public UserDO GetUserByID(int UserID)
{
UserDO user = new UserDO();
try
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand("VIEW_USER_BY_ID", connection);
command.CommandType = CommandType.StoredProcedure;
connection.Open();
command.Parameters.AddWithValue("@userID", UserID);
SqlDataReader reader = command.ExecuteReader();
reader.Read();
user.UserID = reader.GetInt64(0);
user.FullName = reader.GetString(1);
user.UserName = reader.GetString(2);
user.UserPassword = reader.GetString(3);
user.RoleID = reader.GetInt64(4);
user.Email = reader.GetString(5);
connection.Close();
command.Dispose();
connection.Dispose();
}
}
catch (Exception ex)
{
ErrorLog error = new ErrorLog();
error.Log(ex, "GetUserByID", "DAL", "Error");
}
return(user);
}
/// <summary>
/// Filters data while reading from the database
/// </summary>
/// <param name="reader">SqlDataReader to read from the database</param>
/// <returns>Returns a UserDO with no null values</returns>
public UserDO MapReaderToSingle(SqlDataReader reader)
{
UserDO userDO = new UserDO();
if (reader["UserID"] != DBNull.Value)
{
userDO.UserID = (int)reader["UserID"];
}
if (reader["FirstName"] != DBNull.Value)
{
userDO.FirstName = (string)reader["FirstName"];
}
if (reader["LastName"] != DBNull.Value)
{
userDO.LastName = (string)reader["LastName"];
}
if (reader["Username"] != DBNull.Value)
{
userDO.Username = (string)reader["Username"];
}
if (reader["Password"] != DBNull.Value)
{
userDO.Password = (string)reader["Password"];
}
if (reader["Email"] != DBNull.Value)
{
userDO.Email = (string)reader["Email"];
}
if (reader["RoleID"] != DBNull.Value)
{
userDO.RoleID = (int)reader["RoleID"];
}
return(userDO);
}
public void CreateNewUser(UserDO user)
{
try
{
using (SqlConnection sqlCon = new SqlConnection(connectionString))
using (SqlCommand sqlCMD = new SqlCommand("USERS_CREATE", sqlCon))
{
sqlCMD.CommandType = System.Data.CommandType.StoredProcedure;
sqlCMD.Parameters.AddWithValue("UserName", user.UserName);
sqlCMD.Parameters.AddWithValue("UserPass", user.Password);
sqlCMD.Parameters.AddWithValue("Role", user.Role);
sqlCMD.Parameters.AddWithValue("FirstName", user.FirstName);
sqlCMD.Parameters.AddWithValue("LastName", user.LastName);
sqlCMD.Parameters.AddWithValue("Banned", user.Banned);
sqlCMD.Parameters.AddWithValue("Inactive", user.Inactive);
sqlCMD.Parameters.AddWithValue("Salt", user.Salt);
sqlCon.Open();
sqlCMD.ExecuteNonQuery();
}
}
catch (SqlException sqlEx)
{
Logger.LogSqlException(sqlEx);
}
}
public IHttpActionResult PutUserDO(int id, UserDO userDO)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != userDO.UserDOID)
{
return(BadRequest());
}
db.Entry(userDO).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!UserDOExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public ActionResult UpdateUser(UserViewModel userInfo)
{
ActionResult response = null;
try
{
if ((Int64)Session["RoleID"] == 3)
{
UserPO form = userInfo.Form;
UserMap map = new UserMap();
if (ModelState.IsValid)
{
UserDO userObject = map.UserPOToDO(form);
userDL.UpdateUser(userObject);
response = RedirectToAction("UserIndex");
}
else
{
response = View(userInfo);
}
}
else
{
response = RedirectToAction("Index", "Home");
}
}
catch (SqlException sqlEx)
{
userInfo.message = new ExceptionAnalysis().GenerateResponse(sqlEx);
response = View(userInfo);
}
return(response);
}
public ActionResult UpdateUser(UserPO form)
{
ActionResult response = null;
try
{
