2010-03-02 17:56:21 +00:00
using System ;
using System.Collections.Generic ;
using System.Data.SqlClient ;
using Tanshu.Accounts.Contracts ;
using Tanshu.Data.DAO ;
using System.Data ;
2013-11-16 06:01:58 +00:00
2010-03-02 17:56:21 +00:00
namespace Tanshu.Accounts.SqlDAO
{
2013-11-16 06:01:58 +00:00
public class MembershipDAO : BaseDAO
2010-03-02 17:56:21 +00:00
{
public MembershipDAO ( IConnectionDAO connection )
: base ( connection )
{ }
public bool ValidateUser ( string name , string password )
{
string name2 = string . Empty ;
if ( name . Contains ( ":" ) )
{
name2 = name . Substring ( name . IndexOf ( ":" ) + 1 ) ;
name = name . Substring ( 0 , name . IndexOf ( ":" ) ) ;
if ( ! IsUserInRole ( name , "Security/CreateUser" ) )
return false ;
SqlCommand cmd = new SqlCommand ( "SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND (Name = @Name AND Password = @Password) OR Name = @Name2" ) ;
cmd . Parameters . AddWithValue ( "@Name" , name ) ;
cmd . Parameters . AddWithValue ( "@Name2" , name2 ) ;
cmd . Parameters . AddWithValue ( "@Password" , password ) ;
return ( int ) connection . ExecuteScalar ( cmd ) = = 2 ;
}
else
{
SqlCommand cmd = new SqlCommand ( "SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND Name = @Name AND Password = @Password" ) ;
cmd . Parameters . AddWithValue ( "@Name" , name ) ;
cmd . Parameters . AddWithValue ( "@Password" , password ) ;
return ( int ) connection . ExecuteScalar ( cmd ) = = 1 ;
}
}
public bool IsUserInRole ( string username , string roleName )
{
SqlCommand cmd = new SqlCommand ( "SELECT Count(*) FROM UserRoles ur INNER JOIN Users u ON u.UserID = ur.UserID WHERE u.Name = @UserName AND ur.Role = @Role" ) ;
cmd . Parameters . AddWithValue ( "@UserName" , username ) ;
cmd . Parameters . AddWithValue ( "@Role" , roleName ) ;
return ( int ) connection . ExecuteScalar ( cmd ) > = 0 ? true : false ;
}
public bool IsUserInRole ( Guid userID , string roleName )
{
SqlCommand cmd = new SqlCommand ( "SELECT Count(*) FROM UserRoles ur WHERE ur.UserID = @UserID AND ur.Role = @Role" ) ;
cmd . Parameters . AddWithValue ( "@UserID" , userID ) ;
cmd . Parameters . AddWithValue ( "@Role" , roleName ) ;
return ( int ) connection . ExecuteScalar ( cmd ) > = 1 ? true : false ;
}
public string [ ] GetRolesForUser ( string username )
{
List < string > roles = new List < string > ( ) ;
using ( SqlCommand cmd = new SqlCommand ( "SELECT ur.Role FROM UserRoles ur INNER JOIN Users u ON ur.UserID = u.UserID WHERE u.Name = @Name" ) )
{
cmd . Parameters . AddWithValue ( "@Name" , username ) ;
using ( IDataReader dr = connection . ExecuteReader ( cmd ) )
{
while ( dr . Read ( ) )
roles . Add ( dr . GetString ( 0 ) ) ;
}
}
string [ ] outRoles = new string [ roles . Count ] ;
for ( int i = 0 ; i < roles . Count ; i + + )
{
outRoles [ i ] = roles [ i ] ;
}
return outRoles ;
}
public UserBO GetUserFromName ( string name )
{
SqlCommand cmd = new SqlCommand ( "SELECT * FROM Users WHERE Name = @Name" ) ;
cmd . Parameters . AddWithValue ( "@Name" , name ) ;
return BusinessObjectDAO < UserBO > . GetBusinessObject ( connection . ExecuteReader ( cmd ) ) ;
}
public string [ ] GetAllRoles ( )
{
List < string > roles = new List < string > ( ) ;
using ( IDataReader dr = connection . ExecuteReader ( "SELECT Role FROM Roles" ) )
{
while ( dr . Read ( ) )
{
roles . Add ( dr . GetString ( 0 ) ) ;
}
}
string [ ] outRoles = new string [ roles . Count ] ;
for ( int i = 0 ; i < roles . Count ; i + + )
{
outRoles [ i ] = roles [ i ] ;
}
return outRoles ;
}
public void AddUsersToRoles ( string [ ] usernames , string [ ] roleNames )
{
foreach ( string user in usernames )
{
UserBO currentUser = GetUserFromName ( user ) ;
foreach ( string role in roleNames )
{
using ( SqlCommand cmd = new SqlCommand ( "INSERT INTO UserRoles (UserRoleID, UserID, Role) VALUES (NEWID(), @UserID, @Role)" ) )
{
cmd . Parameters . AddWithValue ( "@UserID" , currentUser . UserID ) ;
cmd . Parameters . AddWithValue ( "@Role" , role ) ;
connection . ExecuteNonQuery ( cmd ) ;
}
}
}
}
public void RemoveUsersFromRoles ( string [ ] usernames , string [ ] roleNames )
{
string query = "DELETE FROM UserRoles WHERE UserID IN (" ;
foreach ( string user in usernames )
{
UserBO cUser = GetUserFromName ( user ) ;
query + = string . Format ( "'{0}', " , cUser . UserID ) ;
}
query = query . Substring ( 0 , query . Length - 2 ) + ") AND Role IN (" ;
foreach ( string role in roleNames )
{
query + = string . Format ( "'{0}', " , role ) ;
}
query = query . Substring ( 0 , query . Length - 2 ) + ")" ;
connection . ExecuteNonQuery ( query ) ;
}
public bool RoleExists ( string roleID )
{
using ( SqlCommand cmd = new SqlCommand ( "IF EXISTS(SELECT * FROM Roles WHERE Role = @RoleID) SELECT CAST(1 AS bit) ELSE SELECT CAST(0 AS bit)" ) )
{
cmd . Parameters . AddWithValue ( "@RoleID" , roleID ) ;
return ( bool ) connection . ExecuteScalar ( cmd ) ;
}
}
}
}