narsil/Tanshu.Accounts.SqlDAO/MembershipDAO.cs

using System;
using System.Collections.Generic;
using System.Text;
using System.Data.SqlClient;
using Tanshu.Accounts.Contracts;
using Tanshu.Data.DAO;
using System.Data;
using Tanshu.Accounts.DAOFactory;

namespace Tanshu.Accounts.SqlDAO
{
    public class MembershipDAO : BaseDAO, IMembershipDAO
    {
        public MembershipDAO(IConnectionDAO connection)
            : base(connection)
        { }

        public bool ValidateUser(string name, string password)
        {
            string name2 = string.Empty;
            if (name.Contains(":"))
            {
                name2 = name.Substring(name.IndexOf(":") + 1);
                name = name.Substring(0, name.IndexOf(":"));
                if (!IsUserInRole(name, "Security/CreateUser"))
                    return false;
                SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND (Name = @Name AND Password = @Password) OR Name = @Name2");
                cmd.Parameters.AddWithValue("@Name", name);
                cmd.Parameters.AddWithValue("@Name2", name2);
                cmd.Parameters.AddWithValue("@Password", password);
                return (int)connection.ExecuteScalar(cmd) == 2;

            }
            else
            {
                SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND Name = @Name AND Password = @Password");
                cmd.Parameters.AddWithValue("@Name", name);
                cmd.Parameters.AddWithValue("@Password", password);
                return (int)connection.ExecuteScalar(cmd) == 1;
            }
        }

        public bool IsUserInRole(string username, string roleName)
        {
            SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM UserRoles ur INNER JOIN Users u ON u.UserID = ur.UserID WHERE u.Name = @UserName AND ur.Role = @Role");
            cmd.Parameters.AddWithValue("@UserName", username);
            cmd.Parameters.AddWithValue("@Role", roleName);

            return (int)connection.ExecuteScalar(cmd) >= 0 ? true : false;
        }

        public bool IsUserInRole(Guid userID, string roleName)
        {
            SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM UserRoles ur WHERE ur.UserID = @UserID AND ur.Role = @Role");
            cmd.Parameters.AddWithValue("@UserID", userID);
            cmd.Parameters.AddWithValue("@Role", roleName);

            return (int)connection.ExecuteScalar(cmd) >= 1 ? true : false;
        }

        public string[] GetRolesForUser(string username)
        {
            List<string> roles = new List<string>();
            using (SqlCommand cmd = new SqlCommand("SELECT ur.Role FROM UserRoles ur INNER JOIN Users u ON ur.UserID = u.UserID WHERE u.Name = @Name"))
            {
                cmd.Parameters.AddWithValue("@Name", username);
                using (IDataReader dr = connection.ExecuteReader(cmd))
                {
                    while (dr.Read())
                        roles.Add(dr.GetString(0));
                }
            }

            string[] outRoles = new string[roles.Count];
            for (int i = 0; i < roles.Count; i++)
            {
                outRoles[i] = roles[i];
            }
            return outRoles;
        }

        public UserBO GetUserFromName(string name)
        {
            SqlCommand cmd = new SqlCommand("SELECT * FROM Users WHERE Name = @Name");
            cmd.Parameters.AddWithValue("@Name", name);
            return BusinessObjectDAO<UserBO>.GetBusinessObject(connection.ExecuteReader(cmd));
        }

        public string[] GetAllRoles()
        {
            List<string> roles = new List<string>();
            using (IDataReader dr = connection.ExecuteReader("SELECT Role FROM Roles"))
            {
                while (dr.Read())
                {
                    roles.Add(dr.GetString(0));
                }
            }
            string[] outRoles = new string[roles.Count];
            for (int i = 0; i < roles.Count; i++)
            {
                outRoles[i] = roles[i];
            }
            return outRoles;
        }

        public void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
            foreach (string user in usernames)
            {
                UserBO currentUser = GetUserFromName(user);
                foreach (string role in roleNames)
                {
                    using (SqlCommand cmd = new SqlCommand("INSERT INTO UserRoles (UserRoleID, UserID, Role) VALUES (NEWID(), @UserID, @Role)"))
                    {
                        cmd.Parameters.AddWithValue("@UserID", currentUser.UserID);
                        cmd.Parameters.AddWithValue("@Role", role);
                        connection.ExecuteNonQuery(cmd);
                    }
                }
            }
        }

        public void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
        {
            string query = "DELETE FROM UserRoles WHERE UserID IN (";

            foreach (string user in usernames)
            {
                UserBO cUser = GetUserFromName(user);
                query += string.Format("'{0}', ", cUser.UserID);
            }
            query = query.Substring(0, query.Length - 2) + ") AND Role IN (";
            foreach (string role in roleNames)
            {
                query += string.Format("'{0}', ", role);
            }
            query = query.Substring(0, query.Length - 2) + ")";
            connection.ExecuteNonQuery(query);
        }

        public bool RoleExists(string roleID)
        {
            using (SqlCommand cmd = new SqlCommand("IF EXISTS(SELECT * FROM Roles WHERE RoleID = @RoleID) SELECT CAST(1 AS bit) ELSE SELECT CAST(0 AS bit)"))
            {
                cmd.Parameters.AddWithValue("@RoleID", roleID);
                return (bool)connection.ExecuteScalar(cmd);
            }
        }
    }
}