narsil/Tanshu.Accounts.SqlDAO/MembershipDAO.cs

152 lines
5.8 KiB
C#
Raw Normal View History

2010-03-02 17:56:21 +00:00
using System;
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using Tanshu.Accounts.Contracts;
using Tanshu.Data.DAO;
using System.Data;
using Tanshu.Accounts.DAOFactory;
namespace Tanshu.Accounts.SqlDAO
{
public class MembershipDAO : BaseDAO, IMembershipDAO
{
public MembershipDAO(IConnectionDAO connection)
: base(connection)
{ }
public bool ValidateUser(string name, string password)
{
string name2 = string.Empty;
if (name.Contains(":"))
{
name2 = name.Substring(name.IndexOf(":") + 1);
name = name.Substring(0, name.IndexOf(":"));
if (!IsUserInRole(name, "Security/CreateUser"))
return false;
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND (Name = @Name AND Password = @Password) OR Name = @Name2");
cmd.Parameters.AddWithValue("@Name", name);
cmd.Parameters.AddWithValue("@Name2", name2);
cmd.Parameters.AddWithValue("@Password", password);
return (int)connection.ExecuteScalar(cmd) == 2;
}
else
{
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND Name = @Name AND Password = @Password");
cmd.Parameters.AddWithValue("@Name", name);
cmd.Parameters.AddWithValue("@Password", password);
return (int)connection.ExecuteScalar(cmd) == 1;
}
}
public bool IsUserInRole(string username, string roleName)
{
SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM UserRoles ur INNER JOIN Users u ON u.UserID = ur.UserID WHERE u.Name = @UserName AND ur.Role = @Role");
cmd.Parameters.AddWithValue("@UserName", username);
cmd.Parameters.AddWithValue("@Role", roleName);
return (int)connection.ExecuteScalar(cmd) >= 0 ? true : false;
}
public bool IsUserInRole(Guid userID, string roleName)
{
SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM UserRoles ur WHERE ur.UserID = @UserID AND ur.Role = @Role");
cmd.Parameters.AddWithValue("@UserID", userID);
cmd.Parameters.AddWithValue("@Role", roleName);
return (int)connection.ExecuteScalar(cmd) >= 1 ? true : false;
}
public string[] GetRolesForUser(string username)
{
List<string> roles = new List<string>();
using (SqlCommand cmd = new SqlCommand("SELECT ur.Role FROM UserRoles ur INNER JOIN Users u ON ur.UserID = u.UserID WHERE u.Name = @Name"))
{
cmd.Parameters.AddWithValue("@Name", username);
using (IDataReader dr = connection.ExecuteReader(cmd))
{
while (dr.Read())
roles.Add(dr.GetString(0));
}
}
string[] outRoles = new string[roles.Count];
for (int i = 0; i < roles.Count; i++)
{
outRoles[i] = roles[i];
}
return outRoles;
}
public UserBO GetUserFromName(string name)
{
SqlCommand cmd = new SqlCommand("SELECT * FROM Users WHERE Name = @Name");
cmd.Parameters.AddWithValue("@Name", name);
return BusinessObjectDAO<UserBO>.GetBusinessObject(connection.ExecuteReader(cmd));
}
public string[] GetAllRoles()
{
List<string> roles = new List<string>();
using (IDataReader dr = connection.ExecuteReader("SELECT Role FROM Roles"))
{
while (dr.Read())
{
roles.Add(dr.GetString(0));
}
}
string[] outRoles = new string[roles.Count];
for (int i = 0; i < roles.Count; i++)
{
outRoles[i] = roles[i];
}
return outRoles;
}
public void AddUsersToRoles(string[] usernames, string[] roleNames)
{
foreach (string user in usernames)
{
UserBO currentUser = GetUserFromName(user);
foreach (string role in roleNames)
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO UserRoles (UserRoleID, UserID, Role) VALUES (NEWID(), @UserID, @Role)"))
{
cmd.Parameters.AddWithValue("@UserID", currentUser.UserID);
cmd.Parameters.AddWithValue("@Role", role);
connection.ExecuteNonQuery(cmd);
}
}
}
}
public void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
string query = "DELETE FROM UserRoles WHERE UserID IN (";
foreach (string user in usernames)
{
UserBO cUser = GetUserFromName(user);
query += string.Format("'{0}', ", cUser.UserID);
}
query = query.Substring(0, query.Length - 2) + ") AND Role IN (";
foreach (string role in roleNames)
{
query += string.Format("'{0}', ", role);
}
query = query.Substring(0, query.Length - 2) + ")";
connection.ExecuteNonQuery(query);
}
public bool RoleExists(string roleID)
{
using (SqlCommand cmd = new SqlCommand("IF EXISTS(SELECT * FROM Roles WHERE Role = @RoleID) SELECT CAST(1 AS bit) ELSE SELECT CAST(0 AS bit)"))
{
cmd.Parameters.AddWithValue("@RoleID", roleID);
return (bool)connection.ExecuteScalar(cmd);
}
}
}
}