public List <RBACCustomerInfo> GetCustomers() { List <RBACCustomerInfo> result = new List <RBACCustomerInfo>(); Dictionary <string, object> sqlParams = new Dictionary <string, object>(); sqlParams.Add("@ItemType", Convert.ToInt16(/*ItemType.Task*/ 1)); sqlParams.Add("@ApplicationId", this.ApplicationID); DataSet dsCustomerList = _DAL_RBAC.GetDatasetFromSQL( "select t1.ItemId, t1.Name, t1.ItemType," + " convert(int, t2.AttributeValue) as CustomerID," + " t3.AttributeValue as CustomerName," + " t4.AttributeValue as SFParkFunctionality" + " from netsqlazman_ItemsTable as t1" + " left outer join netsqlazman_ItemAttributesTable as t2 on t1.itemid = t2.itemid and t2.attributekey = 'CustomerID'" + " left outer join netsqlazman_ItemAttributesTable as t3 on t1.itemid = t3.itemid and t3.attributekey = 'CustomerName'" + " left join netsqlazman_ItemAttributesTable as t4 on t1.itemid = t4.itemid and t4.attributekey = 'SFParkFunctionality'" + " where t1.ItemType = @ItemType and t1.Name like 'Customer:%' " + " and t1.ApplicationId = @ApplicationId " + " order by t3.AttributeValue", sqlParams, false); if ((dsCustomerList != null) && (dsCustomerList.Tables.Count > 0) && (dsCustomerList.Tables[0].Rows.Count > 0)) { DataTable resultTable = dsCustomerList.Tables[0]; foreach (DataRow nextRow in resultTable.Rows) { // If the customer id isn't declared, this is a bad entry we need to skip! if (nextRow["CustomerId"] == DBNull.Value) { continue; } try { RBACCustomerInfo customerObj = new RBACCustomerInfo(); customerObj.RBACItemId = Convert.ToInt32(nextRow["ItemId"]); customerObj.RBACItemName = nextRow["Name"].ToString(); customerObj.CustomerId = Convert.ToInt32(nextRow["CustomerId"]); customerObj.CustomerName = Convert.ToString(nextRow["CustomerName"]); if (nextRow["SFParkFunctionality"] != DBNull.Value) { customerObj.SFParkFunctionality = Convert.ToBoolean(nextRow["SFParkFunctionality"].ToString()); } result.Add(customerObj); } catch (Exception ex) { // DEBUG: Need to log this? System.Diagnostics.Debug.WriteLine(ex.ToString()); } } } dsCustomerList.Dispose(); return(result); }
public ApplicationLogonResponse LogonAsRBACUser(string username, string password) { // Create response object ApplicationLogonResponse responseObj = new ApplicationLogonResponse(); try { // Try to get RBAC user RBACUserInfo rbacUserInfo = GetUser(username); if (rbacUserInfo == null) { responseObj.ErrorMsg = "Username not found in system"; return(responseObj); } // Check to make sure passwords match if (string.Compare(rbacUserInfo.Password_PlainText, password) != 0) { responseObj.ErrorMsg = "Incorrect username or password"; return(responseObj); } // Create a new RBAC Session ID string SessionId = System.Guid.NewGuid().ToString(); // Create a new record in SessionDetails table Dictionary <string, object> sqlParams = new Dictionary <string, object>(); sqlParams.Clear(); sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt); sqlParams.Add("@SessionID", SessionId); int result = _DAL_RBAC.ExecuteNonQuery( "insert into SessionDetails (UserId, SessionID, SessionExpTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" + " values (@UserId, @SessionID, DATEADD(hour,12,getdate()), @UserId, getdate(), @UserId, getdate())", sqlParams, true); // Create a new record in LoginDetails table sqlParams.Clear(); sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt); sqlParams.Add("@SessionID", SessionId); result = _DAL_RBAC.ExecuteNonQuery( "insert into LoginDetails (Userid, SessionID, LoginTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" + " values (@UserId, @SessionID, getdate(), @UserId, getdate(), @UserId, getdate())", sqlParams, true); // Get all granted items of the user List <RBACItemInfo> grantedItemsForUser = GetGrantedItemsForUser(rbacUserInfo, false); List <RBACItemInfo> itemsToRemove = new List <RBACItemInfo>(); List <RBACCustomerInfo> allCustomers = GetCustomers(); List <RBACCustomerInfo> grantedCustomers = new List <RBACCustomerInfo>(); // Look through each item. If its actually a customer, we will use a customized object instead foreach (RBACItemInfo nextItem in grantedItemsForUser) { if (nextItem.ItemName.StartsWith("Customer:")) { itemsToRemove.Add(nextItem); RBACCustomerInfoPredicate customerPredicate = new RBACCustomerInfoPredicate(nextItem.ItemID); RBACCustomerInfo customerObj = allCustomers.Find(customerPredicate.CompareByRbacID); if (customerObj != null) { grantedCustomers.Add(customerObj); } } } foreach (RBACItemInfo nextItem in itemsToRemove) { grantedItemsForUser.Remove(nextItem); } // Update the response object responseObj.SessionId = SessionId; responseObj.Username = rbacUserInfo.UserName; responseObj.DomainUsername = rbacUserInfo.DomainUserName; responseObj.FullName = rbacUserInfo.FullName; responseObj.RbacUserId = rbacUserInfo.DBUserCustomSID_AsInt; responseObj.GrantedItems.AddRange(grantedItemsForUser); responseObj.GrantedCustomers.AddRange(grantedCustomers); } catch (Exception ex) { responseObj.ErrorMsg = ex.Message; // Debug: Need to log this? System.Diagnostics.Debug.WriteLine(ex.ToString()); } // Return the result object return(responseObj); }