public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to Edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
            }

            if (contextModelObject.IsProposal())
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Application.GetFieldDefinitionLabelPluralized()} cannot be updated through the {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} Update process."));
            }

            if (!contextModelObject.IsUpdatableViaProjectUpdateProcess)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} is not updatable via the {FieldDefinition.Project.GetFieldDefinitionLabel()} Update process"));
            }

            var projectIsEditableByUser = new ProjectUpdateAdminFeatureWithProjectContext().HasPermission(person, contextModelObject).HasPermission || contextModelObject.IsMyProject(person);

            if (!projectIsEditableByUser)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not editable by you."));
            }

            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #2
0
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            bool isProposal = contextModelObject.IsProposal();

            if (isProposal)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You cannot edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} because it is in the Proposal stage."));
            }

            bool isPending = contextModelObject.IsPendingProject();

            if (isPending)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You cannot edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} because it is a Pending Project."));
            }

            bool isProjectStewardButCannotStewardThisProject = person != null && person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject);
            bool forbidEdit = !HasPermissionByPerson(person) || isProjectStewardButCannotStewardThisProject;

            if (forbidEdit)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
            }

            if (person != null && person.HasRole(Role.ProgramEditor) && !person.CanProgramEditorManageProject(contextModelObject))
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
            }

            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            if (!HasPermissionByPerson(person))
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {contextModelObject.DisplayName}"));
            }

            if (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Approved)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"This {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} has been approved and can no longer be edited through this wizard."));
            }

            if (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Rejected)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"This {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} has been rejected and can no longer be edited through this wizard."));
            }

            var projectIsEditableByUser = contextModelObject.IsEditableToThisPerson(person);

            if (!projectIsEditableByUser)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not editable by you."));
            }

            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #4
0
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            if (!HasPermissionByPerson(person))
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to view {contextModelObject.DisplayName}"));
            }

            if (contextModelObject.IsProposal() && person.IsAnonymousUser)
            {
                // do not allow if user is anonymous and do not show proposals to public
                if (!MultiTenantHelpers.ShowApplicationsToThePublic())
                {
                    return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you."));
                }
                // do not allow if user is anonymous and show proposals to public and stage a stage other than pending
                if (MultiTenantHelpers.ShowApplicationsToThePublic() && contextModelObject.ProjectApprovalStatus != ProjectApprovalStatus.PendingApproval)
                {
                    return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you."));
                }
            }

            // "should only be visible and accessible to the following roles: Program Manager, Admin, Sitka Admin."
            bool projectCanOnlyBeSeenByAdmins   = contextModelObject.ProjectType.LimitVisibilityToAdmin;
            bool personHasLimitedVisibilityRole = person.HasRole(Role.Admin) || person.HasRole(Role.SitkaAdmin) || person.HasRole(Role.ProjectSteward);

            if (projectCanOnlyBeSeenByAdmins && !personHasLimitedVisibilityRole)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you."));
            }

            // Allowed
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, Person contextModelObject)
        {
            if (contextModelObject == null)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult("The Person whose details you are requesting to see doesn't exist."));
            }
            var userHasEditPermission   = new UserEditBasicsFeature().HasPermissionByPerson(person);
            var userHasManagePermission = new ContactManageFeature().HasPermissionByPerson(person);
            var userViewingOwnPage      = person.PersonID == contextModelObject.PersonID;

            #pragma warning disable 612
            var userHasAppropriateRole = HasPermissionByPerson(person);
            #pragma warning restore 612
            if (!userHasAppropriateRole)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don't permissions to view user details. If you aren't logged in, do that and try again."));
            }

            //Only SitkaAdmin users should be able to see other SitkaAdmin users
            if (!person.HasRole(Role.SitkaAdmin) && contextModelObject.HasRole(Role.SitkaAdmin))
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don\'t have permission to view this user."));
            }

            if (userViewingOwnPage || userHasEditPermission || userHasManagePermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don\'t have permission to view this user."));
        }
Beispiel #6
0
        public PermissionCheckResult HasPermission(Person person, Person contextModelObject)
        {
            var hasContactManagePermissions = new ContactManageFeature().HasPermissionByPerson(person);
            var hasAdminPermissions         = new FirmaAdminFeature().HasPermissionByPerson(person);

