public virtual bool HasPermission(PermissionType permission, Guid? scope)
{
if (this.IsAdmin)
{
return true;
}
if (this.IsUser)
{
if (myAuthzs.Any(f => f.Permission == permission && (scope == null || f.Scope == scope)))
{
return true;
}
using (var ctx = storeFactory.Create(this.UserLogin))
{
//// Authorization can be assigned directly to the user.
//if (ctx.Authorization.Any(f => f.Permission == permission && f.Scope == scope && f.UserName == this.UserLogin))
//{
// return true;
//}
FieldInfo fi = permission.GetType().GetField(permission.ToString());
PermissionScopeAttribute[] attributes = (PermissionScopeAttribute[])fi.GetCustomAttributes(typeof(PermissionScopeAttribute), false);
foreach (var attrib in attributes)
{
if (attrib.ScopeType == PermissionScopeType.Organization)
{
var authzdRoles = ctx.Authorization.IncludePaths("Role").Where(f => f.Permission == permission && f.Scope == scope && f.Role != null).ToList();
var me = ctx.Users.IncludePaths("Roles.Role").Single(f => f.Username == this.UserLogin);
var myDirectRoles = me.Roles.Select(f => f.Role).ToList();
// If my direct membership in a role means that I end up being in a role that's got the authorization, then I get the authorization.
if (authzdRoles.Any(f =>
{
RoleKey key = new RoleKey { Name = f.Role.Name, OrgId = f.Scope };
return flattenedRoles.ContainsKey(key) && (from have in myDirectRoles join need in flattenedRoles[key] on have.Id equals need.Id select have).Any();
}))
{
return true;
}
}
else if (attrib.ScopeType == PermissionScopeType.MemberOfOrganization)
{
// Figure out if the user has permissions on a member due to being able to manage an organization to which the user belongs
// Get the member's current org id's
IEnumerable<Guid> orgIds = ctx.Members.Where(f => f.Id == scope.Value).SelectMany(
f => f.Memberships.Select(g => g.OrganizationId)).AsEnumerable();
// If any of the users authorizations are of the given permission on a scope of one of the user's orgs,
// then grant the operation.
if (myAuthzs.Any(f => f.Permission == permission && orgIds.Any(g => g == f.Scope)))
{
return true;
}
}
else if (attrib.ScopeType == PermissionScopeType.Member)
{
if (myAuthzs.Any(f => f.Permission == permission && f.Scope == scope))
{
return true;
}
}
else
{
throw new NotImplementedException("Don't know PermissionScope " + attrib.ScopeType.ToString());
}
}
//Type t = PermissionScopeTypeAttribute.GetScopeType(permission);
//if (t == typeof(Organization))
//{
// var me = ctx.Users.IncludePaths("Roles.Role").Single(f => f.Username == this.UserLogin);
// var myDirectRoles = me.Roles.Select(f => f.Role).ToList();
// // If my direct membership in a role means that I end up being in a role that's got the authorization, then I get the authorization.
// if (authzdRoles.Any(f =>
// {
// RoleKey key = new RoleKey { Name = f.Role.Name, OrgId = f.Scope };
// return flattenedRoles.ContainsKey(key) && (from have in myDirectRoles join need in flattenedRoles[key] on have.Id equals need.Id select have).Any();
// }))
// {
// return true;
// }
//}
}
}
return false;
}
