public int Merge(ManagedSecurityContext sec, int id) { if (!sec.IsAdministrator()) { throw new ManagedAccount.AccessDeniedException(); } if (id == mInstance.Id) { throw new Exception("Cannot merge neighborhood into self"); } int count = 0; Neighborhood merge = Session.Load <Neighborhood>(id); // update places if (merge.Places != null) { count += merge.Places.Count; foreach (Place place in merge.Places) { place.Neighborhood = mInstance; place.City = mInstance.City; Session.Save(place); } } // update accounts - TODO when extended // update account addresses - TODO when extended Session.Delete(merge); return(count); }
protected override void Check(TransitAccountEmailMessage t_instance, ManagedSecurityContext sec) { if (!string.IsNullOrEmpty(t_instance.MailFrom) && sec.IsAdministrator()) { // administrator can force a MailFrom address to whatever mInstance.MailFrom = t_instance.MailFrom; } else { Account user = t_instance.GetOwner(Session, t_instance.AccountId, sec); ManagedAccount m_user = new ManagedAccount(Session, user); string mailfrom = string.Empty; // a user is required to have a valid e-mail address if (!m_user.TryGetVerifiedEmailAddress(out mailfrom, sec)) { throw new ManagedAccount.NoVerifiedEmailException(); } // if the user didn't specify the address, user his verified e-mail if (string.IsNullOrEmpty(t_instance.MailFrom)) { mInstance.MailFrom = new MailAddress(mailfrom, m_user.Name).ToString();; } // if the user specified a different e-mail address, don't let him send else if (t_instance.MailFrom != mailfrom) { throw new ManagedAccount.AccessDeniedException(); } } base.Check(t_instance, sec); }
public override TransitAccountInvitation GetTransitInstance(ManagedSecurityContext sec) { TransitAccountInvitation t_instance = base.GetTransitInstance(sec); if (sec.IsAdministrator()) { t_instance.Code = mInstance.Code; } return(t_instance); }
public Account GetOwner(ISession session, int id, ManagedSecurityContext sec) { if (id == 0 || sec.Account == null) { return(sec.Account); // current security context id } if (id != 0 && id == sec.Account.Id) { return(sec.Account); // the id requested matches the security context id } if (id != 0 && sec.IsAdministrator()) { return(session.Load <Account>(id)); // the administrator can get any id } if (id != 0 && !sec.IsAdministrator()) { throw new ManagedAccount.AccessDeniedException(); // attempt to change ownership } return(sec.Account); // whatever is in the security context }
public void Send(ManagedSecurityContext sec, TransitAccountEmailMessage t_instance) { if (!sec.IsAdministrator()) { throw new ManagedAccount.AccessDeniedException(); } SmtpClient smtp = GetSmtpClientInstance(Session); MailMessage message = GetMessageInstance(Session, t_instance.GetInstance(Session, sec)); smtp.Send(message); }
public override AccountInvitation GetInstance(ISession session, ManagedSecurityContext sec) { AccountInvitation instance = base.GetInstance(session, sec); if (Id == 0) { // invitations cannot be modified post-send instance.Email = this.Email; // admin can force a particular code (for unit testing) instance.Code = (sec.IsAdministrator() && !string.IsNullOrEmpty(this.Code)) ? this.Code : Guid.NewGuid().ToString(); instance.Message = this.Message; instance.Account = GetOwner(session, AccountId, sec); instance.Failed = this.Failed; instance.LastError = this.LastError; instance.AccountGroup = (this.AccountGroupId != 0) ? session.Get <AccountGroup>(this.AccountGroupId) : null; } return(instance); }
public void DeleteAccountWithOptions(string ticket, int id, TransitAccountDeleteOptions options) { using (SnCore.Data.Hibernate.Session.OpenConnection()) { ISession session = SnCore.Data.Hibernate.Session.Current; ManagedSecurityContext sec = new ManagedSecurityContext(session, ticket); ManagedAccount user = new ManagedAccount(session, id); if (user.IsAdministrator()) { throw new Exception( "You cannot delete an administrative account."); } if (sec.Account.Id != user.Id) { if (!sec.IsAdministrator()) { // only admin can delete other people's account throw new ManagedAccount.AccessDeniedException(); } } if (options != null && options.DeleteContent) { if (!sec.IsAdministrator()) { // only admin can delete other people's content throw new ManagedAccount.AccessDeniedException(); } user.DeleteContent(sec); } } WebServiceImpl<TransitAccount, ManagedAccount, Account>.Delete( ticket, id); }
