/// <summary> /// Validates the current user /// </summary> /// <param name="httpContext"></param> /// <param name="throwExceptions">set to true if you want exceptions to be thrown if failed</param> /// <returns></returns> internal ValidateRequestAttempt ValidateCurrentUser(HttpContextBase httpContext, bool throwExceptions = false) { if (UmbracoUserContextId != "") { var uid = GetUserId(UmbracoUserContextId); var timeout = GetTimeout(UmbracoUserContextId); if (timeout > DateTime.Now.Ticks) { var user = User.GetUser(uid); // Check for console access if (user.Disabled || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(httpContext) && GlobalSettings.RequestIsLiveEditRedirector(httpContext) == false)) { if (throwExceptions) { throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); } return(ValidateRequestAttempt.FailedNoPrivileges); } UpdateLogin(timeout); return(ValidateRequestAttempt.Success); } if (throwExceptions) { throw new ArgumentException("User has timed out!!"); } return(ValidateRequestAttempt.FailedTimedOut); } if (throwExceptions) { throw new InvalidOperationException("The user has no umbraco contextid - try logging in"); } return(ValidateRequestAttempt.FailedNoContextId); }
/// <summary> /// Validates the current user assigned to the request and ensures the stored user data is valid /// </summary> /// <param name="throwExceptions">set to true if you want exceptions to be thrown if failed</param> /// <returns></returns> internal ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions) { //This will first check if the current user is already authenticated - which should be the case in nearly all circumstances // since the authentication happens in the Module, that authentication also checks the ticket expiry. We don't // need to check it a second time because that requires another decryption phase and nothing can tamper with it during the request. if (IsAuthenticated() == false) { //There is no user if (throwExceptions) { throw new InvalidOperationException("The user has no umbraco contextid - try logging in"); } return(ValidateRequestAttempt.FailedNoContextId); } var user = CurrentUser; // Check for console access if (user == null || user.IsApproved == false || (user.IsLockedOut && GlobalSettings.RequestIsInUmbracoApplication(_httpContext))) { if (throwExceptions) { throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); } return(ValidateRequestAttempt.FailedNoPrivileges); } return(ValidateRequestAttempt.Success); }