// POST api/users public string Post([FromBody] string value) { // Check user is logged in and session is vaild string returnValue = "fail"; try { using (var ctx = new PamProjectEntities2()) { UserEditOrAdd postUser = JsonConvert.DeserializeObject <UserEditOrAdd>(value); //Is session active? var userSession = ctx.activeSessions.SqlQuery("SELECT * FROM activeSessions WHERE sessionToken LIKE '" + postUser.SessionKey + "';").FirstOrDefault <activeSession>(); if (userSession.expireTime >= DateTime.Now) { // check the user has permissions to add a user (Admin only) var accessUser = ctx.users.SqlQuery("SELECT * FROM users WHERE userId LIKE '" + userSession.userId + "';").FirstOrDefault <user>(); if (accessUser.permissionLevelId == 1 || accessUser.permissionLevelId == 2) { // check if id is blank, if user is blank then add the user to the table if (postUser.UserId == -1) { //CHECK FOR USERNAME CLASHES!!!! var usernameCheck = ctx.users.SqlQuery("SELECT * FROM users WHERE username LIKE '" + postUser.Username + "';").FirstOrDefault <user>(); if (usernameCheck == null) { //Create new user! string sql = "INSERT INTO users (permissionLevelId, firstName, surname, jobTitle, departmentId, username, password, lastLoginDate, note) VALUES (" + postUser.PermissionLevelId + ",'" + postUser.FirstName + "','" + postUser.Surname + "','" + postUser.JobTitle + "'," + postUser.DepartmentId + ",'" + postUser.Username + "','" + postUser.Password + "','" + DateTime.Now.ToString("yyy-MM-dd HH:mm:ss.fff") + "','" + postUser.Note + "');"; ctx.Database.ExecuteSqlCommand(sql); user resp = ctx.users.SqlQuery("SELECT * FROM users WHERE username LIKE '" + postUser.Username + "';").FirstOrDefault <user>(); returnValue = resp.userId.ToString() + " Passed!"; } else { returnValue = "Username Clash!"; } } else { // ELSE update the user. string sql = "UPDATE users SET permissionLevelId =" + postUser.PermissionLevelId + ", firstName = '" + postUser.FirstName + "', surname = '" + postUser.Surname + "', jobtitle = '" + postUser.JobTitle + "', departmentId = " + postUser.DepartmentId + ", username = '******', password = '******', lastLoginDate = '" + DateTime.Now.ToString("yyy-MM-dd HH:mm:ss.fff") + "', note = '" + postUser.Note + "' WHERE userId = " + postUser.UserId + ";"; ctx.Database.ExecuteSqlCommand(sql); returnValue = "Passed!"; } } } } } catch (Exception e) { returnValue = "Failed! - Exception - " + e; } return(returnValue); }
public string Delete([FromBody] string value) { // check if the user is logged in and session is valid string returnValue = "fail"; try { using (var ctx = new PamProjectEntities2()) { UserEditOrAdd postUser = JsonConvert.DeserializeObject <UserEditOrAdd>(value); //Is session active? var userSession = ctx.activeSessions.SqlQuery("SELECT * FROM activeSessions WHERE sessionToken LIKE '" + postUser.SessionKey + "';").FirstOrDefault <activeSession>(); if (userSession.expireTime >= DateTime.Now) { // check the user has permissions to add a user (Admin only) var accessUser = ctx.users.SqlQuery("SELECT * FROM users WHERE userId LIKE '" + userSession.userId + "';").FirstOrDefault <user>(); if (accessUser.permissionLevelId == 1 || accessUser.permissionLevelId == 2) { // if both yes then run sql delete command on the ID passed into the controller. ctx.Database.ExecuteSqlCommand("DELETE FROM sshLog WHERE userId = " + postUser.UserId + ";"); ctx.Database.ExecuteSqlCommand("DELETE FROM desktopLog WHERE userId = " + postUser.UserId + ";"); ctx.Database.ExecuteSqlCommand("DELETE FROM accessLog WHERE userId = " + postUser.UserId + ";"); ctx.Database.ExecuteSqlCommand("DELETE FROM serverAccessLevel WHERE userId = " + postUser.UserId + ";"); ctx.Database.ExecuteSqlCommand("DELETE FROM activeSessions WHERE userId = " + postUser.UserId + ";"); ctx.Database.ExecuteSqlCommand("DELETE FROM users WHERE userId = " + postUser.UserId + ";"); returnValue = "Pass!"; } } } } catch (Exception e) { returnValue = "Failed! - Exception - " + e; } return(returnValue); }