public DAOPermissionProxy(User u, IDataAccessObject dao)
 {
     Contract.Requires(u != null);
     Contract.Requires(dao != null);
     _user = u;
     _dao = dao;
 }
 public void ChangePassword(User user, string newPasswordHash, string oldPasswordHash)
 {
     Contract.Requires(ActionPermitted(SystemAction.ChangeOwnPassword));
     Contract.Requires(this.CorrectUser(user));
     this.TestPermission(SystemAction.ChangeOwnPassword, "You don't have permission to change your own password");
     this.TestCorrectUser(user);
     _dao.ChangePassword(user, newPasswordHash, oldPasswordHash);
 }
示例#3
0
 public static void LogOut()
 {
     _currentUser = null;
     RunApp();
     ShutdownAllowed = false;
     _mainWindow.Close();
     ShutdownAllowed = true;
 }
示例#4
0
        /// <summary>
        /// May i have the Data Access Object for this user?
        /// </summary>
        /// <param name="u">The user for which data access permissions will be fetched</param>
        /// <returns>A data access object ready to use</returns>
        public static IDataAccessObject getDAO(User u)
        {
            Contract.Requires(Ready);
            Contract.Requires(u != null);
            Contract.Ensures(Contract.Result<IDataAccessObject>() != null);
            Contract.Ensures(daos.ContainsKey(u));

            if (!daos.ContainsKey(u)) //Check if dao already exists
            {
                IDataAccessObject dao = DAOMySql.GetDAO(u, ConnectionString);
                daos[u] = dao; //Create dao if it doesn't exist
            }
            return daos[u];
        }
示例#5
0
 public HashSet<SystemAction> GetPermissions(User u)
 {
     Contract.Requires(u != null, "Input user must not be null!");
     Contract.Ensures(Contract.Result<HashSet<SystemAction>>() != null);
     var result = new HashSet<SystemAction>();
     DoTransaction(() => { result = PriGetPermissions(u); });
     return result;
 }
示例#6
0
 public HashSet<VotingVenue> GetWorkplaces(User u)
 {
     Contract.Requires(u != null, "Input user must not be null!");
     Contract.Ensures(Contract.Result<HashSet<VotingVenue>>() != null);
     var result = new HashSet<VotingVenue>();
     DoTransaction(() => { result = PriGetWorkplaces(u); });
     return result;
 }
示例#7
0
 /// <summary>
 /// Change this users password to this!
 /// </summary>
 /// <param name="user">The user whose password should be changed</param>
 /// <param name="newPasswordHash">The hash of the new password to use</param>
 /// <returns>Was th attempt succesful?</returns>
 public void ChangePassword(User user, string newPasswordHash)
 {
     Contract.Requires(user != null);
     Contract.Requires(ExistsInDb(user));
     Contract.Requires(newPasswordHash != null);
     DoTransaction(() => PriChangePassword(user, newPasswordHash));
 }
示例#8
0
        private int PriSaveNew(User user)
        {
            Contract.Requires(this.Transacting(), "This method must be performed in a transaction.");
            Contract.Requires(user != null, "Input user must not be null!");
            Contract.Requires(user.DbId == 0, "DbId must be zero when creating");
            Contract.Requires(user.Username != null);
            Contract.Requires(user.Title != null);
            Contract.Requires(user.UserSalt != null);
            Contract.Requires(user.Cpr == null || Citizen.ValidCpr(user.Cpr), "A user must have a valid CPR number or no CPR number");
            Contract.Ensures(LoadUser(Contract.Result<int>()).Equals(user), "All changes must be saved");
            int personId;
            MySqlCommand insertOrUpdatePerson;
            if (user.Cpr != null && PriFindCitizens(new Dictionary<CitizenSearchParam, object>() { }, SearchMatching.Exact).Count > 0)
            {
                insertOrUpdatePerson =
                    Prepare("UPDATE " +
                            "   person " +
                            "SET " +
                            "   name=@name, " +
                            "   address=@address, " +
                            "   place_of_birth=@placeOfBirth, " +
                            "   passport_number=@passportNumber " +
                            "WHERE " +
                            "   cpr=@cpr" +
                            "; " +
                            "" +
                            "SELECT " +
                            "   id " +
                            "FROM " +
                            "   person " +
                            "WHERE " +
                            "   cpr=@cpr;");
            }
            else
            {
                insertOrUpdatePerson = Prepare("INSERT INTO " +
                                               "    person (" +
                                               "        name, " +
                                               "        address, " +
                                               "        place_of_birth," +
                                               "        passport_number," +
                                               "        cpr" +
                                               "    )" +
                                               "VALUES" +
                                               "    (" +
                                               "        @name," +
                                               "        @address," +
                                               "        @placeOfBirth," +
                                               "        @passportNumber," +
                                               "        @cpr" +
                                               "    )" +
