Last active
March 19, 2024 06:26
-
-
Save hawjeh/43bde97628ee93a9ef68889323ff8f60 to your computer and use it in GitHub Desktop.
User Access Report
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using Telerik.Sitefinity.Modules.Pages; | |
using Telerik.Sitefinity.Multisite; | |
using Telerik.Sitefinity.Pages.Model; | |
using Telerik.Sitefinity.Security; | |
using Telerik.Sitefinity.Security.Model; | |
namespace SitefinityWebApp.Api.Services | |
{ | |
public class UserReportService | |
{ | |
private readonly UserManager _userManager; | |
private readonly UserProfileManager _userProfileManager; | |
private readonly RoleManager _roleManager; | |
private readonly RoleManager _roleManagerApp; | |
private readonly MultisiteManager _multisiteManager; | |
private readonly PageManager _pageManager; | |
public UserReportService() | |
{ | |
_userManager = UserManager.GetManager(); | |
_userProfileManager = UserProfileManager.GetManager(); | |
// https://community.progress.com/s/article/how-to-get-all-roles-names | |
_roleManager = RoleManager.GetManager(); | |
_roleManagerApp = RoleManager.GetManager("AppRoles"); | |
_multisiteManager = MultisiteManager.GetManager(); | |
_pageManager = PageManager.GetManager(); | |
} | |
public string GenerateUserAccessReport() | |
{ | |
var userAccessRecords = GetUserAccessRecords(); | |
var report = GenerateReport(userAccessRecords); | |
return report; | |
} | |
private Dictionary<Guid, List<string>> GetUserAccessRecords() | |
{ | |
try | |
{ | |
var records = new Dictionary<Guid, List<string>>(); | |
_pageManager.Provider.SuppressSecurityChecks = true; | |
// multi site pages | |
// https://community.progress.com/s/article/How-to-get-all-the-pages-from-a-specific-site-in-a-multisite-project | |
// https://community.progress.com/s/article/How-to-get-all-the-Pages-from-all-the-sites-in-Sitefinity-Multisite-using-API | |
foreach (var site in _multisiteManager.GetSites()) | |
{ | |
var pages = _pageManager.GetPageNodes() | |
.ToList() | |
.Where(x => x.RootNodeId == site.SiteMapRootNodeId | |
&& x.ApprovalWorkflowState == "Published" // published page in the default language | |
&& !x.IsDeleted // omitting deleted page | |
&& !x.IsBackend // omitting backend page | |
&& x.NodeType == NodeType.Standard // omitting redirect and group pages | |
).ToList(); | |
// List of actions | |
string[] operationalPageActions = new string[] { | |
SecurityConstants.Sets.Pages.Create, | |
SecurityConstants.Sets.Pages.CreateChildControls, | |
SecurityConstants.Sets.Pages.Delete, | |
SecurityConstants.Sets.Pages.EditContent, | |
SecurityConstants.Sets.Pages.Modify | |
}; | |
// Loop through pages and its permission | |
foreach (var page in pages) | |
{ | |
// role / user id | |
var principalsToGrantPermissions = new List<Guid>(); | |
if (page != null) | |
{ | |
foreach (var perm in page.GetActivePermissions().Where(p => p.PrincipalId != SecurityManager.OwnerRole.Id)) | |
{ | |
if (operationalPageActions.Any(action => perm.IsGranted(action)) && (!principalsToGrantPermissions.Contains(perm.PrincipalId))) | |
{ | |
principalsToGrantPermissions.Add(perm.PrincipalId); | |
} | |
} | |
} | |
foreach (var id in principalsToGrantPermissions) | |
{ | |
var siteUrl = site.LiveUrl + page.GetFullUrl().Replace("~", ""); | |
if (UserManager.FindUser(id) != null) | |
{ | |
var usr = UserManager.FindUser(id); | |
if (usr == null || string.IsNullOrEmpty(usr.Email)) | |
continue; | |
if (!records.ContainsKey(usr.Id)) | |
{ | |
records.Add(usr.Id, new List<string> { siteUrl }); | |
} | |
else | |
{ | |
if (!records[usr.Id].Contains(siteUrl)) | |
{ | |
records[usr.Id].Add(siteUrl); | |
} | |
} | |
} | |
else | |
{ | |
var role1 = _roleManager.GetRole(id); | |
var role2 = _roleManagerApp.GetRole(id); | |
var userIds = role1.Users.Select(x => x.UserId).Concat(role2.Users.Select(x => x.UserId)); | |
foreach (var uid in userIds) | |
{ | |
if (!records.ContainsKey(uid)) | |
{ | |
records.Add(uid, new List<string> { siteUrl }); | |
} | |
else | |
{ | |
if (!records[uid].Contains(siteUrl)) | |
{ | |
records[uid].Add(siteUrl); | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
_pageManager.Provider.SuppressSecurityChecks = false; | |
return records; | |
} | |
catch (Exception ex) | |
{ | |
throw ex; | |
} | |
} | |
private string GenerateReport(Dictionary<Guid, List<string>> records) | |
{ | |
try | |
{ | |
var baseCsv = "Account Name,Account Id,Email,GroupNames,Application,Status,Last Login Date"; | |
var users = _userManager.GetUsers().ToList(); | |
// print all users | |
foreach (var user in users) | |
{ | |
var userProfile = _userProfileManager.GetUserProfile<SitefinityProfile>(user); | |
var role1 = _roleManager.GetRolesForUser(user.Id).Select(x => x.Name).ToList(); | |
var role2 = _roleManagerApp.GetRolesForUser(user.Id).Select(x => x.Name).ToList(); | |
var roleCombined = string.Join("|", role1.Concat(role2)); | |
var applicationValue = "All Pages"; | |
if (records.ContainsKey(user.Id)) | |
{ | |
applicationValue = string.Join("|", records[user.Id]); | |
} | |
else if (!roleCombined.Contains("Administrator")) | |
{ | |
applicationValue = string.Empty; | |
} | |
if (userProfile != null) | |
{ | |
var name = string.Format("{0} {1}", userProfile.FirstName, userProfile.LastName); | |
var accountId = string.Empty; | |
var email = user.Email; | |
var groupName = roleCombined; | |
var application = applicationValue; | |
var status = DateTime.Today.Subtract(user.LastLoginDate).TotalDays > 60 ? "Inactive" : "Active"; | |
var lastLoginDate = user.LastLoginDate; | |
baseCsv += string.Format("\r\n{0},{1},{2},{3},{4},{5},{6}", name, accountId, email, groupName, application, status, lastLoginDate); | |
} | |
} | |
return baseCsv; | |
} | |
catch (Exception ex) | |
{ | |
throw ex; | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment