private void AddInternal(ApiUser user, UserUpdateMode mode, bool disableProtectedAccountChecks=false)
{
user.Username = ScrubUsername(user.Username);
if (string.IsNullOrWhiteSpace(user.Key))
{
user.Key = Guid.NewGuid().ToString();
}
using (var session = OpenSession())
{
var userExists = session.Query().Any(u => u.Username == user.Username);
if (mode == UserUpdateMode.NoClobber && userExists)
{
throw new UserOverwriteException();
}
if (userExists && !disableProtectedAccountChecks && IsProtectedAccount(user.Username))
{
throw new UserPermissionException(user.Username + " account cannot be overwritten.");
}
session.Add(user);
}
}
public void Update(string username, string newUsername, string key, string[] roles, UserUpdateMode mode)
{
username = ScrubUsername(username);
newUsername = ScrubUsername(newUsername);
using (var session = OpenSession())
{
var user = session.Query().SingleOrDefault(u => u.Username == username);
if (user == null)
{
throw new UserNotFoundException();
}
var isRenamingToDifferentName = !string.IsNullOrWhiteSpace(newUsername) && !newUsername.Equals(username, StringComparison.InvariantCultureIgnoreCase);
if (isRenamingToDifferentName && mode == UserUpdateMode.NoClobber && session.Query().Any(u => u.Username == newUsername))
{
throw new UserOverwriteException();
}
if (isRenamingToDifferentName && IsProtectedAccount(newUsername))
{
throw new UserPermissionException(newUsername + " cannot be overwritten.");
}
if (isRenamingToDifferentName && IsProtectedAccount(user.Username))
{
throw new UserPermissionException(user.Username + " cannot be renamed.");
}
if (roles != null && !roles.SequenceEqual(user.Roles))
{
if (IsProtectedAccount(user.Username))
{
throw new UserPermissionException("Cannot modify roles of protected account " + user.Username + ".");
}
user.Roles = roles;
}
if (key != null && !key.Equals(user.Key))
{
if (IsApiKeyUnmodifiable(user.Username))
{
throw new UserPermissionException("API Key for account " + user.Username + " cannot be modified.");
}
user.Key = key;
}
if (!string.IsNullOrWhiteSpace(newUsername))
{
user.Username = newUsername;
}
}
}
public void Add(ApiUser user, UserUpdateMode mode)
{
AddInternal(user, mode);
}
public void Update(string username, string newUsername, string key, string[] roles, UserUpdateMode mode)
{
username = ScrubUsername(username);
newUsername = ScrubUsername(newUsername);
using (var session = OpenSession())
{
var user = session.Query().SingleOrDefault(u => u.Username == username);
if (user == null)
{
throw new UserNotFoundException();
}
var isRenamingToDifferentName = !string.IsNullOrWhiteSpace(newUsername) && !newUsername.Equals(username, StringComparison.InvariantCultureIgnoreCase);
if (isRenamingToDifferentName && mode == UserUpdateMode.NoClobber && session.Query().Any(u => u.Username == newUsername))
{
throw new UserOverwriteException();
}
if (isRenamingToDifferentName && IsProtectedAccount(newUsername))
{
throw new UserPermissionException(newUsername + " cannot be overwritten.");
}
if (isRenamingToDifferentName && IsProtectedAccount(user.Username))
{
throw new UserPermissionException(user.Username + " cannot be renamed.");
}
if (roles != null && !roles.SequenceEqual(user.Roles))
{
if (IsProtectedAccount(user.Username))
{
throw new UserPermissionException("Cannot modify roles of protected account " + user.Username + ".");
}
user.Roles = roles;
}
if (key != null && !key.Equals(user.Key))
{
if (IsApiKeyUnmodifiable(user.Username))
{
throw new UserPermissionException("API Key for account " + user.Username + " cannot be modified.");
}
user.Key = key;
}
if (!string.IsNullOrWhiteSpace(newUsername))
{
user.Username = newUsername;
}
}
}
