public bool deleteInfo(string infoid)
{
string sqlStr = string.Format(@"DELETE FROM WEB_FEEDBACK WHERE ASKEY=N'{0}' ", infoid);
DatabaseAccess DA = new DatabaseAccess();
int vat = DA.ExcuteSql(sqlStr);
if (vat >= 0)
{
sqlStr = string.Format(@"DELETE FROM WEB_INFO WHERE SYSID = N'{0}'", infoid);
vat = DA.ExcuteSql(sqlStr);
if (vat == 1)
return true;
}
return false;
}
/// <summary>
/// 添加通知信息
/// </summary>
/// <param name="infoTitle">通知文头</param>
/// <param name="context">通知内容</param>
/// <param name="teamID">关联的teamID</param>
/// <returns>添加成功与否,成功返回true,否则返回false</returns>
public bool addInfo(string infoTitle , string context , string[] teamID ,string adduser , string type , string endtime)
{
infoTitle = infoTitle.Replace(@"'", "''");
context = context.Replace(@"'", "''");
bool isFinished = true;
DatabaseAccess da = new DatabaseAccess();
foreach(string teamid in teamID)
{
string sqlStr = string.Empty;
if (teamid == @"0")
{
sqlStr = string.Format(@"INSERT WEB_INFO(INFOTITLE , INFODETAIL , TEAMID , ADDUSER , TYPE , ENDTIME)
VALUES (N'{0}',N'{1}',NULL,N'{3}' , N'{4}' , N'{5}')", infoTitle, context, teamid, adduser,type ,endtime);
}
else
{
sqlStr = string.Format(@"INSERT WEB_INFO(INFOTITLE , INFODETAIL , TEAMID , ADDUSER , TYPE, ENDTIME)
VALUES (N'{0}',N'{1}',N'{2}',N'{3}', N'{4}', N'{5}')", infoTitle, context, teamid, adduser, type , endtime);
}
int vat = da.ExcuteSql(sqlStr);
if(vat != 1)
{
isFinished = false;
break;
}
}
return isFinished;
}
/// <summary>
/// 根据团队创建人删除团队信息
/// 该函数存在安全隐患(数据库关联隐患,请谨慎使用)
/// </summary>
/// <param name="usercode">创建人ID</param>
/// <returns></returns>
public bool deleteTeamByTeamLeaderUsercode(string usercode)
{
string sqlStr = string.Format(@"DELETE FROM WEB_TEAM_PROFILE WHERE LEADER = N'{0}'",usercode);
DatabaseAccess da = new DatabaseAccess();
int vat = da.ExcuteSql(sqlStr);
if (vat >= 0)
{
return true;
}
return false;
}
/// <summary>
/// 根据用户id删除团队加入信息
/// </summary>
/// <param name="userid"></param>
/// <returns></returns>
public bool deleteTeamMemberByUserid(string userid)
{
string sqlStr = string.Format(@"DELETE FROM WEB_TEAM_MEMBER WHERE USERCODE = N'{0}'", userid);
DatabaseAccess da = new DatabaseAccess();
int vat = da.ExcuteSql(sqlStr);
if(vat >= 0)
{
return true;
}
return false;
}
public int saveFeedback(string userName, string type, string url, string teamID, string askey)
{
string strSql = string.Empty;
if (string.IsNullOrEmpty(teamID))
strSql = string.Format(@"INSERT INTO WEB_FEEDBACK (userName, feedbackType, url,ASKEY) VALUES(N'{0}', N'{1}', N'{2}',{3})",
userName, type, url, string.IsNullOrEmpty(askey)?@"NULL" : "N'"+askey+"'");
else
strSql = string.Format(@"INSERT INTO WEB_FEEDBACK (userName, feedbackType, url, teamID,ASKEY) VALUES(N'{0}', N'{1}', N'{2}', N'{3}',{4})",
userName, type, url, teamID, string.IsNullOrEmpty(askey) ? @"NULL" : "N'" + askey + "'");
DatabaseAccess da = new DatabaseAccess();
return (da.ExcuteSql(strSql));
}
/// <summary>
/// 根据用户ID去修改其角色
/// 根据需求可改数据库以及参数介绍
/// </summary>
/// <param name="userid">用户的网站id</param>
/// <param name="roleid">
///0 admin 管理员
///1 staff 项目成员
///2 coordinator 协调员
///3 RA 协调助理
///4 partner 参赛者
///5 webGuest 网页用户
/// </param>
/// <returns>修改成功返回true</returns>
public static bool ChangeUserRoleByUserIDWithRoleID(string userid, string roleid)
{
string sqlStr = string.Format(@"UPDATE WEB_USERPROFILE SET ROLEID = N'{0}' WHERE USERID = N'{1}'",roleid,userid);
DatabaseAccess DA = new DatabaseAccess();
int vat = DA.ExcuteSql(sqlStr);
