/// <summary>
 /// Add a new organization.
 /// </summary>
 /// <param name="context"></param>
 /// <param name="cache"></param>
 protected override void InternalPOST(HttpContext context, HandlerTimedCache cache)
 {
     if (context.User.Identity.IsAuthenticated)
     {
         // We are currently logged in
         User user = UserHelper.GetUser(context.User.Identity.Name);
         if (user.IsSysAdmin())
         {
             string name = WebUtil.GetParam(context, "name", true);
             Organization.Add(name);
             context.Response.Write("ok");
             context.Response.StatusCode = (int)HttpStatusCode.Created;
             return;
         }
         else
         {
             context.Response.Write("not authorized");
             context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
             return;
         }
     }
     context.Response.Write("not authenticated");
     context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
     return;
 }
示例#2
0
        /// <summary>
        /// Creates a user. Assumes that all user data will be provided.
        /// Ie. If you pass in a null name, we will save null as the
        /// name.  The only exception is password (no need to be passing
        /// that around all of the time).
        /// </summary>
        protected override void InternalPOST(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            // Grab the params for this user
            string userName = WebUtil.GetParam(context, "username", true);
            string pass     = WebUtil.GetParam(context, "password", true);
            string email    = WebUtil.GetParam(context, "email", true);
            string name     = WebUtil.GetParam(context, "name", true);
            string roles    = WebUtil.GetParam(context, "roles", true);

            // If the password is coming through here (we haven't passed it out to
            // be able to pass it back in), we assume it's clear text and needs to be hashed.
            string hashPass = null;

            if (StringHelper.IsNonBlank(pass))
            {
                hashPass = Hasher.Encrypt(pass);
            }

            User userInDb = UserHelper.GetUser(userName);

            if (userInDb == null)
            {
                User newUser = UserHelper.CreateUser(userName, hashPass, email, name, roles);

                // Send an email to notify that a user has signed up and is requesting new permissions
                SendNewUserMail(newUser);
            }
            else
            {
                throw new AzaveaWebMessageException("This user name is unavailable.");
            }

            //If an exception is thrown, then the HTTP response code will
            //cause the AJAX call to error out.
        }
        /// <summary>
        /// Deletes a user for a given user name.
        /// </summary>
        protected override void InternalDELETE(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            User authUser = UserHelper.GetUser(context.User.Identity.Name);

            if (authUser.IsSysAdmin())
            {
                // Get the user name
                string userName = WebUtil.GetParam(context, "username", true);

                // Attempt to delete the user
                int numDeleted = UserHelper.DeleteUser(userName);

                if (numDeleted > 1)
                {
                    _log.Error("More than one user was deleted when attempted to delete user [" + userName + "].");
                }
                else if (numDeleted == 0)
                {
                    throw new AzaveaWebMessageException("Internal error. User was not deleted.");
                }
            }
            else
            {
                //User is logged in but is trying to info that does not belong to him.
                throw new AzaveaWebNotAuthorizedException("Insuffient privileges.");
            }
        }
示例#4
0
        protected override void InternalGET(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            IList <SecurityRole> roles = UserHelper.GetUserRoles(context.User.Identity.Name);
            //Get the paging parameters...
            int page     = WebUtil.ParseIntParam(context, "page");
            int pageSize = WebUtil.ParseIntParam(context, "pageSize");

            // Check to see if this is a csv export request.  Runs the normal query (with no paging).
            bool csv = false;

            WebUtil.ParseOptionalBoolParam(context, "csv", ref csv);

            // If this is csv, we want all data - override any paging
            if (csv)
            {
                page     = -1;
                pageSize = -1;
            }

            // Now get the ordering parameters, if specified.
            int sortCol = -1;