public void DeleteAllFeatures(string ticket, TransitFeature token) { using (SnCore.Data.Hibernate.Session.OpenConnection()) { ISession session = SnCore.Data.Hibernate.Session.Current; ManagedSecurityContext sec = new ManagedSecurityContext(session, ticket); if (!sec.IsAdministrator()) { throw new ManagedAccount.AccessDeniedException(); } ManagedFeature.Delete(session, token.DataObjectName, token.DataRowId); SnCore.Data.Hibernate.Session.Flush(); } }
public int Merge(ManagedSecurityContext sec, string name, string state, string country) { if (!sec.IsAdministrator()) { throw new ManagedAccount.AccessDeniedException(); } int count = 0; // update accounts ICriteria accounts_criteria = Session.CreateCriteria(typeof(Account)).Add(Expression.Eq("City", name)); if (string.IsNullOrEmpty(state)) { accounts_criteria.Add(Expression.IsNull("State")); } else { accounts_criteria.Add(Expression.Eq("State.Id", ManagedState.GetStateId(Session, state, country))); } if (string.IsNullOrEmpty(country)) { accounts_criteria.Add(Expression.IsNull("Country")); } else { accounts_criteria.Add(Expression.Eq("Country.Id", ManagedCountry.GetCountryId(Session, country))); } IList <Account> accounts = accounts_criteria.List <Account>(); count += accounts.Count; foreach (Account account in accounts) { account.City = mInstance.Name; account.Country = mInstance.Country; account.State = mInstance.State; Session.Save(account); } // update account addresses ICriteria accountaddresses_criteria = Session.CreateCriteria(typeof(AccountAddress)).Add(Expression.Eq("City", name)); if (string.IsNullOrEmpty(state)) { accountaddresses_criteria.Add(Expression.IsNull("State")); } else { accountaddresses_criteria.Add(Expression.Eq("State.Id", ManagedState.GetStateId(Session, state, country))); } if (string.IsNullOrEmpty(country)) { accountaddresses_criteria.Add(Expression.IsNull("Country")); } else { accountaddresses_criteria.Add(Expression.Eq("Country.Id", ManagedCountry.GetCountryId(Session, country))); } IList <AccountAddress> accountaddresses = accountaddresses_criteria.List <AccountAddress>(); count += accountaddresses.Count; foreach (AccountAddress accountaddress in accountaddresses) { accountaddress.City = mInstance.Name; accountaddress.Country = mInstance.Country; accountaddress.State = mInstance.State; Session.Save(accountaddress); } return(count); }
public int Merge(ManagedSecurityContext sec, int id) { if (!sec.IsAdministrator()) { throw new ManagedAccount.AccessDeniedException(); } if (id == mInstance.Id) { throw new Exception("Cannot merge city into self"); } int count = 0; City merge = Session.Load <City>(id); // update accounts IList accounts = Session.CreateCriteria(typeof(Account)) .Add(Expression.Eq("City", merge.Name)) .List(); count += accounts.Count; foreach (Account account in accounts) { account.City = mInstance.Name; Session.Save(account); } // update account addresses IList accountaddresses = Session.CreateCriteria(typeof(AccountAddress)) .Add(Expression.Eq("City", merge.Name)) .List(); count += accountaddresses.Count; foreach (AccountAddress accountaddress in accountaddresses) { accountaddress.City = mInstance.Name; Session.Save(accountaddress); } // merge neighborhoods foreach (Neighborhood nh in merge.Neighborhoods) { Neighborhood t_nh = Session.CreateCriteria(typeof(Neighborhood)) .Add(Expression.Eq("City.Id", mInstance.Id)) .Add(Expression.Eq("Name", nh.Name)) .UniqueResult <Neighborhood>(); if (t_nh != null) { ManagedNeighborhood m_nh = new ManagedNeighborhood(Session, t_nh); count += m_nh.Merge(sec, nh.Id); } else { nh.City = mInstance; Session.Save(nh); } } // merge places that don't have a neighborhood if (merge.Places != null) { count += merge.Places.Count; foreach (Place place in merge.Places) { place.City = mInstance; Session.Save(place); } } if (merge.PlaceChangeRequests != null) { count += merge.PlaceChangeRequests.Count; foreach (PlaceChangeRequest request in merge.PlaceChangeRequests) { request.City = mInstance; Session.Save(request); } } Session.Delete(merge); return(count); }