public AccountUserApiModel(WikiDownUser user) { this.Email = user.Email; this.UserName = user.UserName; this.IsRoot = (user.UserName == ArticleAccessHelper.RootAccountName); this.AccessLevel = (int)ArticleAccessHelper.GetAccessLevel(user.Roles); }
public async Task <IReadOnlyList <AccountUserApiModel> > GetUserList() { var currentUserAccessLevel = this.User.GetAccessLevel(); var users = await this.UserManager.Users.ToListAsync(); var accountUsers = from user in users let userAccessLevel = ArticleAccessHelper.GetAccessLevel(user.Roles) where userAccessLevel <= currentUserAccessLevel || user.UserName == this.User.Identity.Name orderby user.UserName select new AccountUserApiModel(user); return(accountUsers.ToList()); }
private IEnumerable <string> GetRoles(IPrincipal principal, WikiDownUser user) { var userRoles = ArticleAccessHelper.GetRoles(this.AccessLevel); if (user != null) { var userAccessLevel = ArticleAccessHelper.GetAccessLevel(user.Roles); var principalAccessLevel = principal.GetAccessLevel(); if (userAccessLevel > principalAccessLevel) { throw new HttpResponseException(HttpStatusCode.Forbidden); } } return(userRoles); }
public async Task <WikiDownUser> Save(IPrincipal principal, UserManager <WikiDownUser> userManager) { var user = await userManager.FindByNameAsync(this.UserName); var roles = this.GetRoles(principal, user); if (user != null) { if (user.UserName == principal.Identity.Name) { var userAccessLevel = ArticleAccessHelper.GetAccessLevel(user.Roles); if (userAccessLevel < ArticleAccessLevel.Admin) { throw new HttpResponseException(HttpStatusCode.BadRequest); } } user.SetRoles(roles); user.SetEmail(this.Email); if (!string.IsNullOrWhiteSpace(this.Password)) { await userManager.RemovePasswordAsync(user.Id); await userManager.AddPasswordAsync(user.Id, this.Password); } await userManager.UpdateAsync(user); } else { user = new WikiDownUser(this.UserName) { Roles = roles }; user.SetEmail(this.Email); await userManager.CreateAsync(user, this.Password); } return(user); }
public async Task DeleteUser([FromUri] string username) { var user = await this.GetEnsuredWikiDownUser(username); if (user.UserName == this.User.Identity.Name) { throw new HttpResponseException(HttpStatusCode.BadRequest); } if (user.UserName == ArticleAccessHelper.RootAccountName) { throw new HttpResponseException(HttpStatusCode.Forbidden); } var currentUserAccessLevel = this.User.GetAccessLevel(); var userAccessLevel = ArticleAccessHelper.GetAccessLevel(user.Roles); if (userAccessLevel > currentUserAccessLevel) { throw new HttpResponseException(HttpStatusCode.Forbidden); } await this.UserManager.DeleteAsync(user); }