2 // Mainsoft.Web.Security.DerbyRolesHelper
\r
5 // Vladimir Krasnov (vladimirk@mainsoft.com)
\r
10 // Permission is hereby granted, free of charge, to any person obtaining
\r
11 // a copy of this software and associated documentation files (the
\r
12 // "Software"), to deal in the Software without restriction, including
\r
13 // without limitation the rights to use, copy, modify, merge, publish,
\r
14 // distribute, sublicense, and/or sell copies of the Software, and to
\r
15 // permit persons to whom the Software is furnished to do so, subject to
\r
16 // the following conditions:
\r
18 // The above copyright notice and this permission notice shall be
\r
19 // included in all copies or substantial portions of the Software.
\r
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
\r
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
\r
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
\r
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
\r
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
\r
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
\r
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\r
32 using System.Web.Security;
\r
34 using System.Data.OleDb;
\r
35 using System.Data.Common;
\r
36 using System.Collections.Generic;
\r
39 namespace Mainsoft.Web.Security
\r
41 static class DerbyRolesHelper
\r
43 private static OleDbParameter AddParameter (OleDbCommand command, string paramName, object paramValue)
\r
45 OleDbParameter prm = new OleDbParameter (paramName, paramValue);
\r
46 command.Parameters.Add (prm);
\r
50 public static int Roles_CreateRole (DbConnection connection, string applicationName, string rolename)
\r
52 string appId = (string) DerbyApplicationsHelper.Applications_CreateApplication (connection, applicationName);
\r
56 string querySelect = "SELECT RoleName FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName = ?";
\r
57 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
58 AddParameter (cmdSelect, "ApplicationId", appId);
\r
59 AddParameter (cmdSelect, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
61 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
63 return 2; // role already exists
\r
66 string queryInsert = "INSERT INTO aspnet_Roles (ApplicationId, RoleId, RoleName, LoweredRoleName) VALUES (?, ?, ?, ?)";
\r
67 OleDbCommand cmdInsert = new OleDbCommand (queryInsert, (OleDbConnection) connection);
\r
68 AddParameter (cmdInsert, "ApplicationId", appId);
\r
69 AddParameter (cmdInsert, "RoleId", Guid.NewGuid ().ToString ());
\r
70 AddParameter (cmdInsert, "RoleName", rolename);
\r
71 AddParameter (cmdInsert, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
72 cmdInsert.ExecuteNonQuery ();
\r
77 public static int Roles_DeleteRole (DbConnection connection, string applicationName, string rolename, bool deleteOnlyIfRoleIsEmpty)
\r
79 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
83 string roleId = GetRoleId (connection, appId, rolename);
\r
87 if (deleteOnlyIfRoleIsEmpty) {
\r
88 string querySelect = "SELECT RoleId FROM aspnet_UsersInRoles WHERE RoleId = ?";
\r
89 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
90 AddParameter (cmdSelect, "RoleId", roleId);
\r
91 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
93 // role is not empty
\r
98 string queryDelUsers = "DELETE FROM aspnet_UsersInRoles WHERE RoleId = ?";
\r
99 OleDbCommand cmdDelUsers = new OleDbCommand (queryDelUsers, (OleDbConnection) connection);
\r
100 AddParameter (cmdDelUsers, "RoleId", roleId);
\r
101 cmdDelUsers.ExecuteNonQuery ();
\r
103 string queryDelRole = "DELETE FROM aspnet_Roles WHERE ApplicationId = ? AND RoleId = ? ";
\r
104 OleDbCommand cmdDelRole = new OleDbCommand (queryDelRole, (OleDbConnection) connection);
\r
105 AddParameter (cmdDelRole, "ApplicationId", appId);
\r
106 AddParameter (cmdDelRole, "RoleId", roleId);
\r
107 cmdDelRole.ExecuteNonQuery ();
\r
112 public static int Roles_GetAllRoles (DbConnection connection, string applicationName, out DbDataReader reader)
\r
