Ejemplo n.º 1
0
 private static int CheckSpecificValidRoles(Authority authority, RoleType[] roles,
                                            Geography currentGeo, Organization currentOrg,
                                            int thisFound, Flag flags)
 {
     if (authority.HasAnyRoleType(roles))
     {
         //Yes, we have one of the roles
         foreach (RoleType r in roles)
         {
             if (authority.HasRoleType(r) && (Array.IndexOf(RoleTypes.AllLocalRoleTypes, r) > -1))
             {
                 thisFound = authority.HasLocalRoleAtOrganizationGeography(currentOrg, currentGeo, r, flags) ? 1 : thisFound;
             }
             else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllOrganizationalRoleTypes, r) > -1)))
             {
                 thisFound = authority.HasRoleAtOrganization(currentOrg, r, flags) ? 1 : thisFound;
             }
             else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllSystemRoleTypes, r) > -1)))
             {   //System PersonRole
                 thisFound = 1;
             }
             // break if we found one that gives access
             if (thisFound == 1)
             {
                 return(thisFound);
             }
         }
         // if we found one valid it would already have returned; return -1
         thisFound = -1;
     }
     else
     {
         thisFound = -1; //No, we don't have any of the roles
     }
     return(thisFound);
 }
Ejemplo n.º 2
0
        public static People FilterPeopleToMatchAuthority(People people, Authority authority, int gracePeriod)
        {
            // First: If sysadmin, return the whole list uncensored.

            if (IsSystemAdministrator(authority))
            {
                return(people);
            }

            SwarmDb databaseRead = SwarmDb.GetDatabaseForReading();

            if (gracePeriod == -1)
            {
                gracePeriod = Membership.GracePeriod;
            }

            Dictionary <int, List <BasicMembership> > membershipTable =
                databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod);
            Dictionary <int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities);

            Dictionary <int, Person> clearedPeople = new Dictionary <int, Person>();

            // TODO: Add org admin role, able to see previous members that aren't anonymized yet

            // Clear by organization roles

            foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
            {
                Dictionary <int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                foreach (Person person in people)
                {
                    // Is the organization cleared in this officer's role for this to-be-viewed member?

                    if (membershipTable.ContainsKey(person.Identity))
                    {
                        foreach (BasicMembership membership in membershipTable[person.Identity])
                        {
                            if (clearedOrganizations.ContainsKey(membership.OrganizationId)
                                &&
                                authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId,
                                                        person.GeographyId, Flag.Default))
                            {
                                if (membership.Active ||
                                    (membership.Expires > DateTime.Now.AddDays(-gracePeriod) &&
                                     membership.Expires.AddDays(1) > membership.DateTerminated
                                     &&
                                     authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod,
                                                             membership.OrganizationId, person.GeographyId, Flag.Default)))
                                {
                                    clearedPeople[person.Identity] = person;
                                    break;
                                }
                            }
                        }
                    }

                    /* -- commented out. This means "does the current authority have Org Admin privileges over Person"?
                     * else if (CanSeeNonMembers)
                     * { //person isn't member anywhere
                     *  clearedPeople[person.Identity] = person;
                     * }*/
                }
            }


            // Clear by node roles:
            //
            // For each node role, check if each member is in a cleared geography AND a cleared organization.
            // If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z
            // should see only people of those organizations only on those nodes.)


            foreach (BasicPersonRole role in authority.LocalPersonRoles)
            {
                Dictionary <int, BasicGeography> clearedGeographies =
                    GeographyCache.GetGeographyHashtable(role.GeographyId);
                Dictionary <int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                foreach (Person person in people)
                {
                    // Is the node AND the organization cleared in this officer's role for this to-be-viewed member?

                    if (membershipTable.ContainsKey(person.Identity))
                    {
                        foreach (BasicMembership membership in membershipTable[person.Identity])
                        {
                            int organizationClear = 0;
                            int geographyClear    = 0;
                            if (clearedOrganizations.ContainsKey(membership.OrganizationId))
                            {
                                organizationClear = membership.OrganizationId;

                                if (clearedGeographies.ContainsKey(geographyTable[person.Identity]))
                                {
                                    geographyClear = geographyTable[person.Identity];
                                }

                                if (organizationClear > 0 &&
                                    geographyClear > 0
                                    &&
                                    authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear,
                                                            Flag.Default))
                                {
                                    if (membership.Active ||
                                        (membership.Expires > DateTime.Now.AddDays(-gracePeriod) &&
                                         membership.Expires.AddDays(1) > membership.DateTerminated
                                         &&
                                         authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod,
                                                                 membership.OrganizationId, person.GeographyId, Flag.Default)))
                                    {
                                        clearedPeople[person.Identity] = person;
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }


