public bool HasAccess (Access access)
{
if (access == null)
{
return true;
}
// TEMPORARY access control lists
// TODO: Build access control list from org chart, compare against required access
string ids = string.Empty;
if (access.Type == AccessType.Write)
{
ids = access.Organization.Parameters.TemporaryAccessListWrite;
}
else if (access.Type == AccessType.Read)
{
ids = access.Organization.Parameters.TemporaryAccessListWrite + " " + access.Organization.Parameters.TemporaryAccessListRead; // Write access implies read access
}
List<string> resultingPeople = new List<string>();
string[] idStrings = ids.Trim().Replace(" ", " ").Split(' ');
foreach (string idString in idStrings)
{
if (Int32.Parse(idString) == this.Identity)
{
return true;
}
}
return false;
}
/// <summary>
/// Determines if this Authority has a particular Access.
/// </summary>
/// <param name="access">The access desired.</param>
/// <returns>True if access can be granted.</returns>
public bool HasAccess(Access access)
{
if (access == null)
{
throw new ArgumentNullException("access", @"Access cannot be null, but must always be explicitly specified. Specify AccessAspect.Null if null access is desired.");
}
if (access.Aspect == AccessAspect.Null)
{
// Null security (like Dashboard), so return true
return(true);
}
// Check for participant financials
if (access.Aspect == AccessAspect.Financials && access.Type == AccessType.Read)
{
if (access.Organization.ParticipantFinancialsEnabled)
{
// This organization has decided to open its financial reports to all participants. Reselect the access request to "participant" level.
access = new Access(access.Organization, AccessAspect.Participant);
}
}
// Check for Participant access level
if (access.Aspect == AccessAspect.Participant)
{
// Check that a membership (or whatever this org calls it) exists, for this org or a parentline org
if (Person.ParticipatesInOrganizationOrParent(access.Organization))
{
return(true);
}
}
// if Open Ledgers, return true
if ((access.Aspect == AccessAspect.Bookkeeping || access.Aspect == AccessAspect.Financials) &&
access.Type == AccessType.Read && this.Person.Identity == Swarm.Person.OpenLedgersIdentity)
{
return(true);
}
// We're at the end of generic access control - now, check against position assignments
// Check if the person is currently acting at sysadmin level
if (HasSystemAccess(access.Type))
{
return(true);
}
// If system-level access was requested and has not been granted at this point, deny it
if (access.Organization == null)
{
return(false);
}
// Organization-level or geography-level access requested
if (Assignment == null)
{
// No assignment to ask, therefore, no access
return(false);
}
// Ask the current position assignment if it has the requested access
Position currentPosition = Assignment.Position;
currentPosition.AssignGeography(Assignment.Geography);
return(currentPosition.HasAccess(access));
}
