public static void UpdateUser(string env, UserEntity userEntity)
{
var connectionString = ConfigurationManager.ConnectionStrings[env].ConnectionString;
using (var connection = new SqlConnection(connectionString))
{
using (var command = new SqlCommand("[UpdateUser]") { CommandType = CommandType.StoredProcedure, Connection = connection })
{
// =====================================================================================================
// Add Parameters
// =====================================================================================================
//if (userEntity.UserId != null)
//{
var param_UserId = new SqlParameter("@UserId", userEntity.UserId)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.Int
};
command.Parameters.Add(param_UserId);
//}
if (userEntity.UserName != String.Empty)
{
var param_userName = new SqlParameter("@UserName", userEntity.UserName)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.VarChar,
Size = 50
};
command.Parameters.Add(param_userName);
}
if (userEntity.FirstName != String.Empty)
{
var param_FirstName = new SqlParameter("@FirstName", userEntity.FirstName)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.VarChar,
Size = 50
};
command.Parameters.Add(param_FirstName);
}
if (userEntity.LastName != String.Empty)
{
var param_LastName = new SqlParameter("@LastName", userEntity.LastName)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.VarChar,
Size = 50
};
command.Parameters.Add(param_LastName);
}
// This bool always evaluates to true or false so no if statement required.
var param_ActiveCode = new SqlParameter("@Active", userEntity.ActiveCode)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.Bit
};
command.Parameters.Add(param_ActiveCode);
if (userEntity.Email != String.Empty)
{
var param_Email = new SqlParameter("@Email", userEntity.Email)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.VarChar,
Size = 250
};
command.Parameters.Add(param_Email);
}
var param_Action = new SqlParameter("@Action", userEntity.DatabaseAction)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.Int
};
command.Parameters.Add(param_Action);
// ==========================================================================================
// Standard parameters for success fail
// ==========================================================================================
var param_Return = new SqlParameter("@ReturnValue", System.Data.SqlDbType.Int)
{
Direction = ParameterDirection.ReturnValue
};
command.Parameters.Add(param_Return);
// ==========================================================================================
connection.Open();
command.ExecuteNonQuery();
// ==========================================================================================
// Check for database exception and raise. We won't handle exceptions here but we will log them.
// If an error has occurred then the returnValue will be the database error log of the error.
// ==========================================================================================
int returnValue = (int)command.Parameters["@ReturnValue"].Value;
if (returnValue != 0)
{
HelperClasses.CustomDatabaseException customDatabaseExeption = new CustomDatabaseException(returnValue, "Error occurred while managing a user.");
throw customDatabaseExeption;
}
// ==========================================================================================
}
}
}
public List<UserEntity> GetCurrentUser(string env)
{
// The purpose of this WebApi is to get the users authenticated credentials
// for use by the UI to dynamically configure the user experience.
// This simply identifies the Windows Authenticated user and passes back
// the users information.
// Do not mistake this for a method of securing the Web Api. This must be
// done using a different "Token" style approach.
// ---------------------------------------------------------------------------
// Get users network identity
// ---------------------------------------------------------------------------
var userIdentity = System.Web.HttpContext.Current.Request.LogonUserIdentity;
var user = new UserEntity()
{
ADName = userIdentity.Name,
AuthenticationType = userIdentity.AuthenticationType,
IsAnonymous = userIdentity.IsAnonymous,
IsAuthenticated = userIdentity.IsAuthenticated,
Owner = userIdentity.Owner.ToString(),
Token = userIdentity.Token.ToString(),
AuthCheckedDateTime = DateTime.Now,
Groups = GetCurrentUsersGroups()
};
// ---------------------------------------------------------------------------
// Get mashup account. The mashup and AD information are combined.
// ---------------------------------------------------------------------------
user.UserName = GetLogin(user.ADName);
user.ADDomain = GetDomain(user.ADName);
var mashUser = DataAccess.GetUsers(env, null, null, user.UserName, null);
if (mashUser.Count > 0)
{
CombineMashAndADUserInfo(user, mashUser);
}
else
{
// boiler-plate for updating entities
user.DatabaseAction = CRUD.Create;
user.ActiveCode = true;
user.CreatedBy = user.UserId;
// Create mashup account for AD user
DataAccess.UpdateUser(env, user);
// Get mashup account
mashUser = DataAccess.GetUsers(env, null, null, user.UserName, null);
CombineMashAndADUserInfo(user, mashUser);
}
// ---------------------------------------------------------------------------
// Get users Mashup roles
// ---------------------------------------------------------------------------
user.Roles = DataAccess.GetRoles(env, null, true, user.UserId);
// NOTE: Returning an array because this is how data is stored in the indexedDB.
