protected void ButtonSubmit_Click(object sender, EventArgs e)
{
DateTime dateOfBirth = new DateTime(1800, 1, 1); // null equivalent
if (this.TextDateOfBirth.Text.Length > 0)
{
dateOfBirth = DateTime.Parse(this.TextDateOfBirth.Text);
}
string street = this.TextStreet1.Text;
if (!string.IsNullOrEmpty(this.TextStreet2.Text))
{
street += "|" + this.TextStreet2.Text;
}
Person newPerson = Person.Create(this.TextName.Text, this.TextMail.Text, string.Empty, this.TextPhone.Text,
street, this.TextPostal.Text, this.TextCity.Text, this.DropCountries.SelectedValue, dateOfBirth,
(PersonGender)Enum.Parse(typeof(PersonGender), this.DropGenders.SelectedValue));
DateTime participationExpiry = Constants.DateTimeHigh;
ParticipantMailType welcomeMailType = ParticipantMailType.ParticipantAddedWelcome_NoExpiry;
int participationDurationMonths = Int32.Parse(CurrentOrganization.Parameters.ParticipationDuration);
if (participationDurationMonths < 1000)
{
participationExpiry = DateTime.Today.AddMonths(participationDurationMonths);
welcomeMailType = ParticipantMailType.ParticipantAddedWelcome;
}
Participation newParticipation = Participation.Create(newPerson, CurrentOrganization, participationExpiry);
OutboundComm.CreateParticipantMail(welcomeMailType, newParticipation, CurrentUser);
newPerson.LastLogonOrganizationId = CurrentOrganization.Identity;
SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(newPerson,
new Swarmops.Logic.Support.LogEntries.PersonAddedLogEntry(newParticipation, CurrentUser));
logEntry.CreateAffectedObject(newParticipation);
logEntry.CreateAffectedObject(CurrentUser);
// Clear form and make way for next person
this.TextName.Text = string.Empty;
this.TextStreet1.Text = string.Empty;
this.TextStreet2.Text = string.Empty;
this.TextMail.Text = string.Empty;
this.TextPhone.Text = string.Empty;
this.TextPostal.Text = string.Empty;
this.TextCity.Text = string.Empty;
this.TextDateOfBirth.Text = string.Empty;
this.DropGenders.SelectedValue = "Unknown";
this.TextName.Focus();
this.LiteralLoadAlert.Text = Resources.Pages.Swarm.AddPerson_PersonSuccessfullyRegistered;
}
protected void ButtonSubmit_Click(object sender, EventArgs e)
{
DateTime dateOfBirth = new DateTime(1800, 1, 1); // null equivalent
if (this.TextDateOfBirth.Text.Length > 0)
{
dateOfBirth = DateTime.Parse(this.TextDateOfBirth.Text);
}
string street = this.TextStreet1.Text;
if (!string.IsNullOrEmpty(this.TextStreet2.Text))
{
street += "|" + this.TextStreet2.Text;
}
Person newPerson = Person.Create(this.TextName.Text, this.TextMail.Text, string.Empty, this.TextPhone.Text,
street, this.TextPostal.Text, this.TextCity.Text, this.DropCountries.SelectedValue, dateOfBirth,
(PersonGender)Enum.Parse(typeof(PersonGender), this.DropGenders.SelectedValue));
Membership newMembership = Membership.Create(newPerson, CurrentOrganization, DateTime.Today.AddYears(1));
OutboundComm.CreateMembershipLetter(ParticipantMailType.MemberAddedWelcome, newMembership, CurrentUser);
SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(newPerson,
new Swarmops.Logic.Support.LogEntries.PersonAddedLogEntry(newMembership, CurrentUser));
logEntry.CreateAffectedObject(newMembership);
logEntry.CreateAffectedObject(CurrentUser);
// Clear form and make way for next person
this.TextName.Text = string.Empty;
this.TextStreet1.Text = string.Empty;
this.TextStreet2.Text = string.Empty;
this.TextMail.Text = string.Empty;
this.TextPhone.Text = string.Empty;
this.TextPostal.Text = string.Empty;
this.TextCity.Text = string.Empty;
this.TextDateOfBirth.Text = string.Empty;
this.DropGenders.SelectedValue = "Unknown";
this.TextName.Focus();
this.LiteralLoadAlert.Text = Resources.Pages.Swarm.AddPerson_PersonSuccessfullyRegistered;
}
public static AjaxCallResult Commence(int personId)
{
AuthenticationData authData = GetAuthenticationDataAndCulture();
if (!authData.Authority.HasSystemAccess())
{
// Restrict impersonation to system-level access for now: it's a debugging tool
return(new AjaxCallResult
{
Success = false,
DisplayMessage = CommonV5.JavascriptEscape(Resources.Pages.Admin.CommenceImpersonation_Failed)
});
}
// BEGIN IMPERSONATION
Person impersonatedPerson = Person.FromIdentity(personId);
SwarmopsLogEntry newEntry = SwarmopsLog.CreateEntry(impersonatedPerson,
new ImpersonationLogEntry {
ImpersonatorPersonId = authData.CurrentUser.PersonId, Started = true
});
newEntry.CreateAffectedObject(authData.CurrentUser); // link impersonator to log entry for searchability
// Someone who has system level access can always impersonate => no further access control at this time
// SECURITY CONSIDERATIONS: If somebody replaces/fires a superior? Trivially undoable at the database level
DateTime utcNow = DateTime.UtcNow;
Authority impersonatingAuthority = Authority.FromLogin(impersonatedPerson, authData.CurrentOrganization);
impersonatingAuthority.Impersonation = new Impersonation
{
ImpersonatedByPersonId = authData.CurrentUser.PersonId,
ImpersonationStarted = utcNow
};
FormsAuthentication.SetAuthCookie(impersonatingAuthority.ToEncryptedXml(), false);
HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Admin.CommenceImpersonation_Success, utcNow))));
return(new AjaxCallResult {
Success = true
});
}
public static AjaxCallResult TerminateImpersonation()
{
AuthenticationData authData = GetAuthenticationDataAndCulture();
if (!authData.Authority.ImpersonationActive)
{
return(new AjaxCallResult {
Success = false
}); // no impersonation active. Race condition?
