2 // Mainsoft.Web.Security.DerbyRolesHelper
\r
5 // Vladimir Krasnov (vladimirk@mainsoft.com)
\r
10 // Permission is hereby granted, free of charge, to any person obtaining
\r
11 // a copy of this software and associated documentation files (the
\r
12 // "Software"), to deal in the Software without restriction, including
\r
13 // without limitation the rights to use, copy, modify, merge, publish,
\r
14 // distribute, sublicense, and/or sell copies of the Software, and to
\r
15 // permit persons to whom the Software is furnished to do so, subject to
\r
16 // the following conditions:
\r
18 // The above copyright notice and this permission notice shall be
\r
19 // included in all copies or substantial portions of the Software.
\r
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
\r
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
\r
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
\r
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
\r
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
\r
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
\r
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\r
33 using System.Web.Security;
\r
35 using System.Data.OleDb;
\r
36 using System.Data.Common;
\r
37 using System.Collections.Generic;
\r
40 namespace Mainsoft.Web.Security
\r
42 static class DerbyRolesHelper
\r
44 private static OleDbParameter AddParameter (OleDbCommand command, string paramName, object paramValue)
\r
46 OleDbParameter prm = new OleDbParameter (paramName, paramValue);
\r
47 command.Parameters.Add (prm);
\r
51 public static int Roles_CreateRole (DbConnection connection, string applicationName, string rolename)
\r
53 string appId = (string) DerbyApplicationsHelper.Applications_CreateApplication (connection, applicationName);
\r
57 string querySelect = "SELECT RoleName FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName = ?";
\r
58 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
59 AddParameter (cmdSelect, "ApplicationId", appId);
\r
60 AddParameter (cmdSelect, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
62 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
64 return 2; // role already exists
\r
67 string queryInsert = "INSERT INTO aspnet_Roles (ApplicationId, RoleId, RoleName, LoweredRoleName) VALUES (?, ?, ?, ?)";
\r
68 OleDbCommand cmdInsert = new OleDbCommand (queryInsert, (OleDbConnection) connection);
\r
69 AddParameter (cmdInsert, "ApplicationId", appId);
\r
70 AddParameter (cmdInsert, "RoleId", Guid.NewGuid ().ToString ());
\r
71 AddParameter (cmdInsert, "RoleName", rolename);
\r
72 AddParameter (cmdInsert, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
73 cmdInsert.ExecuteNonQuery ();
\r
78 public static int Roles_DeleteRole (DbConnection connection, string applicationName, string rolename, bool deleteOnlyIfRoleIsEmpty)
\r
80 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
84 string roleId = GetRoleId (connection, appId, rolename);
\r
88 if (deleteOnlyIfRoleIsEmpty) {
\r
89 string querySelect = "SELECT RoleId FROM aspnet_UsersInRoles WHERE RoleId = ?";
\r
90 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
91 AddParameter (cmdSelect, "RoleId", roleId);
\r
92 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
94 // role is not empty
\r
99 string queryDelUsers = "DELETE FROM aspnet_UsersInRoles WHERE RoleId = ?";
\r
100 OleDbCommand cmdDelUsers = new OleDbCommand (queryDelUsers, (OleDbConnection) connection);
\r
101 AddParameter (cmdDelUsers, "RoleId", roleId);
\r
102 cmdDelUsers.ExecuteNonQuery ();
\r
104 string queryDelRole = "DELETE FROM aspnet_Roles WHERE ApplicationId = ? AND RoleId = ? ";
\r
105 OleDbCommand cmdDelRole = new OleDbCommand (queryDelRole, (OleDbConnection) connection);
\r
106 AddParameter (cmdDelRole, "ApplicationId", appId);
\r
107 AddParameter (cmdDelRole, "RoleId", roleId);
\r
108 cmdDelRole.ExecuteNonQuery ();
\r
113 public static int Roles_GetAllRoles (DbConnection connection, string applicationName, out DbDataReader reader)
