/// <summary> /// Returns a basic list of all user accounts for a given dealership id, if the userId passed in has /// the correct access level requirements to see that dealerships users. /// </summary> /// <param name="userId">The userId requesting to access the customer list</param> /// <param name="customerId">The customerId we want to get a list of user accounts for</param> /// <returns>A BasicUserDataSet object which contains basic user account information</returns> public IEnumerable <BasicUserDataSet> getUserAccountsForDealership(long userId, int dealershipId) { // List of user accounts to be returned List <BasicUserDataSet> userAccountReturn = new List <BasicUserDataSet>(); bool hasAccessToDealership = AuthorizeUserAccess.verifyAccessToDealership(userId, dealershipId, true); bool isGlobalAdmin = AuthorizeUserAccess.isUserGlobalAdministrator(userId); if (hasAccessToDealership) { using (var context = new DAL.SharedContext()) { userAccountReturn = context.UserAccessMaps .Where(um => um.DealershipId == dealershipId) .OrderBy(um => um.USER_TABLE.suspended) .ThenBy(um => um.AccessLevelTypeId) .ThenBy(um => um.USER_TABLE.username) .Select(um => new BasicUserDataSet { UserId = um.USER_TABLE.user_auto, Username = um.USER_TABLE.username, Email = um.USER_TABLE.email, AccessLevel = um.AccessLevelTypeId, Disabled = um.USER_TABLE.suspended, Password = isGlobalAdmin ? um.USER_TABLE.passwd : "******" }).ToList(); } } return(userAccountReturn); }
/// <summary> /// Returns a basic list of all user accounts for a given customer, if the userId passed in has /// the correct access level requirements to see that customer. /// </summary> /// <param name="userId">The userId requesting to access the customer list</param> /// <param name="customerId">The customerId we want to get a list of user accounts for</param> /// <returns>A BasicUserDataSet object which contains basic user account information</returns> public IEnumerable <BasicUserDataSet> getUserAccountsForCustomer(long userId, long customerId) { List <BasicUserDataSet> userAccountReturn = new List <BasicUserDataSet>(); bool hasAccessToCustomer = AuthorizeUserAccess.verifyAccessToCustomer(userId, customerId, true); bool isGlobalAdmin = AuthorizeUserAccess.isUserGlobalAdministrator(userId); if (hasAccessToCustomer) { using (var context = new DAL.SharedContext()) { userAccountReturn = context.UserAccessMaps .Where(um => um.customer_auto == customerId) .Where(um => um.AccessLevelTypeId == (int)UserAccessTypes.CustomerAdministrator || um.AccessLevelTypeId == (int)UserAccessTypes.CustomerUser) .OrderBy(um => um.USER_TABLE.suspended) .ThenBy(um => um.AccessLevelTypeId) .ThenBy(um => um.USER_TABLE.username) .Select(um => new BasicUserDataSet { UserId = um.USER_TABLE.user_auto, Username = um.USER_TABLE.username, Email = um.USER_TABLE.email, AccessLevel = um.AccessLevelTypeId, Disabled = um.USER_TABLE.suspended, Password = isGlobalAdmin ? um.USER_TABLE.passwd : "******" }).ToList(); } } return(userAccountReturn); }
public GETResponseMessage updateExistingUserAccount(long userId, string username, string email, int accessLevel) { UserTeam usersTeam = AuthorizeUserAccess.getUserTeam(userId); using (var context = new SharedContext()) { var userAccount = context.USER_TABLE.Find(userId); if (userAccount == null || username == "" || email == "") { return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Invalid user details. ")); } var aspUserAccount = context.AspNetUsers.Find(userAccount.AspNetUserId); if (aspUserAccount == null) { return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Internal error occurred!. AspUser not found!")); } if (email != userAccount.email) { if (!checkEmailIsUnique(email) || !checkAspEmailIsUnique(email)) { return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Email address must be unique. ")); } } if (username != userAccount.username) { if (!checkUsernameIsUnique(username) || !checkAspUsernameIsUnique(username)) { return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Username must be unique. ")); } } // Ensure that user is updating the access level correctly. // (A user who is part of a dealership must have a dealership access level). bool accessLevelAllowed = false; if (usersTeam.teamType == UserAccountType.Dealership && (accessLevel == (int)UserAccessTypes.DealershipAdministrator || accessLevel == (int)UserAccessTypes.DealershipUser)) { accessLevelAllowed = true; } else if (usersTeam.teamType == UserAccountType.Customer && (accessLevel == (int)UserAccessTypes.CustomerAdministrator || accessLevel == (int)UserAccessTypes.CustomerUser)) { accessLevelAllowed = true; } else if (accessLevel == 0) // Level 0 means don't change the access level. { accessLevelAllowed = true; } if (!accessLevelAllowed) { return(new GETResponseMessage(ResponseTypes.InvalidInputs, "You are not allowed to give this user account this access level. ")); } userAccount.username = username; userAccount.userid = username; userAccount.email = email; aspUserAccount.UserName = username; aspUserAccount.Email = email; UserAccessMaps userMap; if (usersTeam.teamType == UserAccountType.Dealership) { userMap = context.UserAccessMaps.FirstOrDefault(m => m.user_auto == userId && m.DealershipId == usersTeam.teamId); } else { userMap = context.UserAccessMaps.FirstOrDefault(m => m.user_auto == userId && m.customer_auto == usersTeam.teamId); } if (userMap == null) { return(new GETResponseMessage(ResponseTypes.Failed, "Failed to update the users access level record. Couldn't find it in the database. ")); } // If access level passed in is 0, we wont change their access. if (accessLevel != 0) { // If the user is getting changed to a dealership user, and wasn't already // we need to remove their access to all customers if (accessLevel == (int)UserAccessTypes.DealershipUser && userMap.AccessLevelTypeId != (int)UserAccessTypes.DealershipUser) { var list = context.USER_CRSF_CUST_EQUIP.Where(u => u.user_auto == userId).ToList(); context.USER_CRSF_CUST_EQUIP.RemoveRange(list); var list2 = context.UserAccessMaps.Where(m => m.user_auto == userId && m.customer_auto != null).ToList(); context.UserAccessMaps.RemoveRange(list2); } else if (accessLevel == (int)UserAccessTypes.DealershipAdministrator && userMap.AccessLevelTypeId != (int)UserAccessTypes.DealershipAdministrator) { long[] customerIds = context.CUSTOMER.Where(c => c.DealershipId == usersTeam.teamId).Select(c => c.customer_auto).ToArray(); foreach (long customerId in customerIds) { USER_CRSF_CUST_EQUIP accessRecord = new USER_CRSF_CUST_EQUIP() { user_auto = userId, customer_auto = customerId, level_type = 1, modified_user = "******" }; context.USER_CRSF_CUST_EQUIP.Add(accessRecord); } } userMap.AccessLevelTypeId = accessLevel; } try { context.SaveChanges(); return(new GETResponseMessage(ResponseTypes.Success, "User account updated successfully. ")); } catch (Exception e) { return(new GETResponseMessage(ResponseTypes.Failed, "Failed to save. " + e.Message)); } } }