_logger.LogMessage("Info", "Update User Post", MethodBase.GetCurrentMethod().ToString(),
"Request to update information for user with ID #" + form.UserID + " received from user with ID #" + Session["ID"] + ".");
if (ModelState.IsValid)
{
_logger.LogMessage("Info", "Model State check passed", MethodBase.GetCurrentMethod().ToString(),
"UserPO form model state is valid.");
//Allow role changes if updater is admin
if ((int.TryParse(Session["Role"].ToString(), out int role) && role >= 3) ||
(TempData["initialRole"] != null && (int)TempData["initialRole"] == form.RoleID))
{
//Under no circumstances allow altered UserID
if (TempData["initialID"] != null && (int)TempData["initialID"] == form.UserID)
{
_logger.LogMessage("Attempting to map User PO to DO.");
UserDO userDO = Mapping.Mapper.UserPOtoDO(form);
_userDAO.UpdateUser(userDO);
if (TempData["updatingSelf"] != null &&
TempData["updatingSelf"].ToString() == "true")
{
TempData.Remove("updatingSelf");
//reset session in case own username was changed
SetSession(form.Username, form.RoleID);
}
else
{
}
TempData["updateSuccess"] = "User information updated.";
response = RedirectToAction("UserDetails", "Account", new { username = form.Username });
}
else
{
_logger.LogMessage("Warning", "User Update forbidden", MethodBase.GetCurrentMethod().ToString(),
"User ID could not be verified or failed verification. Attempt to submit update form with altered User ID was denied.");
TempData["noPermission"] = "An error has been encountered. You have been returned to the home page.";
response = RedirectToAction("Index", "Home");
}
}
else
{
_logger.LogMessage("Warning", "User Update forbidden", MethodBase.GetCurrentMethod().ToString(),
"Non admin with User ID#" + Session["ID"].ToString() + " and username '" + Session["Username"].ToString() + "' attempted to change user role.");
TempData["noPermission"] = "An error has been encountered. You have been returned to the home page.";
response = RedirectToAction("Index", "Home");
}
}
else
{
_logger.LogMessage("Warning", "Model State check failed", MethodBase.GetCurrentMethod().ToString(),
"UserPO form model state was not valid. Returning user to View.");
FillRoleDropDown(form);
response = View(form);
}
}
public ActionResult UpdateUser(int UserID)
{
UserDO item = null;
UserPO display = null;
ActionResult response = RedirectToAction("Index", "Home");
if (Session["RoleID"] != null && ((int)Session["RoleID"] == 3))
{
try
{
//Make sure password is not being called
item = _dataAccess.ReadIndividualUserByID(UserID);
display = UserMappers.UserDOtoPO(item);
}
catch (Exception exception)
{
ErrorLogger.LogExceptions(exception);
response = View(UserID);
}
finally
{ }
response = View(display);
}
else
{
response = RedirectToAction("Index", "Home");
}
return(response);
}
public ActionResult UpdateUser(int specificUser = default(int))
{
ActionResult response = null;
//Only registered users can update their information.
if (Session["UserRole"] != null)
{
//The user accessing the update page must be updating their own information, unless they are admin.
if (specificUser != (int)Session["UserID"] && (int)Session["UserRole"] != 1)
{
//Make them match if they don't.
specificUser = (int)Session["UserID"];
}
try
{
//Populate the form with the user's current information.
UserDO userObject = _dataAccess.UserDetails(specificUser);
UserPO displayUser = Mapper.UserDOtoPO(userObject);
response = View(displayUser);
}
catch (Exception ex)
{
//If there is an issue, send the user to the game's index.
