152 lines
5.8 KiB
C#
152 lines
5.8 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Text;
|
|
using System.Data.SqlClient;
|
|
using Tanshu.Accounts.Contracts;
|
|
using Tanshu.Data.DAO;
|
|
using System.Data;
|
|
using Tanshu.Accounts.DAOFactory;
|
|
|
|
namespace Tanshu.Accounts.SqlDAO
|
|
{
|
|
public class MembershipDAO : BaseDAO, IMembershipDAO
|
|
{
|
|
public MembershipDAO(IConnectionDAO connection)
|
|
: base(connection)
|
|
{ }
|
|
|
|
public bool ValidateUser(string name, string password)
|
|
{
|
|
string name2 = string.Empty;
|
|
if (name.Contains(":"))
|
|
{
|
|
name2 = name.Substring(name.IndexOf(":") + 1);
|
|
name = name.Substring(0, name.IndexOf(":"));
|
|
if (!IsUserInRole(name, "Security/CreateUser"))
|
|
return false;
|
|
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND (Name = @Name AND Password = @Password) OR Name = @Name2");
|
|
cmd.Parameters.AddWithValue("@Name", name);
|
|
cmd.Parameters.AddWithValue("@Name2", name2);
|
|
cmd.Parameters.AddWithValue("@Password", password);
|
|
return (int)connection.ExecuteScalar(cmd) == 2;
|
|
|
|
}
|
|
else
|
|
{
|
|
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM Users WHERE LockedOut = 0 AND Name = @Name AND Password = @Password");
|
|
cmd.Parameters.AddWithValue("@Name", name);
|
|
cmd.Parameters.AddWithValue("@Password", password);
|
|
return (int)connection.ExecuteScalar(cmd) == 1;
|
|
}
|
|
}
|
|
|
|
public bool IsUserInRole(string username, string roleName)
|
|
{
|
|
SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM UserRoles ur INNER JOIN Users u ON u.UserID = ur.UserID WHERE u.Name = @UserName AND ur.Role = @Role");
|
|
cmd.Parameters.AddWithValue("@UserName", username);
|
|
cmd.Parameters.AddWithValue("@Role", roleName);
|
|
|
|
return (int)connection.ExecuteScalar(cmd) >= 0 ? true : false;
|
|
}
|
|
|
|
public bool IsUserInRole(Guid userID, string roleName)
|
|
{
|
|
SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM UserRoles ur WHERE ur.UserID = @UserID AND ur.Role = @Role");
|
|
cmd.Parameters.AddWithValue("@UserID", userID);
|
|
cmd.Parameters.AddWithValue("@Role", roleName);
|
|
|
|
return (int)connection.ExecuteScalar(cmd) >= 1 ? true : false;
|
|
}
|
|
|
|
public string[] GetRolesForUser(string username)
|
|
{
|
|
List<string> roles = new List<string>();
|
|
using (SqlCommand cmd = new SqlCommand("SELECT ur.Role FROM UserRoles ur INNER JOIN Users u ON ur.UserID = u.UserID WHERE u.Name = @Name"))
|
|
{
|
|
cmd.Parameters.AddWithValue("@Name", username);
|
|
using (IDataReader dr = connection.ExecuteReader(cmd))
|
|
{
|
|
while (dr.Read())
|
|
roles.Add(dr.GetString(0));
|
|
}
|
|
}
|
|
|
|
string[] outRoles = new string[roles.Count];
|
|
for (int i = 0; i < roles.Count; i++)
|
|
{
|
|
outRoles[i] = roles[i];
|
|
}
|
|
return outRoles;
|
|
}
|
|
|
|
public UserBO GetUserFromName(string name)
|
|
{
|
|
SqlCommand cmd = new SqlCommand("SELECT * FROM Users WHERE Name = @Name");
|
|
cmd.Parameters.AddWithValue("@Name", name);
|
|
return BusinessObjectDAO<UserBO>.GetBusinessObject(connection.ExecuteReader(cmd));
|
|
}
|
|
|
|
public string[] GetAllRoles()
|
|
{
|
|
List<string> roles = new List<string>();
|
|
using (IDataReader dr = connection.ExecuteReader("SELECT Role FROM Roles"))
|
|
{
|
|
while (dr.Read())
|
|
{
|
|
roles.Add(dr.GetString(0));
|
|
}
|
|
}
|
|
string[] outRoles = new string[roles.Count];
|
|
for (int i = 0; i < roles.Count; i++)
|
|
{
|
|
outRoles[i] = roles[i];
|
|
}
|
|
return outRoles;
|
|
}
|
|
|
|
public void AddUsersToRoles(string[] usernames, string[] roleNames)
|
|
{
|
|
foreach (string user in usernames)
|
|
{
|
|
UserBO currentUser = GetUserFromName(user);
|
|
foreach (string role in roleNames)
|
|
{
|
|
using (SqlCommand cmd = new SqlCommand("INSERT INTO UserRoles (UserRoleID, UserID, Role) VALUES (NEWID(), @UserID, @Role)"))
|
|
{
|
|
cmd.Parameters.AddWithValue("@UserID", currentUser.UserID);
|
|
cmd.Parameters.AddWithValue("@Role", role);
|
|
connection.ExecuteNonQuery(cmd);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
public void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
|
|
{
|
|
string query = "DELETE FROM UserRoles WHERE UserID IN (";
|
|
|
|
foreach (string user in usernames)
|
|
{
|
|
UserBO cUser = GetUserFromName(user);
|
|
query += string.Format("'{0}', ", cUser.UserID);
|
|
}
|
|
query = query.Substring(0, query.Length - 2) + ") AND Role IN (";
|
|
foreach (string role in roleNames)
|
|
{
|
|
query += string.Format("'{0}', ", role);
|
|
}
|
|
query = query.Substring(0, query.Length - 2) + ")";
|
|
connection.ExecuteNonQuery(query);
|
|
}
|
|
|
|
public bool RoleExists(string roleID)
|
|
{
|
|
using (SqlCommand cmd = new SqlCommand("IF EXISTS(SELECT * FROM Roles WHERE RoleID = @RoleID) SELECT CAST(1 AS bit) ELSE SELECT CAST(0 AS bit)"))
|
|
{
|
|
cmd.Parameters.AddWithValue("@RoleID", roleID);
|
|
return (bool)connection.ExecuteScalar(cmd);
|
|
}
|
|
}
|
|
}
|
|
}
|