/// <summary>
/// This method adds the groups to a list of users
/// </summary>
/// <param name="ado"></param>
/// <param name="users"></param>
/// <returns></returns>
internal void MergeGroupsToUsers(ADO ado, ref ADO_readerOutput resultUsers)
{
GroupAccount_ADO adoGroupAccount = new GroupAccount_ADO();
//cycle through each user in the list and get the group data
if (resultUsers.hasData)
{
foreach (var user in resultUsers.data)
{
GroupAccount_DTO_Read gpAccDto = new GroupAccount_DTO_Read();
gpAccDto.CcnUsername = user.CcnUsername;
//Get the group data for the user
ADO_readerOutput resultGroups = adoGroupAccount.Read(ado, gpAccDto);
if (resultGroups.hasData)
{
user.UserGroups = new List <GroupAccount_DTO>();
foreach (var group in resultGroups.data)
{// add the new data to the output
GroupAccount_DTO groupAccountDTO = new GroupAccount_DTO();
groupAccountDTO.GrpName = group.GrpName;
groupAccountDTO.GrpCode = group.GrpCode;
groupAccountDTO.GccApproveFlag = group.GccApproveFlag;
// add group to the user
user.UserGroups.Add(groupAccountDTO);
}
}
}
}
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoGroupAccount = new GroupAccount_ADO();
//Power users or Administrators may not be group members
//Even though this is an Update request, it would qualify as suspicious behaviour
if (IsPowerUser(DTO.CcnUsername) || IsAdministrator(DTO.CcnUsername))
{
Log.Instance.Debug("Power users or Administrators may not be group members");
Response.error = Label.Get("error.update");
return(false);
}
//Create the GroupAccount - and retrieve the newly created Id
int newId = adoGroupAccount.Update(Ado, DTO, SamAccountName);
if (newId == 0)
{
Log.Instance.Debug("Can't update Group Account");
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoGroupAccount = new GroupAccount_ADO();
//Power users or Administrators may not be group members
if (IsPowerUser(DTO.CcnUsername) || IsAdministrator(DTO.CcnUsername))
{
Log.Instance.Debug("Power users or Administrators may not be group members");
Response.error = Label.Get("error.create");
return(false);
}
//Check if the user exists
var adoAccount = new Account_ADO();
var account = adoAccount.Read(Ado, DTO.CcnUsername);
if (!account.hasData)
{
Log.Instance.Debug("User does not exist");
Response.error = Label.Get("error.create");
return(false);
}
//First we must check if the GroupAccount exists already (we can't have duplicates)
if (adoGroupAccount.Exists(Ado, DTO.CcnUsername, DTO.GrpCode))
{
//This GroupAccount exists already, we can't proceed
Log.Instance.Debug("GroupAccount exists already - create request refused");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Create the GroupAccount - and retrieve the newly created Id
int newId = adoGroupAccount.Create(Ado, DTO, SamAccountName);
if (newId == 0)
{
Log.Instance.Debug("Can't create Group Account");
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Get a list of GroupAccounts for a CcnUsername
/// </summary>
/// <param name="ccnUsername"></param>
/// <returns></returns>
private List <GroupAccount_DTO> getGroupMembership(string ccnUsername)
{
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Read dtoRead = new GroupAccount_DTO_Read();
dtoRead.CcnUsername = ccnUsername;
dynamic result = gaAdo.Read(Ado, dtoRead);
List <GroupAccount_DTO> groupAccountList = new List <GroupAccount_DTO>();
foreach (dynamic groupAccount in result.data)
{
GroupAccount_DTO resultDTO = new GroupAccount_DTO(groupAccount);
groupAccountList.Add(resultDTO);
}
return(groupAccountList);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
var adoGroupAccount = new GroupAccount_ADO();
//attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete)
int nDeleted = adoGroupAccount.Delete(Ado, DTO, SamAccountName);
if (nDeleted == 0)
{
Log.Instance.Debug("Can't delete Group Account");
Response.error = Label.Get("error.delete");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoGroupAccount = new GroupAccount_ADO();
//GroupAccounts are returned as an ADO result
ADO_readerOutput result = adoGroupAccount.Read(Ado, DTO);
if (!result.hasData)
{
return(false);
}
else
{
ActiveDirectory_ADO adAdo = new Security.ActiveDirectory_ADO();
adAdo.MergeAdToUsers(ref result);
}
Response.data = result.data;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not update a user to become an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not update a user to become an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//A power user may not downgrade an administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not downgrade an administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
Account_ADO adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update.");
Response.error = Label.Get("error.update");
return(false);
}
}
//Update and retrieve the number of updated rows
int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName);
if (nUpdated == 0)
{
Log.Instance.Debug("Failed to update Account");
Response.error = Label.Get("error.update");
return(false);
}
//An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user
// We run the check based on the proposed PrvCode, not on the existing privilege
if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER))
{
List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername);
foreach (GroupAccount_DTO groupAccount in groupAccountList)
{
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete();
gaDto.CcnUsername = groupAccount.CcnUsername;
gaDto.GrpCode = groupAccount.GrpCode;
int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName);
if (deleted == 0)
{
Log.Instance.Debug("Failed to delete account group membership");
Response.error = Label.Get("error.update");
return(false);
}
}
}
//If this user is cached then we must remove it because the data is now out of date
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not delete an Administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername))
{
Log.Instance.Debug("A power user may not delete an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//You can't delete yourself
if (DTO.CcnUsername.Equals(SamAccountName))
{
Log.Instance.Debug("A user may not delete themselves");
Response.error = Label.Get("error.delete");
return(false);
}
var adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this delete.");
Response.error = Label.Get("error.delete");
return(false);
}
}
//We also need to delete user membership of any groups
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Read gaDto = new GroupAccount_DTO_Read();
gaDto.CcnUsername = DTO.CcnUsername;
ADO_readerOutput groupAccountList = gaAdo.Read(Ado, gaDto);
if (groupAccountList.hasData)
{
foreach (dynamic res in groupAccountList.data)
{
GroupAccount_DTO_Delete dtoDelete = new GroupAccount_DTO_Delete();
dtoDelete.CcnUsername = DTO.CcnUsername;
dtoDelete.GrpCode = res.GrpCode;
gaAdo.Delete(Ado, dtoDelete, SamAccountName);
}
}
//attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete)
int nDeleted = adoAccount.Delete(Ado, DTO, SamAccountName);
if (nDeleted == 0)
{
Log.Instance.Debug("adoAccount.Delete - can't delete Account");
Response.error = Label.Get("error.delete");
return(false);
}
//If this user is cached then we must remove the cache entry as well
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}