private static int CheckSpecificValidRoles(Authority authority, RoleType[] roles, Geography currentGeo, Organization currentOrg, int thisFound, Flag flags) { if (authority.HasAnyRoleType(roles)) { //Yes, we have one of the roles foreach (RoleType r in roles) { if (authority.HasRoleType(r) && (Array.IndexOf(RoleTypes.AllLocalRoleTypes, r) > -1)) { thisFound = authority.HasLocalRoleAtOrganizationGeography(currentOrg, currentGeo, r, flags) ? 1 : thisFound; } else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllOrganizationalRoleTypes, r) > -1))) { thisFound = authority.HasRoleAtOrganization(currentOrg, r, flags) ? 1 : thisFound; } else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllSystemRoleTypes, r) > -1))) { //System PersonRole thisFound = 1; } // break if we found one that gives access if (thisFound == 1) { return(thisFound); } } // if we found one valid it would already have returned; return -1 thisFound = -1; } else { thisFound = -1; //No, we don't have any of the roles } return(thisFound); }
public static People FilterPeopleToMatchAuthority(People people, Authority authority, int gracePeriod) { // First: If sysadmin, return the whole list uncensored. if (IsSystemAdministrator(authority)) { return(people); } SwarmDb databaseRead = SwarmDb.GetDatabaseForReading(); if (gracePeriod == -1) { gracePeriod = Membership.GracePeriod; } Dictionary <int, List <BasicMembership> > membershipTable = databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod); Dictionary <int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities); Dictionary <int, Person> clearedPeople = new Dictionary <int, Person>(); // TODO: Add org admin role, able to see previous members that aren't anonymized yet // Clear by organization roles foreach (BasicPersonRole role in authority.OrganizationPersonRoles) { Dictionary <int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Person person in people) { // Is the organization cleared in this officer's role for this to-be-viewed member? if (membershipTable.ContainsKey(person.Identity)) { foreach (BasicMembership membership in membershipTable[person.Identity]) { if (clearedOrganizations.ContainsKey(membership.OrganizationId) && authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId, person.GeographyId, Flag.Default)) { if (membership.Active || (membership.Expires > DateTime.Now.AddDays(-gracePeriod) && membership.Expires.AddDays(1) > membership.DateTerminated && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default))) { clearedPeople[person.Identity] = person; break; } } } } /* -- commented out. This means "does the current authority have Org Admin privileges over Person"? * else if (CanSeeNonMembers) * { //person isn't member anywhere * clearedPeople[person.Identity] = person; * }*/ } } // Clear by node roles: // // For each node role, check if each member is in a cleared geography AND a cleared organization. // If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z // should see only people of those organizations only on those nodes.) foreach (BasicPersonRole role in authority.LocalPersonRoles) { Dictionary <int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId); Dictionary <int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Person person in people) { // Is the node AND the organization cleared in this officer's role for this to-be-viewed member? if (membershipTable.ContainsKey(person.Identity)) { foreach (BasicMembership membership in membershipTable[person.Identity]) { int organizationClear = 0; int geographyClear = 0; if (clearedOrganizations.ContainsKey(membership.OrganizationId)) { organizationClear = membership.OrganizationId; if (clearedGeographies.ContainsKey(geographyTable[person.Identity])) { geographyClear = geographyTable[person.Identity]; } if (organizationClear > 0 && geographyClear > 0 && authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear, Flag.Default)) { if (membership.Active || (membership.Expires > DateTime.Now.AddDays(-gracePeriod) && membership.Expires.AddDays(1) > membership.DateTerminated && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default))) { clearedPeople[person.Identity] = person; break; } } } } } } } // End: Assemble an array of the resulting cleared people People result = new People(); foreach (Person clearedPerson in clearedPeople.Values) { result.Add(clearedPerson); } return(result); }
public static People FilterPeopleToMatchAuthority(People people, Authority authority) { return(FilterPeopleToMatchAuthority(people, authority, -1)); // -1 indicates to respect grace period }
public static Memberships FilterMembershipsToMatchAuthority(Memberships memberships, Geography personGeography, Authority authority) { // First: If sysadmin, return the whole list uncensored. if (IsSystemAdministrator(authority)) { return(memberships); } Dictionary <int, Membership> clearedMemberships = new Dictionary <int, Membership>(); // foreach (BasicPersonRole role in authority.OrganizationPersonRoles) { Dictionary <int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Membership membership in memberships) { bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId); if (organizationClear && authority.HasPermission(Permission.CanViewMemberships, membership.OrganizationId, membership.Person.GeographyId, Flag.Default)) { clearedMemberships[membership.Identity] = membership; } } } foreach (BasicPersonRole role in authority.LocalPersonRoles) { Dictionary <int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId); Dictionary <int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); bool geographyClear = clearedGeographies.ContainsKey(personGeography.Identity); geographyClear = geographyClear && authority.HasPermission(Permission.CanViewMemberships, role.OrganizationId, personGeography.Identity, Flag.Default); if (geographyClear) { foreach (Membership membership in memberships) { bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId); if (organizationClear) { clearedMemberships[membership.Identity] = membership; } } } } // Assemble the array Memberships result = new Memberships(); foreach (Membership membership in clearedMemberships.Values) { result.Add(membership); } return(result); }