            WebUtil.ParseOptionalIntParam(context, "sortBy", ref sortCol);
            SortType?sortDir = null;

            if (sortCol >= 0)
            {
                // Default is ascending sort, passing false means descending.
                bool ascending = true;
                WebUtil.ParseOptionalBoolParam(context, "sortasc", ref ascending);
                sortDir = ascending ? SortType.Asc : SortType.Desc;
            }

            string            indicatorId = WebUtil.GetParam(context, "indicator", false);
            NycResolutionType resolution  = WebUtil.ParseEnumParam <NycResolutionType>(context, "resolution");
            NycTimeframeType  timetype    = WebUtil.ParseEnumParam <NycTimeframeType>(context, "timetype");
            int minyear = WebUtil.ParseIntParam(context, "minyear");
            int maxyear = WebUtil.ParseIntParam(context, "maxyear");

            // These two params are for "scope".  These should be "ActualId" not "UID".
            string borough    = WebUtil.GetParam(context, "borough", true);
            string subborough = WebUtil.GetParam(context, "subborough", true);

            NycResultsWithMetadata list = NychanisHelper.Query(indicatorId, resolution, timetype, minyear, maxyear, borough, subborough, sortCol, sortDir, pageSize, page);

            // If this was a csv request, format it and return it instead
            if (csv)
            {
                // Generate actual csv data, determine if this is groupby'd or not
                string export = NychanisHelper.ResultsAsCsv(list, indicatorId);

                // Setup the response to handle this type of request
                context.Response.AddHeader("Content-Disposition", "attachment;filename=Furman_Center_Neighborhood_Info.csv");
                context.Response.ContentType = "text/csv";
                context.Response.Write(export);
                return;
            }
            // Return the results to the client
            context.Response.Write(WebUtil.ObjectToJson(list));
        }
示例#5
0
        /// <summary>
        /// Attempt to log the user in
        /// </summary>
        protected override void InternalPOST(HttpContext context, HandlerTimedCache cache)
        {
            string username = WebUtil.GetParam(context, "username", false);
            string password = WebUtil.GetParam(context, "password", false);

            User user = UserHelper.GetUser(username);

            if (user == null)
            {
                context.Response.StatusCode = (int)HttpStatusCode.NotFound;
                context.Response.Write("Account was not found.");
                return;
            }

            string hashedPassword = Hasher.Encrypt(password);

            string dbPassword = user.Password;

            if (!StringHelper.SafeEquals(dbPassword, hashedPassword))
            {
                context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
                context.Response.Write("Login incorrect. Please try again.");
                return;
            }

            SetAuthCookie(context, username, user.Roles);

            context.Response.Write(WebUtil.ObjectToJson(new { Name = user.Name, Admin = user.IsSysAdmin(), Limited = user.IsLimited() }));
        }
        /// <summary>
        /// Add a new comment for a property.  Expects:
        /// id: string, property id
        /// level: CommentAccessLevel string
        /// text: comment text (optional, must have text or image)
        /// form file: image (optional)
        /// </summary>
        protected override void InternalPUT(HttpContext context, HandlerTimedCache cache)
        {
            var user = UserHelper.GetUser(context.User.Identity.Name);

            if (user == null || !user.CanAddComments())
            {
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                context.Response.Write("Must be logged in to leave a comment");
                return;
            }

            var id    = WebUtil.GetParam(context, "id", false);
            var level = WebUtil.ParseEnumParam <CommentAccessLevel>(context, "level");
            var text  = WebUtil.GetParam(context, "text", true);

            byte[] image = InputStreamToByteArray(context);

            if (text == null && image == null)
            {
                context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
                context.Response.Write("Must include either text or image comment (or both).");
                return;
            }

            context.Response.Write(JToken.FromObject(
                                       Comment.AddComment(id, user, level, text, image)
                                       ));
        }
        /// <summary>
        /// Attempt to determine if any user is currently logged in.  If so, return a user object.
        /// </summary>
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            if (context.User.Identity.IsAuthenticated)
            {
                // We are currently logged in
                User user = UserHelper.GetUser(context.User.Identity.Name);

                if (user.Active)
                {
                    context.Response.StatusCode = (int)HttpStatusCode.OK;
                    context.Response.Write(
                        WebUtil.ObjectToJson(
                            new
                    {
                        user.Name,
                        Admin     = user.IsSysAdmin(),
                        Limited   = user.IsLimited(),
                        Networked = user.IsNetworked(),
                        user.EmailConfirmed
                    }));
                    return;
                }
            }

