditAssetAction.DeleteAsset);
AuditLogManager.LogUserAction(user, AuditUserAction.DeleteAsset, string.Format("Deleted Asset with AssetId: {0}", asset.AssetId));
m_Logger.Debug(" -Updated audit log");
// Delete asset files
DeleteAssetFiles(asset, asset.AssetFilePath.Path);
// Delete asset bitmaps folder
AssetBitmapGroupManager.DeleteAssetBitmapsFolder(asset);
// Delete all asset categories
AssetCategory.DeleteAllByAssetId(assetId);
}
public static void ReplaceAssetFile(Asset asset, BinaryFile file, bool notify, User uploadUser)
{
m_Logger.DebugFormat("ReplaceAssetFile() - AssetId: {0}", asset.AssetId);
// Will save the asset file, increment version, etc
AssetFileManager.SaveAssetFile(asset, file, notify);
if (asset.AssetPublishStatus == AssetPublishStatus.PendingApproval)
{
// The asset is still in a workflow, which we need to cancel and re-submit
// Get the most recent workflow and perform relevant actions on it
if (asset.AssetWorkflowList.Count > 0)
{
// Get the most recent workflow
AssetWorkflow assetWorkflow = asset.AssetWorkflowList[0];
// Cancel it
WorkflowManager.CancelWorkflow(assetWorkflow);
m_Logger.DebugFormat("Cancelled AssetWorkflow - AssetWorkflowId: {0}", assetWorkflow.AssetWorkflowId);
// Resubmit it
WorkflowManager.SubmitAssetToWorkflow(asset, uploadUser);
m_Logger.DebugFormat("Resubmitted asset to workflow. AssetId: {0}", asset.AssetId);
}
}
AuditLogManager.LogAssetAction(asset, uploadUser, AuditAssetAction.ReplacedAssetFile);
AuditLogManager.LogUserAction(uploadUser, AuditUserAction.ReplacedAssetFile, string.Format("Replaced asset file of AssetId: {0}", asset.AssetId));
}
public static void ReactivateUser(User user)
{
user.AccountExpiryDate = DateTime.Now.AddDays(AccountExpiryDays);
User.Update(user);
string notes = string.Format("Account reactivated, expiry date updated to: {0}", user.AccountExpiryDate.GetValueOrDefault().ToString("dd MMMM yyyy HH:mm"));
AuditLogManager.LogUserAction(user, AuditUserAction.ReactivateAccount, notes);
}
/// <summary>
/// Updates a Category
/// </summary>
/// <param name="categoryId"> The id of the category to be updated</param>
/// <param name="categoryName"> New name</param>
/// <param name="user">User making the change</param>
public static void RenameCategory(int categoryId, string categoryName, User user)
{
Category category = Category.Get(categoryId);
string oldname = category.Name;
category.Name = categoryName;
UpdateCategory(category);
AuditLogManager.LogUserAction(user, AuditUserAction.ModifyCategory, string.Format("Renamed {0} to {1}, ID: {2}", oldname, categoryName, category.CategoryId));
}
public void RemoveCartItemFromCart(Cart cart)
{
Cart.Delete(cart.CartId);
AuditLogManager.LogAssetAction(cart.AssetId, User, AuditAssetAction.RemovedFromCart);
AuditLogManager.LogUserAction(User, AuditUserAction.RemoveFromCart, string.Format("Removed AssetId: {0} from cart", cart.AssetId));
m_CartItems = null;
}
/// <summary>
/// Updates a Category
/// </summary>
/// <param name="categoryId"> The id of the category to be updated</param>
/// <param name="categoryName">New name</param>
/// <param name="externalRef">External Reference</param>
/// <param name="message">Message to display when selected</param>
/// <param name="synonyms">Synonyms for the search functionality</param>
/// <param name="user">The user updating the category</param>
public static void UpdateCategory(int categoryId, string categoryName, string externalRef, string message, string synonyms, User user)
{
Category category = Category.Get(categoryId);
category.Name = categoryName;
category.ExternalRef = externalRef;
category.Message = message;
category.Synonyms = ProcessSynonyms(synonyms);
UpdateCategory(category);
AuditLogManager.LogUserAction(user, AuditUserAction.ModifyCategory, string.Format("Modified category {0}, ID: {1}", category.Name, category.CategoryId));
}
/// <summary>
/// Updates the last login date, account expiry date, and adds an user login audit entry
/// </summary>
public static void UpdateLastLoginAuditInfo(User user)
{
// Update the user
user.LastLoginDate = DateTime.Now;
