protected override bool OnValidate()
{
_sessionUser = SessionVariables.User;
var valid = true;
_role = Role.Query.SingleOrDefault(r => r.Id == RoleId);
if (_role == null)
{
AddMessage(nameof(RoleId), new Message("Role does not exist", MessageTypes.Error));
return(false);
}
if (Admin.Query.Any(a => a.Email == Email))
{
AddMessage(nameof(Email), new Message("Email is already in use", MessageTypes.Warning));
valid = false;
}
if (!string.IsNullOrEmpty(Password) && !Password.Equals(VerifyPassword))
{
AddMessage(nameof(Password), new Message("Passwords do not match", MessageTypes.Warning));
valid = false;
}
return(valid);
}
public static bool IsInRoles(this NTGPrincipal principal, string[] roles)
{
var user = SessionVariables.User;
if (user == null)
{
return(false);
}
return(user.Roles.Any(r => roles.Contains(r)));
}
public static void LogSiteAction(HttpRequestBase request, NTGPrincipal user, string action, int?pageId, string pageName, int?moduleId, string moduleType, NTGDBTransactional transaction = null)
{
try
{
var log = new SiteLog
{
AdminId = user.Id,
Date = DateTime.UtcNow,
Action = action,
IPAddress = HttpContext.Current.Request.UserHostAddress,
Page = pageId != null ? ((!string.IsNullOrEmpty(pageName) ? "Page: " + pageName + ", " : string.Empty) + "Id:" + pageId) : string.Empty,
Module = moduleId != null ? ((!string.IsNullOrEmpty(moduleType) ? "Module: " + moduleType + ", " : string.Empty) + "Id:" + moduleId) : string.Empty,
};
log.Save(transaction);
}
catch (Exception ex)
{
LogError(request, ex);
}
}
public static void LogSecurityAction(HttpRequest request, NTGPrincipal user, string action, NTGDBTransactional transaction = null)
{
try
{
var log = new SecurityLog
{
Browser = request.UserAgent,
Date = DateTime.UtcNow,
IPAddress = request.UserHostAddress,
Action = action,
UserId = user.Id,
UserEmail = user.Email,
UserType = string.Join(",", user.Roles)
};
log.Save(transaction);
}
catch (Exception ex)
{
LogError(request, ex);
}
}
protected override bool OnValidate()
{
_sessionUser = SessionVariables.User;
var valid = true;
_admin = Admin.Query.Include(nameof(Admin.Role)).SingleOrDefault(a => a.Email == User);
if (_admin == null)
{
AddMessage(Message.GLOBAL, new Message("User " + User + " does not exist", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to edit non-existing admin '" + User + "'");
return(false);
}
if (_sessionUser.IsInRole("Admin"))
{
if (!_admin.Email.Equals(_sessionUser.Email) && _admin.Role.Name.Equals("Admin"))
{
AddMessage(Message.GLOBAL, new Message("You are not permitted to modify other users with the Admin role", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to edit admin " + _admin.Id + " '" + _admin.Email + "'");
return(false);
}
if (RoleId.HasValue && _admin.RoleId != RoleId)
{
_role = Role.Query.SingleOrDefault(r => r.Id == RoleId.Value);
if (_role == null)
{
AddMessage(nameof(RoleId), new Message("Attempted to assign non-existing role", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to assign non-existing role to admin " + _admin.Id + " '" + _admin.Email + "'");
return(false);
}
}
}
else
{
if (!_admin.Active)
{
AddMessage(Message.GLOBAL, new Message("Unable to save changes: user is no longer active", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to save changes to inactive admin " + _admin.Id + " '" + _admin.Email + "'");
return(false);
}
if (!_admin.Email.Equals(_sessionUser.Email))
{
AddMessage(Message.GLOBAL, new Message("You are not permitted to modify other users", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to modify admin " + _admin.Id + " '" + _admin.Email + "'");
return(false);
}
if (Active.HasValue)
{
AddMessage(Message.GLOBAL, new Message("You are not permitted to change activation of users", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to reactivate/deactivate admin " + _admin.Id + " '" + _admin.Email + "'");
return(false);
}
if (RoleId.HasValue)
{
AddMessage(Message.GLOBAL, new Message("You are not permitted to change the role of users", MessageTypes.Error));
NTGLogger.LogSecurityAction(HttpContext.Current.Request, _sessionUser, "Attempted to change role of admin " + _admin.Id + " '" + _admin.Email + "'");
return(false);
}
}
if (Admin.Query.Any(a => a.Email == Email && a.Id != _admin.Id))
{
AddMessage(nameof(Email), new Message("Email is already in use", MessageTypes.Warning));
valid = false;
}
if (!string.IsNullOrEmpty(Password) && !Password.Equals(VerifyPassword))
{
AddMessage(nameof(Password), new Message("Passwords do not match", MessageTypes.Warning));
valid = false;
}
return(valid);
}
