private void AddInternal(ApiUser user, UserUpdateMode mode, bool disableProtectedAccountChecks=false) { user.Username = ScrubUsername(user.Username); if (string.IsNullOrWhiteSpace(user.Key)) { user.Key = Guid.NewGuid().ToString(); } using (var session = OpenSession()) { var userExists = session.Query().Any(u => u.Username == user.Username); if (mode == UserUpdateMode.NoClobber && userExists) { throw new UserOverwriteException(); } if (userExists && !disableProtectedAccountChecks && IsProtectedAccount(user.Username)) { throw new UserPermissionException(user.Username + " account cannot be overwritten."); } session.Add(user); } }
public void Update(string username, string newUsername, string key, string[] roles, UserUpdateMode mode) { username = ScrubUsername(username); newUsername = ScrubUsername(newUsername); using (var session = OpenSession()) { var user = session.Query().SingleOrDefault(u => u.Username == username); if (user == null) { throw new UserNotFoundException(); } var isRenamingToDifferentName = !string.IsNullOrWhiteSpace(newUsername) && !newUsername.Equals(username, StringComparison.InvariantCultureIgnoreCase); if (isRenamingToDifferentName && mode == UserUpdateMode.NoClobber && session.Query().Any(u => u.Username == newUsername)) { throw new UserOverwriteException(); } if (isRenamingToDifferentName && IsProtectedAccount(newUsername)) { throw new UserPermissionException(newUsername + " cannot be overwritten."); } if (isRenamingToDifferentName && IsProtectedAccount(user.Username)) { throw new UserPermissionException(user.Username + " cannot be renamed."); } if (roles != null && !roles.SequenceEqual(user.Roles)) { if (IsProtectedAccount(user.Username)) { throw new UserPermissionException("Cannot modify roles of protected account " + user.Username + "."); } user.Roles = roles; } if (key != null && !key.Equals(user.Key)) { if (IsApiKeyUnmodifiable(user.Username)) { throw new UserPermissionException("API Key for account " + user.Username + " cannot be modified."); } user.Key = key; } if (!string.IsNullOrWhiteSpace(newUsername)) { user.Username = newUsername; } } }
public void Add(ApiUser user, UserUpdateMode mode) { AddInternal(user, mode); }
public void Update(string username, string newUsername, string key, string[] roles, UserUpdateMode mode) { username = ScrubUsername(username); newUsername = ScrubUsername(newUsername); using (var session = OpenSession()) { var user = session.Query().SingleOrDefault(u => u.Username == username); if (user == null) { throw new UserNotFoundException(); } var isRenamingToDifferentName = !string.IsNullOrWhiteSpace(newUsername) && !newUsername.Equals(username, StringComparison.InvariantCultureIgnoreCase); if (isRenamingToDifferentName && mode == UserUpdateMode.NoClobber && session.Query().Any(u => u.Username == newUsername)) { throw new UserOverwriteException(); } if (isRenamingToDifferentName && IsProtectedAccount(newUsername)) { throw new UserPermissionException(newUsername + " cannot be overwritten."); } if (isRenamingToDifferentName && IsProtectedAccount(user.Username)) { throw new UserPermissionException(user.Username + " cannot be renamed."); } if (roles != null && !roles.SequenceEqual(user.Roles)) { if (IsProtectedAccount(user.Username)) { throw new UserPermissionException("Cannot modify roles of protected account " + user.Username + "."); } user.Roles = roles; } if (key != null && !key.Equals(user.Key)) { if (IsApiKeyUnmodifiable(user.Username)) { throw new UserPermissionException("API Key for account " + user.Username + " cannot be modified."); } user.Key = key; } if (!string.IsNullOrWhiteSpace(newUsername)) { user.Username = newUsername; } } }