/// <summary>
/// Checks the given users access to the permissions specified in the given
/// access attribute.
/// </summary>
/// <param name="user">The user</param>
/// <param name="access">The attribute</param>
private static void CheckAccess(IPrincipal user, Piranha.AccessAttribute access)
{
if (access != null)
{
if (!user.HasAccess(access.Function))
{
if (!String.IsNullOrEmpty(access.RedirectUrl))
{
HttpContext.Current.Response.Redirect(access.RedirectUrl);
}
else
{
SysParam param = SysParam.GetByName("LOGIN_PAGE");
if (param != null)
{
HttpContext.Current.Response.Redirect(param.Value);
}
else
{
HttpContext.Current.Response.Redirect("~/");
}
}
}
}
}
/* Instructor can view student if he is course admin or if student is member of one of accessable for instructor group */
public bool CanInstructorViewStudent(IPrincipal instructor, string studentId)
{
if (instructor.HasAccess(CourseRole.CourseAdmin))
{
return(true);
}
var coursesIds = courseManager.GetCourses().Select(c => c.Id).ToList();
var groups = GetAvailableForUserGroups(coursesIds, instructor);
var members = GetGroupsMembers(groups.Select(g => g.Id).ToList());
return(members.Select(m => m.UserId).Contains(studentId));
}
