public ActionResult Edit(UserModel model, bool continueEditing, FormCollection form) {
if (!_permissionService.Authorize(StandardPermissionProvider.ManageUsers))
return AccessDeniedView();
var user = _userService.GetUserById(model.Id);
if (user == null || user.Deleted)
//No customer found with the specified id
return RedirectToAction("List");
//validate customer roles
var allUserRoles = _userService.GetAllUserRoles(true);
var newUserRoles = new List<UserRole>();
foreach (var userRole in allUserRoles)
if (model.SelectedUserRoleIds != null && model.SelectedUserRoleIds.Contains(userRole.Id))
newUserRoles.Add(userRole);
var userRolesError = ValidateUserRoles(newUserRoles);
if (!String.IsNullOrEmpty(userRolesError)) {
ModelState.AddModelError("", userRolesError);
ErrorNotification(userRolesError, false);
}
if (ModelState.IsValid) {
try {
user.AdminComment = model.AdminComment;
user.Active = model.Active;
//email
if (!String.IsNullOrWhiteSpace(model.Email)) {
_userRegistrationService.SetEmail(user, model.Email);
} else {
user.Email = model.Email;
}
//username
if (!String.IsNullOrWhiteSpace(model.Username)) {
_userRegistrationService.SetUsername(user, model.Username);
} else {
user.Username = model.Username;
}
//customer roles
foreach (var userRole in allUserRoles) {
//ensure that the current customer cannot add/remove to/from "Administrators" system role
//if he's not an admin himself
if (userRole.SystemName == SystemUserRoleNames.Administrators &&
!_workContext.CurrentUser.IsAdmin())
continue;
if (model.SelectedUserRoleIds != null &&
model.SelectedUserRoleIds.Contains(userRole.Id)) {
//new role
if (user.UserRoles.Count(cr => cr.Id == userRole.Id) == 0)
user.UserRoles.Add(userRole);
} else {
//remove role
if (user.UserRoles.Count(cr => cr.Id == userRole.Id) > 0)
user.UserRoles.Remove(userRole);
}
}
_userService.UpdateUser(user);
//password
if (!String.IsNullOrWhiteSpace(model.Password)) {
var changePassRequest = new ChangePasswordRequest(model.Username, false, PasswordFormat.Hashed, model.Password);
var changePassResult = _userRegistrationService.ChangePassword(changePassRequest);
if (!changePassResult.Success) {
foreach (var changePassError in changePassResult.Errors)
ErrorNotification(changePassError);
}
}
//activity log
//_customerActivityService.InsertActivity("EditCustomer", _localizationService.GetResource("ActivityLog.EditCustomer"), user.Id);
SuccessNotification(_localizationService.GetResource("Admin.Customers.Customers.Updated"));
if (continueEditing) {
return RedirectToAction("Edit", new { id = user.Id });
}
return RedirectToAction("List");
} catch (Exception exc) {
ErrorNotification(exc.Message, false);
}
}
//If we got this far, something failed, redisplay form
PrepareUserModel(model, user, true);
return View(model);
}
/// <summary>
/// Change password
/// </summary>
/// <param name="request">Request</param>
/// <returns>Result</returns>
public virtual ChangePasswordResult ChangePassword(ChangePasswordRequest request) {
if (request == null)
throw new ArgumentNullException("request");
var result = new ChangePasswordResult();
if (String.IsNullOrWhiteSpace(request.Username)) {
result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.EmailIsNotProvided"));
return result;
}
if (String.IsNullOrWhiteSpace(request.NewPassword)) {
result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.PasswordIsNotProvided"));
return result;
}
var user = _userService.GetUserByUsername(request.Username);
if (user == null) {
result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.UsernameNotFound"));
return result;
}
var requestIsValid = false;
if (request.ValidateRequest) {
//password
string oldPwd = "";
switch (user.PasswordFormat) {
