Ejemplo n.º 1
0
		public GetUserResponse GetUser (WebServiceLogin login, int? id, string username)
		{
			DBPerson result = null;
			GetUserResponse response = new GetUserResponse ();

			using (DB db = new DB ()) {
				Authenticate (db, login, response, true);

				if (!id.HasValue) {
					using (IDbCommand cmd = db.CreateCommand ()) {
						cmd.CommandText = "SELECT * FROM Person WHERE login = @login;";
						DB.CreateParameter (cmd, "login", username);
						using (IDataReader reader = cmd.ExecuteReader ()) {
							if (reader.Read ())
								result = new DBPerson (reader);
						}
					}
				} else {
					result = DBPerson_Extensions.Create (db, id.Value);
				}

				if (result != null && (result.login == response.UserName || Utilities.IsInRole (response, Roles.Administrator))) {
					result.Emails = result.GetEmails (db).ToArray ();
					response.User = result;
				} else {
					response.Exception = new WebServiceException (new HttpException (403, "You don't have access to this user's data"));
				}
			}

			return response;
		}
Ejemplo n.º 2
0
	protected void Page_Load (object sender, EventArgs e)
	{
		int? id = null;
		string username;
		string action = Request ["action"];

		if (!string.IsNullOrEmpty (Request ["id"])) {
			int i;
			if (int.TryParse (Request ["id"], out i)) {
				id = i;
			}
		}

		username = Request ["username"];

		if (!string.IsNullOrEmpty (action)) {
			WebServiceResponse rsp;
			string email = Request ["email"];

			switch (action) {
			case "addemail":
				if (!string.IsNullOrEmpty (email)) {
					rsp = Utils.LocalWebService.AddUserEmail (Master.WebServiceLogin, id, username, email);
					if (rsp.Exception != null) {
						lblMessage.Text = rsp.Exception.Message;
					} else {
						Response.Redirect (GetSelfLink (), false);
						return;
					}
				} else {
					lblMessage.Text = "No email specified";
				}
				break;
			case "removeemail":
				if (!string.IsNullOrEmpty (email)) {
					rsp = Utils.LocalWebService.RemoveUserEmail (Master.WebServiceLogin, id, username, email);
					if (rsp.Exception != null) {
						lblMessage.Text = rsp.Exception.Message;
					} else {
						Response.Redirect (GetSelfLink (), false);
						return;
					}
				} else {
					lblMessage.Text = "No email specified";
				}
				break;
			}
		}

		rowRoles.Visible = Authentication.IsInCookieRole (Request, Roles.Administrator);
		if (!string.IsNullOrEmpty (username) || id.HasValue) {
			response = Utils.LocalWebService.GetUser (Master.WebServiceLogin, id, username);

			if (response.Exception == null) {
				if (!IsPostBack) {
					txtFullName.Text = response.User.fullname;
					txtUserName.Text = response.User.login;
					txtPassword.Text = response.User.password;
					txtRoles.Text = response.User.roles;
					txtIRCNicks.Text = response.User.irc_nicknames;

					txtUserName.Attributes ["readonly"] = "readonly"; // asp.net sets readonly="ReadOnly", which fails w3 validation since casing isn't right
				}

				foreach (string email in response.User.Emails) {
					tblUser.Rows.Add (Utils.CreateTableRow (Utils.CreateTableCell (email), Utils.CreateTableCell (string.Format ("<a href='{1}&action=removeemail&email={0}'>Remove</a>", HttpUtility.HtmlEncode (HttpUtility.UrlEncode (email)), GetSelfLink ()))));
				}
				TableCell cell = Utils.CreateTableCell (string.Format ("<a href=\"javascript:adduseremail ('{0}')\">Add email</a>", GetSelfLink ()));
				cell.ColumnSpan = 2;
				tblUser.Rows.Add (Utils.CreateTableRow (cell));
			} else {
				lblMessage.Text = response.Exception.Message;
			}
		} else {
			cmdSave.Text = "Create new user";
		}
	}