Users: invalid id now returns HttpNotFound for all AdminController actions + formatting fixes

This commit is contained in:
Lombiq
2016-03-22 19:34:23 +01:00
committed by Benedek Farkas
parent 9fa1e13457
commit d556f701b8

View File

@@ -74,7 +74,7 @@ namespace Orchard.Users.Controllers {
break;
}
if(!String.IsNullOrWhiteSpace(options.Search)) {
if(!string.IsNullOrWhiteSpace(options.Search)) {
users = users.Where(u => u.UserName.Contains(options.Search) || u.Email.Contains(options.Search));
}
@@ -219,6 +219,10 @@ namespace Orchard.Users.Controllers {
return new HttpUnauthorizedResult();
var user = Services.ContentManager.Get<UserPart>(id);
if (user == null)
return HttpNotFound();
var editor = Shape.EditorTemplate(TemplateName: "Parts/User.Edit", Model: new UserEditViewModel {User = user}, Prefix: null);
editor.Metadata.Position = "2";
var model = Services.ContentManager.BuildEditor(user);
@@ -233,11 +237,15 @@ namespace Orchard.Users.Controllers {
return new HttpUnauthorizedResult();
var user = Services.ContentManager.Get<UserPart>(id, VersionOptions.DraftRequired);
if (user == null)
return HttpNotFound();
string previousName = user.UserName;
var model = Services.ContentManager.UpdateEditor(user, this);
var editModel = new UserEditViewModel {User = user};
var editModel = new UserEditViewModel { User = user };
if (TryUpdateModel(editModel)) {
if (!_userService.VerifyUserUnicity(id, editModel.UserName, editModel.Email)) {
AddModelError("NotUniqueUserName", T("User with that username and/or email already exists."));
@@ -248,7 +256,7 @@ namespace Orchard.Users.Controllers {
}
else {
// also update the Super user if this is the renamed account
if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.Ordinal)) {
if (string.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.Ordinal)) {
_siteService.GetSiteSettings().As<SiteSettingsPart>().SuperUser = editModel.UserName;
}
@@ -279,17 +287,18 @@ namespace Orchard.Users.Controllers {
var user = Services.ContentManager.Get<IUser>(id);
if (user != null) {
if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, user.UserName, StringComparison.Ordinal)) {
Services.Notifier.Error(T("The Super user can't be removed. Please disable this account or specify another Super user account."));
}
else if (String.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
Services.Notifier.Error(T("You can't remove your own account. Please log in with another account."));
}
else{
Services.ContentManager.Remove(user.ContentItem);
Services.Notifier.Information(T("User {0} deleted", user.UserName));
}
if (user == null)
return HttpNotFound();
if (string.Equals(Services.WorkContext.CurrentSite.SuperUser, user.UserName, StringComparison.Ordinal)) {
Services.Notifier.Error(T("The Super user can't be removed. Please disable this account or specify another Super user account."));
}
else if (string.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
Services.Notifier.Error(T("You can't remove your own account. Please log in with another account."));
}
else {
Services.ContentManager.Remove(user.ContentItem);
Services.Notifier.Information(T("User {0} deleted", user.UserName));
}
return RedirectToAction("Index");
@@ -302,16 +311,18 @@ namespace Orchard.Users.Controllers {
var user = Services.ContentManager.Get<IUser>(id);
if ( user != null ) {
var siteUrl = Services.WorkContext.CurrentSite.BaseUrl;
if (String.IsNullOrWhiteSpace(siteUrl)) {
siteUrl = HttpContext.Request.ToRootUrlString();
}
if (user == null)
return HttpNotFound();
_userService.SendChallengeEmail(user.As<UserPart>(), nonce => Url.MakeAbsolute(Url.Action("ChallengeEmail", "Account", new { Area = "Orchard.Users", nonce = nonce }), siteUrl));
Services.Notifier.Information(T("Challenge email sent to {0}", user.UserName));
var siteUrl = Services.WorkContext.CurrentSite.BaseUrl;
if (string.IsNullOrWhiteSpace(siteUrl)) {
siteUrl = HttpContext.Request.ToRootUrlString();
}
_userService.SendChallengeEmail(user.As<UserPart>(), nonce => Url.MakeAbsolute(Url.Action("ChallengeEmail", "Account", new { Area = "Orchard.Users", nonce = nonce }), siteUrl));
Services.Notifier.Information(T("Challenge email sent to {0}", user.UserName));
return RedirectToAction("Index");
}
@@ -323,11 +334,12 @@ namespace Orchard.Users.Controllers {
var user = Services.ContentManager.Get<IUser>(id);
if ( user != null ) {
user.As<UserPart>().RegistrationStatus = UserStatus.Approved;
Services.Notifier.Information(T("User {0} approved", user.UserName));
_userEventHandlers.Approved(user);
}
if (user == null)
return HttpNotFound();
user.As<UserPart>().RegistrationStatus = UserStatus.Approved;
Services.Notifier.Information(T("User {0} approved", user.UserName));
_userEventHandlers.Approved(user);
return RedirectToAction("Index");
}
@@ -339,14 +351,15 @@ namespace Orchard.Users.Controllers {
var user = Services.ContentManager.Get<IUser>(id);
if (user != null) {
if (String.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
Services.Notifier.Error(T("You can't disable your own account. Please log in with another account"));
}
else {
user.As<UserPart>().RegistrationStatus = UserStatus.Pending;
Services.Notifier.Information(T("User {0} disabled", user.UserName));
}
if (user == null)
return HttpNotFound();
if (string.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) {
Services.Notifier.Error(T("You can't disable your own account. Please log in with another account"));
}
else {
user.As<UserPart>().RegistrationStatus = UserStatus.Pending;
Services.Notifier.Information(T("User {0} disabled", user.UserName));
}
return RedirectToAction("Index");