public async Task <BaseSearchResults <UserDto> > Search(BaseSearchOptionsDto searchOptions, string userId)
{
var userResults = await _userManager.Search(searchOptions.SearchTerm, userId);
var searchResult = new BaseSearchResults <UserDto>
{
Results = Mapper.Map <List <UserDto> >(userResults)
};
return(searchResult);
}
/// <summary>
/// Searches the system for users
/// </summary>
/// <param name="searchName"></param>
/// <returns></returns>
public static List<BaseSearchResults> SearchUsers(string searchName, string isResellerAdmin)
{
SqlConnection sql = new SqlConnection(ConfigurationManager.ConnectionStrings["DB"].ConnectionString);
SqlCommand cmd = new SqlCommand(@"SELECT
(SELECT CompanyName FROM Companies WHERE CompanyCode=u.CompanyCode) AS CompanyName,
(SELECT ResellerCode FROM Companies WHERE CompanyCode=u.CompanyCode) AS ResellerCode,
(SELECT CompanyName FROM Companies WHERE IsReseller=1 AND CompanyCode=(SELECT ResellerCode FROM Companies WHERE CompanyCode=u.CompanyCode)) AS ResellerName,
UserPrincipalName,
DisplayName,
CompanyCode
FROM
Users u
WHERE
(DisplayName LIKE @Search OR
FirstName LIKE @Search OR
LastName LIKE @Search OR
UserPrincipalName LIKE @Search)", sql);
try
{
// Check if this is a reseller searching then limit their search to only their users
if (!string.IsNullOrEmpty(isResellerAdmin))
{
cmd.CommandText += " AND CompanyCode IN (SELECT CompanyCode FROM Companies WHERE ResellerCode=@ResellerCode)";
cmd.Parameters.AddWithValue("ResellerCode", isResellerAdmin);
}
// Create our object to return
List<BaseSearchResults> returnedData = new List<BaseSearchResults>();
// Add our parameters
cmd.Parameters.AddWithValue("@Search", "%" + searchName + "%");
// Open connection
sql.Open();
// Start reading data
SqlDataReader r = cmd.ExecuteReader();
if (r.HasRows)
{
while (r.Read())
{
BaseSearchResults tmp = new BaseSearchResults();
tmp.UserPrincipalName = r["UserPrincipalName"].ToString();
tmp.DisplayName = r["DisplayName"].ToString();
if (r["ResellerName"] != DBNull.Value)
tmp.ResellerName = r["ResellerName"].ToString();
else
tmp.ResellerName = "Unknown";
if (r["CompanyName"] != DBNull.Value)
tmp.CompanyName = r["CompanyName"].ToString();
else
tmp.CompanyName = "Unknown";
returnedData.Add(tmp);
}
}
// Close
sql.Close();
// Return data
return returnedData;
}
catch (Exception)
{
throw;
}
finally
{
cmd.Dispose();
sql.Dispose();
}
}