public int addUser(WebUser webUser, int currentUserId) { // Anonymous access allowed, needs safe-guard. if (true) { // Do not allow duplicate email addresses. int others = db.Users.Count(u => u.email == webUser.email); if (others > 0) { throw new Exception("Email address is already in use"); } User user = new User(); user.isActive = webUser.isActive; user.name = webUser.name; user.email = webUser.email; if (!(webUser.type == "volunteer" || webUser.type == "company" || (webUser.type == "admin" && currentUserId != -1 && this.getMe(currentUserId).type == "admin"))) { throw new Exception("Invalid new user type: " + webUser.type); } user.type = webUser.type; user.address = webUser.address; user.city = webUser.city; user.state = webUser.state; user.zip = webUser.zip; user.phone = webUser.phone; user.dateOfBirth = webUser.dateOfBirth; user.tshirtSize = webUser.tshirtSize; user.companyName = webUser.companyName; user.dateCreated = DateTime.UtcNow; if (webUser.newPassword == null) { throw new Exception("Password is required"); } Passwords.updateUserPassword(user, webUser.newPassword); user.hasTempPassword = false; user.tempPasswordDate = DateTime.UtcNow; db.Users.Add(user); db.SaveChanges(); Email.sendNewAccount(webUser); return user.id; } else { throw new PermissionDeniedException(); } }
public HttpResponseMessage PutUser(int id, WebUser user) { if (!ModelState.IsValid || user == null || id != user.id) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState); } try { repo.updateUser(this.currentUserId, id, user); return Request.CreateResponse(HttpStatusCode.OK, id); } catch (Exception e) { return Request.CreateResponse(HttpStatusCode.BadRequest, e); } }
public HttpResponseMessage PostUser(WebUser user) { if (!ModelState.IsValid || user == null) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState); } try { int id = repo.addUser(user, this.currentUserId); return Request.CreateResponse(HttpStatusCode.Created, id); } catch (Exception e) { return Request.CreateResponse(HttpStatusCode.BadRequest, e); } }
public void updateUser(int currentUserId, int id, WebUser webUser) { this.me = getMe(currentUserId); User user = db.Users.FirstOrDefault(u => u.id == id); if (user != null && (me.id == id || me.type == "admin")) { // Do not allow duplicate email addresses. int others = db.Users.Count(u => u.email == webUser.email && u.id != id); if (others > 0) { throw new Exception("Email address is already in use"); } // Do not allow a user to make their own account inactive (or re-activate it). if (me.id != id) { user.isActive = webUser.isActive; } user.name = webUser.name; user.email = webUser.email; if (webUser.type != "admin" && (webUser.type == "volunteer" || webUser.type == "company")) { user.type = webUser.type; } user.address = webUser.address; user.city = webUser.city; user.state = webUser.state; user.zip = webUser.zip; user.phone = webUser.phone; user.dateOfBirth = webUser.dateOfBirth; user.tshirtSize = webUser.tshirtSize; user.companyName = webUser.companyName; if (webUser.newPassword != null && me.id == id) { Passwords.updateUserPassword(user, webUser.newPassword); } db.SaveChanges(); } else { throw new PermissionDeniedException(); } }