diff --git a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs index 1e29bedfa..82a18d230 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs @@ -74,7 +74,7 @@ namespace Orchard.Users.Controllers { break; } - if(!String.IsNullOrWhiteSpace(options.Search)) { + if(!string.IsNullOrWhiteSpace(options.Search)) { users = users.Where(u => u.UserName.Contains(options.Search) || u.Email.Contains(options.Search)); } @@ -219,6 +219,10 @@ namespace Orchard.Users.Controllers { return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id); + + if (user == null) + return HttpNotFound(); + var editor = Shape.EditorTemplate(TemplateName: "Parts/User.Edit", Model: new UserEditViewModel {User = user}, Prefix: null); editor.Metadata.Position = "2"; var model = Services.ContentManager.BuildEditor(user); @@ -233,11 +237,15 @@ namespace Orchard.Users.Controllers { return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id, VersionOptions.DraftRequired); + + if (user == null) + return HttpNotFound(); + string previousName = user.UserName; var model = Services.ContentManager.UpdateEditor(user, this); - var editModel = new UserEditViewModel {User = user}; + var editModel = new UserEditViewModel { User = user }; if (TryUpdateModel(editModel)) { if (!_userService.VerifyUserUnicity(id, editModel.UserName, editModel.Email)) { AddModelError("NotUniqueUserName", T("User with that username and/or email already exists.")); @@ -248,7 +256,7 @@ namespace Orchard.Users.Controllers { } else { // also update the Super user if this is the renamed account - if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.Ordinal)) { + if (string.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.Ordinal)) { _siteService.GetSiteSettings().As().SuperUser = editModel.UserName; } @@ -279,17 +287,18 @@ namespace Orchard.Users.Controllers { var user = Services.ContentManager.Get(id); - if (user != null) { - if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, user.UserName, StringComparison.Ordinal)) { - Services.Notifier.Error(T("The Super user can't be removed. Please disable this account or specify another Super user account.")); - } - else if (String.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) { - Services.Notifier.Error(T("You can't remove your own account. Please log in with another account.")); - } - else{ - Services.ContentManager.Remove(user.ContentItem); - Services.Notifier.Information(T("User {0} deleted", user.UserName)); - } + if (user == null) + return HttpNotFound(); + + if (string.Equals(Services.WorkContext.CurrentSite.SuperUser, user.UserName, StringComparison.Ordinal)) { + Services.Notifier.Error(T("The Super user can't be removed. Please disable this account or specify another Super user account.")); + } + else if (string.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) { + Services.Notifier.Error(T("You can't remove your own account. Please log in with another account.")); + } + else { + Services.ContentManager.Remove(user.ContentItem); + Services.Notifier.Information(T("User {0} deleted", user.UserName)); } return RedirectToAction("Index"); @@ -302,16 +311,18 @@ namespace Orchard.Users.Controllers { var user = Services.ContentManager.Get(id); - if ( user != null ) { - var siteUrl = Services.WorkContext.CurrentSite.BaseUrl; - if (String.IsNullOrWhiteSpace(siteUrl)) { - siteUrl = HttpContext.Request.ToRootUrlString(); - } + if (user == null) + return HttpNotFound(); - _userService.SendChallengeEmail(user.As(), nonce => Url.MakeAbsolute(Url.Action("ChallengeEmail", "Account", new { Area = "Orchard.Users", nonce = nonce }), siteUrl)); - Services.Notifier.Information(T("Challenge email sent to {0}", user.UserName)); + var siteUrl = Services.WorkContext.CurrentSite.BaseUrl; + + if (string.IsNullOrWhiteSpace(siteUrl)) { + siteUrl = HttpContext.Request.ToRootUrlString(); } + _userService.SendChallengeEmail(user.As(), nonce => Url.MakeAbsolute(Url.Action("ChallengeEmail", "Account", new { Area = "Orchard.Users", nonce = nonce }), siteUrl)); + Services.Notifier.Information(T("Challenge email sent to {0}", user.UserName)); + return RedirectToAction("Index"); } @@ -323,11 +334,12 @@ namespace Orchard.Users.Controllers { var user = Services.ContentManager.Get(id); - if ( user != null ) { - user.As().RegistrationStatus = UserStatus.Approved; - Services.Notifier.Information(T("User {0} approved", user.UserName)); - _userEventHandlers.Approved(user); - } + if (user == null) + return HttpNotFound(); + + user.As().RegistrationStatus = UserStatus.Approved; + Services.Notifier.Information(T("User {0} approved", user.UserName)); + _userEventHandlers.Approved(user); return RedirectToAction("Index"); } @@ -339,14 +351,15 @@ namespace Orchard.Users.Controllers { var user = Services.ContentManager.Get(id); - if (user != null) { - if (String.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) { - Services.Notifier.Error(T("You can't disable your own account. Please log in with another account")); - } - else { - user.As().RegistrationStatus = UserStatus.Pending; - Services.Notifier.Information(T("User {0} disabled", user.UserName)); - } + if (user == null) + return HttpNotFound(); + + if (string.Equals(Services.WorkContext.CurrentUser.UserName, user.UserName, StringComparison.Ordinal)) { + Services.Notifier.Error(T("You can't disable your own account. Please log in with another account")); + } + else { + user.As().RegistrationStatus = UserStatus.Pending; + Services.Notifier.Information(T("User {0} disabled", user.UserName)); } return RedirectToAction("Index");