Example #1
0
        public AccountUserApiModel(WikiDownUser user)
        {
            this.Email    = user.Email;
            this.UserName = user.UserName;

            this.IsRoot      = (user.UserName == ArticleAccessHelper.RootAccountName);
            this.AccessLevel = (int)ArticleAccessHelper.GetAccessLevel(user.Roles);
        }
Example #2
0
        public async Task <IReadOnlyList <AccountUserApiModel> > GetUserList()
        {
            var currentUserAccessLevel = this.User.GetAccessLevel();

            var users = await this.UserManager.Users.ToListAsync();

            var accountUsers = from user in users
                               let userAccessLevel = ArticleAccessHelper.GetAccessLevel(user.Roles)
                                                     where
                                                     userAccessLevel <= currentUserAccessLevel || user.UserName == this.User.Identity.Name
                                                     orderby user.UserName
                                                     select new AccountUserApiModel(user);

            return(accountUsers.ToList());
        }
Example #3
0
        private IEnumerable <string> GetRoles(IPrincipal principal, WikiDownUser user)
        {
            var userRoles = ArticleAccessHelper.GetRoles(this.AccessLevel);

            if (user != null)
            {
                var userAccessLevel      = ArticleAccessHelper.GetAccessLevel(user.Roles);
                var principalAccessLevel = principal.GetAccessLevel();
                if (userAccessLevel > principalAccessLevel)
                {
                    throw new HttpResponseException(HttpStatusCode.Forbidden);
                }
            }

            return(userRoles);
        }
Example #4
0
        public async Task <WikiDownUser> Save(IPrincipal principal, UserManager <WikiDownUser> userManager)
        {
            var user = await userManager.FindByNameAsync(this.UserName);

            var roles = this.GetRoles(principal, user);

            if (user != null)
            {
                if (user.UserName == principal.Identity.Name)
                {
                    var userAccessLevel = ArticleAccessHelper.GetAccessLevel(user.Roles);
                    if (userAccessLevel < ArticleAccessLevel.Admin)
                    {
                        throw new HttpResponseException(HttpStatusCode.BadRequest);
                    }
                }

                user.SetRoles(roles);
                user.SetEmail(this.Email);

                if (!string.IsNullOrWhiteSpace(this.Password))
                {
                    await userManager.RemovePasswordAsync(user.Id);

                    await userManager.AddPasswordAsync(user.Id, this.Password);
                }

                await userManager.UpdateAsync(user);
            }
            else
            {
                user = new WikiDownUser(this.UserName)
                {
                    Roles = roles
                };
                user.SetEmail(this.Email);

                await userManager.CreateAsync(user, this.Password);
            }

            return(user);
        }
Example #5
0
        public async Task DeleteUser([FromUri] string username)
        {
            var user = await this.GetEnsuredWikiDownUser(username);

            if (user.UserName == this.User.Identity.Name)
            {
                throw new HttpResponseException(HttpStatusCode.BadRequest);
            }
            if (user.UserName == ArticleAccessHelper.RootAccountName)
            {
                throw new HttpResponseException(HttpStatusCode.Forbidden);
            }

            var currentUserAccessLevel = this.User.GetAccessLevel();
            var userAccessLevel        = ArticleAccessHelper.GetAccessLevel(user.Roles);

            if (userAccessLevel > currentUserAccessLevel)
            {
                throw new HttpResponseException(HttpStatusCode.Forbidden);
            }

            await this.UserManager.DeleteAsync(user);
        }