user.AccountExpiryDate = DateTime.Now.AddDays(UserManager.AccountExpiryDays);
User.Update(user);
// Update the audit log
string message = string.Format("Login successful. Account expiry date updated to {0}.", user.AccountExpiryDate.GetValueOrDefault().ToString("dd MMM yyyy HH:mm"));
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, message);
}
public static void Update(int id, string text, string externalRef, string synonyms, User user)
{
Metadata o = Metadata.Get(id);
o.Name = text;
o.ExternalRef = externalRef;
o.Synonyms = synonyms;
Validate(o);
Metadata.Update(o);
CacheManager.InvalidateCache("Metadata", CacheType.All);
AuditLogManager.LogUserAction(user, AuditUserAction.ModifyMetadata, "Updated metadata with ID: " + id);
}
/// <summary>
/// Changes the user status from pending email confirmation to approved
/// </summary>
public static void ConfirmEmailAddress(User user)
{
if (!user.IsNull)
{
if (user.UserStatusId == Convert.ToInt32((UserStatus.PendingEmailConfirmation)))
{
user.UserStatusId = Convert.ToInt32(UserStatus.Approved);
SaveUser(user);
AuditLogManager.LogUserAction(user, AuditUserAction.ConfirmEmailAddress, string.Format("Confirmed email address: {0}", user.Email));
}
}
}
/// <summary>
/// Remove the cart item for the specified asset from the user's cart
/// </summary>
public void RemoveAssetFromCart(int assetId)
{
foreach (Cart cart in CartList)
{
if (cart.AssetId == assetId)
{
Cart.Delete(cart.CartId);
AuditLogManager.LogAssetAction(assetId, User, AuditAssetAction.RemovedFromCart);
AuditLogManager.LogUserAction(User, AuditUserAction.RemoveFromCart, string.Format("Removed AssetId: {0} from cart", assetId));
}
}
m_CartItems = null;
}
public void RemoveLightbox(int lightboxId)
{
// Ensure that we have more than one lightbox
if (UserLightboxes.Count == 1)
{
throw new InvalidLightboxException("cannot remove only lightbox");
}
// Get the lightbox
Lightbox lb = GetLightboxById(lightboxId);
// Default lightboxes cannot be removed
if (lb.IsDefault)
{
throw new InvalidLightboxException("cannot remove default lightbox");
}
if (lb.IsLinked)
{
//remove linked lightbox
LightboxLinked lightboxLinked = LightboxLinked.GetLightboxLinked(User.UserId.GetValueOrDefault(-1), lightboxId);
if (!lightboxLinked.IsNull)
{
LightboxLinked.Delete(lightboxLinked.LightboxLinkedId);
}
// Update audit log
AuditLogManager.LogUserAction(User, AuditUserAction.RemoveLightbox, string.Format("Removed linked lightbox: {0} (LightboxLinkedId: {1})", lb.Name, lightboxLinked.LightboxLinkedId));
}
else
{
// Non-superadmins can only remove their own lightboxes
if (User.UserRole != UserRole.SuperAdministrator && lb.UserId != User.UserId.GetValueOrDefault())
{
throw new InvalidLightboxException("cannot remove lightbox not created by you");
}
// Delete it
Lightbox.Delete(lb.LightboxId);
// Update audit log
AuditLogManager.LogUserAction(User, AuditUserAction.RemoveLightbox, string.Format("Removed lightbox: {0} (LightboxId: {1})", lb.Name, lb.LightboxId));
}
// Fire event
OnLightboxListChanged();
}
/// <summary>
/// Empties the specified user's cart
/// </summary>
/// <param name="log">Boolean value specifying whether the asset and user logs should be updated</param>
public void EmptyCart(bool log)
{
foreach (Cart cartItem in CartList)
{
Cart.Delete(cartItem.CartId);
if (log)
{
AuditLogManager.LogAssetAction(cartItem.AssetId, User, AuditAssetAction.RemovedFromCart, "User emptied cart");
AuditLogManager.LogUserAction(User, AuditUserAction.EmptyCart, string.Format("User emptied cart. Removed AssetId: {0} from cart", cartItem.AssetId));
}
}
m_CartItems = null;
}
/// <summary>
/// Deletes a user (marks them as deleted)
/// </summary>
/// <param name="adminUser">The admin user performing the delete operation</param>
/// <param name="userId">The user to be marked as deleted</param>
public static void DeleteUser(User adminUser, int userId)
{
User user = User.Get(userId);
if (!user.IsNull)
{
// Change email address and append user id onto it
// This is in case another user tries to register
// with it or this user tries to re-register.
