Beispiel #1
0
        public IHttpActionResult DeleteUser([FromUri] string username)
        {
            if (!IsAuthenticated)
            {
                return(Unauthorized());
            }

            using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false))
            {
                if (!Context.User.IsAdministrator)
                {
                    return(Unauthorized());
                }

                var response = new Models.UserManagement.UserProfile();

                string name = Sitecore.Context.Site.Domain.GetFullName(username);
                if (!Sitecore.Security.Accounts.User.Exists(name))
                {
                    response.Message = "the user doesn't exist";
                    response.Success = false;
                }
                else
                {
                    User           user           = Sitecore.Security.Accounts.User.FromName(Context.Site.Domain.GetFullName(username), false);
                    MembershipUser membershipUser = Membership.GetUser(user.Name);

                    if (user == null || membershipUser == null)
                    {
                        response.Message = "the user doesn't exist";
                        response.Success = false;
                    }
                    else if (user.IsAdministrator && user.Name.Equals(ApiUser))
                    {
                        response.Message = "you cannot delete your own account";
                        response.Success = false;
                    }
                    else
                    {
                        try
                        {
                            Log.Audit(this, "[BOT] Delete user: {0}", new string[] { user.Name });
                            Membership.DeleteUser(user.Name);
                            response.Success = true;
                        }
                        catch (Exception ex)
                        {
                            response.Success = false;
                            response.Message = ex.Message;
                        }
                    }
                }

                return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this));
            }
        }
Beispiel #2
0
        public IHttpActionResult CreateUser([FromBody] CreateUserRequest create)
        {
            if (!IsAuthenticated)
            {
                return(Unauthorized());
            }

            using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false))
            {
                if (!Context.User.IsAdministrator)
                {
                    return(Unauthorized());
                }

                var response = new Models.UserManagement.UserProfile();

                if (Sitecore.Security.Accounts.User.Exists(Context.Site.Domain.GetFullName(create.UserName)))
                {
                    response.Message = "the user already exists";
                    response.Success = false;
                }
                else
                {
                    try
                    {
                        string password = "******";
                        User   user     = Sitecore.Security.Accounts.User.Create(Context.Site.Domain.GetFullName(create.UserName), password);
                        user.Profile.FullName        = create.FullName;
                        user.Profile.Email           = create.EmailAddress;
                        user.Profile.IsAdministrator = create.AdministratorRoleForUser;
                        user.Profile.Comment         = "Created from bot";
                        user.Profile.Save();

                        Log.Audit(this, "[BOT] Created user: {0}", new string[] { user.Name });

                        if (create.EmailSendWithPasswordToTheUser)
                        {
                            //TODO Send email
                        }

                        response.Success = true;
                    }
                    catch (Exception ex)
                    {
                        response.Success = false;
                        response.Message = ex.Message;
                    }
                }

                return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this));
            }
        }
Beispiel #3
0
        public IHttpActionResult GetProfile([FromUri] string username = null)
        {
            if (!IsAuthenticated)
            {
                return(Unauthorized());
            }

            using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false))
            {
                if (!Context.User.IsAdministrator)
                {
                    return(Unauthorized());
                }

                var response = new Models.UserManagement.UserProfile();

                string name = Context.Site.Domain.GetFullName(username ?? this.ApiUser);
                if (Sitecore.Security.Accounts.User.Exists(name))
                {
                    User user = Sitecore.Security.Accounts.User.FromName(name, false);
                    if (user != null)
                    {
                        MembershipUser membershipUser = Membership.GetUser(user.Name);

                        response.FullName        = user.Profile.FullName;
                        response.EmailAddress    = membershipUser != null ? membershipUser.Email : null;
                        response.IsAdministrator = user.IsAdministrator;
                        response.Roles           = Roles.GetRolesForUser(user.Name).ToList();
                        if (user.IsAdministrator || Roles.IsUserInRole(RoleNames.BotAnalytics))
                        {
                            response.ApplicationInsights.ApplicationId = Sitecore.Configuration.Settings.GetSetting("sitecore.bot.ai.appId");
                            response.ApplicationInsights.ApiKey        = Sitecore.Configuration.Settings.GetSetting("sitecore.bot.ai.apiKey");
                        }
                        response.Success = true;
                    }
                    ;
                }
                else
                {
                    response.Message = "the user doesn't exist";
                    response.Success = false;
                }

                return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this));
            }
        }