protected void Page_Load(object sender, EventArgs e)
{
// get error level
int errorLevel = 0;
if (Request["error"] != null)
{
errorLevel = Int32.Parse(Request["error"].ToString());
}
if (errorLevel == 1)
{
// check to see if the user is an admin, if so allow them to view the error details
Rock.CMS.User user = Rock.CMS.UserService.GetCurrentUser();
GroupService service = new GroupService();
Group adminGroup = service.GetByGuid(Rock.SystemGuid.Group.GROUP_ADMINISTRATORS);
if (user != null && adminGroup.Members.Where(m => m.PersonId == user.PersonId).Count() > 0)
{
// is an admin
lErrorInfo.Text = "<h4>Exception Log:</h4>";
// get exception from Session
if (Session["Exception"] != null)
{
ProcessException(( Exception )Session["Exception"], " ");
}
}
}
// clear session object
Session.Remove("Exception");
}
/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <param name="username">The user to reset the password for.</param>
/// <param name="answer">The password answer for the specified user.</param>
/// <returns>
/// The new password for the specified user.
/// </returns>
public override string ResetPassword(string username, string answer)
{
if (!EnablePasswordReset)
{
throw new NotSupportedException("Password Reset is not enabled");
}
UserService UserService = new CMS.UserService();
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);
if (user != null)
{
if (string.IsNullOrEmpty(answer) && RequiresQuestionAndAnswer)
{
UpdateFailureCount(user, FailureType.PasswordAnswer);
throw new ProviderException("Password answer required for password reset");
}
string newPassword = System.Web.Security.Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters);
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new MembershipPasswordException("Reset password canceled due to password validation failure");
}
}
if (user.IsLockedOut ?? false)
{
throw new MembershipPasswordException("The supplied user is locked out");
}
if (RequiresQuestionAndAnswer && EncodePassword(answer) != user.PasswordAnswer)
{
UpdateFailureCount(user, FailureType.PasswordAnswer);
throw new MembershipPasswordException("Incorrect password answer");
}
user.Password = EncodePassword(newPassword);
user.LastPasswordChangedDate = DateTime.Now;
UserService.Save(user, CurrentPersonId());
return(newPassword);
}
else
{
throw new MembershipPasswordException("User does not exist");
}
}
/// <summary>
/// Changes the password after first validating the existing password
/// </summary>
/// <param name="user">The user.</param>
/// <param name="oldPassword">The old password.</param>
/// <param name="newPassword">The new password.</param>
/// <returns></returns>
public bool ChangePassword( User user, string oldPassword, string newPassword )
{
if ( !Validate( user, oldPassword ) )
return false;
user.Password = EncodePassword( newPassword );
user.LastPasswordChangedDate = DateTime.Now;
return true;
}
/// <summary>
/// Gets the user.
/// </summary>
/// <param name="UserService">The user service.</param>
/// <param name="user">The user.</param>
/// <param name="userIsOnline">if set to <c>true</c> [user is online].</param>
/// <returns></returns>
private MembershipUser GetUser(UserService UserService, Rock.CMS.User user, bool userIsOnline)
{
MembershipUser membershipUser = GetUserFromModel(user);
if (userIsOnline)
{
user.LastActivityDate = DateTime.Now;
UserService.Save(user, CurrentPersonId(membershipUser));
}
return(membershipUser);
}
/// <summary>
/// Gets the user.
/// </summary>
/// <param name="UserService">The user service.</param>
/// <param name="username">The username.</param>
/// <param name="userIsOnline">if set to <c>true</c> [user is online].</param>
/// <returns></returns>
private MembershipUser GetUser(UserService UserService, string username, bool userIsOnline)
{
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);
if (user != null)
{
return(GetUser(UserService, user, userIsOnline));
}
else
{
return(null);
}
}
/// <summary>
/// Updates information about a user in the data source.