            // Nobody was logged in
            context.Response.StatusCode = (int)HttpStatusCode.NoContent;
        }
        /// <summary>
        /// Get a list of Organizations
        /// </summary>
        /// <param name="context"></param>
        /// <param name="cache"></param>
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            if (context.User.Identity.IsAuthenticated)
            {
                // We are currently logged in
                User user = UserHelper.GetUser(context.User.Identity.Name);
                if (user.IsSysAdmin())
                {
                    IList <Organization> orgs = Organization.GetAllActive();

                    context.Response.StatusCode = (int)HttpStatusCode.OK;
                    string json = WebUtil.ObjectToJson(orgs);
                    context.Response.Write(json);
                }
                else
                {
                    context.Response.Write("not authorized");
                    context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                    return;
                }
            }
            else
            {
                context.Response.Write("not authenticated");
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                return;
            }
        }
 /// <summary>
 /// Delete an organization
 /// </summary>
 /// <param name="context"></param>
 /// <param name="cache"></param>
 protected override void InternalDELETE(HttpContext context, HandlerTimedCache cache)
 {
     if (context.User.Identity.IsAuthenticated)
     {
         // We are currently logged in
         User user = UserHelper.GetUser(context.User.Identity.Name);
         if (user.IsSysAdmin())
         {
             int id = Int32.Parse(WebUtil.GetParam(context, "id", true));
             Organization.Delete(id);
             context.Response.Write("\"{'result':'deleted'}\"");
             context.Response.StatusCode = (int)HttpStatusCode.OK;
             return;
         }
         else
         {
             context.Response.Write("not authorized");
             context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
             return;
         }
     }
     context.Response.Write("not authenticated");
     context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
     return;
 }
示例#10
0
        /// <summary>
        /// Logs a user out of the current authentication, the user will be anonymous.
        /// </summary>
        protected override void InternalPOST(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            // Log out from our authentication scheme
            FormsAuthentication.SignOut();

            // Let the client know that it's going to be ok
            context.Response.StatusCode = (int)HttpStatusCode.OK;
        }
        /// <summary>
        /// Delete a comment
        /// </summary>
        protected override void InternalDELETE(HttpContext context, HandlerTimedCache cache)
        {
            var    user      = UserHelper.GetUser(context.User.Identity.Name);
            var    commentId = WebUtil.ParseIntParam(context, "commentId");
            Action doDelete  = () => Comment.ById(commentId).Delete(user);

            ModifyComment(context, doDelete);
        }
 protected override string AdditionalCacheKey(HttpContext context, HandlerTimedCache cache)
 {
     // Override to make sure the user goes into the cache,
     return(context.User == null
     ? null
     : (context.User.Identity == null
         ? null
         : context.User.Identity.Name));
 }
        /// <summary>
        /// For a given property id, show returns all comments
        /// the logged in user is allowed to see.
        /// Expects:
        /// id: string, property id
        /// </summary>
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            var user = UserHelper.GetUser(context.User.Identity.Name);
            var id   = WebUtil.GetParam(context, "id", false);

            context.Response.Write(JToken.FromObject(
                                       new PropertyCommentInfo(id, user)
                                       ));
        }
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            IEnumerable <SecurityRole> roles = UserHelper.GetUserRoles(context.User.Identity.Name);
            IList <PdbCategory>        list  = PdbAttributesHelper.GetAttributesForClient(roles);

            context.Response.Write(WebUtil.ObjectToJson(new {
                TotalResults = list.Count,
                List         = list
            }));
        }
        /// <summary>
        /// Get user details for a single user when a user name is provided.
        /// Otherwise, return a list of users.
        /// </summary>
        protected override void InternalGET(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            string userName = WebUtil.GetParam(context, "username", true);
            User   authUser = UserHelper.GetUser(context.User.Identity.Name);
            string retVal;