                                               ";" +
                                               "" +
                                               "SELECT LAST_INSERT_ID();");
            }
            var personMapping = new Dictionary<string, string>()
                                    {
                                        {"name",user.Name},
                                        {"address",user.Address},
                                        {"placeOfBrith",user.PlaceOfBirth},
                                        {"passportNumber",user.PassportNumber},
                                        {"id",user.PersonDbId.ToString()}
                                    };
            foreach (var kv in personMapping)
            {
                insertOrUpdatePerson.Parameters.AddWithValue("@" + kv.Key, kv.Value);
            }
            personId = Convert.ToInt32(ScalarQuery(insertOrUpdatePerson));

            MySqlCommand insertUser = Prepare(" INSERT INTO" +
                                              "     user (" +
                                              "         user_name," +
                                              "         title," +
                                              "         person_id," +
                                              "         user_salt" +
                                              "     )" +
                                              "VALUES" +
                                              "     (" +
                                              "         @username," +
                                              "         @title," +
                                              "         @personId," +
                                              "         @userSalt" +
                                              "     )" +
                                              ";" +
                                              "" +
                                              "SELECT LAST_INSERT_ID();");
            var userMapping = new Dictionary<string, string>()
            {
                {"username",user.Username},
                {"title",user.Title},
                {"personId",personId.ToString()},
                {"userSalt",user.UserSalt}
            };
            foreach (var kv in userMapping)
            {
                insertUser.Parameters.AddWithValue("@" + kv.Key, kv.Value);
            }
            return Convert.ToInt32(ScalarQuery(insertUser));
        }
 public HashSet<VotingVenue> Workplaces(User u)
 {
     return _dao.GetWorkplaces(u);
 }
示例#10
0
        private void PriSave(User user)
        {
            Contract.Requires(this.Transacting(), "This method must be performed in a transaction.");
            Contract.Requires(user != null, "Input user must not be null!");
            Contract.Requires(user.DbId > 0, "DbId must be larger than zero to update");
            Contract.Requires(PriExistsWithId("user", user.DbId), "DbId must be present in database in order to update anything");
            Contract.Requires(user.Username != null);
            Contract.Requires(user.Title != null);
            Contract.Requires(user.UserSalt != null);
            Contract.Requires(user.PersonDbId > 0, "An existing user must map to a person in the database");
            Contract.Requires(PriExistsWithId("person", user.PersonDbId), "The person for this user must exist in the database");
            Contract.Requires(user.Cpr == null || Citizen.ValidCpr(user.Cpr), "A user must have a valid CPR number or no CPR number");
            Contract.Ensures(LoadUser(user.DbId).Equals(user), "All changes must be saved");

            MySqlCommand updatePerson = Prepare("UPDATE person SET name=@name, address=@address, place_of_birth=@placeOfBirth, passport_number=@passportNumber WHERE id=@id");
            var personMapping = new Dictionary<string, string>()
                                    {
                                        {"name",user.Name},
                                        {"address",user.Address},
                                        {"placeOfBrith",user.PlaceOfBirth},
                                        {"passportNumber",user.PassportNumber},
                                        {"id",user.PersonDbId.ToString()}
                                    };
            foreach (var kv in personMapping)
            {
                updatePerson.Parameters.AddWithValue("@" + kv.Key, kv.Value);
            }
            Execute(updatePerson);

            MySqlCommand updateUser = Prepare("UPDATE user SET user_name=@username, title=@title, user_salt=@userSalt WHERE id=@id");
            var userMapping = new Dictionary<string, string>()
                              {
                                  {"username",user.Username},
                                  {"title",user.Title},
                                  {"userSalt",user.UserSalt},
                                  {"id",user.DbId.ToString()}
                              };
            foreach (var kv in userMapping)
            {
                updateUser.Parameters.AddWithValue("@" + kv.Key, kv.Value);
            }
            Execute(updateUser);
        }
示例#11
0
 private HashSet<VotingVenue> PriGetWorkplaces(User user)
 {
     Contract.Requires(this.Transacting(), "This method must be performed in a transaction.");
     Contract.Requires(user != null, "The input user must not be null!");
     Contract.Ensures(Contract.Result<HashSet<VotingVenue>>() != null);
     var output = new HashSet<VotingVenue>();
     if (user.DbId < 1) return output; //The user CAN not exist in the database...