user.Email = user.UserId + "_" + user.Email;
user.IsDeleted = true;
User.Update(user);
AuditLogManager.LogUserAction(adminUser, AuditUserAction.DeleteUser, string.Format("Deleted user: {0}, with UserId: {1}", user.FullName, user.UserId));
}
}
public static void ChangePassword(User user, string existingPassword, string newPassword, string newPasswordConfirmation)
{
// First make sure that the existing password the user has entered is valid
if (!user.CheckPassword(existingPassword))
{
throw new ChangePasswordException("Old password is incorrect");
}
// Ensure that they entered a new password
if (StringUtils.IsBlank(newPassword))
{
throw new ChangePasswordException("New password cannot be blank");
}
// Ensure that the new password and confirm new password match
if (newPassword.Trim() != newPasswordConfirmation.Trim())
{
throw new ChangePasswordException("New password does not match confirmed password");
}
// Ensure that the user has not used the new password recently
if (PasswordHistory.IsRecentPassword(user, newPassword))
{
throw new ChangePasswordException("New password has been used recently and cannot be used again");
}
// Validate the new password, ensuring it meets all password criteria
ErrorList e = PasswordGenerator.ValidatePassword(newPassword);
if (e.Count > 0)
{
throw new ChangePasswordException(e[0].ToString());
}
// Everything has password. Set the new password and update the user's
// password expiry date. Then save the user back to the database.
user.SetPassword(newPassword);
user.PasswordExpiryDate = DateTime.Now.AddDays(PasswordExpiryDays);
User.Update(user);
// Update the user's password history (this is so that we can stop the same
// password from being used again in future).
PasswordHistory.UpdateUserPasswordHistory(user);
// Update the audit log
AuditLogManager.LogUserAction(user, AuditUserAction.ChangePassword, "Changed password");
}
/// <summary>
/// Used for users created by an admin from the admin area
/// </summary>
/// <param name="user">The user being created</param>
/// <param name="creator">The admin user creating the user</param>
/// <param name="notify">Boolean specifying whether welcome email should be sent</param>
public static void Create(User user, User creator, bool notify)
{
// First run standard validations
ErrorList errorList = ValidateUser(user);
if (!notify && string.IsNullOrEmpty(user.UnencryptedPassword))
{
errorList.Add("Password must be specified when welcome email is not being sent");
}
// Quit if any validation errors occurred
if (errorList.Count > 0)
{
throw new InvalidUserException(errorList, user);
}
// Bypass the standard admin approval as this user is created by an admin
// Just pre-approve this account.
user.UserStatus = UserStatus.Approved;
// Set account expiry date
user.AccountExpiryDate = DateTime.Now.AddDays(AccountExpiryDays);
// Expire password immediately so that user must change it on first login
user.PasswordExpiryDate = DateTime.Now.AddDays(-1);
// Save user to database
SaveUser(user);
//generate a new user api token
user.RegenerateUserAPIToken();
// Update the audit log for both the admin and new user
AuditLogManager.LogUserAction(creator, AuditUserAction.AddUser, string.Format("Created user: {0}, with UserId: {1}", user.FullName, user.UserId));
AuditLogManager.LogUserAction(user, AuditUserAction.RegisteredByAdmin, string.Format("Created by admin: {0}", creator.FullName));
// Fire events
if (notify)
{
if (UserCreatedByAdmin != null)
{
UserCreatedByAdmin(null, new UserEventArgs(user));
}
}
}
/// <summary>
/// Deletes a Category only if it doesn't have children
/// </summary>
/// <param name="categoryId"> The id of the category to be deleted</param>
/// <param name="user">User doing the delete</param>
public static void DeleteCategory(int categoryId, User user)
{
Category category = Category.Get(categoryId);
if (category.IsRootCategory)
{
throw new CategoryException(string.Format("The category named '{0}' cannot be deleted because it is the root category", category.Name))
{
ErrorCode = "root-category"
}
}
;
if (category.SubCategories.Count > 0)
{
throw new CategoryException(string.Format("The category named '{0}' cannot be deleted because it contains sub-categories", category.Name))
{
ErrorCode = "has-subcategories"
}
}
;
int count = GetFullAssetCount(categoryId);
if (count > 0)
{
// This should be caught client-side, so update the asset count and invalidate cache
// In case the external category count updater has not updated it yet.