            // End: Assemble an array of the resulting cleared people

            People result = new People();

            foreach (Person clearedPerson in clearedPeople.Values)
            {
                result.Add(clearedPerson);
            }

            return(result);
        }
Ejemplo n.º 3
0
 public static People FilterPeopleToMatchAuthority(People people, Authority authority)
 {
     return(FilterPeopleToMatchAuthority(people, authority, -1));
     // -1 indicates to respect grace period
 }
Ejemplo n.º 4
0
        public static Memberships FilterMembershipsToMatchAuthority(Memberships memberships, Geography personGeography,
                                                                    Authority authority)
        {
            // First: If sysadmin, return the whole list uncensored.

            if (IsSystemAdministrator(authority))
            {
                return(memberships);
            }

            Dictionary <int, Membership> clearedMemberships = new Dictionary <int, Membership>();

            //
            foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
            {
                Dictionary <int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                foreach (Membership membership in memberships)
                {
                    bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);

                    if (organizationClear
                        &&
                        authority.HasPermission(Permission.CanViewMemberships, membership.OrganizationId,
                                                membership.Person.GeographyId, Flag.Default))
                    {
                        clearedMemberships[membership.Identity] = membership;
                    }
                }
            }


            foreach (BasicPersonRole role in authority.LocalPersonRoles)
            {
                Dictionary <int, BasicGeography> clearedGeographies =
                    GeographyCache.GetGeographyHashtable(role.GeographyId);
                Dictionary <int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                bool geographyClear = clearedGeographies.ContainsKey(personGeography.Identity);
                geographyClear = geographyClear &&
                                 authority.HasPermission(Permission.CanViewMemberships, role.OrganizationId,
                                                         personGeography.Identity, Flag.Default);

                if (geographyClear)
                {
                    foreach (Membership membership in memberships)
                    {
                        bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);

                        if (organizationClear)
                        {
                            clearedMemberships[membership.Identity] = membership;
                        }
                    }
                }
            }


            // Assemble the array

            Memberships result = new Memberships();

            foreach (Membership membership in clearedMemberships.Values)
            {
                result.Add(membership);
            }

            return(result);
        }
Ejemplo n.º 5
0
        /// <summary>
        ///     Checks for authorization for a specific activity.
        /// </summary>
        /// <param name="permissionsNeeded">The permissions to allow or disallow.</param>
        /// <param name="organizationId">The organization the activity is applied to.</param>
        /// <param name="geographyId">The node the activity is applied to, or zero for world.</param>
        /// <param name="authority">The authority to test against.</param>
        /// <returns>True if allowed under current authority.</returns>
        public static bool CheckAuthorization(PermissionSet permissionsNeeded, int organizationId, int geoNodeId,
                                              Authority authority, Flag flags)
        {
            if (permissionsNeeded == null)
            {
                return(false);
            }
            Geography currentGeo = null;

            if (geoNodeId > 0)
            {
                try
                {
                    currentGeo = Geography.FromIdentity(geoNodeId);
                }
                catch
                {
                }
            }

            Organization currentOrg = null;

            if (organizationId > 0)
            {
                try
                {
                    currentOrg = Organization.FromIdentity(organizationId);
                }
                catch
                {
                }
            }


            foreach (PermissionSet.Item perm in permissionsNeeded)
            {
                int          thisFound       = 0;
                Geography    innerCurrentGeo = null;
                Organization innerCurrentOrg = null;

                if (perm.geographyId > 0)
                {
                    try
                    {
                        innerCurrentGeo = Geography.FromIdentity(perm.geographyId);
                    }
                    catch
                    {
                    }
                }
                else
                {
                    innerCurrentGeo = currentGeo;
                }

                if (perm.orgId > 0)
                {
                    try
                    {
                        innerCurrentOrg = Organization.FromIdentity(perm.orgId);
                    }
                    catch
                    {
                    }
                }
                else
                {
                    innerCurrentOrg = currentOrg;
                }

                RoleType[] rolesForPerm = {};
                if (PermissonsDict.ContainsKey(perm.perm))
                {
                    rolesForPerm = PermissonsDict[perm.perm];
                }

                if (perm.perm == Permission.CanSeeSelf)
                {
                    thisFound = 1;
                }
                else if (rolesForPerm.Length > 0)
                {
                    thisFound = CheckSpecificValidRoles(authority, rolesForPerm, innerCurrentGeo, innerCurrentOrg,
                                                        thisFound, flags);
                }


                if (permissionsNeeded.NeedOne && thisFound == 1)
                {
                    return(true);
                }
                if (permissionsNeeded.NeedAll && thisFound == -1)
                {
                    return(false);
                }
            }