     MySqlCommand cmd =
         Prepare("SELECT " +
                 "   v.id, " +
                 "   v.address, " +
                 "   v.name " +
                 "FROM " +
                 "   user u " +
                 "   INNER JOIN " +
                 "       workplace w " +
                 "       ON " +
                 "       u.id = w.user_id " +
                 "   INNER JOIN " +
                 "       voting_venue v " +
                 "       ON " +
                 "       v.id = w.voting_venue_id " +
                 "WHERE " +
                 "   u.id=@id");
     cmd.Parameters.AddWithValue("@id", user.DbId);
     Query(cmd, rdr =>
     {
         while (rdr.Read())
         {
             VotingVenue venue = new VotingVenue(
                 rdr.GetInt32("id"),
                 rdr.GetString("name"),
                 rdr.GetString("address"));
             output.Add(venue);
         }
     });
     return output;
 }
示例#12
0
 private User PriLoadUser(int id)
 {
     Contract.Requires(this.Transacting(), "This method must be performed in a transaction.");
     Contract.Requires(PriExistsWithId("user", id), "User must exist in the database to be loaded.");
     Contract.Requires(id > 0, "The input id must be larger than zero.");
     Contract.Ensures(Contract.Result<User>() != null);
     MySqlCommand cmd = Prepare("SELECT * FROM " +
                                "    user u " +
                                "    INNER JOIN " +
                                "        person p " +
                                "    ON " +
                                "        u.person_id=p.id " +
                                "WHERE " +
                                "    u.id=@id");
     cmd.Parameters.AddWithValue("@id", id);
     User u = null;
     Query(cmd, rdr =>
                    {
                        rdr.Read();
                        string cpr = null;
                        DoIfNotDbNull(rdr, "cpr", lbl => { cpr = rdr.GetString(lbl); });
                        u = new User(id, cpr);
                        DoIfNotDbNull(rdr, "name", lbl => { u.Name = rdr.GetString(lbl); });
                        DoIfNotDbNull(rdr, "address", lbl => { u.Address = rdr.GetString(lbl); });
                        DoIfNotDbNull(rdr, "place_of_birth", lbl => { u.PlaceOfBirth = rdr.GetString(lbl); });
                        DoIfNotDbNull(rdr, "passport_number", lbl => { u.PassportNumber = rdr.GetString(lbl); });
                        u.Username = rdr.GetString("user_name");
                        u.Title = rdr.GetString("title");
                        u.UserSalt = rdr.GetString("user_salt");
                    });
     return u;
 }
示例#13
0
 /// <summary>
 /// Save this user with this data!
 /// </summary>
 /// <param name="user">The user to register</param>
 /// <returns>Was the attempt successful?</returns>
 public void Save(User user)
 {
     Contract.Requires(user != null, "Input person must not be null!");
     Contract.Requires(user.DbId >= 0, "DbId must be greater than or equal to zero");
     Contract.Requires(!(user.DbId > 0) || user.PersonDbId > 0, "When updating a user, PersonDbId must be greater than zero.");
     Contract.Requires(user.Cpr == null || Citizen.ValidCpr(user.Cpr), "A user must have a valid CPR number or no CPR number");
     Contract.Requires(!(user.DbId > 0) || this.ExistsInDb(user), "DbId > 0 => UserExists. Eg. if updating, the user to update must exist.");
     Contract.Requires(!(user.DbId > 0) || ExistsInDb(new Person(user.PersonDbId)), "DbId > 0 => userPersonExists. Eg. if updating, the users person to update must exist.");
     Contract.Requires(user.Username != null);
     Contract.Requires(user.Title != null);
     Contract.Requires(user.UserSalt != null);
     if (user.DbId > 0)
     {
         DoTransaction(() => PriSave(user));
     }
     else
     {
         DoTransaction(() => PriSaveNew(user));
     }
 }
示例#14
0
 public static IDataAccessObject GetDAO(User u, string connectionString)
 {
     return new DAOPermissionProxy(u, new DAOMySql(connectionString));
 }
 public bool HasPermissionToUse(User u)
 {
     Contract.Requires(u != null);
     return u.Permissions.IsSupersetOf(_neededPermissions);
 }
 public HashSet<SystemAction> GetPermissions(User u)
 {
     return _dao.GetPermissions(u);
 }
 /// <summary>
 /// Is this user my user?