Logger.Log(ex);
response = RedirectToAction("Index", "Games");
}
finally { }
}
else
{
//If the user has lost session, redirect them.
response = RedirectToAction("Index", "Games");
}
return(response);
}
//Set session upon login, storing their username, userId and their given role.
private void SetSession(UserDO user)
{
Session["Username"] = user.Username;
Session["UserID"] = user.UserID;
Session["UserRole"] = user.RoleID;
Session.Timeout = 10;
}
public ActionResult Register(UserPO form)
{
//Declaring local variables
ActionResult oResponse = RedirectToAction("Login", "Account");
if (ModelState.IsValid)
{
try
{
form.RoleID = 3;
UserDO dataObject = UserMapper.MapPOtoDO(form);
dataAccess.CreateUser(dataObject);
TempData["Message"] = $"{form.Username} was created successfully.";
}
catch (Exception ex)
{
oResponse = View(form);
TempData["Message"] = "Fail";
}
}
else
{
oResponse = View(form);
}
return(oResponse);
}
public ActionResult UserDetails(int specificUser = default(int))
{
ActionResult response = null;
//Only accessiblle to signed in users.
if (Session["UserRole"] != null)
{
//The details page must match the user Id of the user requesting, or be an admin.
if (specificUser != (int)Session["UserID"] && (int)Session["UserRole"] != 1)
{
//Make them match if they don't.
specificUser = (int)Session["UserID"];
}
try
{
//Get and display the users information.
UserDO userObject = _dataAccess.UserDetails(specificUser);
UserPO displayUser = Mapper.UserDOtoPO(userObject);
response = View(displayUser);
}
catch (Exception ex)
{
Logger.Log(ex);
//If there is an issue getting the user's details, sent the user to the Index of Games.
response = RedirectToAction("Index", "Games");
}
finally { }
}
else
{
//Redirect if the user does not have session.
response = RedirectToAction("Index", "Games");
}
return(response);
}
public ActionResult Create(UserPO form)
{
ActionResult oResponse = RedirectToAction("Index", "Account");
//Validation check
if (ModelState.IsValid)
{
try
{
//Passing dataObjects mapped from PO to DO for CreateUser()
UserDO dataObject = UserMapper.MapPOtoDO(form);
dataAccess.CreateUser(dataObject);
TempData["Message"] = $"{form.Username} was created successfully.";
}
catch (Exception ex)
{
oResponse = View(form);
TempData["Message"] = "Fail";
}
}
else
{
oResponse = View(form);
}
return(oResponse);
}
//Method that allows user to input the information they want to update
public ActionResult UpdateUser(int UserId)
{
//declaring object using model PlayerPO
UserPO userToUpdate = new UserPO();
//Beginning of processes
try
{
//declare List using Model UserDO, and use it to store all information on the game recovered by using a DAL access call
UserDO item = _dataAccess.UserReadByID(UserId);
//assign all data to object using a mapper
userToUpdate = MapUserTF.UserDOtoPO(item);
}
//catch to record any exceptions that crop up
catch (Exception ex)
{
//call to method to record necessary information
ErrorFile.ErrorHandlerPL(ex);
}
//finally to tie up any loose ends
finally
{ }
//Sends the data in the list to the view to be seen by the user.
return(View(userToUpdate));
}
public void UpdateUser(UserDO userObject)
{
try
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand("UPDATE_USER", connection);
command.CommandType = CommandType.StoredProcedure;
connection.Open();
command.Parameters.AddWithValue("@userID", userObject.UserID);
command.Parameters.AddWithValue("@fullName", userObject.FullName);
command.Parameters.AddWithValue("@userName", userObject.UserName);
command.Parameters.AddWithValue("@userPassword", userObject.UserPassword);
command.Parameters.AddWithValue("@roleID", userObject.RoleID);
command.Parameters.AddWithValue("@email", userObject.Email);
command.ExecuteNonQuery();
connection.Close();
command.Dispose();
connection.Dispose();
}
}
catch (SqlException sqlEx)
{
ErrorLog error = new ErrorLog();
error.Log(sqlEx, "UpdateUser", "SQL", "Error");
throw sqlEx;
}
catch (Exception ex)
{
ErrorLog error = new ErrorLog();
error.Log(ex, "UpdateUser", "DAL", "Error");
}
}
public IActionResult Create([FromBody] UserVO user)
{
var userDO = new UserDO
{
UserNumber = user.UserNumber,
UserPassword = user.UserPassword,
Email = user.Email,
Radio = user.Radio,
City = user.City,
Date = user.Date
};
try
{
var inserteduser = _userService.Insert(userDO);
return(Json(new
{
code = "success",
data = inserteduser
}));
}
catch (Exception ex)
{
return(Json(new
{
code = "fail",
message = ex.Message
}));
}
}
//INFO: Return all users in the database.