115 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
119 string querySelect = "SELECT RoleName FROM aspnet_Roles WHERE ApplicationId = ? ORDER BY RoleName";
\r
120 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
121 AddParameter (cmdSelect, "ApplicationId", appId);
\r
122 reader = cmdSelect.ExecuteReader ();
\r
127 public static int Roles_RoleExists (DbConnection connection, string applicationName, string rolename)
\r
129 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
133 string querySelect = "SELECT RoleName FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName = ?";
\r
134 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
135 AddParameter (cmdSelect, "ApplicationId", appId);
\r
136 AddParameter (cmdSelect, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
138 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
139 if (reader.Read ())
\r
145 public static int UsersInRoles_AddUsersToRoles (DbConnection connection, string applicationName, string [] userNames, string [] roleNames, DateTime currentTimeUtc)
\r
147 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
151 string [] userIds = new string [userNames.Length];
\r
152 string [] loweredUsernames = new string [userNames.Length];
\r
153 string [] roleIds = new string [roleNames.Length];
\r
155 string querySelUsers = "SELECT UserId, LoweredUserName FROM aspnet_Users WHERE ApplicationId = ? AND LoweredUserName in " + GetPrms (userNames.Length);
\r
156 OleDbCommand cmdSelUsers = new OleDbCommand (querySelUsers, (OleDbConnection) connection);
\r
157 AddParameter (cmdSelUsers, "ApplicationId", appId);
\r
158 for (int i = 0; i < userNames.Length; i++)
\r
159 AddParameter (cmdSelUsers, "LoweredUserName", userNames [i].ToLowerInvariant ());
\r
162 using (OleDbDataReader reader = cmdSelUsers.ExecuteReader ()) {
\r
163 while (reader.Read ()) {
\r
164 userIds [userIndex] = reader.GetString (0);
\r
165 loweredUsernames [userIndex] = reader.GetString (1);
\r
170 if (userNames.Length != userIndex) {
\r
171 // find not existing users and create them
\r
172 for (int j = 0; j < userNames.Length; j++)
\r
173 if (Array.IndexOf (loweredUsernames, userNames [j].ToLowerInvariant ()) < 0) {
\r
174 string newUserId = Guid.NewGuid ().ToString ();
\r
175 string queryAddUser = "INSERT INTO aspnet_Users (ApplicationId, UserId, UserName, " +
\r
176 "LoweredUserName, IsAnonymous, LastActivityDate) VALUES (?, ?, ?, ?, ?, ?)";
\r
177 OleDbCommand cmdAddUser = new OleDbCommand (queryAddUser, (OleDbConnection) connection);
\r
178 AddParameter (cmdAddUser, "ApplicationId", appId);
\r
179 AddParameter (cmdAddUser, "UserId", newUserId);
\r
180 AddParameter (cmdAddUser, "UserName", userNames [j]);
\r
181 AddParameter (cmdAddUser, "LoweredUserName", userNames [j].ToLowerInvariant ());
\r
182 AddParameter (cmdAddUser, "IsAnonymous", 0);
\r
183 AddParameter (cmdAddUser, "LastActivityDate", DateTime.UtcNow);
\r
184 cmdAddUser.ExecuteNonQuery ();
\r
186 userIds [userIndex++] = newUserId;
\r
191 string querySelRoles = "SELECT RoleId FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName in " + GetPrms (roleNames.Length);
\r
192 OleDbCommand cmdSelRoles = new OleDbCommand (querySelRoles, (OleDbConnection) connection);
\r
193 AddParameter (cmdSelRoles, "ApplicationId", appId);
\r
194 for (int i = 0; i < roleNames.Length; i++)
\r
195 AddParameter (cmdSelRoles, "LoweredRoleName", roleNames [i].ToLowerInvariant ());
\r
197 using (OleDbDataReader reader = cmdSelRoles.ExecuteReader ()) {
\r
199 while (reader.Read ())
\r
200 roleIds [i++] = reader.GetString (0);
\r
202 if (roleNames.Length != i)
\r
203 return 2; // one or more roles not found
\r
206 string querySelCount = "SELECT COUNT(*) FROM aspnet_UsersInRoles WHERE UserId in " + GetPrms (userNames.Length) + " AND RoleId in " + GetPrms (roleNames.Length);
\r
207 OleDbCommand cmdSelCount = new OleDbCommand (querySelCount, (OleDbConnection) connection);
\r
208 foreach (string userId in userIds)
\r
209 AddParameter (cmdSelCount, "UserId", userId);
\r
