X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mcs%2Fclass%2FSystem.Web%2FSystem.Web.Security%2FSqlRoleProvider.cs;h=873cea89876f848f021754e10144e1a7a3b2d442;hb=75df74a96c33af7a99e16e4281272f1b67334a48;hp=6d0e458b7e26253bdb176e95f771e219d1240f12;hpb=74c2e813151ef52866b58da63aeeed698b5e67dd;p=mono.git diff --git a/mcs/class/System.Web/System.Web.Security/SqlRoleProvider.cs b/mcs/class/System.Web/System.Web.Security/SqlRoleProvider.cs index 6d0e458b7e2..873cea89876 100644 --- a/mcs/class/System.Web/System.Web.Security/SqlRoleProvider.cs +++ b/mcs/class/System.Web/System.Web.Security/SqlRoleProvider.cs @@ -3,10 +3,10 @@ // // Authors: // Ben Maurer (bmaurer@users.sourceforge.net) +// Chris Toshok (toshok@ximian.com) // // (C) 2003 Ben Maurer -// - +// Copyright (c) 2005,2006 Novell, Inc (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the @@ -29,88 +29,397 @@ // #if NET_2_0 + using System.Collections; using System.Collections.Specialized; -using System.Text; +using System.Data; +using System.Data.Common; +using System.Configuration; +using System.Configuration.Provider; +using System.Web.Configuration; + +namespace System.Web.Security +{ + + public class SqlRoleProvider : RoleProvider + { + + string applicationName; + + ConnectionStringSettings connectionString; + DbProviderFactory factory; + + DbConnection CreateConnection () + { + DbConnection connection = factory.CreateConnection (); + connection.ConnectionString = connectionString.ConnectionString; + + connection.Open (); + return connection; + } + + static void AddParameter (DbCommand command, string parameterName, object parameterValue) + { + AddParameter (command, parameterName, ParameterDirection.Input, parameterValue); + } + + static DbParameter AddParameter (DbCommand command, string parameterName, ParameterDirection direction, object parameterValue) + { + DbParameter dbp = command.CreateParameter (); + dbp.ParameterName = parameterName; + dbp.Value = parameterValue; + dbp.Direction = direction; + command.Parameters.Add (dbp); + return dbp; + } -namespace System.Web.Security { - public class SqlRoleProvider: RoleProvider { - - [MonoTODO] public override void AddUsersToRoles (string [] usernames, string [] rolenames) { - throw new NotImplementedException (); + Hashtable h = new Hashtable (); + + foreach (string u in usernames) { + if (u == null) + throw new ArgumentNullException ("null element in usernames array"); + if (h.ContainsKey (u)) + throw new ArgumentException ("duplicate element in usernames array"); + if (u.Length == 0 || u.Length > 256 || u.IndexOf (",") != -1) + throw new ArgumentException ("element in usernames array in illegal format"); + h.Add (u, u); + } + + h = new Hashtable (); + foreach (string r in rolenames) { + if (r == null) + throw new ArgumentNullException ("null element in rolenames array"); + if (h.ContainsKey (r)) + throw new ArgumentException ("duplicate element in rolenames array"); + if (r.Length == 0 || r.Length > 256 || r.IndexOf (",") != -1) + throw new ArgumentException ("element in rolenames array in illegal format"); + h.Add (r, r); + } + + using (DbConnection connection = CreateConnection ()) { + /* add the user/role combination to dbo.aspnet_UsersInRoles */ + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_UsersInRoles_AddUsersToRoles"; + command.Connection = connection; + command.CommandType = CommandType.StoredProcedure; + + AddParameter (command, "RoleNames", String.Join (",", rolenames)); + AddParameter (command, "UserNames", String.Join (",", usernames)); + AddParameter (command, "ApplicationName", ApplicationName); + AddParameter (command, "CurrentTimeUtc", DateTime.UtcNow); + DbParameter dbpr = AddParameter (command, null, ParameterDirection.ReturnValue, null); + + command.ExecuteNonQuery (); + + int returnValue = (int) dbpr.Value; + if (returnValue == 0) + return; + else if (returnValue == 2) + throw new ProviderException ("One or more of the specified user/role names was not found."); + else if (returnValue == 3) + throw new ProviderException ("One or more of the specified user names is already associated with one or more of the specified role names."); + else + throw new ProviderException ("Failed to create new user/role association."); + } } - - [MonoTODO] + public override void CreateRole (string rolename) { - throw new NotImplementedException (); + if (rolename == null) + throw new ArgumentNullException ("rolename"); + + if (rolename.Length == 0 || rolename.Length > 256 || rolename.IndexOf (",") != -1) + throw new ArgumentException ("rolename is in invalid format"); + + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_Roles_CreateRole"; + command.Connection = connection; + command.CommandType = CommandType.StoredProcedure; + + AddParameter (command, "ApplicationName", ApplicationName); + AddParameter (command, "RoleName", rolename); + DbParameter dbpr = AddParameter (command, null, ParameterDirection.ReturnValue, null); + + command.ExecuteNonQuery (); + int returnValue = (int) dbpr.Value; + + if (returnValue == 1) + throw new ProviderException (rolename + " already exists in the database"); + else + return; + } } - - [MonoTODO] + public override bool DeleteRole (string rolename, bool throwOnPopulatedRole) { - throw new NotImplementedException (); + if (rolename == null) + throw new ArgumentNullException ("rolename"); + + if (rolename.Length == 0 || rolename.Length > 256 || rolename.IndexOf (",") != -1) + throw new ArgumentException ("rolename is in invalid format"); + + using (DbConnection connection = CreateConnection ()) { + + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_Roles_DeleteRole"; + command.Connection = connection; + command.CommandType = CommandType.StoredProcedure; + AddParameter (command, "ApplicationName", ApplicationName); + AddParameter (command, "RoleName", rolename); + AddParameter (command, "DeleteOnlyIfRoleIsEmpty", throwOnPopulatedRole); + DbParameter dbpr = AddParameter (command, null, ParameterDirection.ReturnValue, null); + + command.ExecuteNonQuery (); + int returnValue = (int)dbpr.Value; + + if (returnValue == 0) + return true; + if (returnValue == 1) + return false; //role does not exists + else if (returnValue == 2 && throwOnPopulatedRole) + throw new ProviderException (rolename + " is not empty"); + else + return false; + } } - - [MonoTODO] - public override string[] FindUsersInRole (string roleName, string usernameToMatch) + + public override string [] FindUsersInRole (string roleName, string usernameToMatch) { - throw new NotImplementedException (); + if (roleName == null) + throw new ArgumentNullException ("roleName"); + if (usernameToMatch == null) + throw new ArgumentNullException ("usernameToMatch"); + if (roleName.Length == 0 || roleName.Length > 256 || roleName.IndexOf (",") != -1) + throw new ArgumentException ("roleName is in invalid format"); + if (usernameToMatch.Length == 0 || usernameToMatch.Length > 256) + throw new ArgumentException ("usernameToMatch is in invalid format"); + + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.Connection = connection; + command.CommandText = @"dbo.aspnet_UsersInRoles_FindUsersInRole"; + command.CommandType = CommandType.StoredProcedure; + + AddParameter (command, "ApplicationName", ApplicationName); + AddParameter (command, "RoleName", roleName); + AddParameter (command, "UsernameToMatch", usernameToMatch); + + DbDataReader reader = command.ExecuteReader (); + ArrayList userList = new ArrayList (); + while (reader.Read ()) + userList.Add (reader.GetString (0)); + reader.Close (); + + return (string []) userList.ToArray (typeof (string)); + } } - - [MonoTODO] + public override string [] GetAllRoles () { - throw new NotImplementedException (); + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_Roles_GetAllRoles"; + command.Connection = connection; + + command.CommandType = CommandType.StoredProcedure; + AddParameter (command, "ApplicationName", ApplicationName); + + DbDataReader reader = command.ExecuteReader (); + ArrayList roleList = new ArrayList (); + while (reader.Read ()) + roleList.Add (reader.GetString (0)); + reader.Close (); + + return (string []) roleList.ToArray (typeof (string)); + } } - - [MonoTODO] + public override string [] GetRolesForUser (string username) { - throw new NotImplementedException (); + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_UsersInRoles_GetRolesForUser"; + command.Connection = connection; + + command.CommandType = CommandType.StoredProcedure; + AddParameter (command, "UserName", username); + AddParameter (command, "ApplicationName", ApplicationName); + + DbDataReader reader = command.ExecuteReader (); + ArrayList roleList = new ArrayList (); + while (reader.Read ()) + roleList.Add (reader.GetString (0)); + reader.Close (); + + return (string []) roleList.ToArray (typeof (string)); + } } - - [MonoTODO] + public override string [] GetUsersInRole (string rolename) { - throw new NotImplementedException (); + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_UsersInRoles_GetUsersInRoles"; + command.Connection = connection; + + command.CommandType = CommandType.StoredProcedure; + AddParameter (command, "RoleName", rolename); + AddParameter (command, "ApplicationName", ApplicationName); + + DbDataReader reader = command.ExecuteReader (); + ArrayList userList = new ArrayList (); + while (reader.Read ()) + userList.Add (reader.GetString (0)); + reader.Close (); + + return (string []) userList.ToArray (typeof (string)); + } } - + + string GetStringConfigValue (NameValueCollection config, string name, string def) + { + string rv = def; + string val = config [name]; + if (val != null) + rv = val; + return rv; + } + [MonoTODO] public override void Initialize (string name, NameValueCollection config) { - throw new NotImplementedException (); + if (config == null) + throw new