PageRenderTime 15ms CodeModel.GetById 1ms app.highlight 9ms RepoModel.GetById 1ms app.codeStats 0ms

/BlogEngine/BlogEngine.NET/admin/Users/Profile.aspx.cs

#
C# | 142 lines | 94 code | 24 blank | 24 comment | 13 complexity | bdecdf7b159d77635dd03f640f40b7f4 MD5 | raw file
  1namespace Admin.Users
  2{
  3    using System;
  4    using System.Linq;
  5    using System.Web.Services;
  6    using System.Web.Security;
  7    using BlogEngine.Core;
  8
  9    /// <summary>
 10    /// The admin pages profile.
 11    /// </summary>
 12    public partial class ProfilePage : System.Web.UI.Page
 13    {
 14        #region Constants and Fields
 15
 16        /// <summary>
 17        /// The id string.
 18        /// </summary>
 19        private string theId = string.Empty;
 20
 21        #endregion
 22
 23        #region Properties
 24
 25        /// <summary>
 26        /// Gets RolesList.
 27        /// </summary>
 28        protected string RolesList
 29        {
 30            get
 31            {
 32                var ret = string.Empty;
 33                const string Ptrn = "<input type=\"checkbox\" id=\"{0}\" class=\"chkRole\" {1} /><span class=\"lbl\">{0}</span>";
 34                var allRoles = System.Web.Security.Roles.GetAllRoles().Where(r => !r.Equals(BlogConfig.AnonymousRole, StringComparison.OrdinalIgnoreCase));
 35                return allRoles.Aggregate(ret, (current, r) => current + (System.Web.Security.Roles.IsUserInRole(theId, r) ? string.Format(Ptrn, r, "checked") : string.Format(Ptrn, r, string.Empty)));
 36            }
 37        }
 38
 39        #endregion
 40
 41        #region Public Methods
 42
 43        /// <summary>
 44        /// The get profile.
 45        /// </summary>
 46        /// <param name="id">
 47        /// The profile id.
 48        /// </param>
 49        /// <returns>
 50        /// An AuthorProfile.
 51        /// </returns>
 52        [WebMethod]
 53        public static AuthorProfile GetProfile(string id)
 54        {
 55            if (!Utils.StringIsNullOrWhitespace(id))
 56            { 
 57                bool canEditRoles;
 58                if (!CanUserEditProfile(id, out canEditRoles))
 59                    return null;
 60
 61                return AuthorProfile.GetProfile(id) ?? new AuthorProfile()
 62                {
 63                    DisplayName = string.Empty,
 64                    FirstName = string.Empty,
 65                    MiddleName = string.Empty,
 66                    LastName = string.Empty,
 67                    Birthday = new DateTime(1001, 1, 1),
 68                    PhotoUrl = string.Empty,
 69                    EmailAddress = string.Empty,
 70                    PhoneMobile = string.Empty,
 71                    PhoneMain = string.Empty,
 72                    PhoneFax = string.Empty,
 73                    CityTown = string.Empty,
 74                    RegionState = string.Empty,
 75                    Country = string.Empty,
 76                    AboutMe = string.Empty
 77                };
 78            }
 79
 80            return null;
 81        }
 82
 83        #endregion
 84
 85        #region Methods
 86
 87        private static bool CanUserEditProfile(string id, out bool canEditRoles)
 88        {
 89            canEditRoles = false;
 90
 91            if (Utils.StringIsNullOrWhitespace(id))
 92                return false;
 93
 94            MembershipUser user = Membership.GetUser(id);
 95            if (user == null)
 96                return false;
 97
 98            bool membershipUserIsSelf = user.UserName.Equals(Security.CurrentUser.Identity.Name, StringComparison.OrdinalIgnoreCase);
 99
100            if (membershipUserIsSelf && Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOwnRoles))
101                canEditRoles = true;
102            else if (!membershipUserIsSelf && Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOtherUsersRoles))
103                canEditRoles = true;
104
105            if (membershipUserIsSelf)
106                return Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOwnUser);
107            else
108                return Security.IsAuthorizedTo(BlogEngine.Core.Rights.EditOtherUsers);
109        }
110
111        /// <summary>
112        /// Raises the <see cref="E:System.Web.UI.Control.Init"/> event to initialize the page.
113        /// </summary>
114        /// <param name="e">An <see cref="T:System.EventArgs"/> that contains the event data.</param>
115        protected override void OnInit(EventArgs e)
116        {
117            // Rights.AccessAdminPages isn't needed here.  If self-registration is turned
118            // on, we will allow a user who cannot AccessAdminPages to edit their profile.
119            if (!Security.IsAuthenticated)
120            {
121                Security.RedirectForUnauthorizedRequest();
122                return;
123            }
124
125            bool canEditRoles = false;
126            if (!CanUserEditProfile(Request.QueryString["id"], out canEditRoles))
127            {
128                Response.Redirect("Users.aspx");
129                return;
130            }
131
132            this.theId = Request.QueryString["id"];
133
134            phRoles.Visible = canEditRoles;
135            phRightContentBox.Visible = Security.IsAuthorizedTo(BlogEngine.Core.Rights.AccessAdminPages);
136
137            base.OnInit(e);
138        }
139
140        #endregion
141    }
142}