public static AjaxCallResult DenyItem(string recordId, string reason)
{
AuthenticationData authData = GetAuthenticationDataAndCulture();
IAttestable attestable = AttestableFromRecordId(recordId);
FinancialAccount budget = attestable.Budget;
if (budget.OrganizationId != authData.CurrentOrganization.Identity ||
(budget.OwnerPersonId != authData.CurrentUser.Identity &&
budget.OwnerPersonId != Person.NobodyId))
{
throw new UnauthorizedAccessException();
}
if (String.IsNullOrEmpty(reason.Trim()))
{
reason = Resources.Global.Global_NoReasonGiven;
}
attestable.DenyAttestation(authData.CurrentUser, reason);
return(new AjaxCallResult {
Success = true
});
}
private static string HandleAttestationDeattestation(string identifier, AttestationMode mode)
{
AuthenticationData authData = GetAuthenticationDataAndCulture();
IAttestable attestableItem = null;
string attestedTemplate = string.Empty;
string deattestedTemplate = string.Empty;
char costType = identifier[0];
int itemId = Int32.Parse(identifier.Substring(1));
Int64 amountCents;
string beneficiary = string.Empty;
string result = string.Empty;
// Find the item we are attesting or deattesting
switch (costType)
{
case 'A': // Case advance
CashAdvance advance = CashAdvance.FromIdentity(itemId);
if (advance.OrganizationId != authData.CurrentOrganization.Identity)
{
throw new InvalidOperationException("Called to attest out-of-org line item");
}
if (advance.Budget.OwnerPersonId != authData.CurrentUser.Identity &&
advance.Budget.OwnerPersonId != Person.NobodyId)
{
throw new SecurityAccessDeniedException("Called without attestation privileges");
}
attestableItem = advance;
attestedTemplate = Resources.Pages.Financial.AttestCosts_AdvanceAttested;
deattestedTemplate = Resources.Pages.Financial.AttestCosts_AdvanceDeattested;
beneficiary = advance.Person.Name;
amountCents = advance.AmountCents;
break;
case 'E': // Expense claim
ExpenseClaim expense = ExpenseClaim.FromIdentity(itemId);
if (expense.OrganizationId != authData.CurrentOrganization.Identity)
{
throw new InvalidOperationException("Called to attest out-of-org line item");
}
if (expense.Budget.OwnerPersonId != authData.CurrentUser.Identity &&
expense.Budget.OwnerPersonId != Person.NobodyId)
{
throw new SecurityAccessDeniedException("Called without attestation privileges");
}
attestableItem = expense;
attestedTemplate = Resources.Pages.Financial.AttestCosts_ExpenseAttested;
deattestedTemplate = Resources.Pages.Financial.AttestCosts_ExpenseDeattested;
beneficiary = expense.Claimer.Name;
amountCents = expense.AmountCents;
break;
case 'I': // Inbound invoice
InboundInvoice invoice = InboundInvoice.FromIdentity(itemId);
if (invoice.OrganizationId != authData.CurrentOrganization.Identity)
{
throw new InvalidOperationException("Called to attest out-of-org line item");
}
if (invoice.Budget.OwnerPersonId != authData.CurrentUser.Identity &&
invoice.Budget.OwnerPersonId != Person.NobodyId)
{
throw new SecurityAccessDeniedException("Called without attestation privileges");
}
attestableItem = invoice;
attestedTemplate = Resources.Pages.Financial.AttestCosts_InvoiceAttested;
deattestedTemplate = Resources.Pages.Financial.AttestCosts_InvoiceDeattested;
beneficiary = invoice.Supplier;
amountCents = invoice.AmountCents;
break;
case 'S': // Salary payout
Salary salary = Salary.FromIdentity(itemId);
if (salary.PayrollItem.OrganizationId != authData.CurrentOrganization.Identity)
{
throw new InvalidOperationException("Called to attest out-of-org line item");
}
if (salary.PayrollItem.Budget.OwnerPersonId != authData.CurrentUser.Identity &&
salary.PayrollItem.Budget.OwnerPersonId != Person.NobodyId)
{
throw new SecurityAccessDeniedException("Called without attestation privileges");
}
attestableItem = salary;
attestedTemplate = Resources.Pages.Financial.AttestCosts_SalaryAttested;
deattestedTemplate = Resources.Pages.Financial.AttestCosts_SalaryDeattested;
beneficiary = salary.PayrollItem.PersonCanonical;
amountCents = salary.GrossSalaryCents;
break;
case 'P': // Parley, aka Conference
Parley parley = Parley.FromIdentity(itemId);
if (parley.OrganizationId != authData.CurrentOrganization.Identity)
{
throw new InvalidOperationException("Called to attest out-of-org line item");
}
if (parley.Budget.OwnerPersonId != authData.CurrentUser.Identity &&
parley.Budget.OwnerPersonId != Person.NobodyId)
{
throw new SecurityAccessDeniedException("Called without attestation privileges");
}
attestableItem = parley;
attestedTemplate = Resources.Pages.Financial.AttestCosts_ParleyAttested;
deattestedTemplate = Resources.Pages.Financial.AttestCosts_ParleyDeattested;
beneficiary = parley.Person.Name;
amountCents = parley.BudgetCents;
break;
default:
throw new InvalidOperationException("Unknown Cost Type in HandleAttestationDeattestation: \"" +
identifier + "\"");
}
// Finally, attest or deattest
if (mode == AttestationMode.Attestation)
{
attestableItem.Attest(authData.CurrentUser);
result = string.Format(attestedTemplate, itemId, beneficiary,
authData.CurrentOrganization.Currency.Code,
amountCents / 100.0);
}
else if (mode == AttestationMode.Deattestation)
{
attestableItem.Deattest(authData.CurrentUser);
result = string.Format(deattestedTemplate, itemId, beneficiary,
authData.CurrentOrganization.Currency.Code,
amountCents / 100.0);
}
else
{
throw new InvalidOperationException("Unknown Attestation Mode: " + mode);
}
return(result);
}
