protected override void OnCreatedUser(EventArgs e) { // Note: this doesn't run using the privileges of the anonymous user, so we elevate them // Also, you can't use the original Site even with elevated privileges, otherwise it reverts back to anonymous. SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site2 = new SPSite(SPContext.Current.Site.ID, SPContext.Current.Site.Zone)) { using (SPWeb web2 = site2.OpenWeb(SPContext.Current.Web.ID)) { // from this point allowunsafeupdates is required because the call is initiated from a browser with // anonymouse rights only web2.AllowUnsafeUpdates = true; MembershipRequest request = new MembershipRequest(); request.UserEmail = this.Email; request.UserName = this.UserName; if (System.Web.Security.Membership.RequiresQuestionAndAnswer) { request.PasswordQuestion = this.Question; request.PasswordAnswer = this.Answer; } request.FirstName = this.FirstName; request.LastName = this.LastName; request.DefaultGroup = this._DefaultGroup; request.SiteName = web2.Title; request.SiteURL = web2.Url; MembershipSettings settings = new MembershipSettings(web2); if (settings.ReviewMembershipRequests) { request.LoginCreatedUser = false; if (!MembershipRequest.CopyToReviewList(request)) { lblError.Text = this.UnknownErrorMessage; return; } } else { #region Process new user request if we're NOT using the Request List if (!AutoGeneratePassword) { request.Password = this.Password; } request.ChangePasswordURL = Utils.GetAbsoluteURL(web2, settings.ChangePasswordPage); request.LoginCreatedUser = SPLoginCreatedUser; try { MembershipRequest.ApproveMembership(request, web2); } catch (Exception ex) { Utils.LogError(ex); this.lblCompleteSuccess.Text = this.UnknownErrorMessage; return; } #endregion } this.MoveTo(this.CompleteStep); } } }); }
public override void ItemUpdated(SPItemEventProperties properties) { this.EventFiringEnabled = false; SPListItem item = null; SPList list = null; MembershipStatus status; try { item = properties.ListItem; if (item != null) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site = new SPSite(item.Web.Site.ID, item.Web.Site.Zone)) { using (SPWeb web = site.OpenWeb(item.Web.ID)) { if (web != null) { site.AllowUnsafeUpdates = true; web.AllowUnsafeUpdates = true; list = item.ParentList; status = (MembershipStatus)Utils.GetChoiceIndex(list.Fields.GetFieldByInternalName(MembershipReviewListFields.STATUS) as SPFieldChoice, item[MembershipReviewListFields.STATUS].ToString()); switch (status) { case MembershipStatus.Approved: // TODO: rdcpro: if CreateUser in the ApproveMembership call fails, the user in the MemberShipRequest list needs to be marked somehow so that the approver knows what the problem is. // Maybe the list should have the "LastError" field which will get the error info, or else the status can have an extra error value in addition to pending | approved | rejected // Then in the calling code, we must not delete the item from the list! // It would have been better if ApproveMembership returned a status code, rather than use exception handling, but here we are. MembershipRequest.ApproveMembership(GetMembershipRequest(web, item), web); item.Delete(); list.Update(); break; case MembershipStatus.Pending: break; case MembershipStatus.Rejected: if (!MembershipRequest.RejectMembership(GetMembershipRequest(web, item), web)) { throw new Exception("Error rejecting membership"); } //bms Removed Delete from Reject Membership to allow administrators to approve user later and delete with UI //item.Delete(); //list.Update(); break; } } } } }); } } catch (Exception ex) { throw new Exception("Error updating item in Membership Request List", ex); } finally { this.EventFiringEnabled = true; } }