/// <summary> /// Checks for authorization for a specific activity. /// </summary> /// <param name="permissionsNeeded">The permissions to allow or disallow.</param> /// <param name="organizationId">The organization the activity is applied to.</param> /// <param name="geographyId">The node the activity is applied to, or zero for world.</param> /// <param name="authority">The authority to test against.</param> /// <returns>True if allowed under current authority.</returns> public static bool CheckAuthorization(PermissionSet permissionsNeeded, int organizationId, int geoNodeId, Authority authority, Flag flags) { if (permissionsNeeded == null) { return(false); } Geography currentGeo = null; if (geoNodeId > 0) { try { currentGeo = Geography.FromIdentity(geoNodeId); } catch { } } Organization currentOrg = null; if (organizationId > 0) { try { currentOrg = Organization.FromIdentity(organizationId); } catch { } } foreach (PermissionSet.Item perm in permissionsNeeded) { int thisFound = 0; Geography innerCurrentGeo = null; Organization innerCurrentOrg = null; if (perm.geographyId > 0) { try { innerCurrentGeo = Geography.FromIdentity(perm.geographyId); } catch { } } else { innerCurrentGeo = currentGeo; } if (perm.orgId > 0) { try { innerCurrentOrg = Organization.FromIdentity(perm.orgId); } catch { } } else { innerCurrentOrg = currentOrg; } RoleType[] rolesForPerm = {}; if (PermissonsDict.ContainsKey(perm.perm)) { rolesForPerm = PermissonsDict[perm.perm]; } if (perm.perm == Permission.CanSeeSelf) { thisFound = 1; } else if (rolesForPerm.Length > 0) { thisFound = CheckSpecificValidRoles(authority, rolesForPerm, innerCurrentGeo, innerCurrentOrg, thisFound, flags); } if (permissionsNeeded.NeedOne && thisFound == 1) { return(true); } if (permissionsNeeded.NeedAll && thisFound == -1) { return(false); } } //If Need all and not already returned, no false one was found if (permissionsNeeded.NeedAll) { return(true); } return(false); }
public static Authority GetPersonAuthority(int personId) { return (Authority.FromBasic(SwarmDb.GetDatabaseForReading().GetPersonAuthority(Person.FromIdentity(personId)))); }
public static People FilterPeopleToMatchAuthority (People people, Authority authority, int gracePeriod) { // First: If sysadmin, return the whole list uncensored. if (IsSystemAdministrator(authority)) { return people; } SwarmDb databaseRead = SwarmDb.GetDatabaseForReading(); if (gracePeriod == -1) gracePeriod = Membership.GracePeriod; Dictionary<int, List<BasicMembership>> membershipTable = databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod); Dictionary<int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities); var clearedPeople = new Dictionary<int, Person>(); // Clear by organization roles bool CanSeeNonMembers = authority.HasPermission(Permission.CanSeeNonMembers,Organization.PPSEid,-1,Flag.AnyGeographyExactOrganization); foreach (BasicPersonRole role in authority.OrganizationPersonRoles) { Dictionary<int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Person person in people) { // Is the organization cleared in this officer's role for this to-be-viewed member? if (membershipTable.ContainsKey(person.Identity)) { foreach (BasicMembership membership in membershipTable[person.Identity]) { if (clearedOrganizations.ContainsKey(membership.OrganizationId) && authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId, person.GeographyId, Flag.Default)) { if (membership.Active || (membership.Expires > DateTime.Now.AddDays(-gracePeriod) && membership.Expires.AddDays(1) > membership.DateTerminated && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default))) { clearedPeople[person.Identity] = person; break; } } } } else if (CanSeeNonMembers) { //person isn't member anywhere clearedPeople[person.Identity] = person; } } } // Clear by node roles: // // For each node role, check if each member is in a cleared geography AND a cleared organization. // If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z // should see only people of those organizations only on those nodes.) foreach (BasicPersonRole role in authority.LocalPersonRoles) { Dictionary<int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId); Dictionary<int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Person person in people) { // Is the node AND the organization cleared in this officer's role for this to-be-viewed member? if (membershipTable.ContainsKey(person.Identity)) { foreach (BasicMembership membership in membershipTable[person.Identity]) { int organizationClear = 0; int geographyClear = 0; if (clearedOrganizations.ContainsKey(membership.OrganizationId)) { organizationClear = membership.OrganizationId; if (clearedGeographies.ContainsKey(geographyTable[person.Identity])) { geographyClear = geographyTable[person.Identity]; } if (organizationClear > 0 && geographyClear > 0 && authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear, Flag.Default)) { if (membership.Active || (membership.Expires > DateTime.Now.AddDays(-gracePeriod) && membership.Expires.AddDays(1) > membership.DateTerminated && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default))) { clearedPeople[person.Identity] = person; break; } } } } } } } // End: Assemble an array of the resulting cleared people var result = new People(); foreach (Person clearedPerson in clearedPeople.Values) { result.Add(clearedPerson); } return result; }