 /// </summary>
 /// <param name="user"></param>
 /// <returns></returns>
 public bool CorrectUser(User user)
 {
     Contract.Requires(user != null);
     return user.Equals(_user);
 }
 public void ChangePassword(User user, string newPasswordHash)
 {
     Contract.Requires(this.ActionPermitted(SystemAction.ChangeOthersPassword));
     this.TestPermission(SystemAction.ChangeOthersPassword, "You don't have permission to changed users passwords");
     _dao.ChangePassword(user, newPasswordHash);
 }
 private void TestCorrectUser(User user)
 {
     Contract.Requires(user != null);
     if (!this.CorrectUser(user)) throw new PermissionException(_user, "You must be logged as this user");
 }
示例#20
0
 private void PriChangePassword(User user, string newPasswordHash)
 {
     Contract.Requires(Transacting(), "Must be done in a transaction");
     Contract.Requires(user != null);
     Contract.Requires(PriExistsWithId("user", user.DbId));
     Contract.Requires(newPasswordHash != null);
     MySqlCommand updatePassword = Prepare("UPDATE user SET password_hash=@pwdHash WHERE id=@id");
     updatePassword.Parameters.AddWithValue("@pwdHash", newPasswordHash);
     updatePassword.Parameters.AddWithValue("@id", user.DbId);
     Execute(updatePassword);
 }
示例#21
0
 public static void RunApp(User user)
 {
     _currentUser = user;
     if (user != null && user.Validated)
     {
         _mainWindow = new MainWindow();
         new MainWindowController(_mainWindow);
     }
     else
     {
         if (_loginWindow != null)
         {
             _loginWindow.Close();
             _loginWindow = null;
         }
         _loginWindow = new LoginWindow();
         _loginWindow.Closing += (s, e) =>
                                     {
                                         _loginWindow = null;
                                     };
         new LoginController(_loginWindow);
     }
 }
示例#22
0
 private HashSet<SystemAction> PriGetPermissions(User user)
 {
     Contract.Requires(this.Transacting(), "This method must be performed in a transaction.");
     Contract.Requires(user != null, "The input user must not be null!");
     Contract.Ensures(Contract.Result<HashSet<SystemAction>>() != null);
     var output = new HashSet<SystemAction>();
     if (user.DbId < 1) return output; //The user CAN not exist in the database...
     MySqlCommand cmd =
         Prepare("SELECT a.label FROM " +
                 "   action a " +
                 "   INNER JOIN " +
                 "       permission p " +
                 "       ON " +
                 "       a.id = p.action_id " +
                 "WHERE " +
                 "   p.user_id=@id");
     cmd.Parameters.AddWithValue("@id", user.DbId);
     Query(cmd, rdr =>
                    {
                        while (rdr.Read())
                        {
                            SystemAction action = SystemActions.getSystemAction(rdr.GetString(0));
                            output.Add(action);
                        }
                    });
     return output;
 }
 public PermissionException(SystemAction systemAction, User user, string msg = "You don't have permission to perform this SystemAction.")
     : base(msg)
 {
     _systemAction = systemAction;
     _user = user;
 }
示例#24
0
 /// <summary>
 /// Change this users pasword to this!
 /// </summary>
 /// <param name="user">The user whose password should be changed</param>
 /// <param name="newPasswordHash">The hash of the new password to use</param>
 /// <param name="oldPasswordHash">The hash of the old password for this user.</param>
 /// <returns>Was the attempt succesful?</returns>
 public void ChangePassword(User user, string newPasswordHash, string oldPasswordHash)
 {
     Contract.Requires(user != null);
     Contract.Requires(this.ExistsInDb(user));
     Contract.Requires(newPasswordHash != null);
     Contract.Requires(oldPasswordHash != null);
     Contract.Requires(ValidateUser(user.Username, oldPasswordHash));
     if (!ValidateUser(user.Username, oldPasswordHash)) throw new Exception("Wrong password for user \"" + user.Username + "\""); //Make sure that we can't change password with a wrong password..
     DoTransaction(() => PriChangePassword(user, newPasswordHash));
 }
 public PermissionException(User user, string msg = "You don't have permission to do this.")
     : base(msg)
 {
     _user = user;
 }
示例#26
0
 public bool Equals(User other)
 {
     if (ReferenceEquals(null, other))
     {
         return false;
     }
     if (ReferenceEquals(this, other))
     {
         return true;
     }
     return base.Equals(other) && Equals(other._permissions, this._permissions) && Equals(other._workplaces, this._workplaces) && Equals(other.UserSalt, this.UserSalt) && other.Valid.Equals(this.Valid) && other.DbId == this.DbId;
 }
 public void Save(User user)
 {
     Contract.Requires(this.ActionPermitted(SystemAction.SaveUser));
     this.TestPermission(SystemAction.SaveUser, "You don't have permission to save users");
     _dao.Save(user);
 }