public GetUserResponse GetUser (WebServiceLogin login, int? id, string username)
{
DBPerson result = null;
GetUserResponse response = new GetUserResponse ();
using (DB db = new DB ()) {
Authenticate (db, login, response, true);
if (!id.HasValue) {
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = "SELECT * FROM Person WHERE login = @login;";
DB.CreateParameter (cmd, "login", username);
using (IDataReader reader = cmd.ExecuteReader ()) {
if (reader.Read ())
result = new DBPerson (reader);
}
}
} else {
result = DBPerson_Extensions.Create (db, id.Value);
}
if (result != null && (result.login == response.UserName || Utilities.IsInRole (response, Roles.Administrator))) {
result.Emails = result.GetEmails (db).ToArray ();
response.User = result;
} else {
response.Exception = new WebServiceException (new HttpException (403, "You don't have access to this user's data"));
}
}
return response;
}
protected void Page_Load (object sender, EventArgs e)
{
int? id = null;
string username;
string action = Request ["action"];
if (!string.IsNullOrEmpty (Request ["id"])) {
int i;
if (int.TryParse (Request ["id"], out i)) {
id = i;
}
}
username = Request ["username"];
if (!string.IsNullOrEmpty (action)) {
WebServiceResponse rsp;
string email = Request ["email"];
switch (action) {
case "addemail":
if (!string.IsNullOrEmpty (email)) {
rsp = Utils.LocalWebService.AddUserEmail (Master.WebServiceLogin, id, username, email);
if (rsp.Exception != null) {
lblMessage.Text = rsp.Exception.Message;
} else {
Response.Redirect (GetSelfLink (), false);
return;
}
} else {
lblMessage.Text = "No email specified";
}
break;
case "removeemail":
if (!string.IsNullOrEmpty (email)) {
rsp = Utils.LocalWebService.RemoveUserEmail (Master.WebServiceLogin, id, username, email);
if (rsp.Exception != null) {
lblMessage.Text = rsp.Exception.Message;
} else {
Response.Redirect (GetSelfLink (), false);
return;
}
} else {
lblMessage.Text = "No email specified";
}
break;
}
}
rowRoles.Visible = Authentication.IsInCookieRole (Request, Roles.Administrator);
if (!string.IsNullOrEmpty (username) || id.HasValue) {
response = Utils.LocalWebService.GetUser (Master.WebServiceLogin, id, username);
if (response.Exception == null) {
if (!IsPostBack) {
txtFullName.Text = response.User.fullname;
txtUserName.Text = response.User.login;
txtPassword.Text = response.User.password;
txtRoles.Text = response.User.roles;
txtIRCNicks.Text = response.User.irc_nicknames;
txtUserName.Attributes ["readonly"] = "readonly"; // asp.net sets readonly="ReadOnly", which fails w3 validation since casing isn't right
}
foreach (string email in response.User.Emails) {
tblUser.Rows.Add (Utils.CreateTableRow (Utils.CreateTableCell (email), Utils.CreateTableCell (string.Format ("<a href='{1}&action=removeemail&email={0}'>Remove</a>", HttpUtility.HtmlEncode (HttpUtility.UrlEncode (email)), GetSelfLink ()))));
}
TableCell cell = Utils.CreateTableCell (string.Format ("<a href=\"javascript:adduseremail ('{0}')\">Add email</a>", GetSelfLink ()));
cell.ColumnSpan = 2;
tblUser.Rows.Add (Utils.CreateTableRow (cell));
} else {
lblMessage.Text = response.Exception.Message;
}
} else {
cmdSave.Text = "Create new user";
}
}