category.FullAssetCount = count;
Category.Update(category);
CacheManager.InvalidateCache("Category", CacheType.All);
throw new CategoryException(string.Format("The category named '{0}' cannot be deleted because it has {1} assets assigned to it", category.Name, count))
{
ErrorCode = "has-assets"
};
}
Category.Delete(categoryId);
CacheManager.InvalidateCache("Category", CacheType.All);
AuditLogManager.LogUserAction(user, AuditUserAction.DeleteCategory, string.Format("Deleted category: {0}, ID: {1}", category.Name, category.CategoryId));
}
public Lightbox CreateLightbox(string name, bool isDefault)
{
Lightbox lb = Lightbox.New();
lb.UserId = User.UserId.GetValueOrDefault();
lb.Name = name;
lb.IsDefault = false;
lb.CreateDate = DateTime.Now;
SaveLightbox(lb);
if (isDefault)
{
SetDefaultLightbox(lb.LightboxId.GetValueOrDefault());
}
AuditLogManager.LogUserAction(User, AuditUserAction.AddLightbox, string.Format("Created lightbox: {0} (LightboxId: {1})", lb.Name, lb.LightboxId));
return(lb);
}
/// <summary>
/// Adds the asset with the specified ID to the user's cart.
/// </summary>
public void AddAssetToCart(int assetId)
{
if (CartContainsAsset(assetId))
{
return;
}
Cart cart = Cart.New();
cart.UserId = User.UserId.GetValueOrDefault();
cart.AssetId = assetId;
cart.DateAdded = DateTime.Now;
Cart.Update(cart);
AuditLogManager.LogAssetAction(assetId, User, AuditAssetAction.AddedToCart);
AuditLogManager.LogUserAction(User, AuditUserAction.AddToCart, string.Format("Added AssetId: {0} to cart", assetId));
m_CartItems = null;
}
public static Metadata Add(string text, int?parentId, int brandId, int groupNumber, string externalRef, string synonyms, User user)
{
Metadata o = Metadata.New();
o.Name = text;
o.ParentMetadataId = parentId;
o.BrandId = brandId;
o.GroupNumber = groupNumber;
o.ExternalRef = externalRef;
o.Synonyms = synonyms;
if (o.ParentMetadataId.GetValueOrDefault() <= 0)
{
o.ParentMetadataId = null;
}
var sibglings = MetadataCache.Instance
.GetList(brandId, groupNumber)
.Where(m => (
//either we are adding to the top parent level
parentId == 0 && !m.ParentMetadataId.HasValue) ||
//or we need all siblings with the same parent
m.ParentMetadataId == parentId
)
.ToList();
o.MetadataOrder = sibglings.Count == 0 ? 1 : sibglings.OrderBy(s => s.MetadataOrder).Last().MetadataOrder + 1;
Validate(o);
o = Metadata.Update(o);
CacheManager.InvalidateCache("Metadata", CacheType.All);
if (!user.IsNull)
{
AuditLogManager.LogUserAction(user, AuditUserAction.AddMetadata, string.Format("Added Metadata with ID: {0}. Name: {1}", o.MetadataId, o.Name));
}
return(o);
}
/// <summary>
/// Delegates an asset to another user
/// </summary>
/// <param name="asset">The asset to be delegated</param>
/// <param name="newContactEmail">The email address of the user to which the asset should be delegated. This must be an upload user or above.</param>
/// <exception cref="InvalidAssetDelegationException">Thrown if the specified email address does not belong to a valid user, or if belongs to a user without upload permissions</exception>
private static void DelegateAsset(Asset asset, string newContactEmail)
{
if (StringUtils.IsBlank(newContactEmail))
{
throw new InvalidAssetDelegationException("System Error: Contact Email is blank", asset, User.Empty);
}
// First get the user we are delegating to
User user = User.GetByEmail(newContactEmail);
// Ensure we have a valid user
if (user.IsNull)
{
throw new InvalidAssetDelegationException("Email address does not belong to a valid user", asset, user);
}
// Ensure the user is at least an upload user
if (user.UserRoleId < Convert.ToInt32(UserRole.UploadUser))
{
throw new InvalidAssetDelegationException("Email address does not belong to a user with upload permissions", asset, user);