            if (StringHelper.IsNonBlank(userName))
            {
                //Return the details for this user
                if (StringHelper.SafeEquals(userName, context.User.Identity.Name) || authUser.IsSysAdmin())
                {
                    retVal = WebUtil.ObjectToJson(UserHelper.MakeClientSafe(UserHelper.GetUser(userName), authUser));
                }
                else
                {
                    //User is logged in but is trying to info that does not belong to him.
                    throw new AzaveaWebNotAuthorizedException("Insuffient privileges.");
                }
            }
            else
            {
                if (authUser.IsSysAdmin())
                {
                    //Get the start and limit params and get the user list
                    int page      = WebUtil.ParseIntParam(context, "page");
                    int pageSize  = WebUtil.ParseIntParam(context, "pageSize");
                    int sortIndex = -1;

                    // Now get the ordering parameters, if specified.
                    WebUtil.ParseOptionalIntParam(context, "sortby", ref sortIndex);
                    SortOrder sort = null;
                    if (sortIndex >= 0)
                    {
                        // Default is ascending sort, passing false means descending.
                        bool ascending = true;
                        WebUtil.ParseOptionalBoolParam(context, "sortasc", ref ascending);

                        // Get the column name from the metadata for this column index, so we can sort on it
                        string sortColumnName = UserHelper.GetUserTableMetadata()[sortIndex].UID;
                        sort = new SortOrder(sortColumnName, ascending ? SortType.Asc : SortType.Desc);
                    }

                    // Get users with display metadata
                    ResultsWithMetadata <UserResultMetadata> results = UserHelper.FormatUsersWithMetadata(UserHelper.GetUsers(page, pageSize, sort), authUser);
                    retVal = WebUtil.ObjectToJson(results);
                }
                else
                {
                    //User is logged in but is trying to info that does not belong to him.
                    throw new AzaveaWebNotAuthorizedException("Insuffient privileges.");
                }
            }

            context.Response.Write(retVal);
        }
        /// <summary>
        /// Partial edits to a comment, if authorized
        /// </summary>
        /// <param name="context"></param>
        /// <param name="cache"></param>
        protected override void InternalPOST(HttpContext context, HandlerTimedCache cache)
        {
            var user        = UserHelper.GetUser(context.User.Identity.Name);
            var commentId   = WebUtil.ParseIntParam(context, "commentId");
            var accessLevel = WebUtil.ParseEnumParam <CommentAccessLevel>(context, "level");
            var text        = WebUtil.GetParam(context, "text", true);
            var removeImage = WebUtil.ParseBoolParam(context, "removeImage");
            var image       = InputStreamToByteArray(context);

            Action doEdit = () => Comment.ById(commentId).Update(user, text, image, removeImage, accessLevel);

            ModifyComment(context, doEdit);
        }
示例#17
0
        /// <summary>
        /// For a given comment id, return the image
        /// If there is no image associated, a 404
        /// Expects:
        /// id: string, comment id
        /// thumb: bool, optional render as thumbnail
        /// </summary>
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            var user  = UserHelper.GetUser(context.User.Identity.Name);
            var thumb = false;

            WebUtil.ParseOptionalBoolParam(context, "thumb", ref thumb);

            // Default to 100x100 if in thumbnail mode, but can override.
            var width = THUMB_WIDTH;

            WebUtil.ParseOptionalIntParam(context, "w", ref width);
            var height = THUMB_HEIGHT;

            WebUtil.ParseOptionalIntParam(context, "h", ref height);

            var id = WebUtil.ParseIntParam(context, "id");

            try
            {
                var comment = Comment.ById(id);
                if (!comment.HasPicture)
                {
                    throw new CommentNotFoundException();
                }

                if (comment.IsAuthorizedToView(user))
                {
                    var img    = comment.Image;
                    var format = GetImageFormat(img);
                    context.Response.ContentType = String.Format("image/{0}", format);

