Ejemplo n.º 1
0
        public string Delete([FromBody] string value)
        {
            // check if the user is logged in and session is valid
            string returnValue = "fail";

            try
            {
                using (var ctx = new PamProjectEntities2())
                {
                    DepartmentAddOrEdit postUser = JsonConvert.DeserializeObject <DepartmentAddOrEdit>(value);
                    //Is session active?
                    var userSession = ctx.activeSessions.SqlQuery("SELECT * FROM activeSessions WHERE sessionToken LIKE '" + postUser.SessionKey + "';").FirstOrDefault <activeSession>();
                    if (userSession.expireTime >= DateTime.Now)
                    {
                        // check the user has permissions to add a user (Admin only)
                        var accessUser = ctx.users.SqlQuery("SELECT * FROM users WHERE userId LIKE '" + userSession.userId + "';").FirstOrDefault <user>();
                        if (accessUser.permissionLevelId == 1 || accessUser.permissionLevelId == 2)
                        {
                            // if both yes then run sql delete command on the ID passed into the controller.
                            ctx.Database.ExecuteSqlCommand("DELETE FROM serverAccessLevel WHERE departmentId = " + postUser.DepartmentId + ";");
                            ctx.Database.ExecuteSqlCommand("DELETE FROM users WHERE departmentId = " + postUser.DepartmentId + ";");
                            ctx.Database.ExecuteSqlCommand("DELETE FROM department WHERE departmentId = " + postUser.DepartmentId + ";");
                            returnValue = "Pass!";
                        }
                    }
                }
            }
            catch (Exception e)
            {
                returnValue = "Failed! - Exception - " + e;
            }
            return(returnValue);
        }
Ejemplo n.º 2
0
        // POST api/department
        public string Post([FromBody] string value)
        {
            // Check user is logged in and session is vaild
            string returnValue = "fail";

            try
            {
                using (var ctx = new PamProjectEntities2())
                {
                    DepartmentAddOrEdit postUser = JsonConvert.DeserializeObject <DepartmentAddOrEdit>(value);
                    //Is session active?
                    var userSession = ctx.activeSessions.SqlQuery("SELECT * FROM activeSessions WHERE sessionToken LIKE '" + postUser.SessionKey + "';").FirstOrDefault <activeSession>();
                    if (userSession.expireTime >= DateTime.Now)
                    {
                        // check the user has permissions to add a user (Admin only)
                        var accessUser = ctx.users.SqlQuery("SELECT * FROM users WHERE userId LIKE '" + userSession.userId + "';").FirstOrDefault <user>();
                        if (accessUser.permissionLevelId == 1 || accessUser.permissionLevelId == 2)
                        {
                            // check if id is blank, if user is blank then add the user to the table
                            if (postUser.DepartmentId == -1)
                            {
                                //Create new user!
                                string sql = "INSERT INTO department (departmentName) VALUES ('" + postUser.DepartmentName + "');";
                                ctx.Database.ExecuteSqlCommand(sql);
                                returnValue = "Pass!";
                            }
                            else
                            {
                                // ELSE update the user.
                                string sql = "UPDATE users SET departmentName = '" + postUser.DepartmentName + "' WHERE departmentId = " + postUser.DepartmentId + ";";
                                ctx.Database.ExecuteSqlCommand(sql);
                                returnValue = "Pass!";
                            }
                        }
                    }
                }
            }
            catch (Exception e)
            {
                returnValue = "Failed! - Exception - " + e;
            }
            return(returnValue);
        }