/// </summary>
/// <param name="user">A <see cref="T:System.Web.Security.MembershipUser"/> object that represents the user to update and the updated information for the user.</param>
public override void UpdateUser(MembershipUser user)
{
UserService UserService = new CMS.UserService();
Rock.CMS.User userModel = UserService.GetByApplicationNameAndUsername(applicationName, user.UserName);
if (userModel != null)
{
userModel.Email = user.Email;
userModel.Comment = user.Comment;
userModel.IsApproved = user.IsApproved;
UserService.Save(userModel, CurrentPersonId());
}
}
/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <param name="username">The name of the user to validate.</param>
/// <param name="password">The password for the specified user.</param>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
public override bool ValidateUser(string username, string password)
{
UserService UserService = new CMS.UserService();
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);
if (user != null)
{
return(ValidateUser(UserService, user, password));
}
else
{
return(false);
}
}
private void UpdateFailureCount(Rock.CMS.User user, FailureType failureType)
{
DateTime FirstAttempt = (failureType == FailureType.Password ?
user.FailedPasswordAttemptWindowStart :
user.FailedPasswordAnswerAttemptWindowStart) ?? DateTime.MinValue;
int attempts = (failureType == FailureType.Password ?
user.FailedPasswordAttemptCount :
user.FailedPasswordAnswerAttemptCount) ?? 0;
TimeSpan window = new TimeSpan(0, passwordAttemptWindow, 0);
if (DateTime.Now.CompareTo(FirstAttempt.Add(window)) < 0)
{
// Attempt is within window
attempts++;
if (attempts >= MaxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockedOutDate = DateTime.Now;
}
if (failureType == FailureType.Password)
{
user.FailedPasswordAttemptCount = attempts;
}
else
{
user.FailedPasswordAnswerAttemptCount = attempts;
}
}
else
{
// Attempt is outside window
if (failureType == FailureType.Password)
{
user.FailedPasswordAttemptCount = 1;
user.FailedPasswordAttemptWindowStart = DateTime.Now;
}
else
{
user.FailedPasswordAnswerAttemptCount = 1;
user.FailedPasswordAnswerAttemptWindowStart = DateTime.Now;
}
}
}
/// <summary>
/// Clears a lock so that the membership user can be validated.
/// </summary>
/// <param name="userName">The membership user whose lock status you want to clear.</param>
/// <returns>
/// true if the membership user was successfully unlocked; otherwise, false.
/// </returns>
public override bool UnlockUser(string userName)
{
UserService UserService = new CMS.UserService();
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, userName);
if (user != null)
{
user.IsLockedOut = false;
user.LastLockedOutDate = DateTime.Now;
UserService.Save(user, CurrentPersonId());
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Gets the user from model.
/// </summary>
/// <param name="user">The user.</param>
/// <returns></returns>
private MembershipUser GetUserFromModel(Rock.CMS.User user)
{
DateTime now = DateTime.Now;
return(new MembershipUser(
this.Name,
user.Username,
user.PersonId,
user.Email,
user.PasswordQuestion,
user.Comment,
user.IsApproved ?? true,
user.IsLockedOut ?? false,
user.CreationDate ?? now,
user.LastLoginDate ?? now,
user.LastActivityDate ?? now,
user.LastPasswordChangedDate ?? now,
user.LastLockedOutDate ?? now));
}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <param name="username">The user to update the password for.</param>
/// <param name="oldPassword">The current password for the specified user.</param>
/// <param name="newPassword">The new password for the specified user.</param>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
UserService UserService = new UserService();
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);
if (user != null)
{
if (!ValidateUser(UserService, user, oldPassword))
{
return(false);
}
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new Exception("Change password canceled due to new password validation failure");
}
}
user.Password = EncodePassword(newPassword);
user.LastPasswordChangedDate = DateTime.Now;
UserService.Save(user, CurrentPersonId());
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Validates the user.
