...
| Info |
|---|
Required Namespaces When working with Person objects, minimally you should add references to the following namespaces |
| Code Block |
|---|
|
using TheDotNetFactory.Framework;
using TheDotNetFactory.FrameWork.Common;
using TheDotNetFactory.FrameWork.Common.Shared;
using TheDotNetFactory.Framework.Core;
using C = TheDotNetFactory.Framework.People.Components;
using E = TheDotNetFactory.Framework.People.Entities; |
Get by Job Title
| Code Block |
|---|
|
string columnsToSearch = "Title";
string textToSearch = "Helpdesk";
var pageLength = 500;
int totalCount;
E.VList<C.PersonView> p = C.PersonView.GetAllSearch(columnToSearch, textToSearch, 1, pageLength, out totalCount);
//Write the results to the console
foreach(var a in p)
Console.WriteLine("Name: {0}, Login: {1}, PersonID: {2}", a.Name, a.Login, a.PersonID); |
Create a new Person object
| Code Block |
|---|
|
C.Person p = new C.Person();
p.LastName = "Simone";
p.FirstName = "John";
p.Name = "John Simone";
p.Active = true;
p.AllowLogin = true;
p.Login = "jSimone";
//Add the person object to the Identity Warehouse
p.Insert(); |
Get People without Accounts
| Code Block |
|---|
|
string columnsToSearch = "";
string textToSearch = "";
E.VList<C.PersonView> pView = C.PersonView.GetPeopleWithNoAccounts(columnsToSearch, textToSearch);
//Write the results to the console
if (pView.Count > 0)
{
foreach (var a in pView)
Console.WriteLine("Name: {0}", a.FriendlyName);
} |
Execute Account RETs
| Code Block |
|---|
|
string columnsToSearch = "";
string textToSearch = "";
E.VList<C.PersonView> pView = C.PersonView.GetPeopleWithNoAccounts(columnsToSearch, textToSearch);
//Create a new Person Components list
E.TList<C.Person> pList = new E.TList<C.Person>();
//Create a new dictionary with an empty key to pass to the method that will provision any entitlements for the people without accounts
Dictionary<string, object> myDictionary = new Dictionary<string, object>();
string str = "";
object obj = null;
myDictionary.Add(str, obj);
//Convert all people in the pView list to Person.Component objects and add them to the Person Components list
//This allows us to call the methods associated with Person objects.
if (pView.Count > 0)
{
foreach (var p in pView)
if(p.FriendlyName != "empoweriduser")
{
pList.Add(p.ToPerson());
}
//Provision any entitlements for the people. In this case we are setting the Primary OrgRoleOrgZone for each person
//without an account to an OrgRoleOrgZone with a RET that grants people in that OrgRoleOrgZone a user account
foreach(var x in pList)
{
x.PrimaryOrgRoleOrgZoneID = 2351;
x.Update();
C.ResourceEntitlement.ProvisionPersonEntitlements(x, myDictionary);
x.Update();
}
} |
Change the primary Business Role and Location
| Code Block |
|---|
|
//Pass in the PersonID
C.Person p = C.Person.GetByPersonID(3174);
//Pass in the new primary Business Role and Location by OrgRoleOrgZoneID
p.ChangePrimaryOrgRoleOrgZone(2307); |
Disable a Person
| Code Block |
|---|
|
//This does not disable user accounts associated with the person
C.Person p = C.Person.GetByPersonID(3174);
p.Disable(); |
Reset a Person's Password
| Code Block |
|---|
|
C.Person p = C.Person.GetByLogin("jSimone");
p.ResetPassword("myNewPass@word123"); |
Unlock a Person
| Code Block |
|---|
|
//Pass in the Person ID
C.Person p = C.Person.Unlock(3174); |
Get Access Assignments
| Code Block |
|---|
|
string columnsToSearch = " ";
string textToSearch = " ";
E.Vlist<C.RbacResourceRoleAssignment> r = C.RbacResourceRoleAssignment.GetAllAssignedDirectlyToPersonID(3150, columnsToSearch, textToSearch); |
Get People in Management Role
| Code Block |
|---|
|
var personInManagementRole = C.Person.GetByManagementRoleID(19);