}
// Otherwise, user is valid, so re-assign the asset
asset.UploadedByUserId = user.UserId.GetValueOrDefault();
asset.ContactEmail = user.Email;
// Save it
Asset.Update(asset);
// Log it
AuditLogManager.LogAssetAction(asset, user, AuditAssetAction.SavedAsset, "Asset was delegated to this user");
m_Logger.DebugFormat("Asset with AssetId: {0} delegated to user: {1}", asset.AssetId, user.FullName);
// Fire email notification
if (AssetDelegated != null)
{
AssetDelegatedEventArgs e = new AssetDelegatedEventArgs(asset, user);
AssetDelegated(null, e);
}
}
public static void Move(int metadataId, int parentId, User user, int order)
{
var metadata = Metadata.Get(metadataId);
IList <Metadata> subMetas;
if (parentId > 0)
{
var parentMetadata = Metadata.Get(parentId);
subMetas = parentMetadata.Children;
}
else
{//we are at root level - i.e. all metas are with parent=NULL
//so get all siblings by brandId and group number
subMetas = (from m in MetadataCache.Instance.GetList(metadata.BrandId.GetValueOrDefault(), metadata.GroupNumber)
where !m.ParentMetadataId.HasValue
select m).ToList();
}
// Reorder top level categories
foreach (var meta in subMetas)
{
if ((meta.MetadataOrder >= order) && (meta.MetadataId != metadataId))
{
meta.MetadataOrder += 1;
Metadata.Update(meta);
}
}
metadata.ParentMetadataId = parentId;
metadata.MetadataOrder = order;
if (metadata.ParentMetadataId.GetValueOrDefault() <= 0)
{
metadata.ParentMetadataId = null;
}
Metadata.Update(metadata);
CacheManager.InvalidateCache("Metadata", CacheType.All);
AuditLogManager.LogUserAction(user, AuditUserAction.ModifyMetadata, "Moved metadata with ID: " + metadataId);
}
public static void EnsureUserHasDefaultLightbox(User user)
{
if (user.IsNew || user.IsNull)
{
return;
}
LightboxFinder finder = new LightboxFinder {
UserId = user.UserId.GetValueOrDefault(), IsDefault = true
};
int count = Lightbox.GetCount(finder);
if (count == 0)
{
Lightbox lb = Lightbox.New();
lb.UserId = user.UserId.GetValueOrDefault();
lb.Name = "My Assets";
lb.IsDefault = true;
lb.CreateDate = DateTime.Now;
Lightbox.Update(lb);
AuditLogManager.LogUserAction(user, AuditUserAction.AddLightbox, "System created default lightbox as there were no other ligthboxes");
}
}
/// <summary>
/// Creates an order from the user's cart.
/// </summary>
public static Order CreateOrderFromCart(User user)
{
// Create new cart manager for easy access to cart
CartManager cm = new CartManager(user);
// Ensure that the cart contains orderable items
ValidateCart(cm.CartList, user);
// Create the order
Order order = Order.New();
order.UserId = user.UserId.GetValueOrDefault();
order.OrderDate = DateTime.Now;
// Ensure there's no order items
Debug.Assert(order.OrderItemList.Count == 0);
// Now add the cart items to it
foreach (Cart cartItem in cm.CartList)
{
Asset asset = cartItem.Asset;
// Get the asset status for the cart item
AssetStatus assetStatus = AssetManager.GetAssetStatusForUser(asset, user);
// Only add assets that are actually available
// (Ignore withdrawn and expired assets)
if (assetStatus == AssetStatus.Available)
{
// Set the order item status based on whether the item is restricted or not
bool isRestricted = EntitySecurityManager.IsAssetRestricted(user, asset);
// Create new order item
OrderItem orderItem = OrderItem.New();
// Order items that are for restricted assets are set to awaiting approval
// and need to be approved by the user who uploaded them by default
// (though this can change, and be reassigned to the BU admin or superadmin,
// as per the workflow and scheduled scripts)
if (isRestricted)
{
orderItem.OrderItemStatus = OrderItemStatus.AwaitingApproval;