public List <UserDO> GetUsers()
{
List <UserDO> UserDOs = new List <UserDO>();
using (riverkeeperEntities RKEntities = new riverkeeperEntities())
{
List <User> Users = (from u in RKEntities.Users
select u).ToList();
foreach (var user in Users)
{
if (user != null)
{
UserDO userDO = new UserDO()
{
FirstName = user.FirstName,
LastName = user.LastName,
PhoneNumber = user.PhoneNumber,
Type = user.Type,
EmailAddress = user.EmailAddress,
ZipCode = user.ZipCode
};
UserDOs.Add(userDO);
}
if (user == null)
{
throw new Exception("No user in DB");
}
}
}
return(UserDOs);
}
protected void lbSave_Click(object sender, EventArgs e)
{
User u = new User();
UserDO udo = new UserDO();
u = CollectUser();
if (Request["New"] != null)
{
int id = udo.CreateUser(u);
if (id > 0)
{
nlUser.SetCleanNotification("Пользователь успешно создан. ID=" + id.ToString());
}
else
{
nlUser.SetDirtyNotification("Произошла ошибка при создании пользователя");
}
}
else
{
bool ok = udo.UpdateUser(u);
if (ok)
{
nlUser.SetCleanNotification("Пользователь успешно обновлен.");
}
else
{
nlUser.SetDirtyNotification("Произошла ошибка при обновлении пользователя");
}
}
}
public UserDO MapReadToSingle(SqlDataReader reader)
{
UserDO result = new UserDO();
if (reader["UserID"] != DBNull.Value)
{
result.UserId = (long)reader["UserID"];
}
if (reader["UserName"] != DBNull.Value)
{
result.Username = (string)reader["UserName"];
}
if (reader["Pass"] != DBNull.Value)
{
result.Password = (string)reader["Pass"];
}
if (reader["RoleID"] != DBNull.Value)
{
result.Role = (long)reader["RoleID"];
}
if (reader["Email"] != DBNull.Value)
{
result.Email = (string)reader["Email"];
}
if (reader["Address"] != DBNull.Value)
{
result.Address = (string)reader["Address"];
}
if (reader["Country"] != DBNull.Value)
{
result.Country = (string)reader["Address"];
}
return(result);
}
public PinzCustomPrincipal(IIdentity client)
{
this.Identity = client;
PinzDbContext dbContext = new PinzDbContext("pinzDBConnectionString");
roles = new List <string>();
if (Identity.IsAuthenticated)
{
roles.Add(USER);
}
UserDO user = dbContext.Users.Single(u => u.EMail == Identity.Name);
if (user.ProjectStaff.Any(ps => ps.IsProjectAdmin == true))
{
roles.Add(PROJECT_ADMIN);
}
if (user.IsCompanyAdmin)
{
roles.Add(PROJECT_ADMIN);
roles.Add(COMPANY_ADMIN);
}
if (user.IsPinzSuperAdmin)
{
roles.Add(PROJECT_ADMIN);
roles.Add(COMPANY_ADMIN);
roles.Add(PINZ_SUPERADMIN);
}
}
public UserDO ViewUserByUsername(string username)
{
UserDO userObject = new UserDO();
try
{
using (SqlConnection sqlConnection = new SqlConnection(connectionString))
{
SqlCommand sqlCommand = new SqlCommand("VIEW_USER_BY_USERNAME", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.AddWithValue("@Username", username);
sqlConnection.Open();
SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
while (sqlDataReader.Read())
{
userObject = new UserDO();
userObject.UserID = sqlDataReader.GetInt64(0);
userObject.CompleteName = sqlDataReader.GetString(1).Trim();
userObject.UserName = sqlDataReader.GetString(2).Trim();
userObject.Password = sqlDataReader.GetString(3).Trim();
userObject.RoleID = sqlDataReader.GetInt32(4);
}
sqlConnection.Close();
sqlConnection.Dispose();
sqlCommand.Dispose();
}
}
catch (Exception exc)
{
LoggingDataAccessLayer.LogViewUserByUsername(exc);