\r
116 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
120 string querySelect = "SELECT RoleName FROM aspnet_Roles WHERE ApplicationId = ? ORDER BY RoleName";
\r
121 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
122 AddParameter (cmdSelect, "ApplicationId", appId);
\r
123 reader = cmdSelect.ExecuteReader ();
\r
128 public static int Roles_RoleExists (DbConnection connection, string applicationName, string rolename)
\r
130 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
134 string querySelect = "SELECT RoleName FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName = ?";
\r
135 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
136 AddParameter (cmdSelect, "ApplicationId", appId);
\r
137 AddParameter (cmdSelect, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
139 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
140 if (reader.Read ())
\r
146 public static int UsersInRoles_AddUsersToRoles (DbConnection connection, string applicationName, string [] userNames, string [] roleNames, DateTime currentTimeUtc)
\r
148 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
152 string [] userIds = new string [userNames.Length];
\r
153 string [] loweredUsernames = new string [userNames.Length];
\r
154 string [] roleIds = new string [roleNames.Length];
\r
156 string querySelUsers = "SELECT UserId, LoweredUserName FROM aspnet_Users WHERE ApplicationId = ? AND LoweredUserName in " + GetPrms (userNames.Length);
\r
157 OleDbCommand cmdSelUsers = new OleDbCommand (querySelUsers, (OleDbConnection) connection);
\r
158 AddParameter (cmdSelUsers, "ApplicationId", appId);
\r
159 for (int i = 0; i < userNames.Length; i++)
\r
160 AddParameter (cmdSelUsers, "LoweredUserName", userNames [i].ToLowerInvariant ());
\r
163 using (OleDbDataReader reader = cmdSelUsers.ExecuteReader ()) {
\r
164 while (reader.Read ()) {
\r
165 userIds [userIndex] = reader.GetString (0);
\r
166 loweredUsernames [userIndex] = reader.GetString (1);
\r
171 if (userNames.Length != userIndex) {
\r
172 // find not existing users and create them
\r
173 for (int j = 0; j < userNames.Length; j++)
\r
174 if (Array.IndexOf (loweredUsernames, userNames [j].ToLowerInvariant ()) < 0) {
\r
175 string newUserId = Guid.NewGuid ().ToString ();
\r
176 string queryAddUser = "INSERT INTO aspnet_Users (ApplicationId, UserId, UserName, " +
\r
177 "LoweredUserName, IsAnonymous, LastActivityDate) VALUES (?, ?, ?, ?, ?, ?)";
\r
178 OleDbCommand cmdAddUser = new OleDbCommand (queryAddUser, (OleDbConnection) connection);
\r
179 AddParameter (cmdAddUser, "ApplicationId", appId);
\r
180 AddParameter (cmdAddUser, "UserId", newUserId);
\r
181 AddParameter (cmdAddUser, "UserName", userNames [j]);
\r
182 AddParameter (cmdAddUser, "LoweredUserName", userNames [j].ToLowerInvariant ());
\r
183 AddParameter (cmdAddUser, "IsAnonymous", 0);
\r
184 AddParameter (cmdAddUser, "LastActivityDate", DateTime.UtcNow);
\r
185 cmdAddUser.ExecuteNonQuery ();
\r
187 userIds [userIndex++] = newUserId;
\r
192 string querySelRoles = "SELECT RoleId FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName in " + GetPrms (roleNames.Length);
\r
193 OleDbCommand cmdSelRoles = new OleDbCommand (querySelRoles, (OleDbConnection) connection);
\r
194 AddParameter (cmdSelRoles, "ApplicationId", appId);
\r
195 for (int i = 0; i < roleNames.Length; i++)
\r
196 AddParameter (cmdSelRoles, "LoweredRoleName", roleNames [i].ToLowerInvariant ());
\r
198 using (OleDbDataReader reader = cmdSelRoles.ExecuteReader ()) {
\r
200 while (reader.Read ())
\r
201 roleIds [i++] = reader.GetString (0);
\r
203 if (roleNames.Length != i)
\r
204 return 2; // one or more roles not found
\r
207 string querySelCount = "SELECT COUNT(*) FROM aspnet_UsersInRoles WHERE UserId in " + GetPrms (userNames.Length) + " AND RoleId in " + GetPrms (roleNames.Length);
\r
208 OleDbCommand cmdSelCount = new OleDbCommand (querySelCount, (OleDbConnection) connection);
\r
209 foreach (string userId in userIds)
\r
