public void VerifyAccess(params string[] permissionPrefix)
{
//verify permission
bool hasPermission = SessionProps.HasPermission("ADMIN_SYSTEM");
if (!hasPermission)
{
foreach (var permission in permissionPrefix)
{
//one of the required permissions is enough
if (SessionProps.HasPermission(permission))
{
hasPermission = true;
}
}
}
if (!hasPermission)
{
//log the attempted breach
MailAndLog.SendMessage("Försök att öppna säkrad sida",
String.Format("Användaren: {0} med guid: {1} försökte öppna sidan: {2}.", SessionProps.UserName, SessionProps.UserGuid.ToString(), GetType().BaseType.FullName),
Parameters.Instance.MailSender, Parameters.Instance.SupportMail);
throw new AccessViolationException("Attempt to open restricted page");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
var team = new UserTeamManagement(Global.ConnectionString, SessionProps).GetTeam(TeamId);
//check that it's the users team
//verify team owner
if (team.UserGUID != SessionProps.UserGuid && !SessionProps.HasPermission("ADMIN"))
{
//log the attempted breach
MailAndLog.SendMessage("Försök att sabba lag",
String.Format("Användaren: {0} med guid: {1} försökte ändra bild på laget: {2} med guid: {3}", SessionProps.UserName, SessionProps.UserGuid.ToString(), team.Name, team.GUID),
Parameters.Instance.MailSender, Parameters.Instance.SupportMail);
throw new AccessViolationException("Attempt to tamper with other users team");
}
if (!String.IsNullOrEmpty(team.Picture))
{
uploadImage.UploadUserImage(team.Picture);
}
else
{
uploadImage.UploadUserImage();
}
}
}
public static void SendAndLogErrorMessage(Exception exception, string mailSender, string mailRecipient)
{
//info on current session
var messageBody = String.Empty;
//info of the session
messageBody += "<h4>Session info:</h4>";
if (Global.SessionProperties.UserName != null)
{
messageBody += "<p>Username: "******"</p>";
}
else
{
messageBody += "<p>Anonymous</p>";
}
//info of the request/browser
if (HttpContext.Current != null)
{
var request = HttpContext.Current.Request;
messageBody += "<h4>Request/browser info:</h4>";
messageBody += "<ul>";
messageBody += "<li>Path: ";
messageBody += request.Url;
messageBody += "</li>";
messageBody += "<li>UserAgent: ";
messageBody += request.UserAgent;
messageBody += "</li>";
messageBody += "<li>UserHostAddress: ";
messageBody += request.UserHostAddress;
messageBody += "</li>";
messageBody += "</ul>";
}
//info of the error
messageBody += "<h4>Error info:</h4>";
messageBody += "<p>" + HttpUtility.HtmlEncode(exception.Message).Replace("\n", "<br/>") + "</p>";
messageBody += "<p><small>" + HttpUtility.HtmlEncode(exception.StackTrace).Replace("\n", "<br/>") + "<small></p>";
MailAndLog.SendMessage("IntiFel (" + exception.GetType().Name + ")", messageBody, mailSender, mailRecipient);
}
private void LoadTournament()
{
var tournamentGUID = this.GetRedirectParameter("tournamentGUID", false);
if (tournamentGUID != null)
{
using (var db = Global.GetConnection())
{
var tournament = db.Ext_PrivateTournament.Single(t => t.GUID == new Guid(tournamentGUID.ToString()));
//verify tournament owner
if (tournament.Sys_User.GUID != SessionProps.UserGuid && !SessionProps.HasPermission("ADMIN"))
{
//log the attempted breach
MailAndLog.SendMessage("Försök att sabba turnering",
String.Format("Användaren: {0} med guid: {1} försökte öppna turneringen: {2} med guid: {3}", SessionProps.UserName, SessionProps.UserGuid.ToString(), tournament.Name, tournament.GUID),
Parameters.Instance.MailSender, Parameters.Instance.SupportMail);
throw new AccessViolationException("Attempt to open other users tournament");
}
Name.Text = tournament.Name;
Description.Text = tournament.Description;
IsVisibleForAll.Checked = (tournament.IsLimitedInTime ?? false);
if (tournament.IsLimitedInTime ?? true)
{
rblDateLimitation.SelectedValue = "datum";
pnlDateLimitation.Visible = true;
pnlDayLimitation.Visible = false;
StartDate.Text = (tournament.StartDate ?? DateTime.Now).ToShortDateString();
EndDate.Text = (tournament.EndDate ?? DateTime.Now).ToShortDateString();
}
else
{
rblDateLimitation.SelectedValue = "omg";
pnlDateLimitation.Visible = false;
pnlDayLimitation.Visible = true;
drpStartDay.SelectedIndex = (tournament.StartDay ?? 2) - 1;
drpEndDay.SelectedIndex = (tournament.EndDay ?? 2) - 1;
}
LoadParticipants(tournament.GUID, db);
}
}
}
