/// <summary> /// Checks if the user has permission to perform an operation and throws exception if not. /// </summary> /// <param name="authenticationService"></param> /// <param name="userName"></param> /// <param name="permission"></param> /// <param name="extraOptions"></param> private static void Authorize(IAuthenticationAddin authenticationService, string userName, Permission permission, ExtraOptions extraOptions) { if (!authenticationService.HasPermission(userName, permission.Name, null)) { throw new ServiceAuthorizationException("Not enough permissions."); } }
public bool ResetPassword(string authenticationCookie, string userName, string newPassword, string userData) { string authUserName; ServiceUtils.Authenticate(_addin, authenticationCookie, out authUserName, null); if (string.Compare(authUserName, userName, true) == 0 || _addin.HasPermission(authUserName, PermissionsTable.Instance.CanManageUsers.Name, userData)) { return(_addin.ResetPassword(userName, newPassword, userData)); } else { //this should throw authorization exception ServiceUtils.Authorize(_addin, authUserName, PermissionsTable.Instance.CanManageUsers, null); return(false); } }