/// <summary> /// Checks whether the current user has access to worklists owned by the specified worklist owner. /// </summary> /// <param name="owner"></param> /// <remarks>Throws a RequestValidationException if the worklist count exceed the configured maximum.</remarks> private void CheckWorklistCountRestriction(WorklistOwner owner) { // admin can have unlimited worklists if (owner.IsAdminOwner) { return; } var worklistCount = PersistenceContext.GetBroker <IWorklistBroker>().Count(owner); var settings = new WorklistSettings(); if (owner.IsStaffOwner) { if (worklistCount >= settings.MaxPersonalOwnedWorklists) { throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaff); } } else if (owner.IsGroupOwner) { if (worklistCount >= settings.MaxGroupOwnedWorklists) { throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaffGroup); } } }
private GetWorklistEditValidationResponse GetWorklistEditValidation(GetWorklistEditValidationRequest request) { WorklistOwner owner; if (!request.IsUserWorklist) { // if not creating a user worklist, the owner is Admin owner = WorklistOwner.Admin; } else if (request.OwnerGroup != null) { // if an owner group is specified, assign ownership to the group var group = PersistenceContext.Load <StaffGroup>(request.OwnerGroup.StaffGroupRef, EntityLoadFlags.Proxy); owner = new WorklistOwner(group); } else { // otherwise assign ownership to current user, regardless of whether a different owner staff specified owner = new WorklistOwner(CurrentUserStaff); } try { CheckWorklistCountRestriction(owner); } catch (RequestValidationException e) { return(new GetWorklistEditValidationResponse(e.Message)); } return(new GetWorklistEditValidationResponse()); }
public int Count(WorklistOwner owner) { var query = new HqlProjectionQuery(new HqlFrom("Worklist", "w")); query.Selects.Add(new HqlSelect("count(*)")); if (owner.IsStaffOwner) { query.Conditions.Add(new HqlCondition("w.Owner.Staff = ?", owner.Staff)); } else if (owner.IsGroupOwner) { query.Conditions.Add(new HqlCondition("w.Owner.Group = ?", owner.Group)); } else if (owner.IsAdminOwner) { query.Conditions.Add(new HqlCondition("(w.Owner.Staff is null and w.Owner.Group is null)")); } return((int)ExecuteHqlUnique <long>(query)); }
/// <summary> /// Checks whether the current user has access to worklists owned by the specified worklist owner. /// </summary> /// <param name="owner"></param> private void CheckAccess(WorklistOwner owner) { // admin can access any worklist if (UserHasToken(AuthorityTokens.Admin.Data.Worklist)) { return; } // if worklist is staff-owned, and user has personal token, they have access if (owner.IsStaffOwner && owner.Staff.Equals(this.CurrentUserStaff) && UserHasToken(AuthorityTokens.Workflow.Worklist.Personal)) { return; } // if worklist is group-owned, user must have group token and be a member of the group if (owner.IsGroupOwner && owner.Group.Members.Contains(this.CurrentUserStaff) && UserHasToken(AuthorityTokens.Workflow.Worklist.Group)) { return; } throw new System.Security.SecurityException(SR.ExceptionUserNotAuthorized); }
/// <summary> /// No-args constructor required by NHibernate. /// </summary> protected Worklist() { _owner = WorklistOwner.Admin; // admin owned by default _staffSubscribers = new HashedSet<Staff>(); _groupSubscribers = new HashedSet<StaffGroup>(); _procedureTypeFilter = new WorklistProcedureTypeFilter(); _procedureTypeGroupFilter = new WorklistProcedureTypeGroupFilter(); _facilityFilter = new WorklistFacilityFilter(); _departmentFilter = new WorklistDepartmentFilter(); _patientClassFilter = new WorklistPatientClassFilter(); _patientLocationFilter = new WorklistPatientLocationFilter(); _orderPriorityFilter = new WorklistOrderPriorityFilter(); _orderingPractitionerFilter = new WorklistPractitionerFilter(); _portableFilter = new WorklistPortableFilter(); _timeFilter = new WorklistTimeFilter(); }
/// <summary> /// Checks whether the current user has access to worklists owned by the specified worklist owner. /// </summary> /// <param name="owner"></param> /// <remarks>Throws a RequestValidationException if the worklist count exceed the configured maximum.</remarks> private void CheckWorklistCountRestriction(WorklistOwner owner) { // admin can have unlimited worklists if (owner.IsAdminOwner) return; var worklistCount = PersistenceContext.GetBroker<IWorklistBroker>().Count(owner); var settings = new WorklistSettings(); if (owner.IsStaffOwner) { if (worklistCount >= settings.MaxPersonalOwnedWorklists) throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaff); } else if (owner.IsGroupOwner) { if (worklistCount >= settings.MaxGroupOwnedWorklists) throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaffGroup); } }
/// <summary> /// Checks whether the current user has access to worklists owned by the specified worklist owner. /// </summary> /// <param name="owner"></param> private void CheckAccess(WorklistOwner owner) { // admin can access any worklist if (UserHasToken(AuthorityTokens.Admin.Data.Worklist)) return; // if worklist is staff-owned, and user has personal token, they have access if (owner.IsStaffOwner && owner.Staff.Equals(this.CurrentUserStaff) && UserHasToken(AuthorityTokens.Workflow.Worklist.Personal)) return; // if worklist is group-owned, user must have group token and be a member of the group if (owner.IsGroupOwner && owner.Group.Members.Contains(this.CurrentUserStaff) && UserHasToken(AuthorityTokens.Workflow.Worklist.Group)) return; throw new System.Security.SecurityException(SR.ExceptionUserNotAuthorized); }
private GetWorklistEditValidationResponse GetWorklistEditValidation(GetWorklistEditValidationRequest request) { WorklistOwner owner; if (!request.IsUserWorklist) { // if not creating a user worklist, the owner is Admin owner = WorklistOwner.Admin; } else if (request.OwnerGroup != null) { // if an owner group is specified, assign ownership to the group var group = PersistenceContext.Load<StaffGroup>(request.OwnerGroup.StaffGroupRef, EntityLoadFlags.Proxy); owner = new WorklistOwner(group); } else { // otherwise assign ownership to current user, regardless of whether a different owner staff specified owner = new WorklistOwner(CurrentUserStaff); } try { CheckWorklistCountRestriction(owner); } catch (RequestValidationException e) { return new GetWorklistEditValidationResponse(e.Message); } return new GetWorklistEditValidationResponse(); }