public static People FilterPeopleToMatchAuthority (People people, Authority authority) { return FilterPeopleToMatchAuthority(people, authority, -1); // -1 indicates to respect grace period }
public static Memberships FilterMembershipsToMatchAuthority (Memberships memberships, Geography personGeography, Authority authority) { // First: If sysadmin, return the whole list uncensored. if (IsSystemAdministrator(authority)) { return memberships; } var clearedMemberships = new Dictionary<int, Membership>(); // foreach (BasicPersonRole role in authority.OrganizationPersonRoles) { Dictionary<int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Membership membership in memberships) { bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId); if (organizationClear && authority.HasPermission(Permission.CanViewMemberships, membership.OrganizationId, membership.Person.GeographyId, Flag.Default)) { clearedMemberships[membership.Identity] = membership; } } } foreach (BasicPersonRole role in authority.LocalPersonRoles) { Dictionary<int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId); Dictionary<int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); bool geographyClear = clearedGeographies.ContainsKey(personGeography.Identity); geographyClear = geographyClear && authority.HasPermission(Permission.CanViewMemberships, role.OrganizationId, personGeography.Identity, Flag.Default); if (geographyClear) { foreach (Membership membership in memberships) { bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId); if (organizationClear) { clearedMemberships[membership.Identity] = membership; } } } } // Assemble the array var result = new Memberships(); foreach (Membership membership in clearedMemberships.Values) { result.Add(membership); } return result; }
private static int CheckSpecificValidRoles (Authority authority, RoleType[] roles, Geography currentGeo, Organization currentOrg, int thisFound, Flag flags) { if (authority.HasAnyRoleType(roles)) { //Yes, we have one of the roles foreach (RoleType r in roles) { if (authority.HasRoleType(r) && (Array.IndexOf(RoleTypes.AllLocalRoleTypes, r) > -1)) { thisFound = authority.HasLocalRoleAtOrganizationGeography(currentOrg, currentGeo, r, flags) ? 1 : thisFound; } else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllOrganizationalRoleTypes, r) > -1))) { thisFound = authority.HasRoleAtOrganization(currentOrg, r, flags) ? 1 : thisFound; } else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllSystemRoleTypes, r) > -1))) { //System PersonRole thisFound = 1; } // break if we found one that gives access if (thisFound == 1) return thisFound; } // if we found one valid it would already have returned; return -1 thisFound = -1; } else thisFound = -1; //No, we don't have any of the roles return thisFound; }
/// <summary> /// Checks for authorization for a specific activity. /// </summary> /// <param name="permissionsNeeded">The permissions to allow or disallow.</param> /// <param name="organizationId">The organization the activity is applied to.</param> /// <param name="geographyId">The node the activity is applied to, or zero for world.</param> /// <param name="authority">The authority to test against.</param> /// <returns>True if allowed under current authority.</returns> public static bool CheckAuthorization (PermissionSet permissionsNeeded, int organizationId, int geoNodeId, Authority authority, Flag flags) { if (permissionsNeeded == null) return false; Geography currentGeo = null; if (geoNodeId > 0) { try { currentGeo = Geography.FromIdentity(geoNodeId); } catch { } } Organization currentOrg = null; if (organizationId > 0) { try { currentOrg = Organization.FromIdentity(organizationId); } catch { } } foreach (PermissionSet.Item perm in permissionsNeeded) { int thisFound = 0; Geography innerCurrentGeo = null; Organization innerCurrentOrg = null; if (perm.geographyId > 0) { try { innerCurrentGeo = Geography.FromIdentity(perm.geographyId); } catch { } } else innerCurrentGeo = currentGeo; if (perm.orgId > 0) { try { innerCurrentOrg = Organization.FromIdentity(perm.orgId); } catch { } } else innerCurrentOrg = currentOrg; RoleType[] rolesForPerm = new RoleType[] { }; if (PermissonsDict.ContainsKey(perm.perm)) rolesForPerm = PermissonsDict[perm.perm]; if (perm.perm == Permission.CanSeeSelf) thisFound = 1; else if (rolesForPerm.Length > 0) thisFound = CheckSpecificValidRoles(authority, rolesForPerm, innerCurrentGeo, innerCurrentOrg, thisFound, flags); if (permissionsNeeded.NeedOne && thisFound == 1) return true; if (permissionsNeeded.NeedAll && thisFound == -1) return false; } //If Need all and not already returned, no false one was found if (permissionsNeeded.NeedAll) return true; else return false; }