/// <summary> /// Add or update new user. /// </summary> public GXUserUpdateResponse Put(GXUserUpdateRequest request) { List<GXEventsItem> events = new List<GXEventsItem>(); IAuthSession s = this.GetSession(false); bool edit = GuruxAMI.Server.GXBasicAuthProvider.CanUserEdit(s); bool superAdmin = GuruxAMI.Server.GXBasicAuthProvider.IsSuperAdmin(s); long adderId = Convert.ToInt64(s.Id); lock (Db) { using (var trans = Db.OpenTransaction(IsolationLevel.ReadCommitted)) { //Add new users foreach (GXAmiUser it in request.Users) { if (string.IsNullOrEmpty(it.Name)) { throw new ArgumentException("Invalid name."); } //If new user if (it.Id == 0) { //User can't add new users. if (!edit) { throw new ArgumentException("Access denied."); } if (!superAdmin && (it.AccessRights & UserAccessRights.SuperAdmin) == UserAccessRights.SuperAdmin) { throw new ArgumentException("Only super admin can add new super admin."); } if (string.IsNullOrEmpty(it.Password)) { throw new ArgumentException("Invalid Password."); } it.Added = DateTime.Now.ToUniversalTime(); Db.Insert(it); #if !SS4 it.Id = Db.GetLastInsertId(); #else it.Id = Db.LastInsertId(); #endif events.Add(new GXEventsItem(ActionTargets.User, Actions.Add, it)); } else //Update user data. { //User can only edit itself. if (!edit && adderId != it.Id) { throw new ArgumentException("Access denied."); } if (!superAdmin) { //User can't update user data if he do not have access to the user group. long[] groups1 = GXUserGroupService.GetUserGroups(Db, adderId); long[] groups2 = GXUserGroupService.GetUserGroups(Db, it.Id); bool found = false; foreach (long it1 in groups1) { foreach (long it2 in groups2) { if (it1 == it2) { found = true; break; } } if (found) { break; } } if (!found) { throw new ArgumentException("Access denied."); } } //Get Added time. #if !SS4 GXAmiUser orig = Db.GetById<GXAmiUser>(it.Id); #else GXAmiUser orig = Db.SingleById<GXAmiUser>(it.Id); #endif it.Added = orig.Added; if (string.IsNullOrEmpty(it.Password)) { it.Password = orig.Password; } Db.Update(it); events.Add(new GXEventsItem(ActionTargets.User, Actions.Edit, it)); } } trans.Commit(); } } AppHost host = this.ResolveService<AppHost>(); host.SetEvents(Db, this.Request, adderId, events); return new GXUserUpdateResponse(request.Users); }
/// <summary> /// Add or update new user. /// </summary> public GXUserUpdateResponse Put(GXUserUpdateRequest request) { List <GXEventsItem> events = new List <GXEventsItem>(); IAuthSession s = this.GetSession(false); bool edit = GuruxAMI.Server.GXBasicAuthProvider.CanUserEdit(s); bool superAdmin = GuruxAMI.Server.GXBasicAuthProvider.IsSuperAdmin(s); long adderId = Convert.ToInt64(s.Id); lock (Db) { using (var trans = Db.OpenTransaction(IsolationLevel.ReadCommitted)) { //Add new users foreach (GXAmiUser it in request.Users) { if (string.IsNullOrEmpty(it.Name)) { throw new ArgumentException("Invalid name."); } //If new user if (it.Id == 0) { //User can't add new users. if (!edit) { throw new ArgumentException("Access denied."); } if (!superAdmin && (it.AccessRights & UserAccessRights.SuperAdmin) == UserAccessRights.SuperAdmin) { throw new ArgumentException("Only super admin can add new super admin."); } if (string.IsNullOrEmpty(it.Password)) { throw new ArgumentException("Invalid Password."); } it.Added = DateTime.Now.ToUniversalTime(); Db.Insert(it); #if !SS4 it.Id = Db.GetLastInsertId(); #else it.Id = Db.LastInsertId(); #endif events.Add(new GXEventsItem(ActionTargets.User, Actions.Add, it)); } else //Update user data. { //User can only edit itself. if (!edit && adderId != it.Id) { throw new ArgumentException("Access denied."); } if (!superAdmin) { //User can't update user data if he do not have access to the user group. long[] groups1 = GXUserGroupService.GetUserGroups(Db, adderId); long[] groups2 = GXUserGroupService.GetUserGroups(Db, it.Id); bool found = false; foreach (long it1 in groups1) { foreach (long it2 in groups2) { if (it1 == it2) { found = true; break; } } if (found) { break; } } if (!found) { throw new ArgumentException("Access denied."); } } //Get Added time. #if !SS4 GXAmiUser orig = Db.GetById <GXAmiUser>(it.Id); #else GXAmiUser orig = Db.SingleById <GXAmiUser>(it.Id); #endif it.Added = orig.Added; if (string.IsNullOrEmpty(it.Password)) { it.Password = orig.Password; } Db.Update(it); events.Add(new GXEventsItem(ActionTargets.User, Actions.Edit, it)); } } trans.Commit(); } } AppHost host = this.ResolveService <AppHost>(); host.SetEvents(Db, this.Request, adderId, events); return(new GXUserUpdateResponse(request.Users)); }