internal static void DeleteUserImp(string userName, string SessionToken)
{
if (String.IsNullOrEmpty(userName))
{
throw new InvalidOperationException("One of the requested fields is empty.");
}
if (userName.ToLowerInvariant() == "everyone")
throw new InvalidOperationException("Anonymous user delete is not allowed.");
ModelSession session = CheckSessionImp(SessionToken);
if (CheckUserRightsImp(session.User.Name, "ManageUsers"))
{
ModelUser mu = new ModelUser(userName);
if (!mu.Exists)
throw new InvalidOperationException("User does not exist.");
mu.Delete();
return;
}
throw new UnauthorizedAccessException("Access Denied");
}
public void DeleteObject(ModelUser _ModelUser, string SessionToken)
{
if (!ModelUserSecureService.CheckAccessImp(_ModelUser, SessionToken, "Delete"))
throw new UnauthorizedAccessException("Access Denied");
_ModelUser.Delete();
}
