/// <summary>
/// Checks if the user has permission to perform an operation and throws exception if not.
/// </summary>
/// <param name="authenticationService"></param>
/// <param name="userName"></param>
/// <param name="permission"></param>
/// <param name="extraOptions"></param>
private static void Authorize(IAuthenticationAddin authenticationService, string userName, Permission permission, ExtraOptions extraOptions)
{
if (!authenticationService.HasPermission(userName, permission.Name, null))
{
throw new ServiceAuthorizationException("Not enough permissions.");
}
}
public bool ResetPassword(string authenticationCookie, string userName, string newPassword, string userData)
{
string authUserName;
ServiceUtils.Authenticate(_addin, authenticationCookie, out authUserName, null);
if (string.Compare(authUserName, userName, true) == 0 ||
_addin.HasPermission(authUserName, PermissionsTable.Instance.CanManageUsers.Name, userData))
{
return(_addin.ResetPassword(userName, newPassword, userData));
}
else
{
//this should throw authorization exception
ServiceUtils.Authorize(_addin, authUserName, PermissionsTable.Instance.CanManageUsers, null);
return(false);
}
}