ArgumentNullException ("config"); + + base.Initialize (name, config); + + applicationName = config ["applicationName"]; + string connectionStringName = config ["connectionStringName"]; + + if (applicationName.Length > 256) + throw new ProviderException ("The ApplicationName attribute must be 256 characters long or less."); + if (connectionStringName == null || connectionStringName.Length == 0) + throw new ProviderException ("The ConnectionStringName attribute must be present and non-zero length."); + + // XXX check connectionStringName and commandTimeout + + connectionString = WebConfigurationManager.ConnectionStrings [connectionStringName]; + if (connectionString == null) + throw new ProviderException (String.Format("The connection name '{0}' was not found in the applications configuration or the connection string is empty.", connectionStringName)); + factory = String.IsNullOrEmpty (connectionString.ProviderName) ? + System.Data.SqlClient.SqlClientFactory.Instance : + ProvidersHelper.GetDbProviderFactory (connectionString.ProviderName); } - - [MonoTODO] + public override bool IsUserInRole (string username, string rolename) { - throw new NotImplementedException (); + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_UsersInRoles_IsUserInRole"; + command.Connection = connection; + + command.CommandType = CommandType.StoredProcedure; + AddParameter (command, "RoleName", rolename); + AddParameter (command, "UserName", username); + AddParameter (command, "ApplicationName", ApplicationName); + DbParameter dbpr = AddParameter (command, null, ParameterDirection.ReturnValue, null); + + command.ExecuteNonQuery (); + int returnValue = (int) dbpr.Value; + + if (returnValue == 1) + return true; + + return false; + } } - - [MonoTODO] + public override void RemoveUsersFromRoles (string [] usernames, string [] rolenames) { - throw new NotImplementedException (); + Hashtable h = new Hashtable (); + + foreach (string u in usernames) { + if (u == null) + throw new ArgumentNullException ("null element in usernames array"); + if (h.ContainsKey (u)) + throw new ArgumentException ("duplicate element in usernames array"); + if (u.Length == 0 || u.Length > 256 || u.IndexOf (",") != -1) + throw new ArgumentException ("element in usernames array in illegal format"); + h.Add (u, u); + } + + h = new Hashtable (); + foreach (string r in rolenames) { + if (r == null) + throw new ArgumentNullException ("null element in rolenames array"); + if (h.ContainsKey (r)) + throw new ArgumentException ("duplicate element in rolenames array"); + if (r.Length == 0 || r.Length > 256 || r.IndexOf (",") != -1) + throw new ArgumentException ("element in rolenames array in illegal format"); + h.Add (r, r); + } + + using (DbConnection connection = CreateConnection ()) { + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_UsersInRoles_RemoveUsersFromRoles"; + command.Connection = connection; + command.CommandType = CommandType.StoredProcedure; + + AddParameter (command, "UserNames", String.Join (",", usernames)); + AddParameter (command, "RoleNames", String.Join (",", rolenames)); + AddParameter (command, "ApplicationName", ApplicationName); + DbParameter dbpr = AddParameter (command, null, ParameterDirection.ReturnValue, null); + + command.ExecuteNonQuery (); + int returnValue = (int) dbpr.Value; + + if (returnValue == 0) + return; + else if (returnValue == 1) + throw new ProviderException ("One or more of the specified user names was not found."); + else if (returnValue == 2) + throw new ProviderException ("One or more of the specified role names was not found."); + else if (returnValue == 3) + throw new ProviderException ("One or more of the specified user names is not associated with one or more of the specified role names."); + else + throw new ProviderException ("Failed to remove users from roles"); + } } - - [MonoTODO] + public override bool RoleExists (string rolename) { - throw new NotImplementedException (); - } - - [MonoTODO] - public override string ApplicationName { - get { throw new NotImplementedException (); } - set { throw new NotImplementedException (); } + using (DbConnection connection = CreateConnection ()) { + + DbCommand command = factory.CreateCommand (); + command.CommandText = @"dbo.aspnet_Roles_RoleExists"; + command.Connection = connection; + command.CommandType = CommandType.StoredProcedure; + + AddParameter (command, "ApplicationName", ApplicationName); + AddParameter (command, "RoleName", rolename); + DbParameter dbpr = AddParameter (command, null, ParameterDirection.ReturnValue, null); + + command.ExecuteNonQuery (); + int returnValue = (int) dbpr.Value; + + if (returnValue == 1) + return true; + + return false; + } } - + [MonoTODO] - public virtual string Description { - get { throw new NotImplementedException (); } + public override string ApplicationName + { + get { return applicationName; } + set + { + applicationName = value; + } } } }