/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //A power user may not update a user to become an Administrator if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not update a user to become an Administrator"); Response.error = Label.Get("error.privilege"); return(false); } //A power user may not downgrade an administrator if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not downgrade an administrator"); Response.error = Label.Get("error.privilege"); return(false); } Account_ADO adoAccount = new Account_ADO(); //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused. if (IsAdministrator(DTO.CcnUsername)) { if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update."); Response.error = Label.Get("error.update"); return(false); } } //Update and retrieve the number of updated rows int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName); if (nUpdated == 0) { Log.Instance.Debug("Failed to update Account"); Response.error = Label.Get("error.update"); return(false); } //An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user // We run the check based on the proposed PrvCode, not on the existing privilege if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER)) { List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername); foreach (GroupAccount_DTO groupAccount in groupAccountList) { GroupAccount_ADO gaAdo = new GroupAccount_ADO(); GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete(); gaDto.CcnUsername = groupAccount.CcnUsername; gaDto.GrpCode = groupAccount.GrpCode; int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName); if (deleted == 0) { Log.Instance.Debug("Failed to delete account group membership"); Response.error = Label.Get("error.update"); return(false); } } } //If this user is cached then we must remove it because the data is now out of date MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername); Response.data = JSONRPC.success; return(true); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //A power user may not delete an Administrator if (IsPowerUser() && IsAdministrator(DTO.CcnUsername)) { Log.Instance.Debug("A power user may not delete an Administrator"); Response.error = Label.Get("error.privilege"); return(false); } //You can't delete yourself if (DTO.CcnUsername.Equals(SamAccountName)) { Log.Instance.Debug("A user may not delete themselves"); Response.error = Label.Get("error.delete"); return(false); } var adoAccount = new Account_ADO(); //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused. if (IsAdministrator(DTO.CcnUsername)) { if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this delete."); Response.error = Label.Get("error.delete"); return(false); } } //We also need to delete user membership of any groups GroupAccount_ADO gaAdo = new GroupAccount_ADO(); GroupAccount_DTO_Read gaDto = new GroupAccount_DTO_Read(); gaDto.CcnUsername = DTO.CcnUsername; ADO_readerOutput groupAccountList = gaAdo.Read(Ado, gaDto); if (groupAccountList.hasData) { foreach (dynamic res in groupAccountList.data) { GroupAccount_DTO_Delete dtoDelete = new GroupAccount_DTO_Delete(); dtoDelete.CcnUsername = DTO.CcnUsername; dtoDelete.GrpCode = res.GrpCode; gaAdo.Delete(Ado, dtoDelete, SamAccountName); } } //attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete) int nDeleted = adoAccount.Delete(Ado, DTO, SamAccountName); if (nDeleted == 0) { Log.Instance.Debug("adoAccount.Delete - can't delete Account"); Response.error = Label.Get("error.delete"); return(false); } //If this user is cached then we must remove the cache entry as well MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername); Response.data = JSONRPC.success; return(true); }