/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { DTO.CcnUsername = SamAccountName; Account_ADO accountAdo = new Account_ADO(); Account_DTO_Read dtoRead = new Account_DTO_Read(); dtoRead.CcnUsername = SamAccountName; var readUser = accountAdo.Read(Ado, dtoRead); if (readUser.hasData) { DTO.PrvCode = accountAdo.ReadAccounts(readUser)[0].PrvCode; int nUpdated = accountAdo.Update(Ado, DTO, SamAccountName); if (nUpdated == 0) { Log.Instance.Debug("Failed to update Account"); Response.error = Label.Get("error.update"); return(false); } } Response.data = JSONRPC.success; return(true); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //A power user may not update a user to become an Administrator if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not update a user to become an Administrator"); Response.error = Label.Get("error.privilege"); return(false); } //A power user may not downgrade an administrator if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not downgrade an administrator"); Response.error = Label.Get("error.privilege"); return(false); } Account_ADO adoAccount = new Account_ADO(); //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused. if (IsAdministrator(DTO.CcnUsername)) { if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update."); Response.error = Label.Get("error.update"); return(false); } } //Update and retrieve the number of updated rows int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName); if (nUpdated == 0) { Log.Instance.Debug("Failed to update Account"); Response.error = Label.Get("error.update"); return(false); } //An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user // We run the check based on the proposed PrvCode, not on the existing privilege if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER)) { List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername); foreach (GroupAccount_DTO groupAccount in groupAccountList) { GroupAccount_ADO gaAdo = new GroupAccount_ADO(); GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete(); gaDto.CcnUsername = groupAccount.CcnUsername; gaDto.GrpCode = groupAccount.GrpCode; int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName); if (deleted == 0) { Log.Instance.Debug("Failed to delete account group membership"); Response.error = Label.Get("error.update"); return(false); } } } //If this user is cached then we must remove it because the data is now out of date MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername); Response.data = JSONRPC.success; return(true); }