/// </summary>
/// <param name="UserService">The user service.</param>
/// <param name="user">The user.</param>
/// <param name="password">The password.</param>
/// <returns></returns>
private bool ValidateUser(UserService UserService, Rock.CMS.User user, string password)
{
if (EncodePassword(password) == user.Password)
{
if (user.IsApproved ?? false)
{
user.LastLoginDate = DateTime.Now;
UserService.Save(user, CurrentPersonId());
return(true);
}
else
{
return(false);
}
}
else
{
UpdateFailureCount(user, FailureType.Password);
UserService.Save(user, CurrentPersonId());
return(false);
}
}
/// <summary>
/// Gets user information from the data source based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
if (providerUserKey != null && providerUserKey is int)
{
UserService UserService = new CMS.UserService();
Rock.CMS.User user = UserService.Get(( int )providerUserKey);
if (user != null)
{
return(GetUser(UserService, user, userIsOnline));
}
else
{
return(null);
}
}
else
{
throw new ProviderException("Invalid providerUserKey");
}
}
/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <param name="username">The user to change the password question and answer for.</param>
/// <param name="password">The password for the specified user.</param>
/// <param name="newPasswordQuestion">The new password question for the specified user.</param>
/// <param name="newPasswordAnswer">The new password answer for the specified user.</param>
/// <returns>
/// true if the password question and answer are updated successfully; otherwise, false.
/// </returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
UserService UserService = new CMS.UserService();
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);
if (user != null)
{
if (!ValidateUser(UserService, user, password))
{
return(false);
}
user.PasswordQuestion = newPasswordQuestion;
user.PasswordAnswer = newPasswordAnswer;
UserService.Save(user, CurrentPersonId());
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Removes a user from the membership data source.
/// </summary>
/// <param name="username">The name of the user to delete.</param>
/// <param name="deleteAllRelatedData">true to delete data related to the user from the database; false to leave data related to the user in the database.</param>
/// <returns>
/// true if the user was successfully deleted; otherwise, false.
/// </returns>
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
UserService UserService = new CMS.UserService();
Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);
if (user != null)
{
try
{
UserService.Delete(user, CurrentPersonId());
UserService.Save(user, CurrentPersonId());
return(true);
}
catch (SystemException ex)
{
throw new ProviderException("Error occurred attempting to delete User", ex);
}
}
else
{
return(false);
}
}
protected void btnResetPassword_Click( object sender, EventArgs e )
{
user = userService.GetByConfirmationCode( ConfirmationCode );
ShowResetSuccess();
}
/// <summary>
/// Handles the Click event of the btnDelete control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void btnDelete_Click( object sender, EventArgs e )
{
user = userService.GetByConfirmationCode( ConfirmationCode );
ShowDeleted();
}
private XElement MenuXmlElement( int levelsDeep, User user )
{
if ( levelsDeep >= 0 && this.DisplayInNav( user ) )
{
XElement pageElement = new XElement( "page",
new XAttribute( "id", this.Id ),
new XAttribute( "title", this.Title ?? this.Name ),
new XAttribute( "url", this.Url),
new XAttribute( "display-description", this.MenuDisplayDescription.ToString().ToLower() ),
new XAttribute( "display-icon", this.MenuDisplayIcon.ToString().ToLower() ),
new XAttribute( "display-child-pages", this.MenuDisplayChildPages.ToString().ToLower() ),
new XElement( "description", this.Description ?? "" ),
new XElement( "icon-url", this.IconUrl ?? "" ) );
XElement childPagesElement = new XElement( "pages" );
pageElement.Add( childPagesElement );
if ( levelsDeep > 0 && this.MenuDisplayChildPages)
foreach ( Page page in Pages )
{
XElement childPageElement = page.MenuXmlElement( levelsDeep - 1, user );
if ( childPageElement != null )
childPagesElement.Add( childPageElement );
}
return pageElement;
}
else
return null;
}
/// <summary>
/// Returns XML for a page menu.