210 AddParameter (cmdSelCount, "UserId", userId);
\r
211 foreach (string roleId in roleIds)
\r
212 AddParameter (cmdSelCount, "RoleId", roleId);
\r
213 using (OleDbDataReader reader = cmdSelCount.ExecuteReader ()) {
\r
214 if (reader.Read ())
\r
215 if (reader.GetInt32 (0) > 0)
\r
219 string valuesExp = string.Empty;
\r
220 int pairs = userNames.Length * roleNames.Length;
\r
221 for (int i = 0; i < pairs; i++)
\r
222 valuesExp += "(?, ?),";
\r
224 string queryInsert = "INSERT INTO aspnet_UsersInRoles (UserId, RoleId) VALUES " + valuesExp.Trim (',');
\r
225 OleDbCommand cmdInsert = new OleDbCommand (queryInsert, (OleDbConnection) connection);
\r
226 foreach (string roleId in roleIds)
\r
227 foreach (string userId in userIds) {
\r
228 AddParameter (cmdInsert, "UserId", userId);
\r
229 AddParameter (cmdInsert, "RoleId", roleId);
\r
232 cmdInsert.ExecuteNonQuery ();
\r
236 public static int UsersInRoles_FindUsersInRole (DbConnection connection, string applicationName, string rolename, string userNameToMatch, out DbDataReader reader)
\r
239 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
243 string roleId = GetRoleId (connection, appId, rolename);
\r
244 if (roleId == null)
\r
247 string querySelect = "SELECT usr.UserName FROM aspnet_Users usr, aspnet_UsersInRoles uir " +
248 "WHERE usr.UserId = uir.UserId AND usr.ApplicationId = ? AND uir.RoleId = ? AND LoweredUserName LIKE ? " +
249 "ORDER BY usr.UserName";
\r
250 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
251 AddParameter (cmdSelect, "ApplicationId", appId);
\r
252 AddParameter (cmdSelect, "RoleId", roleId);
\r
253 AddParameter (cmdSelect, "LoweredUserName", "%" + userNameToMatch.ToLowerInvariant() + "%");
\r
254 reader = cmdSelect.ExecuteReader ();
\r
259 public static int UsersInRoles_GetRolesForUser (DbConnection connection, string applicationName, string username, out DbDataReader reader)
\r
262 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
266 string userId = GetUserId (connection, appId, username);
\r
267 if (userId == null)
\r
270 string querySelect = "SELECT rol.RoleName FROM aspnet_Roles rol, aspnet_UsersInRoles uir " +
\r
271 "WHERE rol.RoleId = uir.RoleId AND rol.ApplicationId = ? AND uir.UserId = ? ORDER BY rol.RoleName";
\r
272 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
273 AddParameter (cmdSelect, "ApplicationId", appId);
\r
274 AddParameter (cmdSelect, "UserId", userId);
\r
275 reader = cmdSelect.ExecuteReader ();
\r
280 public static int UsersInRoles_GetUsersInRoles (DbConnection connection, string applicationName, string rolename, out DbDataReader reader)
\r
283 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
287 string roleId = GetRoleId (connection, appId, rolename);
\r
288 if (roleId == null)
\r
291 string querySelect = "SELECT usr.UserName FROM aspnet_Users usr, aspnet_UsersInRoles uir " +
\r
292 "WHERE usr.UserId = uir.UserId AND usr.ApplicationId = ? AND uir.RoleId = ? ORDER BY usr.UserName";
\r
293 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
294 AddParameter (cmdSelect, "ApplicationId", appId);
\r
295 AddParameter (cmdSelect, "RoleId", roleId);
\r
296 reader = cmdSelect.ExecuteReader ();
\r
301 public static int UsersInRoles_IsUserInRole (DbConnection connection, string applicationName, string username, string rolename)
\r
303 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
307 string userId = GetUserId (connection, appId, username);
\r
308 if (userId == null)
\r
311 string roleId = GetRoleId (connection, appId, rolename);
\r
312 if (roleId == null)
\r
315 string querySelect = "SELECT UserId FROM aspnet_UsersInRoles WHERE UserId = ? AND RoleId = ?";
\r
316 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
317 AddParameter (cmdSelect, "UserId", userId);
\r
318 AddParameter (cmdSelect, "RoleId", roleId);
\r
319 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
320 if (reader.Read ())
\r
326 public static int UsersInRoles_RemoveUsersFromRoles (DbConnection connection, string applicationName, string [] userNames, string [] roleNames)