}
int realUserPersonId = authData.Authority.Impersonation.ImpersonatedByPersonId;
Person impersonator = Person.FromIdentity(realUserPersonId);
// Terminate impersonation and set new authority cookie from the impersonator data.
// VERY SECURITY SENSITIVE: The identity as impersonator will be the new user.
// TODO: LOG LOG LOG LOG
SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(authData.CurrentUser,
new ImpersonationLogEntry
{
ImpersonatorPersonId = impersonator.Identity,
Started = false
});
logEntry.CreateAffectedObject(impersonator); // link impersonator to log entry for searchability
DateTime utcNow = DateTime.UtcNow;
Authority authority =
Authority.FromLogin(impersonator, authData.CurrentOrganization);
FormsAuthentication.SetAuthCookie(authority.ToEncryptedXml(), false);
HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Admin.CommenceImpersonation_Ended, utcNow))));
// returning Success will force a reload, resetting dashboard to original user
return(new AjaxCallResult {
Success = true
});
}
public static AjaxInputCallResult SetPersonEditorData(int personId, string field, string newValue)
{
if (newValue == null || field == null)
{
throw new ArgumentNullException();
}
AuthenticationData authData = GetAuthenticationDataAndCulture();
bool self = false;
// Are we modifying ourselves?
if (personId == 0) // request self record
{
self = true; // may make use of this later
personId = authData.CurrentUser.Identity;
}
// Preliminary input validation
if (string.IsNullOrEmpty(newValue))
{
if (field != "TwitterId") // These fields may be set to empty; default is disallow
{
return(new AjaxInputCallResult
{
Success = false,
ObjectIdentity = personId,
DisplayMessage = Resources.Global.Global_FieldCannotBeEmpty,
FailReason = AjaxInputCallResult.ErrorInvalidFormat,
NewValue = GetPersonValue(personId, field)
});
}
}
// Verify authority to see and change personal data
Person affectedPerson = Person.FromIdentity(personId);
if (!self)
{
if (!authData.Authority.CanSeePerson(affectedPerson) ||
!authData.Authority.HasAccess(new Access(authData.CurrentOrganization, affectedPerson.Geography,
AccessAspect.PersonalData)))
{
throw new UnauthorizedAccessException();
}
}
string oldValue;
string displayMessage = string.Empty;
while (newValue.Contains(" "))
{
newValue = newValue.Trim().Replace(" ", " "); // double, triple, quadruple spaces reduced to one
}
switch (field)
{
case "Name":
oldValue = affectedPerson.Name;
affectedPerson.Name = newValue;
break;
case "Mail":
oldValue = affectedPerson.Mail;
affectedPerson.Mail = newValue;
break;
case "Phone":
oldValue = affectedPerson.Phone;
affectedPerson.Phone = newValue;
if (!Regex.IsMatch(newValue, @"^[0-9 \(\)\-\+]+$"))
{
// using characters not typically seen in a phone number? Warn
displayMessage = Resources.Global.Master_EditPersonWarning_Phone;
}
break;
case "TwitterId":
if (newValue.StartsWith("@"))
{
newValue = newValue.Substring(1);
}
oldValue = affectedPerson.TwitterId;
affectedPerson.TwitterId = newValue;
break;
default:
throw new ArgumentException("Unrecognized field in /Automation/SwarmFunctions.SetPersonEditorData");
}
SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(affectedPerson, new PersonalDataChangedLogEntry
{
ActingPersonId = authData.CurrentUser.PersonId,
AffectedPersonId = affectedPerson.PersonId,
Field = field,
IpAddress = SupportFunctions.GetMostLikelyRemoteIPAddress(),
OldValue = oldValue,
NewValue = newValue
});
if (!self)
{
logEntry.CreateAffectedObject(authData.CurrentUser);
}
return(new AjaxInputCallResult
{
ObjectIdentity = personId,
Success = true,
NewValue = newValue,
DisplayMessage = displayMessage
});
}