}
return(userObject);
}
public ActionResult UpdateUser(UserPO form)
{
ActionResult response = null;
if (Session["RoleID"] != null && ((int)Session["RoleID"] == 3))
{
if (ModelState.IsValid)
{
try
{
UserDO dataObject = UserMappers.UserPOtoDOWithoutPassword(form);
_dataAccess.UpdateUser(dataObject);
response = RedirectToAction("Index", "User");
}
catch (Exception exception)
{
ErrorLogger.LogExceptions(exception);
response = View(form);
}
finally
{ }
}
else
{
response = View(form);
}
}
return(response);
}
public void UpdateUser(UserDO userUpdateDO)
{
try
{
using (SqlConnection sqlConnection = new SqlConnection(connectionString))
{
SqlCommand sqlCommand = new SqlCommand("UPDATE_USER", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlConnection.Open();
sqlCommand.Parameters.AddWithValue("@UserID", userUpdateDO.UserID);
sqlCommand.Parameters.AddWithValue("@CompleteName", userUpdateDO.CompleteName);
sqlCommand.Parameters.AddWithValue("@UserName", userUpdateDO.UserName);
sqlCommand.Parameters.AddWithValue("@Password", userUpdateDO.Password);
sqlCommand.Parameters.AddWithValue("@RoleID", userUpdateDO.RoleID);
sqlCommand.ExecuteNonQuery();
sqlConnection.Close();
sqlConnection.Dispose();
sqlCommand.Dispose();
}
}
catch (Exception exc)
{
LoggingDataAccessLayer.LogCreateUser(exc);
}
}
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
try {
UserDO user = UserBL.GetUserDOByUsername(model.Username);
if (UserBL.IsUserAuthenticationCorrect(user, model.Username, model.Password))
{
EmptySession( );
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
Session.Add("User", user);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
} catch (BusinessException ex) {
ModelState.AddModelError("LogonError", ex.Message);
}
}
return(View( ));
}
public bool RegisterUser(UserDO newUser)
{
bool success = false;
try
{
using (SqlConnection sqlConnection = new SqlConnection(connectionString))
{
SqlCommand sqlCommand = new SqlCommand("REGISTER_USER", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.AddWithValue("@CompleteName", newUser.CompleteName);
sqlCommand.Parameters.AddWithValue("@UserName", newUser.UserName);
sqlCommand.Parameters.AddWithValue("@Password", newUser.Password);
sqlCommand.Parameters.AddWithValue("@RoleID", newUser.RoleID);
sqlConnection.Open();
success = sqlCommand.ExecuteNonQuery() > 0;
sqlConnection.Close();
sqlConnection.Dispose();
sqlCommand.Dispose();
}
}
catch (Exception exc)
{
LoggingDataAccessLayer.LogRegisterUser(exc);
}
return(success);
}
public ActionResult CreateUser(UserViewModel userInfo)
{
ActionResult response = null;
try
{
if (Session["UserName"] == null)
{
UserPO form = userInfo.Form;
if (ModelState.IsValid)
{
UserMap map = new UserMap();
UserDO userObject = map.UserPOToDO(form);
userObject.RoleID = 1;
userDL.CreateUser(userObject);
response = RedirectToAction("Login", "Account");
}
else
{
response = View(userInfo);
}
}
else
{
response = RedirectToAction("Index", "Home");
}
}
catch (SqlException sqlEx)
{
//What about the exception do we wish to analyze?
userInfo.message = new ExceptionAnalysis().GenerateResponse(sqlEx);
response = View(userInfo);
}
return(response);
}
//View by the username to see if form is valid if it is then let them view the store else return form.
