/// <summary> /// Determines the applicable roles for <paramref name="session"/>. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="roleList">The list of roles.</param> /// <param name="application">The application, if relevant Defaults to <see langword="null"/>.</param> /// <returns>The applicable roles for <paramref name="session"/>.</returns> private Dictionary<string, string> DetermineRolesForUser(SecureSession session, RoleList roleList, Application application = null) { session = session ?? new SecureSession(); application = application ?? new Application(); Role publicRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.PublicRoleName); Dictionary<string, string> roleDict = publicRole == null ? new Dictionary<string, string>() : new Dictionary<string, string> { { publicRole.Id, publicRole.RoleName } }; string compareTo = this.GetSessionUserId(session); if (application.IsCreatedBy(compareTo)) { Role originatorRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.OriginatorRoleName); if (originatorRole != null) { roleDict.Add(originatorRole.Id, originatorRole.RoleName); } } if (session.AuthenticatedUser == null) { return roleDict; } if (session.AuthenticatedUser.IsAdministrator()) { foreach (var role in roleList) { if (roleDict.ContainsKey(role.Id)) { continue; } roleDict.Add(role.Id, role.RoleName); } return roleDict; } foreach (var userRole in session.AuthenticatedUser.Roles) { if (roleList.Exists(role => role.Id == userRole.Key && role.Enabled)) { roleDict.Add(userRole.Key, userRole.Value); } } if (!string.IsNullOrEmpty(application.AssignedTo) && session.AuthenticatedUser.Id == application.AssignedTo) { Role assigneeRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.AssigneeRoleName); if (assigneeRole != null) { roleDict.Add(assigneeRole.Id, assigneeRole.RoleName); } } return roleDict; }