private async Task CheckAccessToUserAsync(User user, string permissionKey) { var allowedGroupIds = await GetAllowedGroupIdsForLoggedInUserAsync(permissionKey); //Check whether the given user is any any role from allowed group Ids. var accessAllowed = user.GroupRoles.Any(cr => allowedGroupIds.Contains(cr.Group)); if (!accessAllowed) { throw new UnauthorizedAccessException(); } }
public async Task <DocumentUpdateResultDto> CreateAsync(UserDto userDto, bool isBulkImport = false) { var result = new DocumentUpdateResultDto(); try { ValidateUser(userDto); await CheckForDuplicatesAsync(userDto.Email, userDto.AlternateId); await ValidatePINAsync(userDto.PIN, userDto.GroupRoles.Select(cr => cr.GroupId).ToList()); var roleAssignments = await CreateUserGroupRolesFromDtoAsync(userDto.GroupRoles, isBulkImport?BulkData.PermissionKey : Permission_New); ValidateUserRoles(roleAssignments); var tag = userDto.Tag?.Trim(); if (string.IsNullOrEmpty(tag)) { tag = await GetUniqueTagAsync(userDto.FirstName); } else { await ValidateTagUniquenessAsync(userDto.Tag); } var user = new User { FirstName = userDto.FirstName, LastName = userDto.LastName, FullName = string.Format("{0} {1}", userDto.FirstName, userDto.LastName), NormalizedFullName = string.Format("{0} {1}", userDto.FirstName, userDto.LastName).ToUpper(), Culture = userDto.Culture, PIN = !string.IsNullOrWhiteSpace(userDto.PIN) ? CryptographicProvider.GenerateUserPINHash(userDto.PIN) : null, TimeZone = userDto.TimeZone, MobileNumber = new MobileNumber { IddCode = userDto.MobileNumber?.IddCode, Number = userDto.MobileNumber?.Number }, AlternateId = userDto.AlternateId, Email = userDto.Email, UserName = userDto.Email, NormalizedUserName = userDto.Email.ToUpper(), NormalizedEmail = userDto.Email.ToUpper(), AccessExpiryDate = userDto.AccessExpiryDate, GroupRoles = roleAssignments, UserLocation = new UserLocation { Country = userDto.UserLocation?.Country, State = userDto.UserLocation?.State, City = userDto.UserLocation?.City }, Tag = tag, ImageBlobId = userDto.ImageBlobId, PasswordHash = userDto.PasswordHash }; if (userDto.Purposes != null && userDto.Purposes.Count > 0) { user.Purposes = new List <string>(); user.Purposes.AddRange(userDto.Purposes); } await _identityService.CreateUserAsync(user); var userUpdateMessageDto = new UserUpdateMessageDto { UserId = user.Id, GroupRoles = userDto.GroupRoles }; //await _platformServiceBusService.TriggerPodAccessDefinitionGenerationAsync(userUpdateMessageDto); result.IsSucceeded = true; result.Id = user.Id; result.ETag = user.ETag; result.UpdatedById = user.UpdatedById; result.UpdatedOnUtc = user.UpdatedOnUtc; } catch (Exception e) { Console.WriteLine(e); result.IsSucceeded = false; result.ErrorCode = e.Message; } return(result); }