            //If Need all and not already returned, no false one was found
            if (permissionsNeeded.NeedAll)
            {
                return(true);
            }
            return(false);
        }
Ejemplo n.º 6
0
 public static Authority GetPersonAuthority(int personId)
 {
     return
         (Authority.FromBasic(SwarmDb.GetDatabaseForReading().GetPersonAuthority(Person.FromIdentity(personId))));
 }
Ejemplo n.º 7
0
        public static People FilterPeopleToMatchAuthority (People people, Authority authority, int gracePeriod)
        {
            // First: If sysadmin, return the whole list uncensored.

            if (IsSystemAdministrator(authority))
            {
                return people;
            }

            SwarmDb databaseRead = SwarmDb.GetDatabaseForReading();

            if (gracePeriod == -1)
                gracePeriod = Membership.GracePeriod;

            Dictionary<int, List<BasicMembership>> membershipTable = databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod);
            Dictionary<int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities);

            var clearedPeople = new Dictionary<int, Person>();


            // Clear by organization roles 
            bool CanSeeNonMembers = authority.HasPermission(Permission.CanSeeNonMembers,Organization.PPSEid,-1,Flag.AnyGeographyExactOrganization);

            foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
            {
                Dictionary<int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                foreach (Person person in people)
                {
                    // Is the organization cleared in this officer's role for this to-be-viewed member?

                    if (membershipTable.ContainsKey(person.Identity))
                    {
                        foreach (BasicMembership membership in membershipTable[person.Identity])
                        {
                            if (clearedOrganizations.ContainsKey(membership.OrganizationId)
                                && authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId, person.GeographyId, Flag.Default))
                            {
                                if (membership.Active
                                    || (membership.Expires > DateTime.Now.AddDays(-gracePeriod)
                                        && membership.Expires.AddDays(1) > membership.DateTerminated
                                        && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default)))
                                {
                                    clearedPeople[person.Identity] = person;
                                    break;
                                }
                            }
                        }
                    }
                    else if (CanSeeNonMembers)
                    { //person isn't member anywhere
                        clearedPeople[person.Identity] = person;
                    }
                }
            }


            // Clear by node roles:
            //
            // For each node role, check if each member is in a cleared geography AND a cleared organization.
            // If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z
            // should see only people of those organizations only on those nodes.)


            foreach (BasicPersonRole role in authority.LocalPersonRoles)
            {
                Dictionary<int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId);
                Dictionary<int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                foreach (Person person in people)
                {

                    // Is the node AND the organization cleared in this officer's role for this to-be-viewed member?

                    if (membershipTable.ContainsKey(person.Identity))
                    {
                        foreach (BasicMembership membership in membershipTable[person.Identity])
                        {
                            int organizationClear = 0;
                            int geographyClear = 0;
                            if (clearedOrganizations.ContainsKey(membership.OrganizationId))
                            {
                                organizationClear = membership.OrganizationId;

                                if (clearedGeographies.ContainsKey(geographyTable[person.Identity]))
                                {
                                    geographyClear = geographyTable[person.Identity];
                                }

                                if (organizationClear > 0
                                    && geographyClear > 0
                                    && authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear, Flag.Default))
                                {
                                    if (membership.Active
                                        || (membership.Expires > DateTime.Now.AddDays(-gracePeriod)
                                            && membership.Expires.AddDays(1) > membership.DateTerminated
                                            && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default)))
                                    {
                                        clearedPeople[person.Identity] = person;
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }



            // End: Assemble an array of the resulting cleared people

            var result = new People();

            foreach (Person clearedPerson in clearedPeople.Values)
            {
                result.Add(clearedPerson);
            }

            return result;
        }
Ejemplo n.º 8
0
 public static People FilterPeopleToMatchAuthority (People people, Authority authority)
 {
     return FilterPeopleToMatchAuthority(people, authority, -1);
     // -1 indicates to respect grace period
 }
Ejemplo n.º 9
0
        public static Memberships FilterMembershipsToMatchAuthority (Memberships memberships, Geography personGeography,
                                                                     Authority authority)
        {
            // First: If sysadmin, return the whole list uncensored.

            if (IsSystemAdministrator(authority))
            {
                return memberships;
            }

            var clearedMemberships = new Dictionary<int, Membership>();