            if (contextModelObject.PersonID == person.PersonID)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            if (!person.IsFullUser())
            {
                if (hasContactManagePermissions)
                {
                    return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
                }
            }
            else
            {
                if (hasAdminPermissions)
                {
                    return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
                }
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to edit {contextModelObject.FullNameFirstLast}"));
        }
 public PermissionCheckResult HasPermission(Person person, GrantAllocation contextModelObject)
 {
     if (person != null && person.PersonID != Person.AnonymousPersonID && person.HasAnyOfTheseRoles(GrantedRoles))
     {
         return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
     }
     return(PermissionCheckResult.MakeFailurePermissionCheckResult("You are not allowed to add files to Grant Allocations"));
 }
Beispiel #8
0
 public new PermissionCheckResult HasPermission(Person person, Project contextModelObject)
 {
     if (contextModelObject.ProjectStage == ProjectStage.Planned)
     {
         return(PermissionCheckResult.MakeFailurePermissionCheckResult($"Reported {FieldDefinition.PerformanceMeasure.GetFieldDefinitionLabelPluralized()} are not relevant for projects in the Planning/Design stage."));
     }
     return(base.HasPermission(person, contextModelObject));
 }
Beispiel #9
0
 public PermissionCheckResult HasPermission(Person person, FirmaPage contextModelObject)
 {
     if (HasPermissionByPerson(person))
     {
         return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
     }
     return(PermissionCheckResult.MakeFailurePermissionCheckResult("Does not have administration privileges"));
 }
Beispiel #10
0
 public PermissionCheckResult HasPermission(Person person, GrantAllocation contextModelObject)
 {
     if (person != null && person.PersonID != Person.AnonymousPersonID && GrantedRoles.Select(x => x.RoleID).Contains(person.RoleID))
     {
         return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
     }
     return(PermissionCheckResult.MakeFailurePermissionCheckResult("You are not allowed to add files to Grant Allocations"));
 }
Beispiel #11
0
        public PermissionCheckResult HasPermission(Person person, GisUploadAttempt contextModelObject)
        {
            if (contextModelObject.GisUploadAttemptCreatePerson.PersonID == person.PersonID)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit this upload attempt"));
        }
Beispiel #12
0
        public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardPersonnelAndBenefitsLineItem contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete this {FieldDefinition.GrantAllocationAwardPersonnelAndBenefitsLineItem.GetFieldDefinitionLabel()}"));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #13
0
        public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardLandownerCostShareLineItem contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {FieldDefinition.GrantAllocationAwardLandownerCostShare} with ID: {contextModelObject.GrantAllocationAwardLandownerCostShareLineItemID}"));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #14
0
        public PermissionCheckResult HasPermission(Person person, GrantAllocationAward contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.GrantAllocationAwardName}"));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #15
0
        public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardContractorInvoice contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {FieldDefinition.GrantAllocationAwardContractorInvoice} with ID: {contextModelObject.GrantAllocationAwardContractorInvoiceDescription}"));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.DisplayName}"));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, Invoice contextModelObject)
        {
            bool userHasPermission = HasPermissionByPerson(person);

            if (userHasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Invoice {contextModelObject.InvoiceID} - {contextModelObject.InvoiceIdentifyingName}"));
        }
Beispiel #18
0
        public PermissionCheckResult HasPermission(Person person, GrantAllocationFileResource contextModelObject)
        {
            bool userHasPermission = HasPermissionByPerson(person);

            if (userHasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to manage the Grant Allocation file {contextModelObject.DisplayName}"));
        }
        public PermissionCheckResult HasPermission(Person person, Grant contextModelObject)
        {
            bool userHasPermission = HasPermissionByPerson(person);

            if (userHasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Grant {contextModelObject.GrantName}"));
        }
        public PermissionCheckResult HasPermission(Person person, PriorityLandscapeFileResource contextModelObject)
        {
            bool userHasPermission = HasPermissionByPerson(person);

            if (userHasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to manage the {FieldDefinition.PriorityLandscape.FieldDefinitionDisplayName} file {contextModelObject.DisplayName}"));
        }
Beispiel #21
0
        public PermissionCheckResult HasPermission(Person person, GrantModificationNoteInternal contextModelObject)
        {
            bool userHasPermission = HasPermissionByPerson(person);

