37af5eceac
Available roles now in the platform: Administrator, Reseller, User, PlatformCSR, PlatformHelpdesk, ResellerCSR, ResellerHelpdesk. The platform CSR and Helpdesk are peer accounts on platform root level. The names can be used within the websitepanel_pages.config on Page and Module level. On module level the roles can be specified on the viewRoles attribute and readOnlyRoles attribute. When specifying the later all controls will be disabled within the Modile, the viewRoles just show the page or not. When nothing specified the page is just shown
249 lines
No EOL
10 KiB
C#
249 lines
No EOL
10 KiB
C#
// Copyright (c) 2012, Outercurve Foundation.
|
|
// All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without modification,
|
|
// are permitted provided that the following conditions are met:
|
|
//
|
|
// - Redistributions of source code must retain the above copyright notice, this
|
|
// list of conditions and the following disclaimer.
|
|
//
|
|
// - Redistributions in binary form must reproduce the above copyright notice,
|
|
// this list of conditions and the following disclaimer in the documentation
|
|
// and/or other materials provided with the distribution.
|
|
//
|
|
// - Neither the name of the Outercurve Foundation nor the names of its
|
|
// contributors may be used to endorse or promote products derived from this
|
|
// software without specific prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
|
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
|
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Threading;
|
|
using System.Diagnostics;
|
|
using System.Security;
|
|
using System.Security.Principal;
|
|
using System.Web;
|
|
using WebsitePanel.Providers.Common;
|
|
|
|
namespace WebsitePanel.EnterpriseServer
|
|
{
|
|
/// <summary>
|
|
/// Provides security utilities.
|
|
/// </summary>
|
|
public class SecurityContext
|
|
{
|
|
public const string ROLE_ADMINISTRATOR = "Administrator";
|
|
public const string ROLE_RESELLER = "Reseller";
|
|
public const string ROLE_USER = "User";
|
|
public const string ROLE_PLATFORMCSR = "PlatformCSR";
|
|
public const string ROLE_PLATFORMHELPDESK = "PlatformHelpdesk";
|
|
public const string ROLE_RESELLERCSR = "ResellerCSR";
|
|
public const string ROLE_RESELLERHELPDESK = "ResellerHelpdesk";
|
|
|
|
public const string CONTEXT_USER_INFO = "CONTEXT_USER_INFO";
|
|
|
|
public static void SetThreadPrincipal(int userId)
|
|
{
|
|
UserInfo user = UserController.GetUserInternally(userId);
|
|
if (user == null)
|
|
throw new Exception(String.Format("User '{0}' can not be loaded", userId));
|
|
|
|
SetThreadPrincipal(user);
|
|
}
|
|
|
|
public static void SetThreadPrincipal(UserInfo user)
|
|
{
|
|
// set roles array
|
|
List<string> roles = new List<string>();
|
|
roles.Add(SecurityContext.ROLE_USER);
|
|
|
|
if (user.Role == UserRole.Reseller || user.Role == UserRole.Administrator ||
|
|
user.Role == UserRole.PlatformHelpdesk || user.Role == UserRole.ResellerHelpdesk)
|
|
roles.Add(SecurityContext.ROLE_RESELLERHELPDESK);
|
|
|
|
if (user.Role == UserRole.Reseller || user.Role == UserRole.Administrator ||
|
|
user.Role == UserRole.PlatformCSR || user.Role == UserRole.ResellerCSR)
|
|
roles.Add(SecurityContext.ROLE_RESELLERCSR);
|
|
|
|
if (user.Role == UserRole.Reseller || user.Role == UserRole.Administrator ||
|
|
user.Role == UserRole.PlatformHelpdesk)
|
|
roles.Add(SecurityContext.ROLE_PLATFORMHELPDESK);
|
|
|
|
if (user.Role == UserRole.Reseller || user.Role == UserRole.Administrator ||
|
|
user.Role == UserRole.PlatformCSR)
|
|
roles.Add(SecurityContext.ROLE_PLATFORMCSR);
|
|
|
|
if (user.Role == UserRole.Reseller || user.Role == UserRole.Administrator)
|
|
roles.Add(SecurityContext.ROLE_RESELLER);
|
|
|
|
if (user.Role == UserRole.Administrator)
|
|
roles.Add(SecurityContext.ROLE_ADMINISTRATOR);
|
|
|
|
// create a new generic principal/identity and place them to context
|
|
EnterpriseServerIdentity identity = new EnterpriseServerIdentity(user.UserId.ToString());
|
|
EnterpriseServerPrincipal principal = new EnterpriseServerPrincipal(identity, roles.ToArray());
|
|
|
|
principal.UserId = user.UserId;
|
|
principal.OwnerId = user.OwnerId;
|
|
principal.IsPeer = user.IsPeer;
|
|
principal.IsDemo = user.IsDemo;
|
|
principal.Status = user.Status;
|
|
|
|
Thread.CurrentPrincipal = principal;
|
|
}
|
|
|
|
public static void SetThreadSupervisorPrincipal()
|
|
{
|
|
UserInfo user = new UserInfo();
|
|
user.UserId = -1;
|
|
user.OwnerId = 0;
|
|
user.IsPeer = false;