            //
            foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
            {
                Dictionary<int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                foreach (Membership membership in memberships)
                {
                    bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);

                    if (organizationClear
                        && authority.HasPermission(Permission.CanViewMemberships, membership.OrganizationId, membership.Person.GeographyId, Flag.Default))
                    {
                        clearedMemberships[membership.Identity] = membership;
                    }
                }
            }


            foreach (BasicPersonRole role in authority.LocalPersonRoles)
            {
                Dictionary<int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId);
                Dictionary<int, BasicOrganization> clearedOrganizations =
                    OrganizationCache.GetOrganizationHashtable(role.OrganizationId);

                bool geographyClear = clearedGeographies.ContainsKey(personGeography.Identity);
                geographyClear = geographyClear && authority.HasPermission(Permission.CanViewMemberships, role.OrganizationId, personGeography.Identity, Flag.Default);

                if (geographyClear)
                {
                    foreach (Membership membership in memberships)
                    {
                        bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);

                        if (organizationClear)
                        {
                            clearedMemberships[membership.Identity] = membership;
                        }
                    }
                }
            }


            // Assemble the array

            var result = new Memberships();

            foreach (Membership membership in clearedMemberships.Values)
            {
                result.Add(membership);
            }

            return result;
        }
Ejemplo n.º 10
0
        private static int CheckSpecificValidRoles (Authority authority, RoleType[] roles,
                                                    Geography currentGeo, Organization currentOrg,
                                                    int thisFound, Flag flags)
        {
            if (authority.HasAnyRoleType(roles))
            {
                //Yes, we have one of the roles
                foreach (RoleType r in roles)
                {
                    if (authority.HasRoleType(r) && (Array.IndexOf(RoleTypes.AllLocalRoleTypes, r) > -1))
                    {
                        thisFound = authority.HasLocalRoleAtOrganizationGeography(currentOrg, currentGeo, r, flags) ? 1 : thisFound;
                    }
                    else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllOrganizationalRoleTypes, r) > -1)))
                    {
                        thisFound = authority.HasRoleAtOrganization(currentOrg, r, flags) ? 1 : thisFound;
                    }
                    else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllSystemRoleTypes, r) > -1)))
                    {   //System PersonRole
                        thisFound = 1;
                    }
                    // break if we found one that gives access
                    if (thisFound == 1)
                        return thisFound;
                }
                // if we found one valid it would already have returned; return -1
                thisFound = -1;
            }
            else
                thisFound = -1; //No, we don't have any of the roles


            return thisFound;
        }
Ejemplo n.º 11
0
        /// <summary>
        /// Checks for authorization for a specific activity.
        /// </summary>
        /// <param name="permissionsNeeded">The permissions to allow or disallow.</param>
        /// <param name="organizationId">The organization the activity is applied to.</param>
        /// <param name="geographyId">The node the activity is applied to, or zero for world.</param>
        /// <param name="authority">The authority to test against.</param>
        /// <returns>True if allowed under current authority.</returns>
        public static bool CheckAuthorization (PermissionSet permissionsNeeded, int organizationId, int geoNodeId, Authority authority, Flag flags)
        {
            if (permissionsNeeded == null)
                return false;
            Geography currentGeo = null;
            if (geoNodeId > 0)
            {
                try { currentGeo = Geography.FromIdentity(geoNodeId); }
                catch { }
            }

            Organization currentOrg = null;
            if (organizationId > 0)
            {
                try { currentOrg = Organization.FromIdentity(organizationId); }
                catch { }
            }


            foreach (PermissionSet.Item perm in permissionsNeeded)
            {
                int thisFound = 0;
                Geography innerCurrentGeo = null;
                Organization innerCurrentOrg = null;

                if (perm.geographyId > 0)
                {
                    try { innerCurrentGeo = Geography.FromIdentity(perm.geographyId); }
                    catch { }
                }
                else
                    innerCurrentGeo = currentGeo;

                if (perm.orgId > 0)
                {
                    try { innerCurrentOrg = Organization.FromIdentity(perm.orgId); }
                    catch { }
                }
                else
                    innerCurrentOrg = currentOrg;

                RoleType[] rolesForPerm = new RoleType[] { };
                if (PermissonsDict.ContainsKey(perm.perm))
                    rolesForPerm = PermissonsDict[perm.perm];

                if (perm.perm == Permission.CanSeeSelf)
                    thisFound = 1;
                else if (rolesForPerm.Length > 0)
                    thisFound = CheckSpecificValidRoles(authority, rolesForPerm, innerCurrentGeo, innerCurrentOrg, thisFound, flags);


                if (permissionsNeeded.NeedOne && thisFound == 1)
                    return true;
                if (permissionsNeeded.NeedAll && thisFound == -1)
                    return false;

            }

            //If Need all and not already returned, no false one was found
            if (permissionsNeeded.NeedAll)
                return true;
            else

                return false;
        }