public GXRemoveUserFromUserGroupResponse Post(GXRemoveUserFromUserGroupRequest request) { IAuthSession s = this.GetSession(false); //Normal user can't change user group name or add new one. if (!GuruxAMI.Server.GXBasicAuthProvider.CanUserEdit(s)) { throw new ArgumentException("Access denied."); } long adderId = Convert.ToInt64(s.Id); List<GXEventsItem> events = new List<GXEventsItem>(); lock (Db) { using (var trans = Db.OpenTransaction(IsolationLevel.ReadCommitted)) { bool superAdmin = GuruxAMI.Server.GXBasicAuthProvider.IsSuperAdmin(s); foreach (long user in request.Users) { foreach (long group in request.Groups) { if (!superAdmin) { //User can't update user data if he do not have access to the user group. long[] groups1 = GXUserGroupService.GetUserGroups(Db, adderId); long[] groups2 = GXUserGroupService.GetUserGroups(Db, group); bool found = false; foreach (long it1 in groups1) { foreach (long it2 in groups2) { if (it1 == it2) { found = true; break; } } if (found) { break; } } if (!found) { throw new ArgumentException("Access denied."); } } string query = "SELECT * FROM " + GuruxAMI.Server.AppHost.GetTableName<GXAmiUserGroupUser>(Db); query += string.Format("WHERE UserID = {0} AND UserGroupID = {1}", user, group); List<GXAmiUserGroupUser> items = Db.Select<GXAmiUserGroupUser>(query); foreach (GXAmiUserGroupUser it in items) { Db.DeleteById<GXAmiUserGroupUser>(it.Id); events.Add(new GXEventsItem(ActionTargets.UserGroup, Actions.Edit, group)); } } } trans.Commit(); } } AppHost host = this.ResolveService<AppHost>(); host.SetEvents(Db, this.Request, adderId, events); return new GXRemoveUserFromUserGroupResponse(); }
public GXRemoveUserFromUserGroupResponse Post(GXRemoveUserFromUserGroupRequest request) { IAuthSession s = this.GetSession(false); //Normal user can't change user group name or add new one. if (!GuruxAMI.Server.GXBasicAuthProvider.CanUserEdit(s)) { throw new ArgumentException("Access denied."); } long adderId = Convert.ToInt64(s.Id); List <GXEventsItem> events = new List <GXEventsItem>(); lock (Db) { using (var trans = Db.OpenTransaction(IsolationLevel.ReadCommitted)) { bool superAdmin = GuruxAMI.Server.GXBasicAuthProvider.IsSuperAdmin(s); foreach (long user in request.Users) { foreach (long group in request.Groups) { if (!superAdmin) { //User can't update user data if he do not have access to the user group. long[] groups1 = GXUserGroupService.GetUserGroups(Db, adderId); long[] groups2 = GXUserGroupService.GetUserGroups(Db, group); bool found = false; foreach (long it1 in groups1) { foreach (long it2 in groups2) { if (it1 == it2) { found = true; break; } } if (found) { break; } } if (!found) { throw new ArgumentException("Access denied."); } } string query = "SELECT * FROM " + GuruxAMI.Server.AppHost.GetTableName <GXAmiUserGroupUser>(Db); query += string.Format("WHERE UserID = {0} AND UserGroupID = {1}", user, group); List <GXAmiUserGroupUser> items = Db.Select <GXAmiUserGroupUser>(query); foreach (GXAmiUserGroupUser it in items) { Db.DeleteById <GXAmiUserGroupUser>(it.Id); events.Add(new GXEventsItem(ActionTargets.UserGroup, Actions.Edit, group)); } } } trans.Commit(); } } AppHost host = this.ResolveService <AppHost>(); host.SetEvents(Db, this.Request, adderId, events); return(new GXRemoveUserFromUserGroupResponse()); }