//Write the results to the console
Console.WriteLine("The following people are assigned to the {0} Management Role: ", C.ManagementRole.GetByManagementRoleID(18).Name);
foreach (var p in personInManagementRole)
Console.WriteLine(p.FriendlyName) |
Get a Person's Management Role
| Code Block |
|---|
|
var p = C.ManagementRole.GetByPersonID(3150);
//Write the results to the console
if (p.Count > 0)
{
Console.WriteLine("{0} has the following Management Roles: ", C.Person.GetByPersonID(3150).FriendlyName);
foreach (var a in p)
Console.WriteLine(a.FriendlyName);
} |
Get People in Business Role and Location
| Code Block |
|---|
|
string columnsToSearch = "Friendly Name"string textToSearch = "Standard Employee in Temporary Location ";
E.VList<C.PersonView> p = C.PersonView.GetByOrgRoleOrgZoneID(2309, columnsToSearch, textToSearch); |
Get People in a Group
| Code Block |
|---|
|
var grMembers = C.Person.GetByGroupID(66);
//Write the results to the console
if(grMembers.Count > 0)
{
Console.WriteLine("{0} has {1} members.", C.Group.GetByGroupID(66).FriendlyName, p.Count.ToString());
foreach (var m in grMembers)
Console.WriteLine(m.FriendlyName);
} |
Get a Person's Group memberships
| Code Block |
|---|
|
var grMemberships = C.GroupView.GetByPersonID(3148)
//Write the results to the console
foreach(var gr in grMemberships)
Console.WriteLine("{0} is a member of {1}", C.Person.GetByPersonID(3150).FriendlyName, gr.FriendlyName); |
Check specific access to a resource
| Code Block |
|---|
|
//In this example, we pass in the specific PersonID, ResourceID, and Operation
string operation = "List";
int resourceID = 93;
int personID = 3150;
var hasAccess = C.Resource.HasAccess(personID, resourceID, operation);
//Write the results to the console
Console.WriteLine(hasAccess); |
Check all access to a resource
| Code Block |
|---|
|
//Pass in the PersonID
int personID = 3148;
//Pass in the ResourceID
int resourceID = 953500;
//Check the allowed operations
var allowedOperations = C.ResourceTypeOperation.GetByPersonIDAndResourceID(personID, resourceID);
//Write the results to the console
Console.WriteLine("{0} has the following operations allowed for {1}: ", C.Person.GetByPersonID(3148).FriendlyName, C.Resource.GetByResourceID(953500).FriendlyName);
foreach(var operation in allowedOperations)
Console.WriteLine(operation.Name); |
Get People able to execute an operation against a resource
| Code Block |
|---|
|
//In this example, we pass in the ResourceID of the resource and the name of the Operation
int resourceID = 1183422;
string operation = "MoveMailbox";
var whoHasAccess = C.Resource.GetPeopleWithAccess(resourceID, operation);
//Write the results to the console
foreach(var person in whoHasAccess)
Console.WriteLine(person.FriendlyName); |
Get all operations executed by a Person
| Code Block |
|---|
var columnsToSearch = " ";
var textToSearch = " ";
var operationsExecutedByPerson = C.BusinessProcessTaskSlotView.GetByPersonID(3148, columnsToSearch, textToSearch);
//Write the results to the console
foreach (var operation in operationsExecutedByPerson)
Console.WriteLine(operation.BusinessProcessTaskFriendlyName); |
Working with User Accounts
In EmpowerID, user accounts are Identity Warehouse objects that represent the user accounts in external account stores, such as Active Directory or Office 365. User accounts are generally linked to EmpowerID Person objects, and as such, any actions performed against an account can affect the Person objects to which they are linked and vice-versa. As with the EmpowerID Person, the Workflow Studio object model contains two namespaces with multiple classes for working with accounts in EmpowerID—the People.Components namespace and the People.Entities namespace.
