/// <summary>
/// Returns a basic list of all user accounts for a given dealership id, if the userId passed in has
/// the correct access level requirements to see that dealerships users.
/// </summary>
/// <param name="userId">The userId requesting to access the customer list</param>
/// <param name="customerId">The customerId we want to get a list of user accounts for</param>
/// <returns>A BasicUserDataSet object which contains basic user account information</returns>
public IEnumerable <BasicUserDataSet> getUserAccountsForDealership(long userId, int dealershipId)
{
// List of user accounts to be returned
List <BasicUserDataSet> userAccountReturn = new List <BasicUserDataSet>();
bool hasAccessToDealership = AuthorizeUserAccess.verifyAccessToDealership(userId, dealershipId, true);
bool isGlobalAdmin = AuthorizeUserAccess.isUserGlobalAdministrator(userId);
if (hasAccessToDealership)
{
using (var context = new DAL.SharedContext())
{
userAccountReturn = context.UserAccessMaps
.Where(um => um.DealershipId == dealershipId)
.OrderBy(um => um.USER_TABLE.suspended)
.ThenBy(um => um.AccessLevelTypeId)
.ThenBy(um => um.USER_TABLE.username)
.Select(um => new BasicUserDataSet
{
UserId = um.USER_TABLE.user_auto,
Username = um.USER_TABLE.username,
Email = um.USER_TABLE.email,
AccessLevel = um.AccessLevelTypeId,
Disabled = um.USER_TABLE.suspended,
Password = isGlobalAdmin ? um.USER_TABLE.passwd : "******"
}).ToList();
}
}
return(userAccountReturn);
}
/// <summary>
/// Returns a basic list of all user accounts for a given customer, if the userId passed in has
/// the correct access level requirements to see that customer.
/// </summary>
/// <param name="userId">The userId requesting to access the customer list</param>
/// <param name="customerId">The customerId we want to get a list of user accounts for</param>
/// <returns>A BasicUserDataSet object which contains basic user account information</returns>
public IEnumerable <BasicUserDataSet> getUserAccountsForCustomer(long userId, long customerId)
{
List <BasicUserDataSet> userAccountReturn = new List <BasicUserDataSet>();
bool hasAccessToCustomer = AuthorizeUserAccess.verifyAccessToCustomer(userId, customerId, true);
bool isGlobalAdmin = AuthorizeUserAccess.isUserGlobalAdministrator(userId);
if (hasAccessToCustomer)
{
using (var context = new DAL.SharedContext())
{
userAccountReturn = context.UserAccessMaps
.Where(um => um.customer_auto == customerId)
.Where(um => um.AccessLevelTypeId == (int)UserAccessTypes.CustomerAdministrator || um.AccessLevelTypeId == (int)UserAccessTypes.CustomerUser)
.OrderBy(um => um.USER_TABLE.suspended)
.ThenBy(um => um.AccessLevelTypeId)
.ThenBy(um => um.USER_TABLE.username)
.Select(um => new BasicUserDataSet
{
UserId = um.USER_TABLE.user_auto,
Username = um.USER_TABLE.username,
Email = um.USER_TABLE.email,
AccessLevel = um.AccessLevelTypeId,
Disabled = um.USER_TABLE.suspended,
Password = isGlobalAdmin ? um.USER_TABLE.passwd : "******"
}).ToList();
}
}
return(userAccountReturn);
}
public GETResponseMessage updateExistingUserAccount(long userId, string username, string email, int accessLevel)
{
UserTeam usersTeam = AuthorizeUserAccess.getUserTeam(userId);
using (var context = new SharedContext())
{
var userAccount = context.USER_TABLE.Find(userId);
if (userAccount == null || username == "" || email == "")
{
return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Invalid user details. "));
}
var aspUserAccount = context.AspNetUsers.Find(userAccount.AspNetUserId);
if (aspUserAccount == null)
{
return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Internal error occurred!. AspUser not found!"));
}
if (email != userAccount.email)
{
if (!checkEmailIsUnique(email) || !checkAspEmailIsUnique(email))
{
return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Email address must be unique. "));
}
}
if (username != userAccount.username)
{
if (!checkUsernameIsUnique(username) || !checkAspUsernameIsUnique(username))
{
return(new GETResponseMessage(ResponseTypes.InvalidInputs, "Username must be unique. "));
}
}
// Ensure that user is updating the access level correctly.
// (A user who is part of a dealership must have a dealership access level).
bool accessLevelAllowed = false;
if (usersTeam.teamType == UserAccountType.Dealership && (accessLevel == (int)UserAccessTypes.DealershipAdministrator ||
accessLevel == (int)UserAccessTypes.DealershipUser))
{
accessLevelAllowed = true;
}
else if (usersTeam.teamType == UserAccountType.Customer && (accessLevel == (int)UserAccessTypes.CustomerAdministrator ||
accessLevel == (int)UserAccessTypes.CustomerUser))
{
accessLevelAllowed = true;
}
else if (accessLevel == 0) // Level 0 means don't change the access level.
{
accessLevelAllowed = true;
}
if (!accessLevelAllowed)
{
return(new GETResponseMessage(ResponseTypes.InvalidInputs, "You are not allowed to give this user account this access level. "));
}
userAccount.username = username;
userAccount.userid = username;
userAccount.email = email;
aspUserAccount.UserName = username;
aspUserAccount.Email = email;
UserAccessMaps userMap;
if (usersTeam.teamType == UserAccountType.Dealership)
{
userMap = context.UserAccessMaps.FirstOrDefault(m => m.user_auto == userId && m.DealershipId == usersTeam.teamId);
}
else
{
userMap = context.UserAccessMaps.FirstOrDefault(m => m.user_auto == userId && m.customer_auto == usersTeam.teamId);
}
if (userMap == null)
{
return(new GETResponseMessage(ResponseTypes.Failed, "Failed to update the users access level record. Couldn't find it in the database. "));
}
// If access level passed in is 0, we wont change their access.
if (accessLevel != 0)
{
// If the user is getting changed to a dealership user, and wasn't already
// we need to remove their access to all customers
if (accessLevel == (int)UserAccessTypes.DealershipUser && userMap.AccessLevelTypeId != (int)UserAccessTypes.DealershipUser)
{
var list = context.USER_CRSF_CUST_EQUIP.Where(u => u.user_auto == userId).ToList();
context.USER_CRSF_CUST_EQUIP.RemoveRange(list);
var list2 = context.UserAccessMaps.Where(m => m.user_auto == userId && m.customer_auto != null).ToList();
context.UserAccessMaps.RemoveRange(list2);
}
else if (accessLevel == (int)UserAccessTypes.DealershipAdministrator && userMap.AccessLevelTypeId != (int)UserAccessTypes.DealershipAdministrator)
{
long[] customerIds = context.CUSTOMER.Where(c => c.DealershipId == usersTeam.teamId).Select(c => c.customer_auto).ToArray();
foreach (long customerId in customerIds)
{
USER_CRSF_CUST_EQUIP accessRecord = new USER_CRSF_CUST_EQUIP()
{
user_auto = userId,
customer_auto = customerId,
level_type = 1,
modified_user = "******"
};
context.USER_CRSF_CUST_EQUIP.Add(accessRecord);
}
}
userMap.AccessLevelTypeId = accessLevel;
}
try
{
context.SaveChanges();
return(new GETResponseMessage(ResponseTypes.Success, "User account updated successfully. "));
}
catch (Exception e)
{
return(new GETResponseMessage(ResponseTypes.Failed, "Failed to save. " + e.Message));
}
}
}
