public IHttpActionResult DeleteUser([FromUri] string username)
{
if (!IsAuthenticated)
{
return(Unauthorized());
}
using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false))
{
if (!Context.User.IsAdministrator)
{
return(Unauthorized());
}
var response = new Models.UserManagement.UserProfile();
string name = Sitecore.Context.Site.Domain.GetFullName(username);
if (!Sitecore.Security.Accounts.User.Exists(name))
{
response.Message = "the user doesn't exist";
response.Success = false;
}
else
{
User user = Sitecore.Security.Accounts.User.FromName(Context.Site.Domain.GetFullName(username), false);
MembershipUser membershipUser = Membership.GetUser(user.Name);
if (user == null || membershipUser == null)
{
response.Message = "the user doesn't exist";
response.Success = false;
}
else if (user.IsAdministrator && user.Name.Equals(ApiUser))
{
response.Message = "you cannot delete your own account";
response.Success = false;
}
else
{
try
{
Log.Audit(this, "[BOT] Delete user: {0}", new string[] { user.Name });
Membership.DeleteUser(user.Name);
response.Success = true;
}
catch (Exception ex)
{
response.Success = false;
response.Message = ex.Message;
}
}
}
return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this));
}
}
public IHttpActionResult CreateUser([FromBody] CreateUserRequest create)
{
if (!IsAuthenticated)
{
return(Unauthorized());
}
using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false))
{
if (!Context.User.IsAdministrator)
{
return(Unauthorized());
}
var response = new Models.UserManagement.UserProfile();
if (Sitecore.Security.Accounts.User.Exists(Context.Site.Domain.GetFullName(create.UserName)))
{
response.Message = "the user already exists";
response.Success = false;
}
else
{
try
{
string password = "******";
User user = Sitecore.Security.Accounts.User.Create(Context.Site.Domain.GetFullName(create.UserName), password);
user.Profile.FullName = create.FullName;
user.Profile.Email = create.EmailAddress;
user.Profile.IsAdministrator = create.AdministratorRoleForUser;
user.Profile.Comment = "Created from bot";
user.Profile.Save();
Log.Audit(this, "[BOT] Created user: {0}", new string[] { user.Name });
if (create.EmailSendWithPasswordToTheUser)
{
//TODO Send email
}
response.Success = true;
}
catch (Exception ex)
{
response.Success = false;
response.Message = ex.Message;
}
}
return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this));
}
}
public IHttpActionResult GetProfile([FromUri] string username = null)
{
if (!IsAuthenticated)
{
return(Unauthorized());
}
using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false))
{
if (!Context.User.IsAdministrator)
{
return(Unauthorized());
}
var response = new Models.UserManagement.UserProfile();
string name = Context.Site.Domain.GetFullName(username ?? this.ApiUser);
if (Sitecore.Security.Accounts.User.Exists(name))
{
User user = Sitecore.Security.Accounts.User.FromName(name, false);
if (user != null)
{
MembershipUser membershipUser = Membership.GetUser(user.Name);
response.FullName = user.Profile.FullName;
response.EmailAddress = membershipUser != null ? membershipUser.Email : null;
response.IsAdministrator = user.IsAdministrator;
response.Roles = Roles.GetRolesForUser(user.Name).ToList();
if (user.IsAdministrator || Roles.IsUserInRole(RoleNames.BotAnalytics))
{
response.ApplicationInsights.ApplicationId = Sitecore.Configuration.Settings.GetSetting("sitecore.bot.ai.appId");
response.ApplicationInsights.ApiKey = Sitecore.Configuration.Settings.GetSetting("sitecore.bot.ai.apiKey");
}
response.Success = true;
}
;
}
else
{
response.Message = "the user doesn't exist";
response.Success = false;
}
return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this));
}
}