| Info |
|---|
Required Namespaces When working with Account objects, minimally you should add references to the following namespaces: |
| Code Block |
|---|
|
using TheDotNetFactory.Framework;
using TheDotNetFactory.FrameWork.Common;
using TheDotNetFactory.FrameWork.Common.Shared;
using TheDotNetFactory.Framework.Core;
using C = TheDotNetFactory.Framework.People.Components;
using E = TheDotNetFactory.Framework.People.Entities; |
Create an account and a Person linked to the account
| Code Block |
|---|
//Create a new account, add it to an account store, and set some properties for it
C.AccountStore accStore = C.AccountStore.GetByAccountStoreID(259);
C.Account acc = new C.Account();
acc.AccountStoreID = 259;
acc.Name = "Jacques Clouseay";
acc.LogonName = "jClouseay";
acc.CreatedDate = DateTime.UtcNow;
acc.DistinguishedName = "CN=Jacques Clouseay,OU=Sydney,OU=Offices,DC=tdnfdemo,DC=com";
//Create the account and set the password for it
acc.Create(acc, "pass@word1");
//Create an EmpowerID Person for the account
C.Person per = new C.Person();
per.FirstName = acc.FirstName;
per.LastName = acc.LastName;
per.Name = acc.Name;
per.Login = acc.LogonName;
acc.PersonID = per.PersonID;
//Write the results to the console
Console.WriteLine("New Person: {0} created from Account: {1}", per.Name, acc.Name); |
Move an account
| Code Block |
|---|
|
//Get the account you wish to move by AccountID
var acc = C.Account.GetByAccountID(3120);
//Move the account, passing in the new OU path
acc.Move("OU=New Mexico,OU=Offices,DC=tdnfdemo,DC=com");
//Write the results to the console
Console.WriteLine(acc.ResourceIDSource.ParentOU);
//Verify the move occurred in the Account Store
Console.WriteLine(acc.AccountStoreIdentityEntry.Path); |
Add an account to a group
| Code Block |
|---|
|
//Create a new Group TList and add a group to the list
var groupList = new TList<C.Group>();
groupList.Add(C.Group.GetByGroupID(66));
//Add the account to the groups in the list
var account = C.Account.GetByAccountID(26471).AddToGroups(groupList);
//Write the results to the console
var acc = C.AccountView.GetByGroupID(66, columnsToSearch: "", textToSearch: "");
foreach (var a in acc)
if (a.AccountID == 26471)
Console.WriteLine(a.Name); |
Restore deleted accounts
| Code Block |
|---|
|
//Retrieve deleted accounts
var deletedAccounts = C.Account.GetByDeleted(true);
//Restore each account in the list of deleted accounts
foreach(var acc in deletedAccounts)
acc.RestoreDeletedAccount(); |
Join an account to a Person
| Code Block |
|---|
|
//Call JoinAccountToPerson(), passing in the AccountID and PersonID
//Person cannot currently have an account
var person = C.Person.JoinAccountToPerson(7824, 3194); |
Remove an account from a Person
| Code Block |
|---|
|
//Call UnJoinAccountToPerson(), passing in the AccountID
var person = C.Person.UnJoinAccountToPerson(7824); |
Unlock all locked accounts
| Code Block |
|---|
|
//Return a list of locked out accounts
var account = C.Account.GetByLockedOut(true);
//Unlock each account in the list
foreach(var acc in account)
acc.Unlock(); |
Working with random objects
Create mailbox for user
| Code Block |
|---|
|
//Add reference for TheDotNetFactory.Framework.People.Common.Enum to your project for access to the ExchangeMailboxTypeList enum
//Return an account without a mailbox
var accountCollection = C.AccountView.GetNonMailboxAccountsByAccountStoreID("LogonName", "jclouseay");
//Get the account store
var accStore = C.AccountStore.GetByFQN("exchange.com");
//Configure the mailbox you are creating
foreach (var acc in accountCollection)
{
var mailboxConfig = new C.MailBoxConfig();
mailboxConfig.AccountStore = accStore;
mailboxConfig.Alias = acc.LogonName;
mailboxConfig.cn = acc.Name;
mailboxConfig.MasterAccountID = acc.DistinguishedName;
//Set the MailboxContainer
var mailboxContainer = C.ExchangeMailboxObjectContainer.GetByMostAvailableSpace();
foreach (var mBC in mailboxContainer)
mailboxConfig.MailboxContainer = mBC;
mailboxConfig.AccountStore = accStore;