210 foreach (string roleId in roleIds)
\r
211 AddParameter (cmdSelCount, "RoleId", roleId);
\r
212 using (OleDbDataReader reader = cmdSelCount.ExecuteReader ()) {
\r
213 if (reader.Read ())
\r
214 if (reader.GetInt32 (0) > 0)
\r
218 string valuesExp = string.Empty;
\r
219 int pairs = userNames.Length * roleNames.Length;
\r
220 for (int i = 0; i < pairs; i++)
\r
221 valuesExp += "(?, ?),";
\r
223 string queryInsert = "INSERT INTO aspnet_UsersInRoles (UserId, RoleId) VALUES " + valuesExp.Trim (',');
\r
224 OleDbCommand cmdInsert = new OleDbCommand (queryInsert, (OleDbConnection) connection);
\r
225 foreach (string roleId in roleIds)
\r
226 foreach (string userId in userIds) {
\r
227 AddParameter (cmdInsert, "UserId", userId);
\r
228 AddParameter (cmdInsert, "RoleId", roleId);
\r
231 cmdInsert.ExecuteNonQuery ();
\r
235 public static int UsersInRoles_FindUsersInRole (DbConnection connection, string applicationName, string rolename, string userNameToMatch, out DbDataReader reader)
\r
238 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
242 string roleId = GetRoleId (connection, appId, rolename);
\r
243 if (roleId == null)
\r
246 string querySelect = "SELECT usr.UserName FROM aspnet_Users usr, aspnet_UsersInRoles uir " +
\r
247 "WHERE usr.UserId = uir.UserId AND usr.ApplicationId = ? AND uir.RoleId = ? AND LoweredUserName LIKE ? " +
\r
248 "ORDER BY usr.UserName";
\r
249 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
250 AddParameter (cmdSelect, "ApplicationId", appId);
\r
251 AddParameter (cmdSelect, "RoleId", roleId);
\r
252 AddParameter (cmdSelect, "LoweredUserName", "%" + userNameToMatch.ToLowerInvariant() + "%");
\r
253 reader = cmdSelect.ExecuteReader ();
\r
258 public static int UsersInRoles_GetRolesForUser (DbConnection connection, string applicationName, string username, out DbDataReader reader)
\r
261 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
265 string userId = GetUserId (connection, appId, username);
\r
266 if (userId == null)
\r
269 string querySelect = "SELECT rol.RoleName FROM aspnet_Roles rol, aspnet_UsersInRoles uir " +
\r
270 "WHERE rol.RoleId = uir.RoleId AND rol.ApplicationId = ? AND uir.UserId = ? ORDER BY rol.RoleName";
\r
271 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
272 AddParameter (cmdSelect, "ApplicationId", appId);
\r
273 AddParameter (cmdSelect, "UserId", userId);
\r
274 reader = cmdSelect.ExecuteReader ();
\r
279 public static int UsersInRoles_GetUsersInRoles (DbConnection connection, string applicationName, string rolename, out DbDataReader reader)
\r
282 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
286 string roleId = GetRoleId (connection, appId, rolename);
\r
287 if (roleId == null)
\r
290 string querySelect = "SELECT usr.UserName FROM aspnet_Users usr, aspnet_UsersInRoles uir " +
\r
291 "WHERE usr.UserId = uir.UserId AND usr.ApplicationId = ? AND uir.RoleId = ? ORDER BY usr.UserName";
\r
292 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
293 AddParameter (cmdSelect, "ApplicationId", appId);
\r
294 AddParameter (cmdSelect, "RoleId", roleId);
\r
295 reader = cmdSelect.ExecuteReader ();
\r
300 public static int UsersInRoles_IsUserInRole (DbConnection connection, string applicationName, string username, string rolename)
\r
302 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
306 string userId = GetUserId (connection, appId, username);
\r
307 if (userId == null)
\r
310 string roleId = GetRoleId (connection, appId, rolename);
\r
311 if (roleId == null)
\r
314 string querySelect = "SELECT UserId FROM aspnet_UsersInRoles WHERE UserId = ? AND RoleId = ?";
\r
315 OleDbCommand cmdSelect = new OleDbCommand (querySelect, (OleDbConnection) connection);
\r
316 AddParameter (cmdSelect, "UserId", userId);
\r
317 AddParameter (cmdSelect, "RoleId", roleId);
\r
318 using (OleDbDataReader reader = cmdSelect.ExecuteReader ()) {
\r
319 if (reader.Read ())
\r
325 public static int UsersInRoles_RemoveUsersFromRoles (DbConnection connection, string applicationName, string [] userNames, string [] roleNames)