// If I don't return as an array then when the client will receive an entity
// from the database and an array from cache and that's a problem.
// TODO: Resolve this issue somehow so that the server can return what it should.
// possibly check if array on the client and convert it there.
var currentUser = new List<UserEntity>();
currentUser.Add(user);
return currentUser;
}
public static List<UserEntity> GetUsers(string env, int? tzOffsetMinutes, int? userId, string userName, bool? active)
{
var connectionString = ConfigurationManager.ConnectionStrings[env].ConnectionString;
var resultEntity = new List<UserEntity>();
using (var connection = new SqlConnection(connectionString))
{
using (var command = new SqlCommand("[GetUsers]") { CommandType = CommandType.StoredProcedure, Connection = connection })
{
// =====================================================================================================
// Add Parameters
// =====================================================================================================
//SqlParameter[] paramCollection = new SqlParameter[0];
if (userId != null)
{
var param_UserId = new SqlParameter("@UserId", userId)
{
Direction = ParameterDirection.Input,
};
command.Parameters.Add(param_UserId);
}
if (userName != String.Empty)
{
var param_userName = new SqlParameter("@UserName", userName)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.VarChar,
Size = 50
};
command.Parameters.Add(param_userName);
}
if (active != null)
{
var param_Active = new SqlParameter("@Active", active)
{
Direction = ParameterDirection.Input,
SqlDbType = System.Data.SqlDbType.Bit,
};
command.Parameters.Add(param_Active);
}
connection.Open();
using (SqlDataReader reader = command.ExecuteReader(CommandBehavior.CloseConnection))
{
if (reader != null) // does this always evaluate to true? Why is this line here?
{
while (reader.Read())
{
var entity = new UserEntity();
entity.UserId = NullHelper.GetInt32FromReader(reader, "UserId");
entity.UserName = NullHelper.GetStringFromReader(reader, "UserName");
entity.FirstName = NullHelper.GetStringFromReader(reader, "FirstName");
entity.LastName = NullHelper.GetStringFromReader(reader, "LastName");
entity.ActiveCode = NullHelper.GetBooleanFromReader(reader, "ActiveCode");
entity.ActiveStatus = NullHelper.GetStringFromReader(reader, "ActiveStatus");
entity.Email = NullHelper.GetStringFromReader(reader, "Email");
entity.CreatedDateTime = NullHelper.GetDateFromReader(reader, "CreatedDateTime", tzOffsetMinutes);
entity.CreatedBy = NullHelper.GetInt32FromReader(reader, "CreatedBy");
entity.CreatedByUserName = NullHelper.GetStringFromReader(reader, "CreatedByUserName");
entity.UpdatedDateTime = NullHelper.GetDateFromReader(reader, "UpdatedDateTime", tzOffsetMinutes);
entity.UpdatedBy = NullHelper.GetInt32FromReader(reader, "UpdatedBy");
entity.UpdatedByUserName = NullHelper.GetStringFromReader(reader, "UpdatedByUserName");
entity.FullName = NullHelper.GetStringFromReader(reader, "FullName");
resultEntity.Add(entity);
}
}
}
}
}
return resultEntity;
}
private static void CombineMashAndADUserInfo(UserEntity user, List<UserEntity> mashUser)
{
user.UserId = mashUser[0].UserId;
user.ActiveCode = mashUser[0].ActiveCode;
user.ActiveStatus = mashUser[0].ActiveStatus;
user.FirstName = mashUser[0].FirstName;
user.LastName = mashUser[0].LastName;
user.FullName = mashUser[0].FullName;
user.Email = mashUser[0].Email;
user.CreatedDateTime = mashUser[0].CreatedDateTime;
user.CreatedBy = mashUser[0].CreatedBy;
user.CreatedByUserName = mashUser[0].CreatedByUserName;
user.UpdatedDateTime = mashUser[0].UpdatedDateTime;
user.UpdatedBy = mashUser[0].UpdatedBy;
user.UpdatedByUserName = mashUser[0].UpdatedByUserName;
}
