/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
DTO.CcnUsername = SamAccountName;
Account_ADO accountAdo = new Account_ADO();
Account_DTO_Read dtoRead = new Account_DTO_Read();
dtoRead.CcnUsername = SamAccountName;
var readUser = accountAdo.Read(Ado, dtoRead);
if (readUser.hasData)
{
DTO.PrvCode = accountAdo.ReadAccounts(readUser)[0].PrvCode;
int nUpdated = accountAdo.Update(Ado, DTO, SamAccountName);
if (nUpdated == 0)
{
Log.Instance.Debug("Failed to update Account");
Response.error = Label.Get("error.update");
return(false);
}
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not update a user to become an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not update a user to become an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//A power user may not downgrade an administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not downgrade an administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
Account_ADO adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update.");
Response.error = Label.Get("error.update");
return(false);
}
}
//Update and retrieve the number of updated rows
int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName);
if (nUpdated == 0)
{
Log.Instance.Debug("Failed to update Account");
Response.error = Label.Get("error.update");
return(false);
}
//An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user
// We run the check based on the proposed PrvCode, not on the existing privilege
if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER))
{
List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername);
foreach (GroupAccount_DTO groupAccount in groupAccountList)
{
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete();
gaDto.CcnUsername = groupAccount.CcnUsername;
gaDto.GrpCode = groupAccount.GrpCode;
int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName);
if (deleted == 0)
{
Log.Instance.Debug("Failed to delete account group membership");
Response.error = Label.Get("error.update");
return(false);
}
}
}
//If this user is cached then we must remove it because the data is now out of date
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}