/// <summary>
/// Deletes a username/group combination, i.e. removes an entity from the TM_GROUP_ACCOUNT table
/// </summary>
/// <param name="ado"></param>
/// <param name="groupAccount"></param>
/// <param name="ccnUsername"></param>
/// <returns></returns>
internal int Delete(ADO ado, GroupAccount_DTO_Delete groupAccount, string ccnUsername)
{
List <ADO_inputParams> inputParamList = new List <ADO_inputParams>()
{
new ADO_inputParams()
{
name = "@CcnUsernameDeleter", value = ccnUsername
},
new ADO_inputParams()
{
name = "@CcnUsernameDeletedUser", value = groupAccount.CcnUsername
},
new ADO_inputParams()
{
name = "@GrpCode", value = groupAccount.GrpCode
}
};
//Create a return parameter
ADO_returnParam retParam = new ADO_returnParam();
retParam.name = "@return";
retParam.value = 0;
//Executing the stored procedure
ado.ExecuteNonQueryProcedure("Security_GroupAccount_Delete", inputParamList, ref retParam);
Log.Instance.Debug("Number of records affected: " + retParam.value);
return(retParam.value);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not update a user to become an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not update a user to become an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//A power user may not downgrade an administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not downgrade an administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
Account_ADO adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update.");
Response.error = Label.Get("error.update");
return(false);
}
}
//Update and retrieve the number of updated rows
int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName);
if (nUpdated == 0)
{
Log.Instance.Debug("Failed to update Account");
Response.error = Label.Get("error.update");
return(false);
}
//An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user
// We run the check based on the proposed PrvCode, not on the existing privilege
if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER))
{
List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername);
foreach (GroupAccount_DTO groupAccount in groupAccountList)
{
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete();
gaDto.CcnUsername = groupAccount.CcnUsername;
gaDto.GrpCode = groupAccount.GrpCode;
int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName);
if (deleted == 0)
{
Log.Instance.Debug("Failed to delete account group membership");
Response.error = Label.Get("error.update");
return(false);
}
}
}
//If this user is cached then we must remove it because the data is now out of date
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not delete an Administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername))
{
Log.Instance.Debug("A power user may not delete an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//You can't delete yourself
if (DTO.CcnUsername.Equals(SamAccountName))
{
Log.Instance.Debug("A user may not delete themselves");
Response.error = Label.Get("error.delete");
return(false);
}
var adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this delete.");
Response.error = Label.Get("error.delete");
return(false);
}
}
//We also need to delete user membership of any groups
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Read gaDto = new GroupAccount_DTO_Read();
gaDto.CcnUsername = DTO.CcnUsername;
ADO_readerOutput groupAccountList = gaAdo.Read(Ado, gaDto);
if (groupAccountList.hasData)
{
foreach (dynamic res in groupAccountList.data)
{
GroupAccount_DTO_Delete dtoDelete = new GroupAccount_DTO_Delete();
dtoDelete.CcnUsername = DTO.CcnUsername;
dtoDelete.GrpCode = res.GrpCode;
gaAdo.Delete(Ado, dtoDelete, SamAccountName);
}
}
//attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete)
int nDeleted = adoAccount.Delete(Ado, DTO, SamAccountName);
if (nDeleted == 0)
{
Log.Instance.Debug("adoAccount.Delete - can't delete Account");
Response.error = Label.Get("error.delete");
return(false);
}
//If this user is cached then we must remove the cache entry as well
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}
