public ActionResult CustomerRoles(CustomerRoleModel model, string submitButton) { //check the other submit buttons and act on them, or continue switch (submitButton) { case "Cancel": return(RedirectToAction("Index", "Users")); } int userID = (new UserFactory()).GetUserId(model.Username); //remove all caching table data for this user (new UserCustomerAccessManager()).ClearCustomerAccess(userID); //first, we HAVE to loop horugh and remove all the groups before we add. This way when adding maintneance groups, the _maint group gtes added correctly. foreach (var customerRole in model.CustomerRoles) { //get a auth manager for this customer var authMan = new AuthorizationManager(customerRole.CustomerInternalName); //remove the user from all the groups in this customer authMan.RemoveMemberGroups(model.Username); //remove them from maintenance as well. this is the only place we do this since this is the only place they can be added to a maint gorup without being set as a technician. //IE - only applies to administrative users. authMan.RemoveMemberFromMaintenanceGroup(model.Username); //now we have to clear the menu cache HttpContext.Cache.Remove("__PemsMenu" + customerRole.CustomerInternalName.Trim() + model.Username.Trim()); } //now add the correct roles foreach (var customerRole in model.CustomerRoles) { // now add them to the specific group for this store they will have access to //only need to do this when there is a valid group name (not empty) if (customerRole.CurrentRole != (new ResourceFactory()).GetLocalizedTitle(ResourceTypes.DropDownDefault, "Select One")) { var authMan = new AuthorizationManager(customerRole.CustomerInternalName); authMan.AddGroupMember(customerRole.CurrentRole, model.Username, false); //also update the caching table - they have access to one role, so they have access to the site. authMan.AddCustomerAccess(userID); //we also have to add them to the _maintenance Role if this customer is a maintenance group //IE - we are giving any duncan admin users (which are the only ones using this page) //that have any access to this maintenance group a _maintenance role as well, so they can log into the handheld. //have to setup the city first customerRole.Customer = new PemsCity(customerRole.CustomerInternalName); if (customerRole.Customer.CustomerType == CustomerProfileType.MaintenanceGroup) { (new TechnicianFactory()).AddAdminTechnicianToMaintenanceGroup(model.Username, customerRole.Customer, userID); } } } return(RedirectToAction("Index", "Users")); }
/// <summary> /// Creates the user in the system and returns the system generated username /// </summary> /// <param name="useModelUserName">If true then try to use <see cref="UserModel"/> instance Username if it exists. Otherwise fall back to building a user name. </param> public string CreateUser(UserModel userModel, string storeName, string password, bool active, bool useModelUserName) { var authorizationManager = new AuthorizationManager(storeName); string username = CreateUniqueUserName(userModel.FirstName, userModel.MiddleInitial, userModel.LastName); username = (useModelUserName && !string.IsNullOrWhiteSpace(userModel.Username)) ? userModel.Username : username; //register the user //try to get the dbuser, and if they arlready exists, just create the account, otherwise create the user and account. if (!authorizationManager.InAuthorizationSystem(username)) { WebSecurity.CreateUserAndAccount(username, password, new { FirstName = userModel.FirstName, MiddleName = userModel.MiddleInitial, LastName = userModel.LastName, Phone = userModel.PhoneNumber, Email = userModel.EmailAddress, CreatedDate = DateTime.Now, RequirePasswordReset = true }); } else { //only create them if they dont already exist if (!WebSecurity.UserExists(username)) { //create them WebSecurity.CreateAccount(username, password); } } //update their profile //set the models username now that we have it userModel.Username = username; UpdateUserProfile(userModel, active); //now force them to change their pw on next login UpdateUserPasswordReset(username, true); //add the password to the password history so they cant set it back ot the default var pwMGr = new PasswordManager(username); pwMGr.AddPasswordToHistory(password); //now add them to the default group for this store they will have access to authorizationManager.AddGroupMember(Constants.Security.DefaultStoreGroupName, username); //update the caching table to include this person int userID = GetUserId(userModel.Username); authorizationManager.AddCustomerAccess(userID); //have to check to see if groupname is null - otherwise we throw an error if (!string.IsNullOrEmpty(userModel.Role)) { // now add them to the specific group for this store they will have access to authorizationManager.AddGroupMember(userModel.Role, username); } return(username); }