case PasswordFormat.Encrypted:
oldPwd = _encryptionService.EncryptText(request.OldPassword);
break;
case PasswordFormat.Hashed:
oldPwd = _encryptionService.CreatePasswordHash(request.OldPassword, user.PasswordSalt);
break;
default:
oldPwd = request.OldPassword;
break;
}
bool oldPasswordIsValid = oldPwd == user.Password;
if (!oldPasswordIsValid)
result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.OldPasswordDoesntMatch"));
if (oldPasswordIsValid)
requestIsValid = true;
} else
requestIsValid = true;
//at this point request is valid
if (requestIsValid) {
switch (request.NewPasswordFormat) {
case PasswordFormat.Clear:
{
user.Password = request.NewPassword;
}
break;
case PasswordFormat.Encrypted:
{
user.Password = _encryptionService.EncryptText(request.NewPassword);
}
break;
case PasswordFormat.Hashed:
{
string saltKey = _encryptionService.CreateSaltKey(5);
user.PasswordSalt = saltKey;
user.Password = _encryptionService.CreatePasswordHash(request.NewPassword, saltKey);
}
break;
default:
break;
}
user.PasswordFormat = request.NewPasswordFormat;
_userService.UpdateUser(user);
var userContext = new UserContext { User = user, Cancel = false };
foreach (var userEventHandler in _userEventHandlers) {
userEventHandler.ChangePassword(userContext);
}
}
return result;
}
public ActionResult Create(UserModel model, bool continueEditing, FormCollection form) {
if (!_permissionService.Authorize(StandardPermissionProvider.ManageUsers))
return AccessDeniedView();
if (!String.IsNullOrWhiteSpace(model.Username)) {
var cust2 = _userService.GetUserByUsername(model.Username);
if (cust2 != null)
ModelState.AddModelError("", "Username is already registered");
}
//validate customer roles
var allUserRoles = _userService.GetAllUserRoles(true);
var newUserRoles = new List<UserRole>();
foreach (var customerRole in allUserRoles)
if (model.SelectedUserRoleIds != null && model.SelectedUserRoleIds.Contains(customerRole.Id))
newUserRoles.Add(customerRole);
var userRolesError = ValidateUserRoles(newUserRoles);
if (!String.IsNullOrEmpty(userRolesError)) {
ModelState.AddModelError("", userRolesError);
ErrorNotification(userRolesError, false);
}
if (ModelState.IsValid) {
var user = new User {
UserGuid = Guid.NewGuid(),
Email = model.Email,
Username = model.Username,
AdminComment = model.AdminComment,
Active = model.Active,
Deleted = model.Deleted,
DepartmentId = model.DepartmentId,
CreatedOnUtc = DateTime.UtcNow,
LastActivityDateUtc = DateTime.UtcNow,
};
_userService.InsertUser(user);
//password
if (!String.IsNullOrWhiteSpace(model.Password)) {
var changePassRequest = new ChangePasswordRequest(model.Username, false, PasswordFormat.Hashed, model.Password);
var changePassResult = _userRegistrationService.ChangePassword(changePassRequest);
if (!changePassResult.Success) {
foreach (var changePassError in changePassResult.Errors)
ErrorNotification(changePassError);
}
}
//customer roles
foreach (var userRole in newUserRoles) {
//ensure that the current customer cannot add to "Administrators" system role if he's not an admin himself
if (userRole.SystemName == SystemUserRoleNames.Administrators &&
!_workContext.CurrentUser.IsAdmin())
continue;
user.UserRoles.Add(userRole);
}
_userService.UpdateUser(user);
//activity log
// _customerActivityService.InsertActivity("AddNewCustomer", _localizationService.GetResource("ActivityLog.AddNewCustomer"), user.Id);
SuccessNotification(_localizationService.GetResource("Admin.Customers.Customers.Added"));
return continueEditing ? RedirectToAction("Edit", new { id = user.Id }) : RedirectToAction("List");
}
//If we got this far, something failed, redisplay form
PrepareUserModel(model, null, true);
return View(model);
}
