void ModelEvents_CheckPermission(object sender, CheckPermissionsEventArgs e)
{
if (e.Cancel)
{
return;
}
if (CurrentUser.RoleID < (int)RolesEnum.Manager || e.EntityName == "UserSetting" || e.EntityName == "User" || e.EntityName == "Incident")
{
e.Cancel = false;
}
else if (CurrentUser.RoleID == (int)RolesEnum.Manager)
{
//if (e.Action != ActionsEnum.Select)
//{
// string[] allowed = new[] { "EmployeePayments", "Expenses" };
// e.Cancel = !allowed.Contains(e.EntitySetName);
//}
//else
//{
// e.Cancel = false;
//}
}
else if (CurrentUser.RoleID == (int)RolesEnum.Employee)
{
if (e.EntityName == "User")
{
User user = e.Entity as User;
e.Cancel = e.Action > ActionsEnum.Edit || e.Action == ActionsEnum.Edit && user.ID != CurrentUser.ID;
}
else if (e.EntityName == "Employee")
{
Employee employee = e.Entity as Employee;
e.Cancel = e.Action > ActionsEnum.Edit || e.Action == ActionsEnum.Edit && employee.ID != CurrentUser.EmployeeID;
}
else if (e.EntityName == "Expense")
{
Expense expense = e.Entity as Expense;
e.Cancel = e.Action != ActionsEnum.Insert && expense.EmployeeID != CurrentUser.EmployeeID;
}
else if (e.EntityName == "Transfer")
{
}
else if (e.EntityName == "ProjectTask")
{
}
else if (e.EntityName == "TaskType")
{
}
else if (e.EntityName == "ProjectDispatch")
{
}
else if (e.EntityName == "ProductDispatch")
{
}
else if (e.EntityName == "ProjectProduct")
{
}
else if (e.EntityName == "ProjectDispatchOrder")
{
}
else if (e.Action == ActionsEnum.Select)
{
string[] allowed = new[] { "Projects", "EmployeePayments", "ExpensePrices", "Wallets", "Products" };
e.Cancel = !allowed.Contains(e.EntitySetName);
}
else
{
e.Cancel = true;
}
}
else if (CurrentUser.RoleID == (int)RolesEnum.Client)
{
if (e.EntityName == "User")
{
User user = e.Entity as User;
e.Cancel = e.Action > ActionsEnum.Edit || e.Action == ActionsEnum.Edit && user.ID != CurrentUser.ID || e.Action == ActionsEnum.Select && user.RoleID > (int)RolesEnum.Manager;
}
else if (e.EntityName == "ProjectTask")
{
ProjectTask it = e.Entity as ProjectTask;
e.Cancel = it.Project.ContractorID != CurrentUser.ContractorID;
}
else if (e.EntityName == "Project")
{
Project it = e.Entity as Project;
e.Cancel = (e.Action == ActionsEnum.Delete && it.CreatorID != CurrentUser.ID) || it.ContractorID != CurrentUser.ContractorID;
}
else if (e.EntityName == "Employee")
{
Employee it = e.Entity as Employee;
e.Cancel = e.Action != ActionsEnum.Select || it.User != null && it.User.RoleID > (int)RolesEnum.Boss;
}
}
else if (CurrentUser.RoleID >= (int)RolesEnum.Watcher)
{
e.Cancel = e.Action != ActionsEnum.Select;
}
}
public ActionResult UploadToTask(int ProjectID, int?TaskID, string TaskName)
{
BuildingEntities db = (BuildingEntities)this.db;
User user = HttpContext.CurrentUser();
if (Request.Files.Count < 1)
{
return(Json(new { Code = 202, Success = false, Message = "No files uploaded!" }));
}
Project project = db.Projects.FirstOrDefault(val => val.ID == ProjectID);
if (project == null)
{
return(Json(new { Code = 202, Success = false, Message = "Project not found!" }));
}
CheckPermissionsEventArgs e = new CheckPermissionsEventArgs(db, "Projects", "Project", project, EntityJs.Client.Events.ActionsEnum.Select);
project.OnCheckPermissions(e);
if (e.Cancel)
{
return(Json(new { Code = 202, Success = false, Message = "You can't operate with this project!" }));
}
ProjectTask task = null;
if (TaskID > 0)
{
task = db.ProjectTasks.FirstOrDefault(val => val.ID == TaskID);
if (task == null)
{
return(Json(new { Code = 202, Success = false, Message = "Task not found!" }));
}
e = new CheckPermissionsEventArgs(db, "ProjectTasks", "ProjectTask", task, EntityJs.Client.Events.ActionsEnum.Edit);
task.OnCheckPermissions(e);
if (e.Cancel)
{
return(Json(new { Code = 202, Success = false, Message = "You can't edit this task!" }));
}
}
int code;
string message;
UploadFileHelper helper = new UploadFileHelper(this.db as BuildingEntities);
Folder folder = helper.GetFolder(project, TaskName, true);
Models.File file = helper.UploadFiles(-1, folder.ID, out code, out message, false);
Models.ProjectFile pfile = file != null?file.ProjectFiles.FirstOrDefault(val => val.ProjectID == ProjectID) : null;
if (pfile != null)
{
pfile.ProjectTask = task;
db.SaveChanges();
}
var data = new { Code = code, Message = message, File = file != null?file.ToJson() : null, ProjectFile = pfile != null?pfile.ToJson() : null };
return(this.Json(data));
}
