public IHttpActionResult DeleteUser([FromUri] string username) { if (!IsAuthenticated) { return(Unauthorized()); } using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false)) { if (!Context.User.IsAdministrator) { return(Unauthorized()); } var response = new Models.UserManagement.UserProfile(); string name = Sitecore.Context.Site.Domain.GetFullName(username); if (!Sitecore.Security.Accounts.User.Exists(name)) { response.Message = "the user doesn't exist"; response.Success = false; } else { User user = Sitecore.Security.Accounts.User.FromName(Context.Site.Domain.GetFullName(username), false); MembershipUser membershipUser = Membership.GetUser(user.Name); if (user == null || membershipUser == null) { response.Message = "the user doesn't exist"; response.Success = false; } else if (user.IsAdministrator && user.Name.Equals(ApiUser)) { response.Message = "you cannot delete your own account"; response.Success = false; } else { try { Log.Audit(this, "[BOT] Delete user: {0}", new string[] { user.Name }); Membership.DeleteUser(user.Name); response.Success = true; } catch (Exception ex) { response.Success = false; response.Message = ex.Message; } } } return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this)); } }
public IHttpActionResult CreateUser([FromBody] CreateUserRequest create) { if (!IsAuthenticated) { return(Unauthorized()); } using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false)) { if (!Context.User.IsAdministrator) { return(Unauthorized()); } var response = new Models.UserManagement.UserProfile(); if (Sitecore.Security.Accounts.User.Exists(Context.Site.Domain.GetFullName(create.UserName))) { response.Message = "the user already exists"; response.Success = false; } else { try { string password = "******"; User user = Sitecore.Security.Accounts.User.Create(Context.Site.Domain.GetFullName(create.UserName), password); user.Profile.FullName = create.FullName; user.Profile.Email = create.EmailAddress; user.Profile.IsAdministrator = create.AdministratorRoleForUser; user.Profile.Comment = "Created from bot"; user.Profile.Save(); Log.Audit(this, "[BOT] Created user: {0}", new string[] { user.Name }); if (create.EmailSendWithPasswordToTheUser) { //TODO Send email } response.Success = true; } catch (Exception ex) { response.Success = false; response.Message = ex.Message; } } return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this)); } }
public IHttpActionResult GetProfile([FromUri] string username = null) { if (!IsAuthenticated) { return(Unauthorized()); } using (new UserSwitcher(Context.Site.Domain.GetFullName(this.ApiUser), false)) { if (!Context.User.IsAdministrator) { return(Unauthorized()); } var response = new Models.UserManagement.UserProfile(); string name = Context.Site.Domain.GetFullName(username ?? this.ApiUser); if (Sitecore.Security.Accounts.User.Exists(name)) { User user = Sitecore.Security.Accounts.User.FromName(name, false); if (user != null) { MembershipUser membershipUser = Membership.GetUser(user.Name); response.FullName = user.Profile.FullName; response.EmailAddress = membershipUser != null ? membershipUser.Email : null; response.IsAdministrator = user.IsAdministrator; response.Roles = Roles.GetRolesForUser(user.Name).ToList(); if (user.IsAdministrator || Roles.IsUserInRole(RoleNames.BotAnalytics)) { response.ApplicationInsights.ApplicationId = Sitecore.Configuration.Settings.GetSetting("sitecore.bot.ai.appId"); response.ApplicationInsights.ApiKey = Sitecore.Configuration.Settings.GetSetting("sitecore.bot.ai.apiKey"); } response.Success = true; } ; } else { response.Message = "the user doesn't exist"; response.Success = false; } return(new JsonResult <Models.UserManagement.UserProfile>(response, new JsonSerializerSettings(), Encoding.UTF8, this)); } }