using System; using System.Linq; using System.Web.Mvc; using System.Web.Security; using MileageTraker.Web.ViewModels.User; namespace MileageTraker.Web.Controllers { [Authorize(Roles = "Administrator, Developer")] public class UserController : ControllerBase { public ActionResult Index() { return View(DataService.GetUsers().ToList()); } public ActionResult Details(Guid id) { var user = Membership.GetUser(id); if (user == null) { return HttpNotFound(); } return View(DataService.GetUser(id)); } public JsonResult UsernameAvailable(string username) { var user = DataService.FindUserByUsername(username); return Json(user == null, JsonRequestBehavior.AllowGet); } public JsonResult EmailAvailable(string email) { var user = DataService.FindUserByEmail(email); return Json(user == null, JsonRequestBehavior.AllowGet); } public ActionResult Create() { var vm = new CreateUserViewModel { AvailableRoles = Roles.GetAllRoles() }; return View(vm); } [HttpPost] public ActionResult Create(CreateUserViewModel viewModel) { if (ModelState.IsValid) { MembershipCreateStatus membershipCreateStatus; var membershipUser = Membership.CreateUser( viewModel.Username, viewModel.Password, viewModel.Email, null, null, true, out membershipCreateStatus); if (membershipUser == null) { ModelState.AddModelError("", ErrorCodeToString(membershipCreateStatus)); viewModel.AvailableRoles = Roles.GetAllRoles(); return View(viewModel); } if (viewModel.Roles != null && viewModel.Roles.Any()) { Roles.AddUserToRoles( membershipUser.UserName, viewModel.Roles); } var user = DataService.GetUser((Guid) membershipUser.ProviderUserKey); user.FullName = viewModel.FullName; DataService.UpdateUserPersonalInfo(user); TempData["StatusMessage"] = "User " + user.Username + " created"; return RedirectToAction("Index"); } viewModel.AvailableRoles = Roles.GetAllRoles(); return View(viewModel); } public ActionResult Edit(Guid id) { var user = DataService.GetUser(id); if (user == null) { return HttpNotFound(); } var vm = new EditUserViewModel(user) { Roles = Roles.GetRolesForUser(user.Username), AvailableRoles = Roles.GetAllRoles() }; return View(vm); } [HttpPost] public ActionResult Edit(EditUserViewModel viewModel) { if (ModelState.IsValid) { var user = DataService.GetUser(viewModel.UserId); viewModel.UpdateUser(user); DataService.UpdateUserPersonalInfo(user); Roles.RemoveUserFromRoles(user.Username, Roles.GetAllRoles()); if (viewModel.Roles != null && viewModel.Roles.Any()) { Roles.AddUserToRoles( user.Username, viewModel.Roles); } TempData["StatusMessage"] = "Changes saved for " + user.Username; return RedirectToAction("Details", new { id = viewModel.UserId}); } return View(viewModel); } public ActionResult SetPassword(Guid id) { var user = Membership.GetUser(id); if (user == null) return HttpNotFound(); var viewModel = new SetPasswordViewModel {UserId = id, Username = user.UserName}; return View(viewModel); } [HttpPost] public ActionResult SetPassword(SetPasswordViewModel viewModel) { if (ModelState.IsValid) { DataService.UpdateUserPassword(viewModel.UserId, viewModel.NewPassword); TempData["StatusMessage"] = "Password set for " + viewModel.Username; return RedirectToAction("Details", new { id = viewModel.UserId}); } // If we got this far, something failed, redisplay form return View(viewModel); } public ActionResult DisableUser(Guid id) { var user = DataService.GetUser(id); if (user == null) { return HttpNotFound(); } user.IsApproved = false; DataService.UpdateUser(user); TempData["StatusMessage"] = user.Username + " disabled"; if (Request.UrlReferrer != null) return Redirect(Request.UrlReferrer.AbsolutePath); return RedirectToAction("Index"); } public ActionResult EnableUser(Guid id) { var user = DataService.GetUser(id); if (user == null) { return HttpNotFound(); } user.IsApproved = true; DataService.UpdateUser(user); TempData["StatusMessage"] = user.Username + " enabled"; if (Request.UrlReferrer != null) return Redirect(Request.UrlReferrer.AbsolutePath); return RedirectToAction("Index"); } public ActionResult UnlockUser(Guid id) { var user = DataService.GetUser(id); if (user == null) { return HttpNotFound(); } user.IsLockedOut = false; user.PasswordFailuresSinceLastSuccess = 0; DataService.UpdateUser(user); TempData["StatusMessage"] = user.Username + " unlocked"; if (Request.UrlReferrer != null) return Redirect(Request.UrlReferrer.AbsolutePath); return RedirectToAction("Index"); } private static string ErrorCodeToString(MembershipCreateStatus createStatus) { // See http://go.microsoft.com/fwlink/?LinkID=177550 for // a full list of status codes. switch (createStatus) { case MembershipCreateStatus.DuplicateUserName: return "User name already exists. Please enter a different user name."; case MembershipCreateStatus.DuplicateEmail: return "A user name for that e-mail address already exists. Please enter a different e-mail address."; case MembershipCreateStatus.InvalidPassword: return "The password provided is invalid. Please enter a valid password value."; case MembershipCreateStatus.InvalidEmail: return "The e-mail address provided is invalid. Please check the value and try again."; case MembershipCreateStatus.InvalidAnswer: return "The password retrieval answer provided is invalid. Please check the value and try again."; case MembershipCreateStatus.InvalidQuestion: return "The password retrieval question provided is invalid. Please check the value and try again."; case MembershipCreateStatus.InvalidUserName: return "The user name provided is invalid. Please check the value and try again."; case MembershipCreateStatus.ProviderError: return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator."; case MembershipCreateStatus.UserRejected: return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator."; default: return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator."; } } } }