void OnValidateForm(AjaxFormSubmittedValues form) { switch (form.FormName) { case "UserEditForm": ValidateStandardUserFormBlock(form.Blocks["MainUserFields"], form.RecordID, false, false); break; case "RoleEditForm": foreach (AjaxFormSubmittedValues.Field fld in form.Blocks["RoleDetails"].Fields.Values) { switch (fld.Name) { case "Name": if (fld.Value.Trim().Length == 0) { fld.ErrorMessage = "A role name is required"; } break; } } break; } }
void OnSaveForm(AjaxFormSubmittedValues form) { List <string> roleCodes = new List <string>(), permissionTypeCodes = new List <string>(); switch (form.FormName) { case "UserEditForm": if (!WebAuthentication.VerifyAccess(PermissionType.UserAdministrator)) { return; } AjaxFormSubmittedValues.Block block = form.Blocks["MainUserFields"]; string pw = block.Fields["Password"].Value; bool enabled = block.Fields["Enabled"].Value == "True"; if (pw.Length == 0) { pw = null; } User user; if (form.RecordID == null) { user = new User( SecurityProvider.ClientSpaceID, block.Fields["Username"].Value, pw, block.Fields["FirstName"].Value, block.Fields["Surname"].Value, block.Fields["Email"].Value, enabled, false, false, 0); Result result = SecurityProvider.DataLayer.Store(user); if (!result.Succeeded) { throw new AjaxException(result.Message); } if (OnUserSaved != null) { OnUserSaved(form, user); } form.RecordID = user.UserID; } else { user = User.Select(form.RecordID.Value); //if (!CurrentUser.CanModifyUser(user)) // throw new AjaxException("You don't have access to modify that user."); user.Username = block.Fields["Username"].Value; if (pw != null) { user.Password = pw; } user.FirstName = block.Fields["FirstName"].Value; user.Surname = block.Fields["Surname"].Value; user.Email = block.Fields["Email"].Value; user.Enabled = enabled; SecurityProvider.DataLayer.Store(user); //user.Save(); if (OnUserSaved != null) { OnUserSaved(form, user); } if (user.Locked) { return; // don't muck with permissions/roles } } if (user.Username != SecurityProvider.CurrentUser.Username) // users can't alter their own permissions { if (form.Blocks.ContainsKey("Roles")) { foreach (KeyValuePair <string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Roles"].Fields) { if (SecurityProvider.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role { if (kvp.Value.Value == "True") { roleCodes.Add(kvp.Value.Name); } } } } //sql.AppendFormat("exec AssignUserToRole '{0}', '{1}'\r\n", user.UserID, kvp.Value.Name.Replace("'", "''")); if (form.Blocks.ContainsKey("Permissions")) { foreach (KeyValuePair <string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Permissions"].Fields) { if (SecurityProvider.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role { if (kvp.Value.Value == "True") { permissionTypeCodes.Add(kvp.Value.Name); } } } } //sql.AppendFormat("exec AssignPermission '{0}', null, '{1}'\r\n", kvp.Value.Name.Replace("'", "''"), user.UserID); //if (sql.Length == 0) return; SecurityProvider.DataLayer.SetRolesAndPermissionsForUser(user.UserID, roleCodes, permissionTypeCodes); //user.RevokeRolesAndPermissions(); // revoke any pre-existing permissions/roles before we assign the new ones //Database.Main.CreateCommand(sql.ToString(), CommandType.Text).ExecuteNonQuery(); } break; case "RoleEditForm": if (!WebAuthentication.VerifyAccess(PermissionType.RoleAdministrator)) { return; } block = form.Blocks["RoleDetails"]; string name = block.Fields["Name"].Value; enabled = block.Fields["Enabled"].Value == "True"; Role role; if (form.RecordID == null) { role = new Role(); role.RoleID = DatabaseManager.GetUniqueID(); role.RoleCode = role.RoleID.ToString(); // role codes are only used by system roles role.ClientSpaceID = SecurityProvider.ClientSpaceID; } else { role = Role.Select(form.RecordID.Value); if (role == null) { return; } if (role.Locked) { return; // locked roles aren't supposed to be edited by users } } role.Name = name; role.Enabled = enabled; SecurityProvider.DataLayer.Store(role); //((SecurityProvider)Core.Instance["SecurityProvider"]).SaveRole(role); //sql = new StringBuilder(); if (form.Blocks.ContainsKey("Roles")) { foreach (KeyValuePair <string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Roles"].Fields) { if (SecurityProvider.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role { if (kvp.Value.Value == "True") { roleCodes.Add(kvp.Value.Name); } } } } //sql.AppendFormat("exec InheritRoleFrom '{0}', '{1}'\r\n", role.RoleID, kvp.Value.Name.Replace("'", "''")); if (form.Blocks.ContainsKey("Permissions")) { foreach (KeyValuePair <string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Permissions"].Fields) { if (SecurityProvider.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role { if (kvp.Value.Value == "True") { permissionTypeCodes.Add(kvp.Value.Name); } } } } //sql.AppendFormat("exec AssignPermission '{0}', null, '{1}'\r\n", kvp.Value.Name.Replace("'", "''"), role.RoleID); SecurityProvider.DataLayer.SetRolesAndPermissionsForRole(role.RoleID, roleCodes, permissionTypeCodes); //role.RevokeRolesAndPermissions(); // revoke any pre-existing permissions/roles before we assign the new ones //if (sql.Length == 0) return; //Database.Main.CreateCommand(sql.ToString(), CommandType.Text).ExecuteNonQuery(); break; } }
public User SaveStandardUserFormDetails(AjaxFormSubmittedValues form, string blockName, bool?enabled) { AjaxFormSubmittedValues.Block block = form.Blocks[blockName]; string pw; if (block.Fields.ContainsKey("Password1")) { pw = block.Fields["Password1"].Value; } else { pw = block.Fields["Password"].Value; } if (pw.Length == 0) { pw = null; } User user; if (form.RecordID == null) { user = new User( SecurityProvider.ClientSpaceID, block.Fields["Username"].Value, pw, block.Fields["FirstName"].Value, block.Fields["Surname"].Value, block.Fields["Email"].Value, enabled == null ? (block.Fields["Enabled"].Value == "True") : enabled.Value, false, false, 0); if (OnBeforeSaveUser != null) { OnBeforeSaveUser(form, user); } SecurityProvider.DataLayer.Store(user); form.RecordID = user.UserID; } else { long myuserid = SecurityProvider.CurrentUser.UserID; // string myoldusername = CurrentUser.Username; user = User.Select(form.RecordID.Value); // user.Username = block.Fields["Username"].Value; if (pw != null) { user.Password = pw; } user.FirstName = block.Fields["FirstName"].Value; user.Surname = block.Fields["Surname"].Value; user.Email = block.Fields["Email"].Value; user.Enabled = enabled == null ? (block.Fields["Enabled"].Value == "True") : enabled.Value; if (OnBeforeSaveUser != null) { OnBeforeSaveUser(form, user); } SecurityProvider.DataLayer.Store(user); /* we're not going to allow the user to change their username, so this code is commented out * if (myuserid == user.UserID && (pw != null || user.Username != myoldusername)) // changing username or password causes login cookie to become invalid * WebAuthentication.Instance.WriteAuthenticationCookie( * user.Username, * pw != null ? Crypto.EncryptOneWay(pw) : user.PasswordHash, * WebAuthentication.Instance.StoreAjaxAuthKey(user.Username), * 1440); */ } return(user); }