/// <summary> /// Checks the given users access to the permissions specified in the given /// access attribute. /// </summary> /// <param name="user">The user</param> /// <param name="access">The attribute</param> private static void CheckAccess(IPrincipal user, Piranha.AccessAttribute access) { if (access != null) { if (!user.HasAccess(access.Function)) { if (!String.IsNullOrEmpty(access.RedirectUrl)) { HttpContext.Current.Response.Redirect(access.RedirectUrl); } else { SysParam param = SysParam.GetByName("LOGIN_PAGE"); if (param != null) { HttpContext.Current.Response.Redirect(param.Value); } else { HttpContext.Current.Response.Redirect("~/"); } } } } }
/* Instructor can view student if he is course admin or if student is member of one of accessable for instructor group */ public bool CanInstructorViewStudent(IPrincipal instructor, string studentId) { if (instructor.HasAccess(CourseRole.CourseAdmin)) { return(true); } var coursesIds = courseManager.GetCourses().Select(c => c.Id).ToList(); var groups = GetAvailableForUserGroups(coursesIds, instructor); var members = GetGroupsMembers(groups.Select(g => g.Id).ToList()); return(members.Select(m => m.UserId).Contains(studentId)); }