/// </summary>
/// <param name="levelsDeep">The page levels deep.</param>
/// <param name="user">The user.</param>
/// <returns></returns>
public XDocument MenuXml( int levelsDeep, User user )
{
XElement menuElement = MenuXmlElement( levelsDeep, user );
return new XDocument( new XDeclaration( "1.0", "UTF-8", "yes" ), menuElement );
}
private void UpdateFailureCount(User user)
{
int passwordAttemptWindow = 0;
int maxInvalidPasswordAttempts = int.MaxValue;
Rock.Web.Cache.GlobalAttributes globalAttributes = Rock.Web.Cache.GlobalAttributes.Read();
if ( !Int32.TryParse( globalAttributes.AttributeValue( "PasswordAttemptWindow" ), out passwordAttemptWindow ) )
passwordAttemptWindow = 0;
if ( !Int32.TryParse( globalAttributes.AttributeValue( "MaxInvalidPasswordAttempts" ), out maxInvalidPasswordAttempts ) )
maxInvalidPasswordAttempts = int.MaxValue;
DateTime firstAttempt = user.FailedPasswordAttemptWindowStart ?? DateTime.MinValue;
int attempts = user.FailedPasswordAttemptCount ?? 0;
TimeSpan window = new TimeSpan( 0, passwordAttemptWindow, 0 );
if ( DateTime.Now.CompareTo( firstAttempt.Add( window ) ) < 0 )
{
attempts++;
if ( attempts >= maxInvalidPasswordAttempts )
{
user.IsLockedOut = true;
user.LastLockedOutDate = DateTime.Now;
}
user.FailedPasswordAttemptCount = attempts;
}
else
{
user.FailedPasswordAttemptCount = 1;
user.FailedPasswordAttemptWindowStart = DateTime.Now;
}
}
/// <summary>
/// Return <c>true</c> if the user is authorized to perform the selected action on this object.
/// </summary>
/// <param name="action">The action.</param>
/// <param name="user">The user.</param>
/// <returns></returns>
public virtual bool Authorized( string action, User user )
{
return Security.Authorization.Authorized( this, action, user );
}
/// <summary>
/// Handles the Click event of the btnCodeReset control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void btnCodeReset_Click( object sender, EventArgs e )
{
ConfirmationCode = tbConfirmationCode.Text;
user = userService.GetByConfirmationCode( ConfirmationCode );
ShowResetPassword();
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <param name="username">The user name for the new user.</param>
/// <param name="password">The password for the new user.</param>
/// <param name="email">The e-mail address for the new user.</param>
/// <param name="passwordQuestion">The password question for the new user.</param>
/// <param name="passwordAnswer">The password answer for the new user</param>
/// <param name="isApproved">Whether or not the new user is approved to be validated.</param>
/// <param name="providerUserKey">The unique identifier from the membership data source for the user.</param>
/// <param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
/// </returns>
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
UserService UserService = new CMS.UserService();
if ((RequiresUniqueEmail && (GetUserNameByEmail(UserService, email) != String.Empty)))
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
MembershipUser membershipUser = GetUser(UserService, username, false);
if (membershipUser == null)
{
DateTime createDate = DateTime.Now;
Rock.CMS.User user = new Rock.CMS.User();
if (providerUserKey != null && providerUserKey is int)
{
user.PersonId = ( int )providerUserKey;
}
else
{
status = MembershipCreateStatus.InvalidProviderUserKey;
return(null);
}
user.ApplicationName = applicationName;
user.Username = username;
user.Password = EncodePassword(password);
user.PasswordQuestion = passwordQuestion;
user.PasswordAnswer = passwordAnswer;
user.IsApproved = isApproved;
user.Comment = string.Empty;
user.CreationDate = createDate;
user.LastPasswordChangedDate = createDate;
user.LastActivityDate = createDate;
user.IsLockedOut = false;
user.LastLockedOutDate = createDate;
user.FailedPasswordAttemptCount = 0;
user.FailedPasswordAttemptWindowStart = createDate;
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAnswerAttemptWindowStart = createDate;
user.AuthenticationType = (int)AuthenticationType.Database;
try
{
UserService.Add(user, CurrentPersonId());
UserService.Save(user, CurrentPersonId());
status = MembershipCreateStatus.Success;
}
catch
{
status = MembershipCreateStatus.ProviderError;
}
return(GetUser(UserService, user, false));
}
else
{
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
}
/// <summary>
/// Unlocks the user.
/// </summary>
/// <param name="user">The user.</param>
public void Unlock( User user )
{
user.IsLockedOut = false;
this.Save( user, null );
}
/// <summary>
/// Validates the specified user.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="password">The password.</param>
/// <returns></returns>
public bool Validate( User user, string password )
{
if ( EncodePassword( password ) == user.Password )
{
if ( user.IsConfirmed ?? false )
if ( !user.IsLockedOut.HasValue || !user.IsLockedOut.Value )
{
user.LastLoginDate = DateTime.Now;
this.Save( user, null );
return true;
}
return false;
}
else
{
UpdateFailureCount( user );
this.Save( user, null );
return false;
}
}
/// <summary>
/// Raises the <see cref="E:System.Web.UI.Control.Load"/> event.
