//TODO Вынести имперсонацию отсюда
public List <WorkflowCommandType> IsAllowedToExecuteCommand(Guid instanceUid,
List <WorkflowCommandType> commandsToCheck)
{
var allowedOperations = new List <WorkflowCommandType>(commandsToCheck.Count);
WorkflowState currentState;
try
{
currentState = WorkflowStateService.GetCurrentState(instanceUid);
}
catch (ArgumentException)
{
return(allowedOperations);
}
WorkflowType workflowType = currentState == null
? WorkflowStateService.TryGetExpectedWorkflowType(instanceUid)
: currentState.Type;
if (workflowType == null)
{
return(allowedOperations);
}
IAuthorizationValidator validator;
try
{
var validatorFactory = new AuthorizationValidatorFactory(workflowType, this);
validator = validatorFactory.CreateValidator();
}
catch (ArgumentException)
{
return(allowedOperations);
}
var identities = GetAllIdentities();
if (AuthorizeAccessAndImpersonateIfNecessary(identities, validator, currentState, instanceUid))
{
allowedOperations.AddRange(commandsToCheck.Where(commandToCheck => validator.IsCommandSupportsInState(currentState, commandToCheck, instanceUid)));
}
//Добавление дополнительных команд специфичных для вф и не привязанных к паре пользователь-состояние
allowedOperations = validator.AddAdditionalCommand(AuthenticationService.GetCurrentIdentity(), identities, currentState, instanceUid, allowedOperations);
return(allowedOperations);
}
public List <WorkflowCommandType> GetListOfAllowedOperations(ApiCommandArgument arg)
{
var allowedOperations = new List <WorkflowCommandType>();
AuthenticationService.Authenticate(arg.SecurityToken);
if (!AuthenticationService.IsAuthenticated())
{
return(allowedOperations);
}
var commandsToCheck = new List <WorkflowCommandType>()
{
WorkflowCommandType.StartProcessing,
WorkflowCommandType.Sighting,
WorkflowCommandType.Denial,
WorkflowCommandType.DenialByTechnicalCauses,
WorkflowCommandType.PostingAccounting,
WorkflowCommandType.CheckStatus,
WorkflowCommandType.SetDenialStatus,
WorkflowCommandType.SetPaidStatus,
WorkflowCommandType.Export
};
allowedOperations = AuthorizationService.IsAllowedToExecuteCommand(arg.InstanceId, commandsToCheck);
if (!SecurityEntityService.CheckTrusteeWithIdIsInRole(AuthenticationService.GetCurrentIdentity().Id, BudgetRole.FullControl))
{
var type = WorkflowStateService.TryGetExpectedWorkflowType(arg.InstanceId);
if (SecurityEntityService.GetAlPermissionsForTrusteeAndworkflow(arg.SecurityToken)
.Count(p => p.LinkedStateToSet != null && p.LinkedStateToSet.Type.Id == type.Id) > 0)
{
allowedOperations.Add(WorkflowCommandType.SetWorkflowState);
}
}
else
{
allowedOperations.Add(WorkflowCommandType.SetWorkflowState);
}
return(allowedOperations);
}
