mirror of
https://github.com/OrchardCMS/Orchard.git
synced 2025-10-21 03:14:10 +08:00
Users: invalid id now returns HttpNotFound for all AdminController actions + formatting fixes
This commit is contained in:
@@ -74,7 +74,7 @@ namespace Orchard.Users.Controllers {
|
||||
break;
|
||||
}
|
||||
|
||||
if(!String.IsNullOrWhiteSpace(options.Search)) {
|
||||
if(!string.IsNullOrWhiteSpace(options.Search)) {
|
||||
users = users.Where(u => u.UserName.Contains(options.Search) || u.Email.Contains(options.Search));
|
||||
}
|
||||
|
||||
@@ -219,6 +219,10 @@ namespace Orchard.Users.Controllers {
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var user = Services.ContentManager.Get<UserPart>(id);
|
||||
|
||||
if (user == null)
|
||||
return HttpNotFound();
|
||||
|
||||
var editor = Shape.EditorTemplate(TemplateName: "Parts/User.Edit", Model: new UserEditViewModel {User = user}, Prefix: null);
|
||||
editor.Metadata.Position = "2";
|
||||
var model = Services.ContentManager.BuildEditor(user);
|
||||
@@ -233,11 +237,15 @@ namespace Orchard.Users.Controllers {
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var user = Services.ContentManager.Get<UserPart>(id, VersionOptions.DraftRequired);
|
||||
|
||||
if (user == null)
|
||||
return HttpNotFound();
|
||||
|
||||
string previousName = user.UserName;
|
||||
|
||||
var model = Services.ContentManager.UpdateEditor(user, this);
|
||||
|
||||
var editModel = new UserEditViewModel {User = user};
|
||||
var editModel = new UserEditViewModel { User = user };
|
||||
if (TryUpdateModel(editModel)) {
|
||||
if (!_userService.VerifyUserUnicity(id, editModel.UserName, editModel.Email)) {
|
||||
AddModelError("NotUniqueUserName", T("User with that username and/or email already exists."));
|
||||
@@ -248,7 +256,7 @@ namespace Orchard.Users.Controllers {
|
||||
}
|
||||
else {
|
||||
// also update the Super user if this is the renamed account
|
||||
if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.Ordinal)) {
|
||||
if (string.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.Ordinal)) {
|
||||
_siteService.GetSiteSettings().As<SiteSettingsPart>().SuperUser = editModel.UserName;
|
||||
}
|
||||
|
||||
@@ -279,17 +287,18 @@ namespace Orchard.Users.Controllers {
|
||||
|
||||
var user = Services.ContentManager.Get<IUser>(id);
|
||||
|
||||
if (user != null) {
|
||||
if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, user.UserName, StringComparison.Ordinal)) {
|
||||
Services.Notifier.Error(T("The Super user can't be removed. Please disable this account or specify another Super user account."));
|
||||
}
|
||||
else if (String.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
|
||||
Services.Notifier.Error(T("You can't remove your own account. Please log in with another account."));
|
||||
}
|
||||
else{
|
||||
Services.ContentManager.Remove(user.ContentItem);
|
||||
Services.Notifier.Information(T("User {0} deleted", user.UserName));
|
||||
}
|
||||
if (user == null)
|
||||
return HttpNotFound();
|
||||
|
||||
if (string.Equals(Services.WorkContext.CurrentSite.SuperUser, user.UserName, StringComparison.Ordinal)) {
|
||||
Services.Notifier.Error(T("The Super user can't be removed. Please disable this account or specify another Super user account."));
|
||||
}
|
||||
else if (string.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
|
||||
Services.Notifier.Error(T("You can't remove your own account. Please log in with another account."));
|
||||
}
|
||||
else {
|
||||
Services.ContentManager.Remove(user.ContentItem);
|
||||
Services.Notifier.Information(T("User {0} deleted", user.UserName));
|
||||
}
|
||||
|
||||
return RedirectToAction("Index");
|
||||
@@ -302,16 +311,18 @@ namespace Orchard.Users.Controllers {
|
||||
|
||||
var user = Services.ContentManager.Get<IUser>(id);
|
||||
|
||||
if ( user != null ) {
|
||||
var siteUrl = Services.WorkContext.CurrentSite.BaseUrl;
|
||||
if (String.IsNullOrWhiteSpace(siteUrl)) {
|
||||
siteUrl = HttpContext.Request.ToRootUrlString();
|
||||
}
|
||||
if (user == null)
|
||||
return HttpNotFound();
|
||||
|
||||
_userService.SendChallengeEmail(user.As<UserPart>(), nonce => Url.MakeAbsolute(Url.Action("ChallengeEmail", "Account", new { Area = "Orchard.Users", nonce = nonce }), siteUrl));
|
||||
Services.Notifier.Information(T("Challenge email sent to {0}", user.UserName));
|
||||
var siteUrl = Services.WorkContext.CurrentSite.BaseUrl;
|
||||
|
||||
if (string.IsNullOrWhiteSpace(siteUrl)) {
|
||||
siteUrl = HttpContext.Request.ToRootUrlString();
|
||||
}
|
||||
|
||||
_userService.SendChallengeEmail(user.As<UserPart>(), nonce => Url.MakeAbsolute(Url.Action("ChallengeEmail", "Account", new { Area = "Orchard.Users", nonce = nonce }), siteUrl));
|
||||
Services.Notifier.Information(T("Challenge email sent to {0}", user.UserName));
|
||||
|
||||
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
@@ -323,11 +334,12 @@ namespace Orchard.Users.Controllers {
|
||||
|
||||
var user = Services.ContentManager.Get<IUser>(id);
|
||||
|
||||
if ( user != null ) {
|
||||
user.As<UserPart>().RegistrationStatus = UserStatus.Approved;
|
||||
Services.Notifier.Information(T("User {0} approved", user.UserName));
|
||||
_userEventHandlers.Approved(user);
|
||||
}
|
||||
if (user == null)
|
||||
return HttpNotFound();
|
||||
|
||||
user.As<UserPart>().RegistrationStatus = UserStatus.Approved;
|
||||
Services.Notifier.Information(T("User {0} approved", user.UserName));
|
||||
_userEventHandlers.Approved(user);
|
||||
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
@@ -339,14 +351,15 @@ namespace Orchard.Users.Controllers {
|
||||
|
||||
var user = Services.ContentManager.Get<IUser>(id);
|
||||
|
||||
if (user != null) {
|
||||
if (String.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
|
||||
Services.Notifier.Error(T("You can't disable your own account. Please log in with another account"));
|
||||
}
|
||||
else {
|
||||
user.As<UserPart>().RegistrationStatus = UserStatus.Pending;
|
||||
Services.Notifier.Information(T("User {0} disabled", user.UserName));
|
||||
}
|
||||
if (user == null)
|
||||
return HttpNotFound();
|
||||
|
||||
if (string.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
|
||||
Services.Notifier.Error(T("You can't disable your own account. Please log in with another account"));
|
||||
}
|
||||
else {
|
||||
user.As<UserPart>().RegistrationStatus = UserStatus.Pending;
|
||||
Services.Notifier.Information(T("User {0} disabled", user.UserName));
|
||||
}
|
||||
|
||||
return RedirectToAction("Index");
|
||||
|
Reference in New Issue
Block a user