public ActionResult Login(Login form)
{
ActionResult response;
try
{
if (ModelState.IsValid)
{
UserDO userDataObject = _UserDataAccess.ViewUserByUserName(form.UserName);
if (userDataObject.Username.Equals(form.UserName) && userDataObject.Email.Equals(form.Email) && userDataObject.Password.Equals(form.Password))
{
Session["Username"] = userDataObject.Username;
Session["UserID"] = userDataObject.UserId;
Session["RoleName"] = userDataObject.RoleName;
userDataObject.Email = form.Email;
response = RedirectToAction("Store", "PC");
}
else
{
response = View(form);
}
}
else
{
response = View(form);
}
}
catch
{
response = View(form);
}
return(response);
}
///<summary>
/// Updates information for a User
/// first,last, email, team, role (Admin, SM,TL)
/// </summary>
public ActionResult UpdateUserInfo(UserViewModel userToUpdateVM)
{
ActionResult oResponse = null;
// Ensure user is authenticated
if (ModelState.IsValid)
{
try
{
//TODO: Map userCred and Team for update
// Map user from presentation to data objects
UserDO userUpdateDO = Mapper.Map <UserPO, UserDO>(userToUpdateVM.User);
// Passes form to be updated
_uda.UpdateUser(userUpdateDO);
oResponse = View("ViewUserByUserID", userToUpdateVM.User.UserID);
}
catch (Exception ex)
{
ErrorLogger.LogError(ex, "UpdateUserInfo", "Account");
userToUpdateVM.ErrorMessage = "The was an issue with updating employee information. Please try again. If the problem persists contact your IT department.";
oResponse = View(userToUpdateVM);
}
}
else
{
oResponse = View(userToUpdateVM);
}
return(oResponse);
}
public ActionResult Delete(string username)
{
ActionResult response;
string userName = (string)Session["UserName"];
if (username != userName)
{
UserDO user = _UserDataAccess.ViewUserByUserName(username);
User deletedUser = _mapper.MapDOtoPO(user);
long userID = deletedUser.UserID;
//Make sure that ID isnt 0
if (userID > 0)
{
_UserDataAccess.DeleteUser(userID);
response = RedirectToAction("ViewUsers", "Account");
}
else
{
response = RedirectToAction("ViewUsers", "Account");
}
}
else
{
response = RedirectToAction("Index", "Home");
}
return(response);
}
public UserDO ViewSingleUser(int id)
{
UserDO user = new UserDO();
try
{
using (SqlConnection sqlCon = new SqlConnection(connectionString))
using (SqlCommand sqlCMD = new SqlCommand("USERS_VIEW_SINGLE", sqlCon))
{
sqlCMD.CommandType = System.Data.CommandType.StoredProcedure;
sqlCMD.Parameters.AddWithValue("UserID", id);
sqlCon.Open();
using (SqlDataReader reader = sqlCMD.ExecuteReader())
{
if (reader.Read())
{
user = Mapper.MapSingleUser(reader);
}
}
}
}
catch (SqlException sqlEx)
{
Logger.LogSqlException(sqlEx);
}
return(user);
}
public List <UserDO> ViewUsers()
{
List <UserDO> userList = new List <UserDO>();
try
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand("VIEW_USERS", connection);
command.CommandType = CommandType.StoredProcedure;
connection.Open();
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
UserDO userObject = new UserDO();
userObject.UserID = reader.GetInt64(0);
userObject.FullName = reader.GetString(1);
userObject.UserName = reader.GetString(2);
userObject.UserPassword = reader.GetString(3);
userObject.RoleID = reader.GetInt64(4);
userObject.Email = reader.GetString(5);
userList.Add(userObject);
}
connection.Close();
command.Dispose();
connection.Dispose();
}
}
catch (Exception ex)
{
ErrorLog error = new ErrorLog();
error.Log(ex, "ViewUsers", "DAL", "Error");
}
return(userList);
}
