//TODO Вынести имперсонацию отсюда public List <WorkflowCommandType> IsAllowedToExecuteCommand(Guid instanceUid, List <WorkflowCommandType> commandsToCheck) { var allowedOperations = new List <WorkflowCommandType>(commandsToCheck.Count); WorkflowState currentState; try { currentState = WorkflowStateService.GetCurrentState(instanceUid); } catch (ArgumentException) { return(allowedOperations); } WorkflowType workflowType = currentState == null ? WorkflowStateService.TryGetExpectedWorkflowType(instanceUid) : currentState.Type; if (workflowType == null) { return(allowedOperations); } IAuthorizationValidator validator; try { var validatorFactory = new AuthorizationValidatorFactory(workflowType, this); validator = validatorFactory.CreateValidator(); } catch (ArgumentException) { return(allowedOperations); } var identities = GetAllIdentities(); if (AuthorizeAccessAndImpersonateIfNecessary(identities, validator, currentState, instanceUid)) { allowedOperations.AddRange(commandsToCheck.Where(commandToCheck => validator.IsCommandSupportsInState(currentState, commandToCheck, instanceUid))); } //Добавление дополнительных команд специфичных для вф и не привязанных к паре пользователь-состояние allowedOperations = validator.AddAdditionalCommand(AuthenticationService.GetCurrentIdentity(), identities, currentState, instanceUid, allowedOperations); return(allowedOperations); }
public List <WorkflowCommandType> GetListOfAllowedOperations(ApiCommandArgument arg) { var allowedOperations = new List <WorkflowCommandType>(); AuthenticationService.Authenticate(arg.SecurityToken); if (!AuthenticationService.IsAuthenticated()) { return(allowedOperations); } var commandsToCheck = new List <WorkflowCommandType>() { WorkflowCommandType.StartProcessing, WorkflowCommandType.Sighting, WorkflowCommandType.Denial, WorkflowCommandType.DenialByTechnicalCauses, WorkflowCommandType.PostingAccounting, WorkflowCommandType.CheckStatus, WorkflowCommandType.SetDenialStatus, WorkflowCommandType.SetPaidStatus, WorkflowCommandType.Export }; allowedOperations = AuthorizationService.IsAllowedToExecuteCommand(arg.InstanceId, commandsToCheck); if (!SecurityEntityService.CheckTrusteeWithIdIsInRole(AuthenticationService.GetCurrentIdentity().Id, BudgetRole.FullControl)) { var type = WorkflowStateService.TryGetExpectedWorkflowType(arg.InstanceId); if (SecurityEntityService.GetAlPermissionsForTrusteeAndworkflow(arg.SecurityToken) .Count(p => p.LinkedStateToSet != null && p.LinkedStateToSet.Type.Id == type.Id) > 0) { allowedOperations.Add(WorkflowCommandType.SetWorkflowState); } } else { allowedOperations.Add(WorkflowCommandType.SetWorkflowState); } return(allowedOperations); }