protected void EditPerson_Click(object sender, EventArgs e)
{
try
{
IGraffitiUser currentUser = GraffitiUsers.Current;
IGraffitiUser user = GraffitiUsers.GetUser(Request.QueryString["user"]);
bool isAdmin = GraffitiUsers.IsAdmin(currentUser);
if (!isAdmin && user.Name != currentUser.Name)
{
throw new SecurityException("You do not have permission to edit this user");
}
user.ProperName = Server.HtmlEncode(txtProperName.Text.Trim());
user.Bio = Editor.Text.Trim();
user.Email = txtExistingEmail.Text.Trim();
if (!string.IsNullOrEmpty(txtWebsite.Text.Trim()))
{
user.WebSite = Server.HtmlEncode(txtWebsite.Text.Trim());
}
else
{
user.WebSite = null;
}
if (!string.IsNullOrEmpty(txtAvatar.Text.Trim()))
{
user.Avatar = Server.HtmlEncode(txtAvatar.Text.Trim());
}
else
{
user.Avatar = null;
}
if (isAdmin)
{
foreach (string role in user.Roles)
{
GraffitiUsers.RemoveUserFromRole(user.Name, role);
}
GraffitiUsers.AddUserToRole(user.Name, GraffitiUsers.EveryoneRole);
if (chkAdmin.Checked == true)
{
GraffitiUsers.AddUserToRole(user.Name, GraffitiUsers.AdminRole);
}
foreach (DataListItem dli in Roles.Items)
{
CheckBox role = dli.FindControl("role") as CheckBox;
if (role.Checked)
{
GraffitiUsers.AddUserToRole(user.Name, role.Text);
}
}
}
GraffitiUsers.Save(user, GraffitiUsers.Current.Name);
Message.Text = "The user <strong>" + user.ProperName + "</strong> was updated.";
Message.Type = StatusType.Success;
}
catch (Exception ex)
{
string exMessage = ex.Message;
if (!string.IsNullOrEmpty(exMessage) && exMessage.IndexOf("UNIQUE") > -1)
{
exMessage = "This username (or email) already exists.";
}
Message.Text = "A user with the name of " + txtExistingUserName.Text + " could not be updated.<br />" +
exMessage;
Message.Type = StatusType.Error;
}
}