public void ChangePasswordMd5(string ticket, int accountid, string oldpasswordhash, string newpassword)
{
int userid = GetAccountId(ticket);
using (SnCore.Data.Hibernate.Session.OpenConnection())
{
ISession session = SnCore.Data.Hibernate.Session.Current;
if (userid != accountid)
{
ManagedAccount requester = new ManagedAccount(session, userid);
if (!requester.IsAdministrator())
{
throw new ManagedAccount.AccessDeniedException();
}
ManagedAccount account = new ManagedAccount(session, accountid);
account.ResetPassword(newpassword, true);
}
else
{
ManagedAccount account = new ManagedAccount(session, accountid);
account.ChangePasswordMd5(oldpasswordhash, newpassword);
}
SnCore.Data.Hibernate.Session.Flush();
}
}
public string Impersonate(string ticket, int id)
{
int userid = GetAccountId(ticket);
using (SnCore.Data.Hibernate.Session.OpenConnection())
{
ISession session = SnCore.Data.Hibernate.Session.Current;
// check permissions: userid must have admin rights to the Accounts table
ManagedAccount user = new ManagedAccount(session, userid);
if (!user.IsAdministrator())
{
throw new ManagedAccount.AccessDeniedException();
}
ManagedAccount acct = new ManagedAccount(session, id);
string return_ticket = ManagedAccount.GetTicketFromAccountId(acct.Id);
SnCore.Data.Hibernate.Session.Flush();
return return_ticket;
}
}
public void DeleteAccountWithOptions(string ticket, int id, TransitAccountDeleteOptions options)
{
using (SnCore.Data.Hibernate.Session.OpenConnection())
{
ISession session = SnCore.Data.Hibernate.Session.Current;
ManagedSecurityContext sec = new ManagedSecurityContext(session, ticket);
ManagedAccount user = new ManagedAccount(session, id);
if (user.IsAdministrator())
{
throw new Exception(
"You cannot delete an administrative account.");
}
if (sec.Account.Id != user.Id)
{
if (!sec.IsAdministrator())
{
// only admin can delete other people's account
throw new ManagedAccount.AccessDeniedException();
}
}
if (options != null && options.DeleteContent)
{
if (!sec.IsAdministrator())
{
// only admin can delete other people's content
throw new ManagedAccount.AccessDeniedException();
}
user.DeleteContent(sec);
}
}
WebServiceImpl<TransitAccount, ManagedAccount, Account>.Delete(
ticket, id);
}
public void DemoteAdministrator(string ticket, int id)
{
int userid = GetAccountId(ticket);
using (SnCore.Data.Hibernate.Session.OpenConnection())
{
ISession session = SnCore.Data.Hibernate.Session.Current;
// check permissions: userid must have admin rights to the Accounts table
ManagedAccount user = new ManagedAccount(session, userid);
if (!user.IsAdministrator())
{
throw new ManagedAccount.AccessDeniedException();
}
if (user.Id == id)
{
throw new Exception("You cannot demote self.");
}
ManagedAccount acct = new ManagedAccount(session, id);
if (!acct.IsAdministrator())
{
throw new Exception("User is not an administrator.");
}
acct.DemoteAdministrator();
SnCore.Data.Hibernate.Session.Flush();
}
}
public bool IsPasswordValidMd5(string ticket, int accountid, string password)
{
int userid = GetAccountId(ticket);
using (SnCore.Data.Hibernate.Session.OpenConnection())
{
ISession session = SnCore.Data.Hibernate.Session.Current;
if (userid != accountid)
{
ManagedAccount requester = new ManagedAccount(session, userid);
if (!requester.IsAdministrator())
{
throw new ManagedAccount.AccessDeniedException();
}
}
ManagedAccount account = new ManagedAccount(session, accountid);
return account.IsPasswordValidMd5(password);
}
}