Пример #1
0
        public void ChangePasswordMd5(string ticket, int accountid, string oldpasswordhash, string newpassword)
        {
            int userid = GetAccountId(ticket);
            using (SnCore.Data.Hibernate.Session.OpenConnection())
            {
                ISession session = SnCore.Data.Hibernate.Session.Current;

                if (userid != accountid)
                {
                    ManagedAccount requester = new ManagedAccount(session, userid);
                    if (!requester.IsAdministrator())
                    {
                        throw new ManagedAccount.AccessDeniedException();
                    }

                    ManagedAccount account = new ManagedAccount(session, accountid);
                    account.ResetPassword(newpassword, true);
                }
                else
                {
                    ManagedAccount account = new ManagedAccount(session, accountid);
                    account.ChangePasswordMd5(oldpasswordhash, newpassword);
                }

                SnCore.Data.Hibernate.Session.Flush();
            }
        }
Пример #2
0
        public string Impersonate(string ticket, int id)
        {
            int userid = GetAccountId(ticket);

            using (SnCore.Data.Hibernate.Session.OpenConnection())
            {
                ISession session = SnCore.Data.Hibernate.Session.Current;

                // check permissions: userid must have admin rights to the Accounts table
                ManagedAccount user = new ManagedAccount(session, userid);
                if (!user.IsAdministrator())
                {
                    throw new ManagedAccount.AccessDeniedException();
                }

                ManagedAccount acct = new ManagedAccount(session, id);
                string return_ticket = ManagedAccount.GetTicketFromAccountId(acct.Id);
                SnCore.Data.Hibernate.Session.Flush();
                return return_ticket;
            }
        }
Пример #3
0
        public void DeleteAccountWithOptions(string ticket, int id, TransitAccountDeleteOptions options)
        {
            using (SnCore.Data.Hibernate.Session.OpenConnection())
            {
                ISession session = SnCore.Data.Hibernate.Session.Current;
                ManagedSecurityContext sec = new ManagedSecurityContext(session, ticket);
                ManagedAccount user = new ManagedAccount(session, id);

                if (user.IsAdministrator())
                {
                    throw new Exception(
                        "You cannot delete an administrative account.");
                }

                if (sec.Account.Id != user.Id)
                {
                    if (!sec.IsAdministrator())
                    {
                        // only admin can delete other people's account
                        throw new ManagedAccount.AccessDeniedException();
                    }
                }

                if (options != null && options.DeleteContent)
                {
                    if (!sec.IsAdministrator())
                    {
                        // only admin can delete other people's content
                        throw new ManagedAccount.AccessDeniedException();
                    }

                    user.DeleteContent(sec);
                }
            }

            WebServiceImpl<TransitAccount, ManagedAccount, Account>.Delete(
                ticket, id);
        }
Пример #4
0
        public void DemoteAdministrator(string ticket, int id)
        {
            int userid = GetAccountId(ticket);

            using (SnCore.Data.Hibernate.Session.OpenConnection())
            {
                ISession session = SnCore.Data.Hibernate.Session.Current;

                // check permissions: userid must have admin rights to the Accounts table
                ManagedAccount user = new ManagedAccount(session, userid);
                if (!user.IsAdministrator())
                {
                    throw new ManagedAccount.AccessDeniedException();
                }

                if (user.Id == id)
                {
                    throw new Exception("You cannot demote self.");
                }

                ManagedAccount acct = new ManagedAccount(session, id);
                if (!acct.IsAdministrator())
                {
                    throw new Exception("User is not an administrator.");
                }

                acct.DemoteAdministrator();

                SnCore.Data.Hibernate.Session.Flush();
            }
        }
Пример #5
0
        public bool IsPasswordValidMd5(string ticket, int accountid, string password)
        {
            int userid = GetAccountId(ticket);
            using (SnCore.Data.Hibernate.Session.OpenConnection())
            {
                ISession session = SnCore.Data.Hibernate.Session.Current;

                if (userid != accountid)
                {
                    ManagedAccount requester = new ManagedAccount(session, userid);
                    if (!requester.IsAdministrator())
                    {
                        throw new ManagedAccount.AccessDeniedException();
                    }
                }

                ManagedAccount account = new ManagedAccount(session, accountid);
                return account.IsPasswordValidMd5(password);
            }
        }