/// <summary>
/// Gets security configurations for the field specified.
/// </summary>
/// <param name="securityContext">The security context.</param>
/// <param name="fieldDefinition">The field definition.</param>
/// <param name="identity">The user identity.</param>
/// <returns>The collection of AggregateSecurityConfig objects.</returns>
public static IList<SecurityConfig> GetSecurityConfigsForField(ISecurityContext securityContext, IBaseFieldDefinition fieldDefinition, IMQ1Identity identity)
{
var result = new HashSet<SecurityConfig>();
if (Utils.CurrentUserHasAdministratorRights)
return new List<SecurityConfig>();
if (securityContext == null || fieldDefinition == null || identity == null)
return new List<SecurityConfig>();
if (AlwaysVisible(fieldDefinition.SystemName))
return new List<SecurityConfig>();
var fieldConfigs = securityContext.GetConfigurationList(fieldDefinition.GetTableName(), fieldDefinition.SystemName);
if (fieldConfigs != null)
{
fieldConfigs = fieldConfigs.Where(x =>
(x.BusinessUnitId == Constants.AllBusinessUnitsId || x.BusinessUnitId == identity.BusinessUnitId) &&
(x.RoleId == Constants.AllRolesId || identity.RolesId.Contains(x.RoleId)) && x.CanView).ToList();
if (!fieldConfigs.Any(c =>
c.StateGuid == Constants.AllStatesGuid &&
c.PersonFieldName == Constants.AllPersonFieldsSystemName))
{
var personsForAllStates =
fieldConfigs.Where(x => x.StateGuid == Constants.AllStatesGuid)
.Select(x => x.PersonFieldName)
.Distinct()
.ToList();
var statesForAllPersons =
fieldConfigs.Where(x => x.PersonFieldName == Constants.AllPersonFieldsSystemName)
.Select(x => x.StateGuid)
.Distinct()
.ToList();
foreach (var config in fieldConfigs)
{
var secConf = new SecurityConfig(
personsForAllStates.Contains(config.PersonFieldName) ? null : config.StateGuid.ToString("D"),
statesForAllPersons.Contains(config.StateGuid) ? null : config.PersonFieldName);
secConf.SetPersonId(identity.PersonId.ToString(CultureInfo.InvariantCulture));
result.Add(secConf);
}
}
}
return result.ToList();
}
/// <summary>
/// Gets the value indicating whether user has chances to read value from the field specified.
/// </summary>
/// <param name="securityContext">The security context.</param>
/// <param name="fieldDefinition">The field definition.</param>
/// <param name="identity">The user identity.</param>
/// <returns><c>true</c> if can calculate aggregates, otherwise <c>false</c>.</returns>
public static bool CanAccessField(ISecurityContext securityContext, IBaseFieldDefinition fieldDefinition, IMQ1Identity identity)
{
if (securityContext == null || fieldDefinition == null || identity == null)
return false;
if (AlwaysVisible(fieldDefinition.SystemName))
return true;
if (Utils.CurrentUserHasAdministratorRights)
return true;
var fieldConfigs = securityContext.GetConfigurationList(fieldDefinition.GetTableName(), fieldDefinition.SystemName);
if (fieldConfigs != null)
{
var matches = fieldConfigs.Where(sc =>
(sc.BusinessUnitId == Constants.AllBusinessUnitsId || sc.BusinessUnitId == identity.BusinessUnitId) &&
(sc.RoleId == Constants.AllRolesId || identity.RolesId.Contains(sc.RoleId))).ToList();
if (matches.Any(x => x.CanView))
return true;
}
return false;
}