\r
328 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
332 string [] userIds = new string [userNames.Length];
\r
333 string [] roleIds = new string [roleNames.Length];
\r
335 string querySelUsers = "SELECT UserId FROM aspnet_Users WHERE ApplicationId = ? AND LoweredUserName in " + GetPrms (userNames.Length);
\r
336 OleDbCommand cmdSelUsers = new OleDbCommand (querySelUsers, (OleDbConnection) connection);
\r
337 AddParameter (cmdSelUsers, "ApplicationId", appId);
\r
338 for (int i = 0; i < userNames.Length; i++)
\r
339 AddParameter (cmdSelUsers, "LoweredUserName", userNames [i].ToLowerInvariant ());
\r
341 using (OleDbDataReader reader = cmdSelUsers.ExecuteReader ()) {
\r
343 while (reader.Read ())
\r
344 userIds [i++] = reader.GetString (0);
\r
346 if (userNames.Length != i)
\r
347 return 2; // one or more users not found
\r
350 string querySelRoles = "SELECT RoleId FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName in " + GetPrms (roleNames.Length);
\r
351 OleDbCommand cmdSelRoles = new OleDbCommand (querySelRoles, (OleDbConnection) connection);
\r
352 AddParameter (cmdSelRoles, "ApplicationId", appId);
\r
353 for (int i = 0; i < roleNames.Length; i++)
\r
354 AddParameter (cmdSelRoles, "LoweredRoleName", roleNames [i].ToLowerInvariant ());
\r
356 using (OleDbDataReader reader = cmdSelRoles.ExecuteReader ()) {
\r
358 while (reader.Read ())
\r
359 roleIds [i++] = reader.GetString (0);
\r
361 if (roleNames.Length != i)
\r
362 return 3; // one or more roles not found
\r
365 string querySelCount = "SELECT COUNT(*) FROM aspnet_UsersInRoles WHERE UserId in " + GetPrms (userNames.Length) + " AND RoleId in " + GetPrms (roleNames.Length);
\r
366 OleDbCommand cmdSelCount = new OleDbCommand (querySelCount, (OleDbConnection) connection);
\r
367 foreach (string userId in userIds)
\r
368 AddParameter (cmdSelCount, "UserId", userId);
\r
369 foreach (string roleId in roleIds)
\r
370 AddParameter (cmdSelCount, "RoleId", roleId);
\r
371 using (OleDbDataReader reader = cmdSelCount.ExecuteReader ()) {
\r
372 if (reader.Read ())
\r
373 if (userNames.Length * roleNames.Length > reader.GetInt32 (0))
\r
377 string queryDelete = "DELETE FROM aspnet_UsersInRoles WHERE UserId in " + GetPrms (userNames.Length) + " AND RoleId in " + GetPrms (roleNames.Length);
\r
378 OleDbCommand cmdDelete = new OleDbCommand (queryDelete, (OleDbConnection) connection);
\r
379 foreach (string userId in userIds)
\r
380 AddParameter (cmdDelete, "UserId", userId);
\r
381 foreach (string roleId in roleIds)
\r
382 AddParameter (cmdDelete, "RoleId", roleId);
\r
383 cmdDelete.ExecuteNonQuery ();
\r
388 private static string GetRoleId (DbConnection connection, string applicationId, string rolename)
\r
390 string selectQuery = "SELECT RoleId FROM aspnet_Roles WHERE LoweredRoleName = ? AND ApplicationId = ?";
\r
392 OleDbCommand selectCmd = new OleDbCommand (selectQuery, (OleDbConnection) connection);
\r
393 AddParameter (selectCmd, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
394 AddParameter (selectCmd, "ApplicationId", applicationId);
\r
395 using (OleDbDataReader reader = selectCmd.ExecuteReader ()) {
\r
396 if (reader.Read ())
\r
397 return reader.GetString (0);
\r
403 private static string GetUserId (DbConnection connection, string applicationId, string username)
\r
405 string selectQuery = "SELECT UserId FROM aspnet_Users WHERE LoweredUserName = ? AND ApplicationId = ?";
\r
407 OleDbCommand selectCmd = new OleDbCommand (selectQuery, (OleDbConnection) connection);
\r
408 AddParameter (selectCmd, "LoweredUserName", username.ToLowerInvariant ());
\r
409 AddParameter (selectCmd, "ApplicationId", applicationId);
\r
410 using (OleDbDataReader reader = selectCmd.ExecuteReader ()) {
\r
411 if (reader.Read ())
\r
412 return reader.GetString (0);
\r
418 private static string GetPrms (int n)
\r
420 string exp = string.Empty;
\r
421 for (int i = 0; i < n; i++)
\r
424 exp = "(" + exp.Trim (',') + ")";
\r