protected override void OnCreatedUser(EventArgs e)
{
// Note: this doesn't run using the privileges of the anonymous user, so we elevate them
// Also, you can't use the original Site even with elevated privileges, otherwise it reverts back to anonymous.
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site2 = new SPSite(SPContext.Current.Site.ID, SPContext.Current.Site.Zone))
{
using (SPWeb web2 = site2.OpenWeb(SPContext.Current.Web.ID))
{
// from this point allowunsafeupdates is required because the call is initiated from a browser with
// anonymouse rights only
web2.AllowUnsafeUpdates = true;
MembershipRequest request = new MembershipRequest();
request.UserEmail = this.Email;
request.UserName = this.UserName;
if (System.Web.Security.Membership.RequiresQuestionAndAnswer)
{
request.PasswordQuestion = this.Question;
request.PasswordAnswer = this.Answer;
}
request.FirstName = this.FirstName;
request.LastName = this.LastName;
request.DefaultGroup = this._DefaultGroup;
request.SiteName = web2.Title;
request.SiteURL = web2.Url;
MembershipSettings settings = new MembershipSettings(web2);
if (settings.ReviewMembershipRequests)
{
request.LoginCreatedUser = false;
if (!MembershipRequest.CopyToReviewList(request))
{
lblError.Text = this.UnknownErrorMessage;
return;
}
}
else
{
#region Process new user request if we're NOT using the Request List
if (!AutoGeneratePassword)
{
request.Password = this.Password;
}
request.ChangePasswordURL = Utils.GetAbsoluteURL(web2, settings.ChangePasswordPage);
request.LoginCreatedUser = SPLoginCreatedUser;
try
{
MembershipRequest.ApproveMembership(request, web2);
}
catch (Exception ex)
{
Utils.LogError(ex);
this.lblCompleteSuccess.Text = this.UnknownErrorMessage;
return;
}
#endregion
}
this.MoveTo(this.CompleteStep);
}
}
});
}
public override void ItemUpdated(SPItemEventProperties properties)
{
this.EventFiringEnabled = false;
SPListItem item = null;
SPList list = null;
MembershipStatus status;
try
{
item = properties.ListItem;
if (item != null)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(item.Web.Site.ID, item.Web.Site.Zone))
{
using (SPWeb web = site.OpenWeb(item.Web.ID))
{
if (web != null)
{
site.AllowUnsafeUpdates = true;
web.AllowUnsafeUpdates = true;
list = item.ParentList;
status = (MembershipStatus)Utils.GetChoiceIndex(list.Fields.GetFieldByInternalName(MembershipReviewListFields.STATUS) as SPFieldChoice, item[MembershipReviewListFields.STATUS].ToString());
switch (status)
{
case MembershipStatus.Approved:
// TODO: rdcpro: if CreateUser in the ApproveMembership call fails, the user in the MemberShipRequest list needs to be marked somehow so that the approver knows what the problem is.
// Maybe the list should have the "LastError" field which will get the error info, or else the status can have an extra error value in addition to pending | approved | rejected
// Then in the calling code, we must not delete the item from the list!
// It would have been better if ApproveMembership returned a status code, rather than use exception handling, but here we are.
MembershipRequest.ApproveMembership(GetMembershipRequest(web, item), web);
item.Delete();
list.Update();
break;
case MembershipStatus.Pending:
break;
case MembershipStatus.Rejected:
if (!MembershipRequest.RejectMembership(GetMembershipRequest(web, item), web))
{
throw new Exception("Error rejecting membership");
}
//bms Removed Delete from Reject Membership to allow administrators to approve user later and delete with UI
//item.Delete();
//list.Update();
break;
}
}
}
}
});
}
}
catch (Exception ex)
{
throw new Exception("Error updating item in Membership Request List", ex);
}
finally
{
this.EventFiringEnabled = true;
}
}
