public GetUserResponse GetUser (WebServiceLogin login, int? id, string username) { DBPerson result = null; GetUserResponse response = new GetUserResponse (); using (DB db = new DB ()) { Authenticate (db, login, response, true); if (!id.HasValue) { using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = "SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", username); using (IDataReader reader = cmd.ExecuteReader ()) { if (reader.Read ()) result = new DBPerson (reader); } } } else { result = DBPerson_Extensions.Create (db, id.Value); } if (result != null && (result.login == response.UserName || Utilities.IsInRole (response, Roles.Administrator))) { result.Emails = result.GetEmails (db).ToArray (); response.User = result; } else { response.Exception = new WebServiceException (new HttpException (403, "You don't have access to this user's data")); } } return response; }
protected void Page_Load (object sender, EventArgs e) { int? id = null; string username; string action = Request ["action"]; if (!string.IsNullOrEmpty (Request ["id"])) { int i; if (int.TryParse (Request ["id"], out i)) { id = i; } } username = Request ["username"]; if (!string.IsNullOrEmpty (action)) { WebServiceResponse rsp; string email = Request ["email"]; switch (action) { case "addemail": if (!string.IsNullOrEmpty (email)) { rsp = Utils.LocalWebService.AddUserEmail (Master.WebServiceLogin, id, username, email); if (rsp.Exception != null) { lblMessage.Text = rsp.Exception.Message; } else { Response.Redirect (GetSelfLink (), false); return; } } else { lblMessage.Text = "No email specified"; } break; case "removeemail": if (!string.IsNullOrEmpty (email)) { rsp = Utils.LocalWebService.RemoveUserEmail (Master.WebServiceLogin, id, username, email); if (rsp.Exception != null) { lblMessage.Text = rsp.Exception.Message; } else { Response.Redirect (GetSelfLink (), false); return; } } else { lblMessage.Text = "No email specified"; } break; } } rowRoles.Visible = Authentication.IsInCookieRole (Request, Roles.Administrator); if (!string.IsNullOrEmpty (username) || id.HasValue) { response = Utils.LocalWebService.GetUser (Master.WebServiceLogin, id, username); if (response.Exception == null) { if (!IsPostBack) { txtFullName.Text = response.User.fullname; txtUserName.Text = response.User.login; txtPassword.Text = response.User.password; txtRoles.Text = response.User.roles; txtIRCNicks.Text = response.User.irc_nicknames; txtUserName.Attributes ["readonly"] = "readonly"; // asp.net sets readonly="ReadOnly", which fails w3 validation since casing isn't right } foreach (string email in response.User.Emails) { tblUser.Rows.Add (Utils.CreateTableRow (Utils.CreateTableCell (email), Utils.CreateTableCell (string.Format ("<a href='{1}&action=removeemail&email={0}'>Remove</a>", HttpUtility.HtmlEncode (HttpUtility.UrlEncode (email)), GetSelfLink ())))); } TableCell cell = Utils.CreateTableCell (string.Format ("<a href=\"javascript:adduseremail ('{0}')\">Add email</a>", GetSelfLink ())); cell.ColumnSpan = 2; tblUser.Rows.Add (Utils.CreateTableRow (cell)); } else { lblMessage.Text = response.Exception.Message; } } else { cmdSave.Text = "Create new user"; } }