                    if (thumb)
                    {
                        var ms = new MemoryStream();
                        ms.Write(img, 0, img.Length);
                        var b         = new Bitmap(ms);
                        var thumbnail = b.GetThumbnailImage(width, height, () => false, IntPtr.Zero);
                        var outStream = new MemoryStream();
                        thumbnail.Save(outStream, format);
                        img = outStream.ToArray();
                    }
                    context.Response.BinaryWrite(img);
                    return;
                }
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
            }
            catch (CommentNotFoundException)
            {
                context.Response.StatusCode = (int)HttpStatusCode.NotFound;
            }
        }
示例#18
0
        protected override void InternalGET(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            var roles = UserHelper.GetUserRoles(context.User.Identity.Name);
            var id    = WebUtil.GetParam(context, "id", false);

            context.Response.Write(WebUtil.ObjectToJson(new
            {
                Reac         = ChildDisplayHelper.GetRows <Reac>(id, roles),
                Parcel       = ChildDisplayHelper.GetRows <Parcel>(id, roles),
                RealProperty = ChildDisplayHelper.GetRows <RealPropertyEvent>(id, roles),
                Subsidy      = ChildDisplayHelper.GetRows <Subsidy>(id, roles)
            }
                                                        ));
        }
示例#19
0
        /// <summary>
        /// Updates a user.
        /// </summary>
        protected override void InternalPUT(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            string userName = WebUtil.GetParam(context, "username", true);
            User   authUser = UserHelper.GetUser(context.User.Identity.Name);

            if (StringHelper.IsNonBlank(userName))
            {
                //Return the details for this user
                if (StringHelper.SafeEquals(userName, context.User.Identity.Name) || authUser.IsSysAdmin())
                {
                    // Grab the params for this user
                    string pass  = WebUtil.GetParam(context, "password", true);
                    string email = WebUtil.GetParam(context, "email", true);
                    string name  = WebUtil.GetParam(context, "name", true);

                    string roles;
                    if (authUser.IsSysAdmin())
                    {
                        roles = WebUtil.GetParam(context, "roles", true);
                    }
                    else
                    {
                        roles = authUser.Roles;
                    }

                    // If the password is coming through here (we haven't passed it out to
                    // be able to pass it back in), we assume it's clear text and needs to be hashed.
                    string hashPass = null;
                    if (StringHelper.IsNonBlank(pass))
                    {
                        hashPass = Hasher.Encrypt(pass);
                    }

                    User user = UserHelper.UpdateUser(userName, hashPass, email, name, roles);

                    if (user != null)
                    {
                        context.Response.StatusCode = (int)HttpStatusCode.OK;
                        context.Response.Write(WebUtil.ObjectToJson(new { Name = user.Name, Admin = user.IsSysAdmin() }));
                        return;
                    }
                }
                else
                {
                    //User is logged in but is trying to info that does not belong to him.
                    throw new AzaveaWebNotAuthorizedException("Insuffient privileges.");
                }
            }
        }
        /// <summary>
        /// Checks to see if a report exists for the given propertyId and auth user roles.
        /// </summary>
        protected override void InternalPOST(HttpContext context, HandlerTimedCache cache)
        {
            string dir;
            string file;

            // Get the path and file names
            GetPathParts(context, out dir, out file);

            if (File.Exists((dir + "\\" + file)))
            {
                context.Response.Write(WebUtil.ObjectToJson(new { Exists = true }));
                return;
            }
            context.Response.Write(WebUtil.ObjectToJson(new { Exists = false }));
        }
示例#21
0
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            string            indicatorId = WebUtil.GetParam(context, "indicator", false);
            NycResolutionType resolution  = WebUtil.ParseEnumParam <NycResolutionType>(context, "resolution");
            string            timeId      = WebUtil.GetParam(context, "time", false);