orderItem.AssignedToUserId = asset.UploadedByUser.GetOrderItemApproverUserId();
}
else
{
orderItem.OrderItemStatus = OrderItemStatus.Preapproved;
orderItem.AssignedToUserId = null;
}
orderItem.AssetId = cartItem.AssetId;
orderItem.Notes = cartItem.Notes;
orderItem.RequiredByDate = cartItem.RequiredByDate;
orderItem.CreateDate = DateTime.Now;
order.OrderItemList.Add(orderItem);
}
}
// Save the order
SaveOrder(order);
// Log which assets were ordered
foreach (OrderItem orderItem in order.OrderItemList)
{
AuditLogManager.LogAssetAction(orderItem.AssetId, user, AuditAssetAction.Ordered, string.Format("OrderId: {0}", orderItem.OrderId));
}
// Log order against user
AuditLogManager.LogUserAction(user, AuditUserAction.OrderAssets, string.Format("Placed order, with OrderId: {0} containing {1} assets", order.OrderId, order.OrderItemList.Count));
// Remove the items from the cart
cm.EmptyCart(false);
// Complete the order if all items have been processed
if (AllOrderItemsProcessed(order))
{
// Nothing in the order required approval, so automatically complete it
CompleteOrder(order);
}
else
{
// Fire event
if (OrderCreated != null)
{
OrderCreated(null, new OrderEventArgs(order));
}
}
return(order);
}
private void SendLightboxToUser(Lightbox lightbox, User user, string recipient, string subject, string message, DateTime?expiryDate, bool?downloadLinks, bool?linked, bool?editable)
{
m_Logger.Debug("SendLightboxToUser - start");
int?createdLightboxId = null;
int?linkedLightboxId = null;
if (!user.IsNull)
{
//check to see if should link the lightbox or
//make a new copy of it
if (linked.GetValueOrDefault(false))
{
// create new linked lightbox
LightboxLinked linkedLightbox = LightboxLinked.New();
linkedLightbox.UserId = user.UserId.GetValueOrDefault();
linkedLightbox.LightboxId = lightbox.LightboxId.GetValueOrDefault();
linkedLightbox.IsEditable = editable;
linkedLightbox.ExpiryDate = expiryDate;
LightboxLinked.Update(linkedLightbox);
linkedLightboxId = linkedLightbox.LightboxLinkedId;
}
else
{
// copying lightbox
string lightboxName = lightbox.Name;
string newLightboxName = GetLightboxNameForSending(lightboxName);
Lightbox createdLightbox = DuplicateLightbox(lightbox.LightboxId.GetValueOrDefault(), newLightboxName, user.UserId.GetValueOrDefault());
createdLightboxId = createdLightbox.LightboxId.GetValueOrDefault();
}
}
LightboxSent lbs = LightboxSent.New();
lbs.LightboxId = lightbox.LightboxId.GetValueOrDefault();
lbs.CreatedLightboxId = createdLightboxId;
lbs.SenderId = User.UserId.GetValueOrDefault();
lbs.RecipientEmail = recipient;
lbs.Subject = subject;
lbs.Message = message;
lbs.DateSent = DateTime.Now;
lbs.ExpiryDate = expiryDate;
lbs.DownloadLinks = downloadLinks;
lbs.LightboxLinkedId = linkedLightboxId;
if (lbs.RecipientEmail.Length > 150)
{
throw new SystemException("Recipient email cannot exceed 150 characters");
}
if (lbs.Subject.Length > 150)
{
throw new SystemException("Subject cannot exceed 150 characters");
}
if (lbs.Message.Length > 500)
{
throw new SystemException("Message cannot exceed 500 characters");
}
LightboxSent.Update(lbs);
if (LightboxSentToUser != null)
{
LightboxSentToUser(this, new LightboxSentEventArgs(lbs));
}
AuditLogManager.LogUserAction(User, AuditUserAction.SendLightbox, string.Format("Sent LightboxId: {0} to: {1}", lightbox.LightboxId, recipient));
m_Logger.Debug("SendLightboxToUser - end");
}
/// <summary>
/// Used for public registrations
/// </summary>
public static void Register(User user)
{
// Initialise the approved company to a null instance
Company company = Company.Empty;
// Get the IP Address
string ipAddress = BusinessHelper.GetCurrentIpAddress();
// Only check for an approved company if email is not blank.