if(vat == 1)
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// 根据userid删除该用户的所有申请
/// </summary>
/// <param name="userid">用户ID</param>
/// <returns>如果删除成功返回true;否则返回false</returns>
public bool DeleteApplyByUserID(string userid)
{
string sqlStr = string.Format(@"DELETE FROM WEB_APPLY WHERE USERID = N'{0}'", userid);
DatabaseAccess da = new DatabaseAccess();
int vat = da.ExcuteSql(sqlStr);
if(vat >= 0)
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// 添加一个申请记录
/// </summary>
/// <param name="applyID">申请项目的ID</param>
/// <param name="userID">申请人用户ID</param>
/// <param name="message">留言内容</param>
/// <returns>生成成功返回true,否则false</returns>
public bool AddApplication(string applyID , string userID,string message , string detail)
{
message = Util.commonTool.checkStrForSql(message);
if(!String.IsNullOrEmpty(detail))
{
detail = Util.commonTool.checkStrForSql(detail);
}
string sqlStr = string.Format(@"INSERT INTO WEB_APPLY(USERID , WEB_APPLICATION_ID,MESSAGE , DETAILPOSITION)
VALUES(N'{0}',N'{1}',N'{2}',{3})", userID, applyID, message, detail == null ? "NULL" : "N'" + detail + "'");
DatabaseAccess da = new DatabaseAccess();
int row = da.ExcuteSql(sqlStr);
if (row == 1)
return true;
else
return false;
}
/// <summary>
/// 对用户申请进行审批
/// </summary>
/// <param name="ID"></param>
/// <param name="action"></param>
/// <param name="feedback"></param>
/// <returns></returns>
public string approvalApplication(string ID , string action , string feedback)
{
DatabaseAccess da = new DatabaseAccess();
string sqlStr = string.Format(@"UPDATE WEB_APPLY SET
PASS = N'{0}',
FEEDBACK = N'{1}'
WHERE ID = N'{2}'", action, feedback, ID);
int vat = da.ExcuteSql(sqlStr);
if(vat == 1)
{
return @"审批成功";
}
else
{
return @"后台出现逻辑错误,请联系管理员";
}
}
public bool updateTeamMember(string sysid, string teamID)
{
string queryStr = string.Format("UPDATE WEB_TEAM_MEMBER SET TEAMID=N'{0}' WHERE SYSID=N'{1}'", teamID, sysid);
DatabaseAccess da = new DatabaseAccess();
return (da.ExcuteSql(queryStr) == 1);
}
/// <summary>
/// 插入一条团队信息
/// </summary>
/// <param name="teamProfile">团队信息的内容</param>
/// <param name="userID">插入人的ID</param>
/// <returns>返回插入的ID号</returns>
public string SavaTeamInfo(Dictionary<string, string> teamProfile, string userID)
{
string sqlStr = string.Format(@"INSERT WEB_TEAM_PROFILE(PROVINCEID,TEAMNAME,LEADER)
VALUES(N'{0}' , N'{1}',N'{2}')", teamProfile["Province"], teamProfile["teamName"], userID);
DatabaseAccess da = new DatabaseAccess();
int vat = da.ExcuteSql(sqlStr);
if (vat == 1)
{
string queryStr = string.Format(@"SELECT TEAMID FROM WEB_TEAM_PROFILE WHERE TEAMNAME = N'{0}'", teamProfile["teamName"]);
DataTable dt = da.queryDatatable(queryStr);
string teamID = dt.Rows[0][0].ToString();
sqlStr = string.Format(@"INSERT WEB_TEAM_MEMBER(USERCODE,TEAMID,ROLENAME)
VALUES(N'{0}',N'{1}',N'队长')", userID, teamID);
vat = da.ExcuteSql(sqlStr);
RoleManage.ChangeUserRoleByUserIDWithRoleID(userID, "4");
if (vat == 1)
{
return teamID;
}
}
return @"数据库操作失败";
}
public bool joinTeam(string teamID, string userID,string teamRole)
{
string queryStr = string.Empty;
if (!string.IsNullOrEmpty(teamID))
queryStr = string.Format("INSERT WEB_TEAM_MEMBER(usercode, teamID, roleName) VALUES(N'{0}', N'{1}', N'{2}')",
userID, teamID, teamRole);
else
queryStr = string.Format("INSERT WEB_TEAM_MEMBER(usercode, roleName) VALUES(N'{0}', N'{1}')",
userID, teamRole);
DatabaseAccess da = new DatabaseAccess();
return (da.ExcuteSql(queryStr) == 1);
}