internal void AddToCourse(int courseID, PermissionsID roleID)
{
DatabaseCall dbc = new DatabaseCall("Users_AddToCourse", DBCallType.Execute);
dbc.AddParameter("@UserID", _userID);
dbc.AddParameter("@CourseID", courseID);
dbc.AddParameter("RoleID", (int)roleID);
dbc.Execute();
}
internal static bool SecurityIsAllowed(SecurityAction action, out PermissionsID maxPermID)
{
int userID = SharedSupport.GetUserIdentity();
System.Data.OleDb.OleDbConnection con = new System.Data.OleDb.OleDbConnection(SharedSupport.ConnectionString);
System.Data.OleDb.OleDbDataAdapter cmd = new System.Data.OleDb.OleDbDataAdapter("Security_GlobalIsAllowed", con);
System.Data.DataSet ds = new System.Data.DataSet();
System.Data.OleDb.OleDbParameter param;
cmd.SelectCommand.CommandType = System.Data.CommandType.StoredProcedure;
param = new System.Data.OleDb.OleDbParameter("@UserID", System.Data.OleDb.OleDbType.Integer);
param.Value = userID;
cmd.SelectCommand.Parameters.Add(param);
param = new System.Data.OleDb.OleDbParameter("@ActionID", System.Data.OleDb.OleDbType.Integer);
param.Value = (int)action;
cmd.SelectCommand.Parameters.Add(param);
maxPermID = PermissionsID.Student;
try
{
cmd.Fill(ds);
}
catch (System.Exception e)
{
SharedSupport.HandleError(e);
}
try
{
if (Convert.ToInt32(ds.Tables[0].Rows[0]["UserID"]) == userID)
{
maxPermID = (PermissionsID)Convert.ToInt32(ds.Tables[0].Rows[0]["RoleID"]);
return(true);
}
}
catch
{
return(false);
}
return(false);
}
/// <summary>
///
/// </summary>
/// <param name="sender"> </param>
/// <param name="e"> </param>
public void btnUpdate_Click(object sender, System.EventArgs e)
{
try
{
//reset error handling label
Nav1.Feedback.Text = String.Empty;
checkErrorCases();
UserM user = null;
//Save Updated or New User - check for UserID on query string
if (userId != 0)
{
if (!SharedSupport.SecurityIsAllowed(courseId, SecurityAction.USER_EDIT))
{
throw new Exception(SharedSupport.GetLocalizedString("Global_Unauthorized"));
}
//Update
user = UserM.Load(userId);
if (user.IsValid)
{
//Save updated user
user.EmailAddress = txtEMailAddress.Text.ToString();
user.FirstName = txtFirstName.Text.ToString();
user.LastName = txtLastName.Text.ToString();
user.LastUpdatedDate = DateTime.Now;
user.LastUpdatedUserID = SharedSupport.GetUserIdentity();
user.MiddleName = txtMiddleName.Text.ToString();
user.UniversityID = txtUniversityIdentifier.Text.ToString();
user.UserName = txtUserName.Text.ToString();
user.Update();
if (user.IsInCourse(courseId))
{
if (SharedSupport.SecurityIsAllowed(courseId, SecurityAction.SECURITY_EDIT))
{
int roleid = Convert.ToInt32(UserRolesList.SelectedItem.Value);
RoleM currentUsersRole = RoleM.GetUsersRoleInCourse(SharedSupport.GetUserIdentity(), courseId);
// The lower role => greater permissions
if ((currentUsersRole.ID == (int)PermissionsID.Admin) || (currentUsersRole.ID < roleid))
{
user.SetRoleInCourse(courseId, roleid);
}
else
{
throw new Exception(SharedSupport.GetLocalizedString("AddEditUser_ErrorRolePermissionDenied"));
}
}
}
else
{
// Add user to Course
PermissionsID permission = PermissionsID.Student;
if (SharedSupport.SecurityIsAllowed(courseId, SecurityAction.SECURITY_EDIT))
{
int roleid = Convert.ToInt32(UserRolesList.SelectedItem.Value);
RoleM currentUsersRole = RoleM.GetUsersRoleInCourse(SharedSupport.GetUserIdentity(), courseId);
// The lower role => greater permissions
// Note: Cannot change the permission of someone at your level.
if ((currentUsersRole.ID == (int)PermissionsID.Admin) || (currentUsersRole.ID < roleid))
{
permission = (PermissionsID)roleid;
user.AddToCourse(courseId, permission);
}
else
{
throw new Exception(SharedSupport.GetLocalizedString("AddEditUser_ErrorRolePermissionDenied"));
}
}
}
btnUpdate.Text = SharedSupport.GetLocalizedString("AddEditUser_Update");
Nav1.Feedback.Text = SharedSupport.GetLocalizedString("AddEditUser_UserUpdated"); //"User has been Updated.";
}
else
{
throw new Exception(NO_USER_FOR_USERID_ERROR);
}
}
else
{
if (!SharedSupport.SecurityIsAllowed(courseId, SecurityAction.USER_ADD))
{
throw new Exception(SharedSupport.GetLocalizedString("Global_Unauthorized"));
}
//Insert
user = new UserM();
user.EmailAddress = txtEMailAddress.Text.ToString();
user.FirstName = txtFirstName.Text.ToString();
user.LastName = txtLastName.Text.ToString();
user.LastUpdatedDate = DateTime.Now;
user.LastUpdatedUserID = SharedSupport.GetUserIdentity();
user.MiddleName = txtMiddleName.Text.ToString();
user.UniversityID = txtUniversityIdentifier.Text.ToString();
user.UserName = txtUserName.Text.ToString();
user.ChangedPassword = false;
// Does the user already exist?
UserM userByName = UserM.LoadByUserName(user.UserName);
if (!userByName.IsValid)
{
userId = user.Create();
btnUpdate.Text = SharedSupport.GetLocalizedString("AddEditUser_Update");
Nav1.Feedback.Text = SharedSupport.GetLocalizedString("AddEditUser_UserInserted"); //"User has been inserted.";
PermissionsID permission = PermissionsID.Student;
if (SharedSupport.SecurityIsAllowed(courseId, SecurityAction.SECURITY_EDIT))
{
int roleid = Convert.ToInt32(UserRolesList.SelectedItem.Value);
RoleM currentUsersRole = RoleM.GetUsersRoleInCourse(SharedSupport.GetUserIdentity(), courseId);
// The lower role = greater permissions
// Note: Can't change permissions of someone equal in level to you.
if ((currentUsersRole.ID == (int)PermissionsID.Admin) || (currentUsersRole.ID < roleid))
{
permission = (PermissionsID)roleid;
}
else
{
throw new Exception(SharedSupport.GetLocalizedString("AddEditUser_ErrorRolePermissionDenied"));
}
}
user.AddToCourse(courseId, permission);
}
else
{
throw new Exception(SharedSupport.GetLocalizedString("User_UserNameMustBeUnique"));
}
}
Response.Redirect("Users.aspx?UserID=" + userId.ToString() + "&" + Request.QueryString.ToString(), false);
}
catch (Exception ex)
{
Nav1.Feedback.Text = ex.Message.ToString();
}
}