if (!StringUtils.IsBlank(user.Email))
{
company = UserSecurityManager.GetCompanyByDomain(user.Email);
}
//Process depends on the value defined in the AppSettings key "RegisterUserRequiresKnownEmailFormat".
switch (RegistrationEmailFormat)
{
case RegistrationEmailFormatType.Empty:
{
if (user.IsEmployee && !company.IsNull)
{
user.UserStatus = UserStatus.PendingEmailConfirmation;
}
else
{
user.UserStatus = UserStatus.PendingAdminApproval;
}
break;
}
case RegistrationEmailFormatType.InternalUsers:
{
if (user.IsEmployee)
{
if (company.IsNull)
{
throw new RegistrationSecurityException(user, "Your email address is not recognised as being from a company authorised to use this website. Please contact the system administrator for further information.", ipAddress);
}
user.UserStatus = UserStatus.PendingEmailConfirmation;
}
else
{
user.UserStatus = UserStatus.PendingAdminApproval;
}
break;
}
case RegistrationEmailFormatType.AllUsers:
{
if (company.IsNull)
{
throw new RegistrationSecurityException(user, "Your email address is not recognised as being from a company authorised to use this website. Please contact the system administrator for further information.", ipAddress);
}
user.UserStatus = UserStatus.PendingEmailConfirmation;
break;
}
}
// Check if user is employee or belongs to an internal company
// (If a user belongs to an internal company, then they are effectively an employee)
bool isEmployeeOrInternal = (user.IsEmployee || company.IsInternal);
// They are an employee or their email belongs to an internal company, but their ip address isn't approved so quit
if (Settings.IpAddressRestrictionEnabled && isEmployeeOrInternal && !UserSecurityManager.IsApprovedIpAddress(ipAddress))
{
throw new RegistrationSecurityException(user, "Your IP address is not recognised as being from a company authorised to use this website. Please contact the system administrator for further information.", ipAddress);
}
// Everything passed, update some standard user settings
user.IsAccountNonExpiring = false;
user.IsPasswordNonExpiring = false;
user.UserRole = UserRole.Normal;
user.RegisterDate = DateTime.Now;
// Set up default user rules and expiry dates
user.IsAllowedExternalAccess = !user.IsEmployee;
user.EnableFilePathIngestion = false;
user.AccountExpiryDate = DateTime.Now.AddDays(AccountExpiryDays);
user.PasswordExpiryDate = DateTime.Now.AddDays(PasswordExpiryDays);
// Validate standard business objecr requirements
ErrorList errors = ValidateUser(user);
// Throw an error if the user fields are not all valid
if (errors.Count > 0)
{
throw new InvalidUserException(errors, user);
}
// Save the user
User u = SaveUser(user);
FireUserCreateEvent(user);
AuditLogManager.LogUserAction(u, AuditUserAction.Register, string.Format("Registration successful. Registered from IP Address: {0}. Account status is: {1}", ipAddress, u.UserStatus));
}
private void LogUploadedAsset(Asset asset, string notes)
{
AuditLogManager.LogAssetAction(asset, UploadedBy, AuditAssetAction.UploadedAsset, notes);
AuditLogManager.LogUserAction(UploadedBy, AuditUserAction.UploadAsset, string.Format("Uploaded {0} asset - AssetId: {1}. {2}", asset.AssetType.Name, asset.AssetId, notes));
}
/// <summary>
/// Logs the user out (records an audit log event)
/// </summary>
public static void Logout(User user)
{
m_Logger.DebugFormat("User: {0}, UserId: {1} logged out successfully", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.Logout, "Logged out manually");
}
/// <summary>
/// Verify the user credentials and the account, and if if valid, returns the user
/// </summary>
/// <param name="email">Email Address</param>
/// <param name="password">Password</param>
/// <exception cref="LoginException">Thrown if email or password is missing, account is not found, or password is invalid</exception>
/// <exception cref="LoginSecurityException">Thrown if the account is pending admin approval, inactive, suspended, or the IP address is unknown and home access is not enabled</exception>
/// <exception cref="UserPendingEmailConfirmationException">Thrown if the account is pending email confirmation</exception>
/// <exception cref="AccountExpiredException">Thrown if the account is expired</exception>
/// <exception cref="PasswordExpiredException">Thrown if the password is expired</exception>
public static User Login(string email, string password)
{
// Remove space around posted values
email = email.Trim();
password = password.Trim();
// Ensure email and password exists
