//Adds the given UserID to the User Access Group with the given ID
public void AddUserToGroup(int UserID, int UserAccessGroupID)
{
//Find the access group with the given ID
UserAccessGroup group = CRUD.GetAllAccessGroups().Where(x
=> x.UserAccessGroupID == UserAccessGroupID).FirstOrDefault();
foreach (User user in group.Users)
{
//Check if the user with the given ID is already in the group
if (user.UserID == UserID)
{
//Log that no action was taken as the user is already in the group
logger.Info("Add user to group operation cancelled as user "
+ user.FirstName + " " + user.LastName + " is already a member of group "
+ group.GroupName);
//If the user is already in the access group, do nothing
return;
}
else
{
//Otherwise, add the user to the access group
//Add the user to the group in the database
CRUD.AddUserToGroup(UserID, UserAccessGroupID);
//Log the addition of the user to the access group
logger.Info("User with ID " + UserID + " has been added to the " +
"user access group with ID " + UserAccessGroupID);
return;
}
}
}
//Returns true if the user has entered a valid email and password,
//and has permission to access the system. Otherwise, returns false
public bool AttemptLogon(String Email, String Password)
{
//Return false if there are no users on the system
if (CRUD.GetAllUsers().Count == 0)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. There are no users on the system.");
return(false);
}
string Username = "";
int countEmailMatches = 0;
String checkPassword = "";
int checkPermissionUserID = 0;
bool checkPermissionUserIDFound = false;
bool checkIfBanned = false;
//Find the user in the system whose email matches the one provided
foreach (User user in CRUD.GetAllUsers())
{
if (user.Email == Email)
{
Username = user.FirstName + " " + user.LastName;
countEmailMatches++;
checkPassword = user.Password;
checkPermissionUserID = user.UserID;
checkIfBanned = user.IsBanned;
}
}
//Return false if the email provided does not belong to a user on the system
if (countEmailMatches < 1)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. The email provided" +
" does not belong to a user in the system.");
return(false);
}
//Return false if the user has entered an incorrect password
if (checkPassword != Password)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. User " + Username
+ " entered password incorrectly.");
return(false);
}
//Return false if the user is temporarily banned
if (checkIfBanned == true)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. User " + Username +
" has been temporarily banned from the system.");
return(false);
}
//Return false if the user does not have permission to access the system
foreach (UserAccessGroup Group in CRUD.GetAllAccessGroups())
{
//Find the admins access group
if (Group.GroupName == "Admins")
{
foreach (User user in Group.Users)
{
//Search the access group for a user with the ID of the
//user who is attempting to logon
if (user.UserID == checkPermissionUserID)
{
checkPermissionUserIDFound = true;
}
}
}
}
//If the user is not in the admins access group, return false
if (checkPermissionUserIDFound == false)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. " + Username
+ " does not have permission to access the system.");
return(false);
}
//Record the successful logon attempt in the database
CRUD.RecordSuccessfulLogon();
//Log the successful logon attempt
logger.Info(Username + " successfully logged on to the system.");
return(true);
}