/// <summary>
        /// Deletes a username/group combination, i.e. removes an entity from the TM_GROUP_ACCOUNT table
        /// </summary>
        /// <param name="ado"></param>
        /// <param name="groupAccount"></param>
        /// <param name="ccnUsername"></param>
        /// <returns></returns>
        internal int Delete(ADO ado, GroupAccount_DTO_Delete groupAccount, string ccnUsername)
        {
            List <ADO_inputParams> inputParamList = new List <ADO_inputParams>()
            {
                new ADO_inputParams()
                {
                    name = "@CcnUsernameDeleter", value = ccnUsername
                },
                new ADO_inputParams()
                {
                    name = "@CcnUsernameDeletedUser", value = groupAccount.CcnUsername
                },
                new ADO_inputParams()
                {
                    name = "@GrpCode", value = groupAccount.GrpCode
                }
            };

            //Create a return parameter
            ADO_returnParam retParam = new ADO_returnParam();

            retParam.name  = "@return";
            retParam.value = 0;

            //Executing the stored procedure
            ado.ExecuteNonQueryProcedure("Security_GroupAccount_Delete", inputParamList, ref retParam);


            Log.Instance.Debug("Number of records affected: " + retParam.value);
            return(retParam.value);
        }
Beispiel #2
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not update a user to become an Administrator
            if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not update a user to become an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //A power user may not downgrade an administrator
            if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not downgrade an administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            Account_ADO adoAccount = new Account_ADO();

            //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
            if (IsAdministrator(DTO.CcnUsername))
            {
                if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
                {
                    Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update.");
                    Response.error = Label.Get("error.update");
                    return(false);
                }
            }

            //Update and retrieve the number of updated rows
            int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName);

            if (nUpdated == 0)
            {
                Log.Instance.Debug("Failed to update Account");
                Response.error = Label.Get("error.update");
                return(false);
            }

            //An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user
            // We run the check based on the proposed PrvCode, not on the existing privilege
            if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER))
            {
                List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername);

                foreach (GroupAccount_DTO groupAccount in groupAccountList)
                {
                    GroupAccount_ADO        gaAdo = new GroupAccount_ADO();
                    GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete();
                    gaDto.CcnUsername = groupAccount.CcnUsername;
                    gaDto.GrpCode     = groupAccount.GrpCode;
                    int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName);
                    if (deleted == 0)
                    {
                        Log.Instance.Debug("Failed to delete account group membership");
                        Response.error = Label.Get("error.update");
                        return(false);
                    }
                }
            }
            //If this user is cached then we must remove it because the data is now out of date
            MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
            Response.data = JSONRPC.success;
            return(true);
        }
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not delete an Administrator
            if (IsPowerUser() && IsAdministrator(DTO.CcnUsername))
            {
                Log.Instance.Debug("A power user may not delete an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //You can't delete yourself
            if (DTO.CcnUsername.Equals(SamAccountName))
            {
                Log.Instance.Debug("A user may not delete themselves");
                Response.error = Label.Get("error.delete");
                return(false);
            }

            var adoAccount = new Account_ADO();

            //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
            if (IsAdministrator(DTO.CcnUsername))
            {
                if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
                {
                    Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this delete.");
                    Response.error = Label.Get("error.delete");
                    return(false);
                }
            }

            //We also need to delete user membership of any groups
            GroupAccount_ADO      gaAdo = new GroupAccount_ADO();
            GroupAccount_DTO_Read gaDto = new GroupAccount_DTO_Read();

            gaDto.CcnUsername = DTO.CcnUsername;
            ADO_readerOutput groupAccountList = gaAdo.Read(Ado, gaDto);

            if (groupAccountList.hasData)
            {
                foreach (dynamic res in groupAccountList.data)
                {
                    GroupAccount_DTO_Delete dtoDelete = new GroupAccount_DTO_Delete();
                    dtoDelete.CcnUsername = DTO.CcnUsername;
                    dtoDelete.GrpCode     = res.GrpCode;
                    gaAdo.Delete(Ado, dtoDelete, SamAccountName);
                }
            }

            //attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete)
            int nDeleted = adoAccount.Delete(Ado, DTO, SamAccountName);

            if (nDeleted == 0)
            {
                Log.Instance.Debug("adoAccount.Delete - can't delete Account");
                Response.error = Label.Get("error.delete");
                return(false);
            }

            //If this user is cached then we must remove the cache entry as well
            MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);

            Response.data = JSONRPC.success;
            return(true);
        }