if (email.Length == 0 || password.Length == 0)
{
throw new LoginException("Please enter email and password", User.Empty);
}
// Get user matching email
User user = User.GetByEmail(email);
// Ensure user was found
if (user.IsNull)
{
throw new LoginException("User account not found", user);
}
// Get any info about bad logins
BadLoginInfo badLoginInfo = user.GetBadLoginInfo(m_BadLoginLockoutMinutes);
// Check that the account isn't locked based on the bad login info
if (AccountIsLocked(badLoginInfo))
{
throw new LoginException("User account is locked. Please try again in " + m_BadLoginLockoutMinutes + " minutes.", user);
}
// Get the IP address as we'll need it later
string ipAddress = BusinessHelper.GetCurrentIpAddress();
// Ensure password is correct
if (!user.CheckPassword(password))
{
// Update log
m_Logger.DebugFormat("Login failed for {0}, UserId: {1} Invalid password.", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login Failed. Invalid Password.");
// Update bad login info
badLoginInfo.BadLoginCount++;
badLoginInfo.LastBadLoginDate = DateTime.Now;
// Check to see if this failed login has locked the account
if (AccountIsLocked(badLoginInfo))
{
throw new LoginException("Too many bad login attempts. Please try again in " + m_BadLoginLockoutMinutes + " minutes.", user);
}
// Otherwise, bad login but account isn't locked
throw new LoginException("Invalid Password", user);
}
// Ensure user is not pending admin approval
if (user.UserStatus == UserStatus.PendingAdminApproval)
{
m_Logger.DebugFormat("Login failed for {0}, UserId: {1} Account is pending admin approval.", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login Failed. Account pending admin approval.");
throw new LoginSecurityException(user, "This account is awaiting approval", ipAddress);
}
// Ensure user is not pending email confirmation
if (user.UserStatus == UserStatus.PendingEmailConfirmation)
{
m_Logger.DebugFormat("Login failed for {0}, UserId: {1} Account is pending email confirmation.", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login Failed. Account pending email confirmation.");
throw new UserPendingEmailConfirmationException("This account is pending email confirmation", user);
}
// Ensure user is not rejected
if (user.UserStatus == UserStatus.Rejected)
{
m_Logger.DebugFormat("Login failed for {0}, UserId: {1} Account is rejected.", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login Failed. Account status is rejected.");
throw new LoginSecurityException(user, "This account is inactive", ipAddress);
}
// Ensure user is not suspended
if (user.IsSuspended)
{
m_Logger.DebugFormat("Login failed for {0}, UserId: {1} Account is suspended.", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login Failed. Account is suspended.");
throw new LoginSecurityException(user, "This account has been suspended", ipAddress);
}
// Ensure user can login from unapproved ip address if they are logging in from an unapproved ip address
if (Settings.IpAddressRestrictionEnabled && !UserSecurityManager.IsApprovedIpAddress(ipAddress) && !user.IsAllowedExternalAccess)
{
m_Logger.DebugFormat("Login failed for {0}, UserId: {1} The IP address '{2}' is unapproved and account does not have external access enabled.", user.FullName, user.UserId, ipAddress);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, string.Format("Login Failed. The IP address '{0}' is unapproved and user account does not have home access rights.", ipAddress));
throw new LoginSecurityException(user, "Unable to log in. Unknown IP Address.", ipAddress);
}
// Ensure the user account has not expired
if (user.GetAccountExpiryDate() < DateTime.Now)
{
m_Logger.DebugFormat("Login succeeded for {0}, UserId: {1} but account is expired", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login succeeded, but account has expired.");
throw new AccountExpiredException("This account has expired.", user);
}
// Ensure the password has not expired
if (user.GetPasswordExpiryDate() < DateTime.Now)
{
m_Logger.DebugFormat("Login succeeded for {0}, UserId: {1} but password is expired", user.FullName, user.UserId);
AuditLogManager.LogUserAction(user, AuditUserAction.UserLogin, "Login succeeded, but password has expired");
throw new PasswordExpiredException("This account's password has expired", user);
}
//create new session api token
if (!UserManager.APISessionIsValid(user))
{
UserManager.RenewSessionAPIToken(user);
}
// Update login date, audit login, etc
UpdateLastLoginAuditInfo(user);
return(user);
}
