public List <RBACCustomerInfo> GetCustomers()
{
List <RBACCustomerInfo> result = new List <RBACCustomerInfo>();
Dictionary <string, object> sqlParams = new Dictionary <string, object>();
sqlParams.Add("@ItemType", Convert.ToInt16(/*ItemType.Task*/ 1));
sqlParams.Add("@ApplicationId", this.ApplicationID);
DataSet dsCustomerList = _DAL_RBAC.GetDatasetFromSQL(
"select t1.ItemId, t1.Name, t1.ItemType," +
" convert(int, t2.AttributeValue) as CustomerID," +
" t3.AttributeValue as CustomerName," +
" t4.AttributeValue as SFParkFunctionality" +
" from netsqlazman_ItemsTable as t1" +
" left outer join netsqlazman_ItemAttributesTable as t2 on t1.itemid = t2.itemid and t2.attributekey = 'CustomerID'" +
" left outer join netsqlazman_ItemAttributesTable as t3 on t1.itemid = t3.itemid and t3.attributekey = 'CustomerName'" +
" left join netsqlazman_ItemAttributesTable as t4 on t1.itemid = t4.itemid and t4.attributekey = 'SFParkFunctionality'" +
" where t1.ItemType = @ItemType and t1.Name like 'Customer:%' " +
" and t1.ApplicationId = @ApplicationId " +
" order by t3.AttributeValue", sqlParams, false);
if ((dsCustomerList != null) && (dsCustomerList.Tables.Count > 0) && (dsCustomerList.Tables[0].Rows.Count > 0))
{
DataTable resultTable = dsCustomerList.Tables[0];
foreach (DataRow nextRow in resultTable.Rows)
{
// If the customer id isn't declared, this is a bad entry we need to skip!
if (nextRow["CustomerId"] == DBNull.Value)
{
continue;
}
try
{
RBACCustomerInfo customerObj = new RBACCustomerInfo();
customerObj.RBACItemId = Convert.ToInt32(nextRow["ItemId"]);
customerObj.RBACItemName = nextRow["Name"].ToString();
customerObj.CustomerId = Convert.ToInt32(nextRow["CustomerId"]);
customerObj.CustomerName = Convert.ToString(nextRow["CustomerName"]);
if (nextRow["SFParkFunctionality"] != DBNull.Value)
{
customerObj.SFParkFunctionality = Convert.ToBoolean(nextRow["SFParkFunctionality"].ToString());
}
result.Add(customerObj);
}
catch (Exception ex)
{
// DEBUG: Need to log this?
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
}
}
dsCustomerList.Dispose();
return(result);
}
public ApplicationLogonResponse LogonAsRBACUser(string username, string password)
{
// Create response object
ApplicationLogonResponse responseObj = new ApplicationLogonResponse();
try
{
// Try to get RBAC user
RBACUserInfo rbacUserInfo = GetUser(username);
if (rbacUserInfo == null)
{
responseObj.ErrorMsg = "Username not found in system";
return(responseObj);
}
// Check to make sure passwords match
if (string.Compare(rbacUserInfo.Password_PlainText, password) != 0)
{
responseObj.ErrorMsg = "Incorrect username or password";
return(responseObj);
}
// Create a new RBAC Session ID
string SessionId = System.Guid.NewGuid().ToString();
// Create a new record in SessionDetails table
Dictionary <string, object> sqlParams = new Dictionary <string, object>();
sqlParams.Clear();
sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
sqlParams.Add("@SessionID", SessionId);
int result = _DAL_RBAC.ExecuteNonQuery(
"insert into SessionDetails (UserId, SessionID, SessionExpTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
" values (@UserId, @SessionID, DATEADD(hour,12,getdate()), @UserId, getdate(), @UserId, getdate())", sqlParams, true);
// Create a new record in LoginDetails table
sqlParams.Clear();
sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
sqlParams.Add("@SessionID", SessionId);
result = _DAL_RBAC.ExecuteNonQuery(
"insert into LoginDetails (Userid, SessionID, LoginTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
" values (@UserId, @SessionID, getdate(), @UserId, getdate(), @UserId, getdate())", sqlParams, true);
// Get all granted items of the user
List <RBACItemInfo> grantedItemsForUser = GetGrantedItemsForUser(rbacUserInfo, false);
List <RBACItemInfo> itemsToRemove = new List <RBACItemInfo>();
List <RBACCustomerInfo> allCustomers = GetCustomers();
List <RBACCustomerInfo> grantedCustomers = new List <RBACCustomerInfo>();
// Look through each item. If its actually a customer, we will use a customized object instead
foreach (RBACItemInfo nextItem in grantedItemsForUser)
{
if (nextItem.ItemName.StartsWith("Customer:"))
{
itemsToRemove.Add(nextItem);
RBACCustomerInfoPredicate customerPredicate = new RBACCustomerInfoPredicate(nextItem.ItemID);
RBACCustomerInfo customerObj = allCustomers.Find(customerPredicate.CompareByRbacID);
if (customerObj != null)
{
grantedCustomers.Add(customerObj);
}
}
}
foreach (RBACItemInfo nextItem in itemsToRemove)
{
grantedItemsForUser.Remove(nextItem);
}
// Update the response object
responseObj.SessionId = SessionId;
responseObj.Username = rbacUserInfo.UserName;
responseObj.DomainUsername = rbacUserInfo.DomainUserName;
responseObj.FullName = rbacUserInfo.FullName;
responseObj.RbacUserId = rbacUserInfo.DBUserCustomSID_AsInt;
responseObj.GrantedItems.AddRange(grantedItemsForUser);
responseObj.GrantedCustomers.AddRange(grantedCustomers);
}
catch (Exception ex)
{
responseObj.ErrorMsg = ex.Message;
// Debug: Need to log this?
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
// Return the result object
return(responseObj);
}