            // These two params are for "scope".  These should be "ActualId" not "UID".
            string borough    = WebUtil.GetParam(context, "borough", true);
            string subborough = WebUtil.GetParam(context, "subborough", true);

            string sld = NychanisHelper.GenerateSld(indicatorId, resolution, timeId, borough, subborough);

            context.Response.ContentType = "text/xml";
            context.Response.Write(sld);
        }
示例#22
0
 protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
 {
     if (context.User.Identity.IsAuthenticated)
     {
         // We are currently logged in
         User user = UserHelper.GetUser(context.User.Identity.Name);
         context.Response.StatusCode = (int)HttpStatusCode.OK;
         context.Response.Write(WebUtil.ObjectToJson(new { EmailConfirmed = user.EmailConfirmed.ToString() }));
     }
     else
     {
         context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
         return;
     }
 }
        /// <summary>
        /// Creates a user. Assumes that all user data will be provided.
        /// Ie. If you pass in a null name, we will save null as the
        /// name.  The only exception is password (no need to be passing
        /// that around all of the time).
        /// </summary>
        protected override void InternalPOST(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            const int minRequiredPassLength = 8;

            // Grab the params for this user
            string userName       = WebUtil.GetParam(context, "username", true);
            string pass           = WebUtil.GetParam(context, "password", true);
            string email          = WebUtil.GetParam(context, "email", true);
            string name           = WebUtil.GetParam(context, "name", true);
            var    affiliation    = WebUtil.GetParam(context, "affiliation", true);
            var    networkRequest = WebUtil.ParseBoolParam(context, "network");

            // If the password is coming through here (we haven't passed it out to
            // be able to pass it back in), we assume it's clear text and needs to be hashed.
            string hashPass = null;

            if (StringHelper.IsNonBlank(pass))
            {
                if (pass.Length < minRequiredPassLength)
                {
                    throw new AzaveaWebBadRequestException(
                              String.Format("Password must be {0} characters long", minRequiredPassLength));
                }
                hashPass = Hasher.Encrypt(pass);
            }

            User userInDb = UserHelper.GetUser(userName);

            if (userInDb == null)
            {
                // New registered users are automatically assigned the 'limited' role
                // in addition to 'public'
                const string roles   = "public,limited";
                User         newUser = UserHelper.CreateUser(userName, hashPass, email, name,
                                                             roles, affiliation, networkRequest);

                // Send an email to notify that a user has signed up and is requesting new permissions
                SendNewUserMailToAdmin(newUser);
                SendNewUserMailToUser(newUser);
            }
            else
            {
                throw new AzaveaWebMessageException("This user name is unavailable.");
            }

            //If an exception is thrown, then the HTTP response code will
            //cause the AJAX call to error out.
        }
        protected override void InternalGET(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            IList <SecurityRole> roles = UserHelper.GetUserRoles(context.User.Identity.Name);

            IList <IExpression> expressions = PropertiesHandler.ParseExpressions(context);

            PdbTwoTableHelper dataHelper = new PdbTwoTableHelper(Config.GetConfig("PDP.Data"), "Properties", PdbEntityType.Properties);

            // x and y are expected in web mercator.
            PdbResultLocations list = dataHelper.QueryForLocations(expressions, roles,
                                                                   WebUtil.ParseDoubleParam(context, "minx"), WebUtil.ParseDoubleParam(context, "maxx"),
                                                                   WebUtil.ParseDoubleParam(context, "miny"), WebUtil.ParseDoubleParam(context, "maxy"),
                                                                   WebUtil.ParseDoubleParam(context, "minBx"), WebUtil.ParseDoubleParam(context, "maxBx"),
                                                                   WebUtil.ParseDoubleParam(context, "minBy"), WebUtil.ParseDoubleParam(context, "maxBy"));

            context.Response.Write(WebUtil.ObjectToJson(list));
        }
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            var user = UserHelper.GetUser(context.User.Identity.Name);

            if (!user.IsSysAdmin())
            {
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                context.Response.Write(UnauthMessage);
                return;
            }

            var type            = WebUtil.GetParam(context, "type", false);
            var typeEnum        = (UploadTypes)Enum.Parse(typeof(UploadTypes), type);
            var uploadRevisions = PdbUploadRevision.GetUploadRevisions(typeEnum);
            var json            = WebUtil.ObjectToJson(uploadRevisions);

            context.Response.StatusCode = (int)HttpStatusCode.OK;
            context.Response.Write(json);
        }
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            var user = UserHelper.GetUser(context.User.Identity.Name);

