//Adds the given UserID to the User Access Group with the given ID public void AddUserToGroup(int UserID, int UserAccessGroupID) { //Find the access group with the given ID UserAccessGroup group = CRUD.GetAllAccessGroups().Where(x => x.UserAccessGroupID == UserAccessGroupID).FirstOrDefault(); foreach (User user in group.Users) { //Check if the user with the given ID is already in the group if (user.UserID == UserID) { //Log that no action was taken as the user is already in the group logger.Info("Add user to group operation cancelled as user " + user.FirstName + " " + user.LastName + " is already a member of group " + group.GroupName); //If the user is already in the access group, do nothing return; } else { //Otherwise, add the user to the access group //Add the user to the group in the database CRUD.AddUserToGroup(UserID, UserAccessGroupID); //Log the addition of the user to the access group logger.Info("User with ID " + UserID + " has been added to the " + "user access group with ID " + UserAccessGroupID); return; } } }
//Returns true if the user has entered a valid email and password, //and has permission to access the system. Otherwise, returns false public bool AttemptLogon(String Email, String Password) { //Return false if there are no users on the system if (CRUD.GetAllUsers().Count == 0) { //Record the failed logon attempt in the database CRUD.RecordFailedLogon(); //Log the failed logon attempt logger.Info("User logon failed. There are no users on the system."); return(false); } string Username = ""; int countEmailMatches = 0; String checkPassword = ""; int checkPermissionUserID = 0; bool checkPermissionUserIDFound = false; bool checkIfBanned = false; //Find the user in the system whose email matches the one provided foreach (User user in CRUD.GetAllUsers()) { if (user.Email == Email) { Username = user.FirstName + " " + user.LastName; countEmailMatches++; checkPassword = user.Password; checkPermissionUserID = user.UserID; checkIfBanned = user.IsBanned; } } //Return false if the email provided does not belong to a user on the system if (countEmailMatches < 1) { //Record the failed logon attempt in the database CRUD.RecordFailedLogon(); //Log the failed logon attempt logger.Info("User logon failed. The email provided" + " does not belong to a user in the system."); return(false); } //Return false if the user has entered an incorrect password if (checkPassword != Password) { //Record the failed logon attempt in the database CRUD.RecordFailedLogon(); //Log the failed logon attempt logger.Info("User logon failed. User " + Username + " entered password incorrectly."); return(false); } //Return false if the user is temporarily banned if (checkIfBanned == true) { //Record the failed logon attempt in the database CRUD.RecordFailedLogon(); //Log the failed logon attempt logger.Info("User logon failed. User " + Username + " has been temporarily banned from the system."); return(false); } //Return false if the user does not have permission to access the system foreach (UserAccessGroup Group in CRUD.GetAllAccessGroups()) { //Find the admins access group if (Group.GroupName == "Admins") { foreach (User user in Group.Users) { //Search the access group for a user with the ID of the //user who is attempting to logon if (user.UserID == checkPermissionUserID) { checkPermissionUserIDFound = true; } } } } //If the user is not in the admins access group, return false if (checkPermissionUserIDFound == false) { //Record the failed logon attempt in the database CRUD.RecordFailedLogon(); //Log the failed logon attempt logger.Info("User logon failed. " + Username + " does not have permission to access the system."); return(false); } //Record the successful logon attempt in the database CRUD.RecordSuccessfulLogon(); //Log the successful logon attempt logger.Info(Username + " successfully logged on to the system."); return(true); }