/// <summary>
/// Checks whether the current user has access to worklists owned by the specified worklist owner.
/// </summary>
/// <param name="owner"></param>
/// <remarks>Throws a RequestValidationException if the worklist count exceed the configured maximum.</remarks>
private void CheckWorklistCountRestriction(WorklistOwner owner)
{
// admin can have unlimited worklists
if (owner.IsAdminOwner)
{
return;
}
var worklistCount = PersistenceContext.GetBroker <IWorklistBroker>().Count(owner);
var settings = new WorklistSettings();
if (owner.IsStaffOwner)
{
if (worklistCount >= settings.MaxPersonalOwnedWorklists)
{
throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaff);
}
}
else if (owner.IsGroupOwner)
{
if (worklistCount >= settings.MaxGroupOwnedWorklists)
{
throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaffGroup);
}
}
}
private GetWorklistEditValidationResponse GetWorklistEditValidation(GetWorklistEditValidationRequest request)
{
WorklistOwner owner;
if (!request.IsUserWorklist)
{
// if not creating a user worklist, the owner is Admin
owner = WorklistOwner.Admin;
}
else if (request.OwnerGroup != null)
{
// if an owner group is specified, assign ownership to the group
var group = PersistenceContext.Load <StaffGroup>(request.OwnerGroup.StaffGroupRef, EntityLoadFlags.Proxy);
owner = new WorklistOwner(group);
}
else
{
// otherwise assign ownership to current user, regardless of whether a different owner staff specified
owner = new WorklistOwner(CurrentUserStaff);
}
try
{
CheckWorklistCountRestriction(owner);
}
catch (RequestValidationException e)
{
return(new GetWorklistEditValidationResponse(e.Message));
}
return(new GetWorklistEditValidationResponse());
}
public int Count(WorklistOwner owner)
{
var query = new HqlProjectionQuery(new HqlFrom("Worklist", "w"));
query.Selects.Add(new HqlSelect("count(*)"));
if (owner.IsStaffOwner)
{
query.Conditions.Add(new HqlCondition("w.Owner.Staff = ?", owner.Staff));
}
else if (owner.IsGroupOwner)
{
query.Conditions.Add(new HqlCondition("w.Owner.Group = ?", owner.Group));
}
else if (owner.IsAdminOwner)
{
query.Conditions.Add(new HqlCondition("(w.Owner.Staff is null and w.Owner.Group is null)"));
}
return((int)ExecuteHqlUnique <long>(query));
}
/// <summary>
/// Checks whether the current user has access to worklists owned by the specified worklist owner.
/// </summary>
/// <param name="owner"></param>
private void CheckAccess(WorklistOwner owner)
{
// admin can access any worklist
if (UserHasToken(AuthorityTokens.Admin.Data.Worklist))
{
return;
}
// if worklist is staff-owned, and user has personal token, they have access
if (owner.IsStaffOwner && owner.Staff.Equals(this.CurrentUserStaff) &&
UserHasToken(AuthorityTokens.Workflow.Worklist.Personal))
{
return;
}
// if worklist is group-owned, user must have group token and be a member of the group
if (owner.IsGroupOwner && owner.Group.Members.Contains(this.CurrentUserStaff) &&
UserHasToken(AuthorityTokens.Workflow.Worklist.Group))
{
return;
}
throw new System.Security.SecurityException(SR.ExceptionUserNotAuthorized);
}
/// <summary>
/// No-args constructor required by NHibernate.
/// </summary>
protected Worklist()
{
_owner = WorklistOwner.Admin; // admin owned by default
_staffSubscribers = new HashedSet<Staff>();
_groupSubscribers = new HashedSet<StaffGroup>();
_procedureTypeFilter = new WorklistProcedureTypeFilter();
_procedureTypeGroupFilter = new WorklistProcedureTypeGroupFilter();
_facilityFilter = new WorklistFacilityFilter();
_departmentFilter = new WorklistDepartmentFilter();
_patientClassFilter = new WorklistPatientClassFilter();
_patientLocationFilter = new WorklistPatientLocationFilter();
_orderPriorityFilter = new WorklistOrderPriorityFilter();
_orderingPractitionerFilter = new WorklistPractitionerFilter();
_portableFilter = new WorklistPortableFilter();
_timeFilter = new WorklistTimeFilter();
}
/// <summary>
/// Checks whether the current user has access to worklists owned by the specified worklist owner.
/// </summary>
/// <param name="owner"></param>
/// <remarks>Throws a RequestValidationException if the worklist count exceed the configured maximum.</remarks>
private void CheckWorklistCountRestriction(WorklistOwner owner)
{
// admin can have unlimited worklists
if (owner.IsAdminOwner)
return;
var worklistCount = PersistenceContext.GetBroker<IWorklistBroker>().Count(owner);
var settings = new WorklistSettings();
if (owner.IsStaffOwner)
{
if (worklistCount >= settings.MaxPersonalOwnedWorklists)
throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaff);
}
else if (owner.IsGroupOwner)
{
if (worklistCount >= settings.MaxGroupOwnedWorklists)
throw new RequestValidationException(SR.ExceptionMaximumWorklistsReachedForStaffGroup);
}
}
/// <summary>
/// Checks whether the current user has access to worklists owned by the specified worklist owner.
/// </summary>
/// <param name="owner"></param>
private void CheckAccess(WorklistOwner owner)
{
// admin can access any worklist
if (UserHasToken(AuthorityTokens.Admin.Data.Worklist))
return;
// if worklist is staff-owned, and user has personal token, they have access
if (owner.IsStaffOwner && owner.Staff.Equals(this.CurrentUserStaff)
&& UserHasToken(AuthorityTokens.Workflow.Worklist.Personal))
return;
// if worklist is group-owned, user must have group token and be a member of the group
if (owner.IsGroupOwner && owner.Group.Members.Contains(this.CurrentUserStaff)
&& UserHasToken(AuthorityTokens.Workflow.Worklist.Group))
return;
throw new System.Security.SecurityException(SR.ExceptionUserNotAuthorized);
}
private GetWorklistEditValidationResponse GetWorklistEditValidation(GetWorklistEditValidationRequest request)
{
WorklistOwner owner;
if (!request.IsUserWorklist)
{
// if not creating a user worklist, the owner is Admin
owner = WorklistOwner.Admin;
}
else if (request.OwnerGroup != null)
{
// if an owner group is specified, assign ownership to the group
var group = PersistenceContext.Load<StaffGroup>(request.OwnerGroup.StaffGroupRef, EntityLoadFlags.Proxy);
owner = new WorklistOwner(group);
}
else
{
// otherwise assign ownership to current user, regardless of whether a different owner staff specified
owner = new WorklistOwner(CurrentUserStaff);
}
try
{
CheckWorklistCountRestriction(owner);
}
catch (RequestValidationException e)
{
return new GetWorklistEditValidationResponse(e.Message);
}
return new GetWorklistEditValidationResponse();
}
