public static void UpdateUser(string env, UserEntity userEntity) { var connectionString = ConfigurationManager.ConnectionStrings[env].ConnectionString; using (var connection = new SqlConnection(connectionString)) { using (var command = new SqlCommand("[UpdateUser]") { CommandType = CommandType.StoredProcedure, Connection = connection }) { // ===================================================================================================== // Add Parameters // ===================================================================================================== //if (userEntity.UserId != null) //{ var param_UserId = new SqlParameter("@UserId", userEntity.UserId) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.Int }; command.Parameters.Add(param_UserId); //} if (userEntity.UserName != String.Empty) { var param_userName = new SqlParameter("@UserName", userEntity.UserName) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.VarChar, Size = 50 }; command.Parameters.Add(param_userName); } if (userEntity.FirstName != String.Empty) { var param_FirstName = new SqlParameter("@FirstName", userEntity.FirstName) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.VarChar, Size = 50 }; command.Parameters.Add(param_FirstName); } if (userEntity.LastName != String.Empty) { var param_LastName = new SqlParameter("@LastName", userEntity.LastName) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.VarChar, Size = 50 }; command.Parameters.Add(param_LastName); } // This bool always evaluates to true or false so no if statement required. var param_ActiveCode = new SqlParameter("@Active", userEntity.ActiveCode) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.Bit }; command.Parameters.Add(param_ActiveCode); if (userEntity.Email != String.Empty) { var param_Email = new SqlParameter("@Email", userEntity.Email) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.VarChar, Size = 250 }; command.Parameters.Add(param_Email); } var param_Action = new SqlParameter("@Action", userEntity.DatabaseAction) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.Int }; command.Parameters.Add(param_Action); // ========================================================================================== // Standard parameters for success fail // ========================================================================================== var param_Return = new SqlParameter("@ReturnValue", System.Data.SqlDbType.Int) { Direction = ParameterDirection.ReturnValue }; command.Parameters.Add(param_Return); // ========================================================================================== connection.Open(); command.ExecuteNonQuery(); // ========================================================================================== // Check for database exception and raise. We won't handle exceptions here but we will log them. // If an error has occurred then the returnValue will be the database error log of the error. // ========================================================================================== int returnValue = (int)command.Parameters["@ReturnValue"].Value; if (returnValue != 0) { HelperClasses.CustomDatabaseException customDatabaseExeption = new CustomDatabaseException(returnValue, "Error occurred while managing a user."); throw customDatabaseExeption; } // ========================================================================================== } } }
public List<UserEntity> GetCurrentUser(string env) { // The purpose of this WebApi is to get the users authenticated credentials // for use by the UI to dynamically configure the user experience. // This simply identifies the Windows Authenticated user and passes back // the users information. // Do not mistake this for a method of securing the Web Api. This must be // done using a different "Token" style approach. // --------------------------------------------------------------------------- // Get users network identity // --------------------------------------------------------------------------- var userIdentity = System.Web.HttpContext.Current.Request.LogonUserIdentity; var user = new UserEntity() { ADName = userIdentity.Name, AuthenticationType = userIdentity.AuthenticationType, IsAnonymous = userIdentity.IsAnonymous, IsAuthenticated = userIdentity.IsAuthenticated, Owner = userIdentity.Owner.ToString(), Token = userIdentity.Token.ToString(), AuthCheckedDateTime = DateTime.Now, Groups = GetCurrentUsersGroups() }; // --------------------------------------------------------------------------- // Get mashup account. The mashup and AD information are combined. // --------------------------------------------------------------------------- user.UserName = GetLogin(user.ADName); user.ADDomain = GetDomain(user.ADName); var mashUser = DataAccess.GetUsers(env, null, null, user.UserName, null); if (mashUser.Count > 0) { CombineMashAndADUserInfo(user, mashUser); } else { // boiler-plate for updating entities user.DatabaseAction = CRUD.Create; user.ActiveCode = true; user.CreatedBy = user.UserId; // Create mashup account for AD user DataAccess.UpdateUser(env, user); // Get mashup account mashUser = DataAccess.GetUsers(env, null, null, user.UserName, null); CombineMashAndADUserInfo(user, mashUser); } // --------------------------------------------------------------------------- // Get users Mashup roles // --------------------------------------------------------------------------- user.Roles = DataAccess.GetRoles(env, null, true, user.UserId); // NOTE: Returning an array because this is how data is stored in the indexedDB. // If I don't return as an array then when the client will receive an entity // from the database and an array from cache and that's a problem. // TODO: Resolve this issue somehow so that the server can return what it should. // possibly check if array on the client and convert it there. var currentUser = new List<UserEntity>(); currentUser.Add(user); return currentUser; }
public static List<UserEntity> GetUsers(string env, int? tzOffsetMinutes, int? userId, string userName, bool? active) { var connectionString = ConfigurationManager.ConnectionStrings[env].ConnectionString; var resultEntity = new List<UserEntity>(); using (var connection = new SqlConnection(connectionString)) { using (var command = new SqlCommand("[GetUsers]") { CommandType = CommandType.StoredProcedure, Connection = connection }) { // ===================================================================================================== // Add Parameters // ===================================================================================================== //SqlParameter[] paramCollection = new SqlParameter[0]; if (userId != null) { var param_UserId = new SqlParameter("@UserId", userId) { Direction = ParameterDirection.Input, }; command.Parameters.Add(param_UserId); } if (userName != String.Empty) { var param_userName = new SqlParameter("@UserName", userName) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.VarChar, Size = 50 }; command.Parameters.Add(param_userName); } if (active != null) { var param_Active = new SqlParameter("@Active", active) { Direction = ParameterDirection.Input, SqlDbType = System.Data.SqlDbType.Bit, }; command.Parameters.Add(param_Active); } connection.Open(); using (SqlDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection)) { if (reader != null) // does this always evaluate to true? Why is this line here? { while (reader.Read()) { var entity = new UserEntity(); entity.UserId = NullHelper.GetInt32FromReader(reader, "UserId"); entity.UserName = NullHelper.GetStringFromReader(reader, "UserName"); entity.FirstName = NullHelper.GetStringFromReader(reader, "FirstName"); entity.LastName = NullHelper.GetStringFromReader(reader, "LastName"); entity.ActiveCode = NullHelper.GetBooleanFromReader(reader, "ActiveCode"); entity.ActiveStatus = NullHelper.GetStringFromReader(reader, "ActiveStatus"); entity.Email = NullHelper.GetStringFromReader(reader, "Email"); entity.CreatedDateTime = NullHelper.GetDateFromReader(reader, "CreatedDateTime", tzOffsetMinutes); entity.CreatedBy = NullHelper.GetInt32FromReader(reader, "CreatedBy"); entity.CreatedByUserName = NullHelper.GetStringFromReader(reader, "CreatedByUserName"); entity.UpdatedDateTime = NullHelper.GetDateFromReader(reader, "UpdatedDateTime", tzOffsetMinutes); entity.UpdatedBy = NullHelper.GetInt32FromReader(reader, "UpdatedBy"); entity.UpdatedByUserName = NullHelper.GetStringFromReader(reader, "UpdatedByUserName"); entity.FullName = NullHelper.GetStringFromReader(reader, "FullName"); resultEntity.Add(entity); } } } } } return resultEntity; }
private static void CombineMashAndADUserInfo(UserEntity user, List<UserEntity> mashUser) { user.UserId = mashUser[0].UserId; user.ActiveCode = mashUser[0].ActiveCode; user.ActiveStatus = mashUser[0].ActiveStatus; user.FirstName = mashUser[0].FirstName; user.LastName = mashUser[0].LastName; user.FullName = mashUser[0].FullName; user.Email = mashUser[0].Email; user.CreatedDateTime = mashUser[0].CreatedDateTime; user.CreatedBy = mashUser[0].CreatedBy; user.CreatedByUserName = mashUser[0].CreatedByUserName; user.UpdatedDateTime = mashUser[0].UpdatedDateTime; user.UpdatedBy = mashUser[0].UpdatedBy; user.UpdatedByUserName = mashUser[0].UpdatedByUserName; }