Certificate/wireless plugins; major refactoring

Migrate much of BI to Services. Added Wireless Profile Provider plugin feature. Added Certificate Authority Provider plugin feature. Modified Certificate Provider plugin feature. Database migration v17, for Device Profiles. Enrolment Client Updated to support CA Certificates, Wireless Profiles and Hardware Info. New Client Enrolment Protocol to support new features. Plugin Manifest Generator added to main solution. Improved AD search performance.
2016-09-28 20:16:25 +10:00
parent 489a5df7cc
commit 27c21175d7
210 changed files with 9822 additions and 6675 deletions
@@ -0,0 +1,192 @@
+using Disco.Data.Repository;
+using Disco.Models.Repository;
+using Disco.Services.Authorization;
+using Disco.Services.Interop.ActiveDirectory;
+using Disco.Services.Users;
+using System;
+using System.Linq;
+
+namespace Disco.Services
+{
+    public static class DeviceActionExtensions
+    {
+
+        public static bool IsDecommissioned(this Device d)
+        {
+            return d.DecommissionedDate.HasValue;
+        }
+
+        public static bool CanCreateJob(this Device d)
+        {
+            if (!JobActionExtensions.CanCreate())
+                return false;
+
+            return !d.IsDecommissioned();
+        }
+
+        public static bool CanUpdateAssignment(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Actions.AssignUser))
+                return false;
+
+            return !d.IsDecommissioned();
+        }
+
+        public static bool CanUpdateDeviceProfile(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Properties.DeviceProfile))
+                return false;
+
+            return !d.IsDecommissioned();
+        }
+
+        public static bool CanUpdateDeviceBatch(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Properties.DeviceBatch))
+                return false;
+
+            return !d.IsDecommissioned();
+        }
+
+        public static bool CanUpdateTrustEnrol(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Actions.AllowUnauthenticatedEnrol))
+                return false;
+
+            return !d.IsDecommissioned() && !d.AllowUnauthenticatedEnrol;
+        }
+        public static bool CanUpdateUntrustEnrol(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Actions.AllowUnauthenticatedEnrol))
+                return false;
+
+            return !d.IsDecommissioned() && d.AllowUnauthenticatedEnrol;
+        }
+
+        #region Decommission
+        public static bool CanDecommission(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Actions.Decommission))
+                return false;
+
+            if (d.DecommissionedDate.HasValue)
+                return false; // Already Decommissioned
+
+            if (d.AssignedUserId != null)
+                return false; // User Assigned to Device
+
+            if (d.Jobs.Count(j => !j.ClosedDate.HasValue) > 0)
+                return false; // Device linked to > 0 Open Jobs
+
+            return true;
+        }
+        public static void OnDecommission(this Device d, Disco.Models.Repository.DecommissionReasons Reason)
+        {
+            if (!d.CanDecommission())
+                throw new InvalidOperationException("Decommission of Device is Denied");
+
+            d.DecommissionedDate = DateTime.Now;
+            d.DecommissionReason = Reason;
+
+            // Disable AD Account
+            if (ActiveDirectory.IsValidDomainAccountId(d.DeviceDomainId))
+            {
+                var adAccount = d.ActiveDirectoryAccount();
+                if (adAccount != null && !adAccount.IsCriticalSystemObject)
+                {
+                    adAccount.DisableAccount();
+                }
+            }
+        }
+        #endregion
+        #region Recommission
+        public static bool CanRecommission(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Actions.Recommission))
+                return false;
+
+            return d.DecommissionedDate.HasValue;
+        }
+        public static void OnRecommission(this Device d)
+        {
+            if (!d.CanRecommission())
+                throw new InvalidOperationException("Recommission of Device is Denied");
+
+            d.DecommissionedDate = null;
+            d.DecommissionReason = null;
+
+            // Enable AD Account
+            if (ActiveDirectory.IsValidDomainAccountId(d.DeviceDomainId))
+            {
+                var adAccount = d.ActiveDirectoryAccount();
+                if (adAccount != null && !adAccount.IsCriticalSystemObject)
+                {
+                    adAccount.EnableAccount();
+                }
+            }
+        }
+        #endregion
+
+        #region Delete
+        public static bool CanDelete(this Device d)
+        {
+            if (!UserService.CurrentAuthorization.Has(Claims.Device.Actions.Delete))
+                return false;
+
+            return d.DecommissionedDate.HasValue;
+        }
+        public static void OnDelete(this Device d, DiscoDataContext Database)
+        {
+            // Delete Jobs
+            foreach (Job j in Database.Jobs.Where(i => i.DeviceSerialNumber == d.SerialNumber))
+            {
+                if (j.UserId == null)
+                { // No User associated, thus must Delete whole Job
+                    if (j.CanDelete())
+                        j.OnDelete(Database);
+                    else
+                        throw new InvalidOperationException(string.Format("Deletion of Device is Denied (See Job# {0})", j.Id));
+                }
+                else
+                {
+                    // User associated to Job, thus just remove Devices' association
+                    j.DeviceSerialNumber = null;
+
+                    // Write Job Log
+                    JobLog jobLog = new JobLog()
+                    {
+                        JobId = j.Id,
+                        TechUserId = UserService.CurrentUser.UserId,
+                        Timestamp = DateTime.Now,
+                        Comments = string.Format("# Device Deleted\r\n\r\nSerial Number: **{0}**\r\nComputer Name: **{1}**\r\nModel: **{2}**\r\nProfile: **{3}**",
+                                                    d.SerialNumber, d.DeviceDomainId, d.DeviceModel, d.DeviceProfile)
+                    };
+                    Database.JobLogs.Add(jobLog);
+                }
+            }
+
+            // Disable Wireless Certificates
+            foreach (var wc in Database.DeviceCertificates.Where(i => i.DeviceSerialNumber == d.SerialNumber))
+            {
+                wc.DeviceSerialNumber = null;
+                wc.Enabled = false;
+            }
+            // Delete Device Details
+            foreach (var dd in Database.DeviceDetails.Where(i => i.DeviceSerialNumber == d.SerialNumber))
+                Database.DeviceDetails.Remove(dd);
+            // Delete Device Attachments
+            foreach (var da in Database.DeviceAttachments.Where(i => i.DeviceSerialNumber == d.SerialNumber))
+            {
+                da.RepositoryDelete(Database);
+                Database.DeviceAttachments.Remove(da);
+            }
+            // Delete Device User Assignments
+            foreach (var dua in Database.DeviceUserAssignments.Where(i => i.DeviceSerialNumber == d.SerialNumber))
+                Database.DeviceUserAssignments.Remove(dua);
+
+            Database.Devices.Remove(d);
+        }
+        #endregion
+
+    }
+}