mailboxConfig.Path = acc.DistinguishedName;
//Person linked with the account
var owner = C.Person.GetByLogin(acc.LogonName);
//Set the account
var targetAccount = C.Account.GetByAccountID(acc.AccountID);
//Create the mailbox, passing in owner, targetAccount, and mailboxConfig
//Also set the type of mailbox and process it immediately
var createMailbox = C.ExchangeMailbox.CreateMailbox(owner, targetAccount, mailboxConfig, ExchangeMailboxTypeList.UserMailbox, refreshRbac: true, sendToQueue: false);
//Write the results to the console
Console.WriteLine("Mailbox with MailboxID: {0} has been created for Account: {1}", createMailbox.ExchangeMailboxID, CreateteMailbox.AccountIDSource.FriendlyName);
} |
Create an Audit Log entry
| Code Block |
|---|
|
AuditLogOperation log = new AuditLogOperation();
log.Name = "Updated Account Store Settings for " + this.TargetAccountStore.Name + " in workflow: " + this.CurrentWorkflow.Name;
log.Description = log.Name;
log.ActorPersonID = this.CurrentWorkflow.Initiator.PersonID;
log.FriendlyName = log.Name;
log.TargetResourceID = 0;
log.AuditLogOperationTypeID = 1;
log.Insert(); |
Tracing
| Code Block |
|---|
|
TdnfTrace.Current.TraceData(TraceEventType.Verbose, 411, "!!!!!######Person has " + this.CurrentWorkflow.PersonNumberofAzureAccounts.ToSafeNullableString() + " Azure AD Accounts"); |
How to use the rawmarkup control and then set the value in a WF to a localized message
Rawmarkup form control - read-only - doublewide
| Code Block |
|---|
|
<div data-bind="html: Value()"></div> |
Set value on activity in code
| Code Block |
|---|
|
CurrentWorkflow.editEligibilityForm.Disclaimer = "EditITShopSettingsMultipleGroupsDisclaimer".Localize(); |
Retrieve a Global EmpowerID System Config Setting
| Code Block |
|---|
|
int.TryParse((ConfigSettings.Get(RegistryType.WebSettings, "ABACHighRiskScore")), out highRiskScore); |
How to fire one of the older style alerts
| Code Block |
|---|
|
//Fire event on success
var alert = new Alert
{
AlertEventTypeID = (int)Entities.BPMAlertEventTypeList.PersonCommunicationTypeAdded,
Name = "Person Communication Type Added",
Priority = ThreadPriority.Highest
};
alert.Properties["Person"] = user;
WebAlertManager.Current.EnqueueAlert(alert);
Update(); |
Get list of operations person has for a resource
| Code Block |
|---|
|
return C.Person.GetPersonResourceOperationsDictionaryCached(PersonID, ResourceID).ContainsKey(Operation); |
Check and return true if person has a specific operation for a resource
| Code Block |
|---|
|
return C.Person.GetPersonResourceOperationsDictionaryCached(PersonID, ResourceID).ContainsKey(Operation); |
Check if person can do operation for resource
| Code Block |
|---|
|
C.Resource.HasAccess(YourObject.PersonID,YourResource.ResourceID,"NameofOperationToCheck"); |
Check if approver decision was approved (old collaboration task engine - not business requests)
| Code Block |
|---|
|
this.CurrentWorkflow.LoginAssistSSApproverForm.FormDecision == E.BusinessProcessTaskSlotResponseTypeList.Approved; |
Check if a Person can run the Workflow (WF)
| Code Block |
|---|
|
rw = C.RequestWorkflow.GetByRequestWorkflowIDWithCache(this.CurrentWorkflow.RequestWorkflowID);
if (rw.ResourceID != null)
{
this.CurrentWorkflow.HasAccessToRunWorkflow = (C.Resource.HasUseAccessToResource(this.CurrentWorkflow.TargetPerson.PersonID,rw.ResourceID) != null);
}
if(this.CurrentWorkflow.HasAccessToRunWorkflow)
{
TdnfTrace.Current.TraceData(TraceEventType.Verbose, 411, "!!!!!######Person has access to run the workflow");
}
else
{
TdnfTrace.Current.TraceData(TraceEventType.Verbose, 411, "!!!!!######Person does not have access to run the workflow");
} |
Taking a list of heavy person objects and creating a light list of person objects with IDs
| Code Block |
|---|
|
var peopleIds = CurrentWorkflow.PeopleAsMembers.SelectedValues.Select(p => p.PersonID).ToList();
//This makes the get accounts call lightweight
var people = new E.TList<C.Person>();
foreach(var id in peopleIds)
{
people.Add(new C.Person{PersonID = id});
} |