            if (userHasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Internal Notes on Grant Modification {contextModelObject.GrantModification.GrantModificationName}"));
        }
Beispiel #22
0
        public PermissionCheckResult HasPermission(Person person, Program contextModelObject)
        {
            bool userHasPermission = HasPermissionByPerson(person);

            if (userHasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to { Models.FieldDefinition.Program.GetFieldDefinitionLabel()} {contextModelObject.ProgramName}"));
        }
        public PermissionCheckResult HasPermission(Person person, PerformanceMeasure contextModelObject)
        {
            var hasPermissionByPerson = HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to Edit {FieldDefinition.TaxonomyBranch.GetFieldDefinitionLabelPluralized()} for {MultiTenantHelpers.GetPerformanceMeasureName()} {contextModelObject.PerformanceMeasureDisplayName}"));
            }

            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            var isProjectStewardButCannotStewardThisProject = person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject);
            var forbidAdmin = !HasPermissionByPerson(person) || isProjectStewardButCannotStewardThisProject;

            if (forbidAdmin)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #25
0
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            var possiblePermissionDeniedMessage = $"{Models.FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} is not deletable by you";

            if (new ProjectDeleteFeature().HasPermission(person, contextModelObject).HasPermission)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            bool userHasPermission = contextModelObject.IsMyProject(person) &&
                                     (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Draft || contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Rejected);

            return(PermissionCheckResult.MakeConditionalPermissionCheckResult(userHasPermission, possiblePermissionDeniedMessage));
        }
Beispiel #26
0
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            if (contextModelObject.IsProposal())
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Application.GetFieldDefinitionLabelPluralized()} cannot be updated through the {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} Update process."));
            }

            var forbidAdmin = !HasPermissionByPerson(person) ||
                              person.HasRole(Role.ProjectSteward) &&
                              !person.CanStewardProject(contextModelObject);

            string possiblePermissionDeniedMessage = $"You don't have permission to make Administrative actions on {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}";

            return(PermissionCheckResult.MakeConditionalPermissionCheckResult(!forbidAdmin, possiblePermissionDeniedMessage));
        }
        public PermissionCheckResult HasPermission(Person person, Person contextModelObject)
        {
            var hasPermissionByPerson = new ContactManageFeature().HasPermissionByPerson(person);

            if (!hasPermissionByPerson)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.FullNameFirstLast}"));
            }

            if (contextModelObject.IsFullUser())
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{contextModelObject.FullNameFirstLast} cannot be deleted because they are a user with an account."));
            }
            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
Beispiel #28
0
        public PermissionCheckResult HasPermission(Person person, ProjectDocument contextModelObject)
        {
            var isProjectDocumentStewardButCannotStewardThisProjectDocument = person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject.Project);
            var forbidAdmin = !HasPermissionByPerson(person) || isProjectDocumentStewardButCannotStewardThisProjectDocument;

            if (forbidAdmin)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit documents for {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
            }

            if (contextModelObject.Project.IsProposal() || contextModelObject.Project.IsPendingProject())
            {
                return(new ProjectCreateFeature().HasPermission(person, contextModelObject.Project));
            }

            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
        {
            var projectLabel = FieldDefinition.Project.GetFieldDefinitionLabel();

            if (!HasPermissionByPerson(person))
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to approve this {projectLabel}."));
            }

            if (person.Role.RoleID == Role.ProjectSteward.RoleID &&
                !person.CanStewardProject(contextModelObject))
            {
                var organizationLabel = FieldDefinition.Organization.GetFieldDefinitionLabel();
                return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to approve this {projectLabel} based on your relationship to the {projectLabel}'s {organizationLabel}."));
            }

            return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
        }
        public PermissionCheckResult HasPermission(Person person, CustomPage contextModelObject)
        {
            if (contextModelObject == null)
            {
                return(PermissionCheckResult.MakeFailurePermissionCheckResult("custom page is null/invalid"));
            }

            var isVisible = contextModelObject.CustomPageDisplayType == CustomPageDisplayType.Public ||
                            (!person.IsAnonymousUser &&
                             contextModelObject.CustomPageDisplayType == CustomPageDisplayType.Protected);

            if (isVisible)
            {
                return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
            }

            return(PermissionCheckResult.MakeFailurePermissionCheckResult("Does not have custom page view privileges"));
        }