/// </summary>
/// <param name="e">The <see cref="T:System.EventArgs"/> object that contains the event data.</param>
protected override void OnLoad( EventArgs e )
{
base.OnLoad( e );
pnlCode.Visible = false;
pnlConfirmed.Visible = false;
pnlResetPassword.Visible = false;
pnlResetSuccess.Visible = false;
pnlDelete.Visible = false;
pnlDeleted.Visible = false;
pnlInvalid.Visible = false;
userService = new UserService();
if (!Page.IsPostBack)
{
lDeleted.Text = AttributeValue( "DeletedCaption" );
string invalidCaption = AttributeValue( "InvalidCaption" );
if ( invalidCaption.Contains( "{0}" ) )
invalidCaption = string.Format( invalidCaption, ResolveUrl( "~/NewAccount" ) );
lInvalid.Text = invalidCaption;
ConfirmationCode = Request.QueryString["cc"];
user = userService.GetByConfirmationCode( ConfirmationCode );
string action = Request.QueryString["action"] ?? "";
switch ( action.ToLower() )
{
case "delete":
ShowDelete();
break;
case "reset":
ShowResetPassword();
break;
default:
ShowConfirmed();
break;
}
}
}
private void LogError(Exception ex, int parentException, string status, System.Web.HttpContext context)
{
try
{
// get the current user
Rock.CMS.User user = Rock.CMS.UserService.GetCurrentUser();
// save the exception info to the db
ExceptionLogService service = new ExceptionLogService();
ExceptionLog exceptionLog = new ExceptionLog();;
exceptionLog.ParentId = parentException;
exceptionLog.ExceptionDate = DateTime.Now;
if (ex.InnerException != null)
{
exceptionLog.HasInnerException = true;
}
exceptionLog.Description = ex.Message;
exceptionLog.StackTrace = ex.StackTrace;
exceptionLog.Source = ex.Source;
exceptionLog.StatusCode = status;
if (context.Items["Rock:SiteId"] != null)
{
exceptionLog.SiteId = Int32.Parse(context.Items["Rock:SiteId"].ToString());
}
if (context.Items["Rock:PageId"] != null)
{
exceptionLog.PageId = Int32.Parse(context.Items["Rock:PageId"].ToString());
}
exceptionLog.ExceptionType = ex.GetType().Name;
exceptionLog.PageUrl = context.Request.RawUrl;
exceptionLog.QueryString = context.Request.QueryString.ToString();
// write cookies
StringBuilder cookies = new StringBuilder();
cookies.Append("<table class=\"cookies\">");
foreach (string cookie in context.Request.Cookies)
{
cookies.Append("<tr><td><b>" + cookie + "</b></td><td>" + context.Request.Cookies[cookie].Value + "</td></tr>");
}
cookies.Append("</table>");
exceptionLog.Cookies = cookies.ToString();
// write form items
StringBuilder formItems = new StringBuilder();
cookies.Append("<table class=\"formItems\">");
foreach (string formItem in context.Request.Form)
{
cookies.Append("<tr><td><b>" + formItem + "</b></td><td>" + context.Request.Form[formItem].ToString() + "</td></tr>");
}
cookies.Append("</table>");
exceptionLog.Form = formItems.ToString();
// write server vars
StringBuilder serverVars = new StringBuilder();
cookies.Append("<table class=\"server-variables\">");
foreach (string serverVar in context.Request.ServerVariables)
{
serverVars.Append("<tr><td><b>" + serverVar + "</b></td><td>" + context.Request.ServerVariables[serverVar].ToString() + "</td></tr>");
}
cookies.Append("</table>");
exceptionLog.ServerVariables = serverVars.ToString();
if (user != null)
{
exceptionLog.PersonId = user.PersonId;
}
service.Add(exceptionLog, null);
service.Save(exceptionLog, null);
// log inner exceptions
if (ex.InnerException != null)
{
LogError(ex.InnerException, exceptionLog.Id, status, context);
}
}
catch (Exception exception)
{
// if you get an exception while logging an exception I guess you're hosed...
