Beispiel #1
0
        /// <summary>
        /// Generate a query for the specified 'filter'.
        /// Returns all properties, even properties that don't belong to the user's agency or sub-agencies.
        /// The results of this query must be 'cleaned' so that only appropriate data is returned to API.
        /// </summary>
        /// <param name="context"></param>
        /// <param name="user"></param>
        /// <param name="filter"></param>
        /// <returns></returns>
        public static IQueryable <Entity.Views.Property> GenerateAllPropertyQuery(this PimsContext context, ClaimsPrincipal user, Entity.Models.AllPropertyFilter filter)
        {
            filter.ThrowIfNull(nameof(filter));
            filter.ThrowIfNull(nameof(user));

            var query = context.GenerateProjectQuery(filter);

            // Only return properties owned by user's agency or sub-agencies.
            if (!filter.IncludeAllProperties)
            {
                var userAgencies = user.GetAgenciesAsNullable();
                query = query.Where(p => userAgencies.Contains(p.AgencyId));
            }

            query = context.GenerateCommonQuery(query, user, filter);

            return(query);
        }
Beispiel #2
0
        /// <summary>
        /// Generate a query for the specified 'filter'.
        /// Only includes properties that belong to the user's agency or sub-agencies.
        /// </summary>
        /// <param name="context"></param>
        /// <param name="user"></param>
        /// <param name="filter"></param>
        /// <returns></returns>
        public static IQueryable <Entity.Views.Property> GenerateQuery(this PimsContext context, ClaimsPrincipal user, Entity.Models.AllPropertyFilter filter)
        {
            filter.ThrowIfNull(nameof(filter));
            filter.ThrowIfNull(nameof(user));

            // Users may only view sensitive properties if they have the `sensitive-view` claim and belong to the owning agency.
            var query = context.GenerateProjectQuery(filter);

            // Users can only view their agency or sub-agency properties.
            var isAdmin = user.HasPermission(Permissions.AdminProperties);

            if (!isAdmin)
            {
                var userAgencies = user.GetAgenciesAsNullable();
                query = query.Where(p => userAgencies.Contains(p.AgencyId));
            }

            query = context.GenerateCommonQuery(query, user, filter);

            return(query);
        }