\r
327 string appId = DerbyApplicationsHelper.GetApplicationId (connection, applicationName);
\r
331 string [] userIds = new string [userNames.Length];
\r
332 string [] roleIds = new string [roleNames.Length];
\r
334 string querySelUsers = "SELECT UserId FROM aspnet_Users WHERE ApplicationId = ? AND LoweredUserName in " + GetPrms (userNames.Length);
\r
335 OleDbCommand cmdSelUsers = new OleDbCommand (querySelUsers, (OleDbConnection) connection);
\r
336 AddParameter (cmdSelUsers, "ApplicationId", appId);
\r
337 for (int i = 0; i < userNames.Length; i++)
\r
338 AddParameter (cmdSelUsers, "LoweredUserName", userNames [i].ToLowerInvariant ());
\r
340 using (OleDbDataReader reader = cmdSelUsers.ExecuteReader ()) {
\r
342 while (reader.Read ())
\r
343 userIds [i++] = reader.GetString (0);
\r
345 if (userNames.Length != i)
\r
346 return 2; // one or more users not found
\r
349 string querySelRoles = "SELECT RoleId FROM aspnet_Roles WHERE ApplicationId = ? AND LoweredRoleName in " + GetPrms (roleNames.Length);
\r
350 OleDbCommand cmdSelRoles = new OleDbCommand (querySelRoles, (OleDbConnection) connection);
\r
351 AddParameter (cmdSelRoles, "ApplicationId", appId);
\r
352 for (int i = 0; i < roleNames.Length; i++)
\r
353 AddParameter (cmdSelRoles, "LoweredRoleName", roleNames [i].ToLowerInvariant ());
\r
355 using (OleDbDataReader reader = cmdSelRoles.ExecuteReader ()) {
\r
357 while (reader.Read ())
\r
358 roleIds [i++] = reader.GetString (0);
\r
360 if (roleNames.Length != i)
\r
361 return 3; // one or more roles not found
\r
364 string querySelCount = "SELECT COUNT(*) FROM aspnet_UsersInRoles WHERE UserId in " + GetPrms (userNames.Length) + " AND RoleId in " + GetPrms (roleNames.Length);
\r
365 OleDbCommand cmdSelCount = new OleDbCommand (querySelCount, (OleDbConnection) connection);
\r
366 foreach (string userId in userIds)
\r
367 AddParameter (cmdSelCount, "UserId", userId);
\r
368 foreach (string roleId in roleIds)
\r
369 AddParameter (cmdSelCount, "RoleId", roleId);
\r
370 using (OleDbDataReader reader = cmdSelCount.ExecuteReader ()) {
\r
371 if (reader.Read ())
\r
372 if (userNames.Length * roleNames.Length > reader.GetInt32 (0))
\r
376 string queryDelete = "DELETE FROM aspnet_UsersInRoles WHERE UserId in " + GetPrms (userNames.Length) + " AND RoleId in " + GetPrms (roleNames.Length);
\r
377 OleDbCommand cmdDelete = new OleDbCommand (queryDelete, (OleDbConnection) connection);
\r
378 foreach (string userId in userIds)
\r
379 AddParameter (cmdDelete, "UserId", userId);
\r
380 foreach (string roleId in roleIds)
\r
381 AddParameter (cmdDelete, "RoleId", roleId);
\r
382 cmdDelete.ExecuteNonQuery ();
\r
387 private static string GetRoleId (DbConnection connection, string applicationId, string rolename)
\r
389 string selectQuery = "SELECT RoleId FROM aspnet_Roles WHERE LoweredRoleName = ? AND ApplicationId = ?";
\r
391 OleDbCommand selectCmd = new OleDbCommand (selectQuery, (OleDbConnection) connection);
\r
392 AddParameter (selectCmd, "LoweredRoleName", rolename.ToLowerInvariant ());
\r
393 AddParameter (selectCmd, "ApplicationId", applicationId);
\r
394 using (OleDbDataReader reader = selectCmd.ExecuteReader ()) {
\r
395 if (reader.Read ())
\r
396 return reader.GetString (0);
\r
402 private static string GetUserId (DbConnection connection, string applicationId, string username)
\r
404 string selectQuery = "SELECT UserId FROM aspnet_Users WHERE LoweredUserName = ? AND ApplicationId = ?";
\r
406 OleDbCommand selectCmd = new OleDbCommand (selectQuery, (OleDbConnection) connection);
\r
407 AddParameter (selectCmd, "LoweredUserName", username.ToLowerInvariant ());
\r
408 AddParameter (selectCmd, "ApplicationId", applicationId);
\r
409 using (OleDbDataReader reader = selectCmd.ExecuteReader ()) {
\r
410 if (reader.Read ())
\r
411 return reader.GetString (0);
\r
417 private static string GetPrms (int n)
\r
419 string exp = string.Empty;
\r
420 for (int i = 0; i < n; i++)
\r
423 exp = "(" + exp.Trim (',') + ")";
\r
projects / mono.git / blob