|
|
user.IsDemo = false;
|
|
user.Status = UserStatus.Active;
|
|
user.Role = UserRole.Administrator;
|
|
|
|
SetThreadPrincipal(user);
|
|
}
|
|
|
|
public static EnterpriseServerPrincipal User
|
|
{
|
|
get
|
|
{
|
|
EnterpriseServerPrincipal principal = Thread.CurrentPrincipal as EnterpriseServerPrincipal;
|
|
if(principal != null)
|
|
return principal;
|
|
|
|
// Username Token Manager was unable to set principal
|
|
// or authentication is disabled
|
|
// create supervisor principal
|
|
SetThreadSupervisorPrincipal();
|
|
|
|
return (EnterpriseServerPrincipal)Thread.CurrentPrincipal;
|
|
}
|
|
}
|
|
|
|
public static bool CheckAccount(ResultObject res, DemandAccount demand)
|
|
{
|
|
int accountCheck = SecurityContext.CheckAccount(DemandAccount.NotDemo | DemandAccount.IsActive);
|
|
if (accountCheck < 0)
|
|
{
|
|
res.ErrorCodes.Add(BusinessErrorCodes.ToText(accountCheck));
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public static int CheckAccount(DemandAccount demand)
|
|
{
|
|
if ((demand & DemandAccount.NotDemo) == DemandAccount.NotDemo)
|
|
{
|
|
// should make a check if the account is not in demo mode
|
|
if (User.IsDemo)
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_DEMO;
|
|
}
|
|
|
|
if ((demand & DemandAccount.IsActive) == DemandAccount.IsActive)
|
|
{
|
|
// check is the account is active
|
|
if (User.Status == UserStatus.Pending)
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_PENDING;
|
|
else if (User.Status == UserStatus.Suspended)
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_SUSPENDED;
|
|
else if (User.Status == UserStatus.Cancelled)
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_CANCELLED;
|
|
}
|
|
|
|
if ((demand & DemandAccount.IsAdmin) == DemandAccount.IsAdmin)
|
|
{
|
|
// should make a check if the account has Admin role
|
|
if (!User.IsInRole(ROLE_ADMINISTRATOR))
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_SHOULD_BE_ADMINISTRATOR;
|
|
}
|
|
|
|
if ((demand & DemandAccount.IsReseller) == DemandAccount.IsReseller)
|
|
{
|
|
// should make a check if the account has Admin role
|
|
if (!User.IsInRole(ROLE_RESELLER))
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_NOT_ENOUGH_PERMISSIONS;
|
|
}
|
|
|
|
if ((demand & DemandAccount.IsPlatformCSR) == DemandAccount.IsPlatformCSR)
|
|
{
|
|
// should make a check if the account has Admin role
|
|
if (!User.IsInRole(ROLE_PLATFORMCSR))
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_NOT_ENOUGH_PERMISSIONS;
|
|
}
|
|
|
|
if ((demand & DemandAccount.IsPlatformHelpdesk) == DemandAccount.IsPlatformHelpdesk)
|
|
{
|
|
// should make a check if the account has Admin role
|
|
if (!User.IsInRole(ROLE_PLATFORMHELPDESK))
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_NOT_ENOUGH_PERMISSIONS;
|
|
}
|
|
|
|
|
|
if ((demand & DemandAccount.IsResellerHelpdesk) == DemandAccount.IsResellerHelpdesk)
|
|
{
|
|
// should make a check if the account has Admin role
|
|
if (!User.IsInRole(ROLE_RESELLERHELPDESK))
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_NOT_ENOUGH_PERMISSIONS;
|
|
}
|
|
|
|
|
|
if ((demand & DemandAccount.IsResellerCSR) == DemandAccount.IsResellerCSR)
|
|
{
|
|
// should make a check if the account has Admin role
|
|
if (!User.IsInRole(ROLE_RESELLERCSR))
|
|
return BusinessErrorCodes.ERROR_USER_ACCOUNT_NOT_ENOUGH_PERMISSIONS;
|
|
}
|
|
|
|
|
|
return 0;
|
|
}
|
|
|
|
public static bool CheckPackage(ResultObject res, int packageId, DemandPackage demand)
|
|
{
|
|
int packageCheck = SecurityContext.CheckPackage(packageId, DemandPackage.IsActive);
|
|
if (packageCheck < 0)
|
|
{
|
|
res.ErrorCodes.Add(BusinessErrorCodes.ToText(packageCheck));
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public static int CheckPackage(int packageId, DemandPackage demand)
|
|
{
|
|
// load package
|
|
PackageInfo package = PackageController.GetPackage(packageId);
|
|
if (package == null)
|
|
return BusinessErrorCodes.ERROR_PACKAGE_NOT_FOUND;
|
|
|
|
return CheckPackage(package, demand);
|
|
}
|
|
|
|
public static int CheckPackage(PackageInfo package, DemandPackage demand)
|
|
{
|
|
if ((demand & DemandPackage.IsActive) == DemandPackage.IsActive)
|
|
{
|
|
// should make a check if the package is active
|
|
if (package.StatusId == (int)PackageStatus.Cancelled)
|
|
return BusinessErrorCodes.ERROR_PACKAGE_CANCELLED;
|
|
else if (package.StatusId == (int)PackageStatus.Suspended)
|
|
return BusinessErrorCodes.ERROR_PACKAGE_SUSPENDED;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
}
|
|
} |