            if (!user.IsSysAdmin())
            {
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                context.Response.Write("Not authorized, only Admins can export datasets.");
                return;
            }

            var type = WebUtil.ParseEnumParam <UploadTypes>(context, "type");

            context.Response.AddHeader("Content-type", "text/csv");
            context.Response.AddHeader("Content-Disposition", "attachment; filename=" +
                                       type + "_export.csv");
            var csv = LoadHelper.GetLoader(type).Export();

            context.Response.Write(csv);
        }
示例#27
0
        /// <summary>
        /// Saves a new, randomized password to the user record.  An email will
        /// be generated and sent out with the new password.  There is no authorization
        /// check because, by definition, you won't be logged in to perform this task.
        /// </summary>
        protected override void InternalPOST(HttpContext context, HandlerTimedCache cache)
        {
            // Get the user whose password needs to be reset
            string userName = WebUtil.GetParam(context, "username", false);

            // Make sure this user actually exists
            User user = UserHelper.GetUser(userName);

            if (user != null)
            {
                // Also make sure that there is an email on file, or else we cannot proceed
                if (StringHelper.IsNonBlank(user.Email))
                {
                    // Create random text for new password
                    string randPass = RandomString(11);

                    // Hash and save it
                    string hashPass = Hasher.Encrypt(randPass);
                    UserHelper.SavePassword(userName, hashPass);

                    // Send the email
                    SendPasswordResetMail(user, randPass);

                    // Give some success feedback to the client
                    context.Response.StatusCode = (int)HttpStatusCode.OK;
                    context.Response.Write("A temporary password has been emailed to you.");
                }
                else
                {
                    // Give some failure feedback to the client
                    context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
                    context.Response.Write("Unable to reset password.");
                }
            }
            else
            {
                // Give some failure feedback to the client
                context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
                context.Response.Write("Unable to reset password.");
            }
        }
        /// <summary>
        /// Looks for a detailed pdf report to download based on a property id and the
        /// authorized user roles
        /// </summary>
        protected override void InternalGET(HttpContext context, HandlerTimedCache cache)
        {
            string dir;
            string file;

            // Get the path and file names
            GetPathParts(context, out dir, out file);

            if (File.Exists((dir + "\\" + file)))
            {
                // Tell the client it is a pdf and an attachment, force a save as/open dialog
                context.Response.ContentType = "application/pdf";
                context.Response.AddHeader("Content-Disposition", "attachment; filename=" + file);
                context.Response.WriteFile(dir + "\\" + file);
            }
            else
            {
                _log.Error("Detailed Report path not found: [" + dir + "\\" + file + "]");
                throw new AzaveaWebMessageException("Could not load a detailed report for this property.");
            }
        }
        protected override void InternalPOST(HttpContext context, HandlerTimedCache cache)
        {
            var user = UserHelper.GetUser(context.User.Identity.Name);

            if (!user.IsSysAdmin())
            {
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                context.Response.Write(UnauthMessage);
                return;
            }

            var idToRestore = WebUtil.ParseIntParam(context, "id");

            PdbUploadRevision.RestoreRevision(idToRestore, user);

            context.Response.StatusCode = (int)HttpStatusCode.OK;
            context.Response.Write(JObject.FromObject(new
            {
                status = "OK"
            }
                                                      ));
        }
示例#30
0
        protected override void InternalGET(System.Web.HttpContext context, HandlerTimedCache cache)
        {
            var roles = UserHelper.GetUserRoles(context.User.Identity.Name);

            var dataHelper = new PdbTwoTableHelper(Config.GetConfig("PDP.Data"), "Properties");

            var ids = new List <string>();
            var id  = WebUtil.GetParam(context, "id", true);

            if (id != null)
            {
                ids.Add(id);
            }
            else
            {
                var idList = WebUtil.GetParam(context, "ids", false);
                ids.AddRange(idList.Split(','));
            }
            var list = dataHelper.Query(ids, roles);

            context.Response.Write(WebUtil.ObjectToJson(list));
        }