/BlogEngine/BlogEngine.NET/admin/Users/Profile.aspx.cs
C# | 142 lines | 94 code | 24 blank | 24 comment | 13 complexity | bdecdf7b159d77635dd03f640f40b7f4 MD5 | raw file
1namespace Admin.Users 2{ 3 using System; 4 using System.Linq; 5 using System.Web.Services; 6 using System.Web.Security; 7 using BlogEngine.Core; 8 9 /// <summary> 10 /// The admin pages profile. 11 /// </summary> 12 public partial class ProfilePage : System.Web.UI.Page 13 { 14 #region Constants and Fields 15 16 /// <summary> 17 /// The id string. 18 /// </summary> 19 private string theId = string.Empty; 20 21 #endregion 22 23 #region Properties 24 25 /// <summary> 26 /// Gets RolesList. 27 /// </summary> 28 protected string RolesList 29 { 30 get 31 { 32 var ret = string.Empty; 33 const string Ptrn = "<input type=\"checkbox\" id=\"{0}\" class=\"chkRole\" {1} /><span class=\"lbl\">{0}</span>"; 34 var allRoles = System.Web.Security.Roles.GetAllRoles().Where(r => !r.Equals(BlogConfig.AnonymousRole, StringComparison.OrdinalIgnoreCase)); 35 return allRoles.Aggregate(ret, (current, r) => current + (System.Web.Security.Roles.IsUserInRole(theId, r) ? string.Format(Ptrn, r, "checked") : string.Format(Ptrn, r, string.Empty))); 36 } 37 } 38 39 #endregion 40 41 #region Public Methods 42 43 /// <summary> 44 /// The get profile. 45 /// </summary> 46 /// <param name="id"> 47 /// The profile id. 48 /// </param> 49 /// <returns> 50 /// An AuthorProfile. 51 /// </returns> 52 [WebMethod] 53 public static AuthorProfile GetProfile(string id) 54 { 55 if (!Utils.StringIsNullOrWhitespace(id)) 56 { 57 bool canEditRoles; 58 if (!CanUserEditProfile(id, out canEditRoles)) 59 return null; 60 61 return AuthorProfile.GetProfile(id) ?? new AuthorProfile() 62 { 63 DisplayName = string.Empty, 64 FirstName = string.Empty, 65 MiddleName = string.Empty, 66 LastName = string.Empty, 67 Birthday = new DateTime(1001, 1, 1), 68 PhotoUrl = string.Empty, 69 EmailAddress = string.Empty, 70 PhoneMobile = string.Empty, 71 PhoneMain = string.Empty, 72 PhoneFax = string.Empty, 73 CityTown = string.Empty, 74 RegionState = string.Empty, 75 Country = string.Empty, 76 AboutMe = string.Empty 77 }; 78 } 79 80 return null; 81 } 82 83 #endregion 84 85 #region Methods 86 87 private static bool CanUserEditProfile(string id, out bool canEditRoles) 88 { 89 canEditRoles = false; 90 91 if (Utils.StringIsNullOrWhitespace(id)) 92 return false; 93 94 MembershipUser user = Membership.GetUser(id); 95 if (user == null) 96 return false; 97 98 bool membershipUserIsSelf = user.UserName.Equals(Security.CurrentUser.Identity.Name, StringComparison.OrdinalIgnoreCase); 99 100 if (membershipUserIsSelf && Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOwnRoles)) 101 canEditRoles = true; 102 else if (!membershipUserIsSelf && Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOtherUsersRoles)) 103 canEditRoles = true; 104 105 if (membershipUserIsSelf) 106 return Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOwnUser); 107 else 108 return Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOtherUsers); 109 } 110 111 /// <summary> 112 /// Raises the <see cref="E:System.Web.UI.Control.Init"/> event to initialize the page. 113 /// </summary> 114 /// <param name="e">An <see cref="T:System.EventArgs"/> that contains the event data.</param> 115 protected override void OnInit(EventArgs e) 116 { 117 // Rights.AccessAdminPages isn't needed here. If self-registration is turned 118 // on, we will allow a user who cannot AccessAdminPages to edit their profile. 119 if (!Security.IsAuthenticated) 120 { 121 Security.RedirectForUnauthorizedRequest(); 122 return; 123 } 124 125 bool canEditRoles = false; 126 if (!CanUserEditProfile(Request.QueryString["id"], out canEditRoles)) 127 { 128 Response.Redirect("Users.aspx"); 129 return; 130 } 131 132 this.theId = Request.QueryString["id"]; 133 134 phRoles.Visible = canEditRoles; 135 phRightContentBox.Visible = Security.IsAuthorizedTo(BlogEngine.Core.Rights.AccessAdminPages); 136 137 base.OnInit(e); 138 } 139 140 #endregion 141 } 142}