public static void AddStaff(Staff staff) { SqlConnection con = DBUtils.getDBConnection(); con.Open(); string passwdHash = StringUtils.GetMD5Hash(StringUtils.Reverse(staff.Password)); SqlCommand command = new SqlCommand("insert into Users (username, password, role, account_act_date, name, state) values ('" + staff.StaffUserName + "', '" + passwdHash + "', 'staff','" + DateTime.Today + "', '" + staff.StaffName + "', 'Active');", con); command.ExecuteNonQuery(); int publish = (staff.RightToPublish ? 1 : 0); int post = (staff.RightToPost ? 1 : 0); int schedule = (staff.RightToSchedule ? 1 : 0); command = new SqlCommand("insert into Staff (staff_id, right_to_schedule, right_to_publish, right_to_post)" + " values (" + AccountDAL.getCandidateId(con, staff.StaffUserName) + "," + schedule + "," + publish + "," + post + ")", con); command.ExecuteNonQuery(); con.Close(); }
public static List<Staff> GetStaffDetails() { SqlConnection con = DBUtils.getDBConnection(); con.Open(); SqlCommand command = new SqlCommand("SELECT staff_id, right_to_post, right_to_schedule, right_to_publish, users.name" + " FROM dbo.Staff staff inner join dbo.Users users on users.user_id = staff.staff_id;", con); SqlDataReader reader = command.ExecuteReader(); List<Staff> staffs = new List<Staff>(); while(reader.Read()) { Staff staff = new Staff(); staff.StaffId = reader.GetInt32(0); if (Convert.ToBoolean(reader[1])) staff.RightToPost = true; else staff.RightToPost = false; if (Convert.ToBoolean(reader[2])) staff.RightToSchedule = true; else staff.RightToSchedule = false; if (Convert.ToBoolean(reader[3])) staff.RightToPublish = true; else staff.RightToPublish = false; staff.StaffName = reader.GetString(4); staffs.Add(staff); } reader.Close(); return staffs; }
public static void UpdateStaffResponsibilities(Staff staff) { SqlConnection con = DBUtils.getDBConnection(); con.Open(); int post = (staff.RightToPost ? 1 : 0); int publish = (staff.RightToPublish ? 1 : 0); int schedule = (staff.RightToSchedule ? 1 : 0); SqlCommand command = new SqlCommand("update dbo.Staff set right_to_post = " + post + " , right_to_publish = " + publish + " , right_to_schedule = " + schedule + " where staff_id = " + staff.StaffId, con); command.ExecuteNonQuery(); con.Close(); }
public string UpdateStaffResponsibilities(Staff staff) { AdminDAL.UpdateStaffResponsibilities(staff); return ""; }
public ActionResult AppointStaff(Staff staff) { if (!Navigator.IsUserLoggedIn(Session)) { @ViewBag.Message = "Sorry! You need to login to view this page."; return View("Message"); //return RedirectToAction("Login", "Account"); } else if (!Navigator.UserRoleValidation(Session, "manager")) { @ViewBag.Message = "Access Denied ! You are not allowed to visit this page."; return View("Message"); //return RedirectToAction("Login", "Account"); } AdminDAL.AddStaff(staff); ViewBag.Message = "Staff has been appointed successfully"; return View("Message"); }