internal void AddToCourse(int courseID, PermissionsID roleID) { DatabaseCall dbc = new DatabaseCall("Users_AddToCourse", DBCallType.Execute); dbc.AddParameter("@UserID", _userID); dbc.AddParameter("@CourseID", courseID); dbc.AddParameter("RoleID", (int)roleID); dbc.Execute(); }
internal static bool SecurityIsAllowed(SecurityAction action, out PermissionsID maxPermID) { int userID = SharedSupport.GetUserIdentity(); System.Data.OleDb.OleDbConnection con = new System.Data.OleDb.OleDbConnection(SharedSupport.ConnectionString); System.Data.OleDb.OleDbDataAdapter cmd = new System.Data.OleDb.OleDbDataAdapter("Security_GlobalIsAllowed", con); System.Data.DataSet ds = new System.Data.DataSet(); System.Data.OleDb.OleDbParameter param; cmd.SelectCommand.CommandType = System.Data.CommandType.StoredProcedure; param = new System.Data.OleDb.OleDbParameter("@UserID", System.Data.OleDb.OleDbType.Integer); param.Value = userID; cmd.SelectCommand.Parameters.Add(param); param = new System.Data.OleDb.OleDbParameter("@ActionID", System.Data.OleDb.OleDbType.Integer); param.Value = (int)action; cmd.SelectCommand.Parameters.Add(param); maxPermID = PermissionsID.Student; try { cmd.Fill(ds); } catch (System.Exception e) { SharedSupport.HandleError(e); } try { if (Convert.ToInt32(ds.Tables[0].Rows[0]["UserID"]) == userID) { maxPermID = (PermissionsID)Convert.ToInt32(ds.Tables[0].Rows[0]["RoleID"]); return(true); } } catch { return(false); } return(false); }
/// <summary> /// /// </summary> /// <param name="sender"> </param> /// <param name="e"> </param> public void btnUpdate_Click(object sender, System.EventArgs e) { try { //reset error handling label Nav1.Feedback.Text = String.Empty; checkErrorCases(); UserM user = null; //Save Updated or New User - check for UserID on query string if (userId != 0) { if (!SharedSupport.SecurityIsAllowed(courseId, SecurityAction.USER_EDIT)) { throw new Exception(SharedSupport.GetLocalizedString("Global_Unauthorized")); } //Update user = UserM.Load(userId); if (user.IsValid) { //Save updated user user.EmailAddress = txtEMailAddress.Text.ToString(); user.FirstName = txtFirstName.Text.ToString(); user.LastName = txtLastName.Text.ToString(); user.LastUpdatedDate = DateTime.Now; user.LastUpdatedUserID = SharedSupport.GetUserIdentity(); user.MiddleName = txtMiddleName.Text.ToString(); user.UniversityID = txtUniversityIdentifier.Text.ToString(); user.UserName = txtUserName.Text.ToString(); user.Update(); if (user.IsInCourse(courseId)) { if (SharedSupport.SecurityIsAllowed(courseId, SecurityAction.SECURITY_EDIT)) { int roleid = Convert.ToInt32(UserRolesList.SelectedItem.Value); RoleM currentUsersRole = RoleM.GetUsersRoleInCourse(SharedSupport.GetUserIdentity(), courseId); // The lower role => greater permissions if ((currentUsersRole.ID == (int)PermissionsID.Admin) || (currentUsersRole.ID < roleid)) { user.SetRoleInCourse(courseId, roleid); } else { throw new Exception(SharedSupport.GetLocalizedString("AddEditUser_ErrorRolePermissionDenied")); } } } else { // Add user to Course PermissionsID permission = PermissionsID.Student; if (SharedSupport.SecurityIsAllowed(courseId, SecurityAction.SECURITY_EDIT)) { int roleid = Convert.ToInt32(UserRolesList.SelectedItem.Value); RoleM currentUsersRole = RoleM.GetUsersRoleInCourse(SharedSupport.GetUserIdentity(), courseId); // The lower role => greater permissions // Note: Cannot change the permission of someone at your level. if ((currentUsersRole.ID == (int)PermissionsID.Admin) || (currentUsersRole.ID < roleid)) { permission = (PermissionsID)roleid; user.AddToCourse(courseId, permission); } else { throw new Exception(SharedSupport.GetLocalizedString("AddEditUser_ErrorRolePermissionDenied")); } } } btnUpdate.Text = SharedSupport.GetLocalizedString("AddEditUser_Update"); Nav1.Feedback.Text = SharedSupport.GetLocalizedString("AddEditUser_UserUpdated"); //"User has been Updated."; } else { throw new Exception(NO_USER_FOR_USERID_ERROR); } } else { if (!SharedSupport.SecurityIsAllowed(courseId, SecurityAction.USER_ADD)) { throw new Exception(SharedSupport.GetLocalizedString("Global_Unauthorized")); } //Insert user = new UserM(); user.EmailAddress = txtEMailAddress.Text.ToString(); user.FirstName = txtFirstName.Text.ToString(); user.LastName = txtLastName.Text.ToString(); user.LastUpdatedDate = DateTime.Now; user.LastUpdatedUserID = SharedSupport.GetUserIdentity(); user.MiddleName = txtMiddleName.Text.ToString(); user.UniversityID = txtUniversityIdentifier.Text.ToString(); user.UserName = txtUserName.Text.ToString(); user.ChangedPassword = false; // Does the user already exist? UserM userByName = UserM.LoadByUserName(user.UserName); if (!userByName.IsValid) { userId = user.Create(); btnUpdate.Text = SharedSupport.GetLocalizedString("AddEditUser_Update"); Nav1.Feedback.Text = SharedSupport.GetLocalizedString("AddEditUser_UserInserted"); //"User has been inserted."; PermissionsID permission = PermissionsID.Student; if (SharedSupport.SecurityIsAllowed(courseId, SecurityAction.SECURITY_EDIT)) { int roleid = Convert.ToInt32(UserRolesList.SelectedItem.Value); RoleM currentUsersRole = RoleM.GetUsersRoleInCourse(SharedSupport.GetUserIdentity(), courseId); // The lower role = greater permissions // Note: Can't change permissions of someone equal in level to you. if ((currentUsersRole.ID == (int)PermissionsID.Admin) || (currentUsersRole.ID < roleid)) { permission = (PermissionsID)roleid; } else { throw new Exception(SharedSupport.GetLocalizedString("AddEditUser_ErrorRolePermissionDenied")); } } user.AddToCourse(courseId, permission); } else { throw new Exception(SharedSupport.GetLocalizedString("User_UserNameMustBeUnique")); } } Response.Redirect("Users.aspx?UserID=" + userId.ToString() + "&" + Request.QueryString.ToString(), false); } catch (Exception ex) { Nav1.Feedback.Text = ex.Message.ToString(); } }