}
}
/// <summary>
/// Handles the Click event of the btnCodeDelete control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void btnCodeDelete_Click( object sender, EventArgs e )
{
ConfirmationCode = tbConfirmationCode.Text;
user = userService.GetByConfirmationCode( ConfirmationCode );
ShowDelete();
}
/// <summary>
/// <c>true</c> or <c>false</c> value of whether the page can be displayed in a navigation menu
/// based on the <see cref="DisplayInNavWhen"/> property value and the security of the currently logged in user
/// </summary>
/// <param name="user">The current user.</param>
/// <returns></returns>
public bool DisplayInNav( User user )
{
switch ( this.DisplayInNavWhen )
{
case CMS.DisplayInNavWhen.Always:
return true;
case CMS.DisplayInNavWhen.WhenAllowed:
return this.Authorized( "View", user );
default:
return false;
}
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity"></param>
/// <param name="action"></param>
/// <param name="user"></param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, Rock.CMS.User user)
{
// return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty );
//}
///// <summary>
///// Evaluates whether a selected user is allowed to perform the selected action on the selected
///// entity.
///// </summary>
///// <param name="entity">The entity.</param>
///// <param name="action">The action.</param>
///// <param name="userName">Name of the user.</param>
///// <returns></returns>
//private static bool Authorized( ISecured entity, string action, string userName )
//{
// If there's no Authorizations object, create it
if (Authorizations == null)
{
Load();
}
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if (Authorizations.Keys.Contains(entity.AuthEntity) &&
Authorizations[entity.AuthEntity].Keys.Contains(entity.Id) &&
Authorizations[entity.AuthEntity][entity.Id].Keys.Contains(action))
{
string userName = user != null?user.Person.Guid.ToString() : string.Empty;
foreach (AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action])
{
// All Users
if (authRule.SpecialRole == SpecialRole.AllUsers)
{
return(authRule.AllowOrDeny == "A");
}
// All Authenticated Users
if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
// All Unauthenticated Users
if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
if (authRule.SpecialRole == SpecialRole.None && userName != string.Empty)
{
// See if person has been authorized to entity
if (authRule.PersonId.HasValue &&
user.PersonId.HasValue &&
authRule.PersonId.Value == user.PersonId.Value)
{
return(authRule.AllowOrDeny == "A");
}
// See if person is in role authorized
if (authRule.GroupId.HasValue)
{
Role role = Role.Read(authRule.GroupId.Value);
if (role != null && role.UserInRole(userName))
{
return(authRule.AllowOrDeny == "A");
}
}
}
}
}
// If not match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if (entity.ParentAuthority != null)
{
return(Authorized(entity.ParentAuthority, action, user));
}
else
{
return(entity.DefaultAuthorization(action));
}
}
/// <summary>
/// Returns XML for a page menu. XML will be 1 level deep
/// </summary>
/// <param name="user">The user.</param>
/// <returns></returns>
public XDocument MenuXml( User user )
{
return MenuXml( 1, user );
}
/// <summary>
/// Creates a new user.
/// </summary>
/// <param name="person">The person.</param>
/// <param name="authenticationType">Type of the authentication.</param>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <param name="isConfirmed">if set to <c>true</c> [is confirmed].</param>
/// <param name="currentPersonId">The current person id.</param>
/// <returns></returns>
public User Create( Rock.CRM.Person person,
AuthenticationType authenticationType,
string username,
string password,
bool isConfirmed,
int? currentPersonId )
{
User user = this.GetByUserName( username );
if ( user != null )
throw new ArgumentOutOfRangeException( "username", "Username already exists" );
DateTime createDate = DateTime.Now;
user = new User();
user.UserName = username;
user.Password = EncodePassword( password );
user.IsConfirmed = isConfirmed;
user.CreationDate = createDate;
user.LastPasswordChangedDate = createDate;
if ( person != null )
user.PersonId = person.Id;
user.AuthenticationType = authenticationType;
this.Add( user, currentPersonId );
this.Save( user, currentPersonId );
return user;
}
/// <summary>
/// Changes the password.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="password">The password.</param>
public void ChangePassword( User user, string password )
{
user.Password = EncodePassword( password );
user.LastPasswordChangedDate = DateTime.Now;
}