public static void AddStaff(Staff staff)
{
SqlConnection con = DBUtils.getDBConnection();
con.Open();
string passwdHash = StringUtils.GetMD5Hash(StringUtils.Reverse(staff.Password));
SqlCommand command = new SqlCommand("insert into Users (username, password, role, account_act_date, name, state) values ('"
+ staff.StaffUserName + "', '" + passwdHash + "', 'staff','" +
DateTime.Today + "', '" + staff.StaffName + "', 'Active');", con);
command.ExecuteNonQuery();
int publish = (staff.RightToPublish ? 1 : 0);
int post = (staff.RightToPost ? 1 : 0);
int schedule = (staff.RightToSchedule ? 1 : 0);
command = new SqlCommand("insert into Staff (staff_id, right_to_schedule, right_to_publish, right_to_post)"
+ " values (" + AccountDAL.getCandidateId(con, staff.StaffUserName) + "," + schedule + "," + publish + "," + post + ")", con);
command.ExecuteNonQuery();
con.Close();
}
public static List<Staff> GetStaffDetails()
{
SqlConnection con = DBUtils.getDBConnection();
con.Open();
SqlCommand command = new SqlCommand("SELECT staff_id, right_to_post, right_to_schedule, right_to_publish, users.name" +
" FROM dbo.Staff staff inner join dbo.Users users on users.user_id = staff.staff_id;", con);
SqlDataReader reader = command.ExecuteReader();
List<Staff> staffs = new List<Staff>();
while(reader.Read())
{
Staff staff = new Staff();
staff.StaffId = reader.GetInt32(0);
if (Convert.ToBoolean(reader[1]))
staff.RightToPost = true;
else
staff.RightToPost = false;
if (Convert.ToBoolean(reader[2]))
staff.RightToSchedule = true;
else
staff.RightToSchedule = false;
if (Convert.ToBoolean(reader[3]))
staff.RightToPublish = true;
else
staff.RightToPublish = false;
staff.StaffName = reader.GetString(4);
staffs.Add(staff);
}
reader.Close();
return staffs;
}
public static void UpdateStaffResponsibilities(Staff staff)
{
SqlConnection con = DBUtils.getDBConnection();
con.Open();
int post = (staff.RightToPost ? 1 : 0);
int publish = (staff.RightToPublish ? 1 : 0);
int schedule = (staff.RightToSchedule ? 1 : 0);
SqlCommand command = new SqlCommand("update dbo.Staff set right_to_post = " + post +
" , right_to_publish = " + publish + " , right_to_schedule = " + schedule + " where staff_id = " + staff.StaffId, con);
command.ExecuteNonQuery();
con.Close();
}
public string UpdateStaffResponsibilities(Staff staff)
{
AdminDAL.UpdateStaffResponsibilities(staff);
return "";
}
public ActionResult AppointStaff(Staff staff)
{
if (!Navigator.IsUserLoggedIn(Session))
{
@ViewBag.Message = "Sorry! You need to login to view this page.";
return View("Message");
//return RedirectToAction("Login", "Account");
}
else if (!Navigator.UserRoleValidation(Session, "manager"))
{
@ViewBag.Message = "Access Denied ! You are not allowed to visit this page.";
return View("Message");
//return RedirectToAction("Login", "Account");
}
AdminDAL.AddStaff(staff);
ViewBag.Message = "Staff has been appointed successfully";
return View("Message");
}