void ModelEvents_CheckPermission(object sender, CheckPermissionsEventArgs e) { if (e.Cancel) { return; } if (CurrentUser.RoleID < (int)RolesEnum.Manager || e.EntityName == "UserSetting" || e.EntityName == "User" || e.EntityName == "Incident") { e.Cancel = false; } else if (CurrentUser.RoleID == (int)RolesEnum.Manager) { //if (e.Action != ActionsEnum.Select) //{ // string[] allowed = new[] { "EmployeePayments", "Expenses" }; // e.Cancel = !allowed.Contains(e.EntitySetName); //} //else //{ // e.Cancel = false; //} } else if (CurrentUser.RoleID == (int)RolesEnum.Employee) { if (e.EntityName == "User") { User user = e.Entity as User; e.Cancel = e.Action > ActionsEnum.Edit || e.Action == ActionsEnum.Edit && user.ID != CurrentUser.ID; } else if (e.EntityName == "Employee") { Employee employee = e.Entity as Employee; e.Cancel = e.Action > ActionsEnum.Edit || e.Action == ActionsEnum.Edit && employee.ID != CurrentUser.EmployeeID; } else if (e.EntityName == "Expense") { Expense expense = e.Entity as Expense; e.Cancel = e.Action != ActionsEnum.Insert && expense.EmployeeID != CurrentUser.EmployeeID; } else if (e.EntityName == "Transfer") { } else if (e.EntityName == "ProjectTask") { } else if (e.EntityName == "TaskType") { } else if (e.EntityName == "ProjectDispatch") { } else if (e.EntityName == "ProductDispatch") { } else if (e.EntityName == "ProjectProduct") { } else if (e.EntityName == "ProjectDispatchOrder") { } else if (e.Action == ActionsEnum.Select) { string[] allowed = new[] { "Projects", "EmployeePayments", "ExpensePrices", "Wallets", "Products" }; e.Cancel = !allowed.Contains(e.EntitySetName); } else { e.Cancel = true; } } else if (CurrentUser.RoleID == (int)RolesEnum.Client) { if (e.EntityName == "User") { User user = e.Entity as User; e.Cancel = e.Action > ActionsEnum.Edit || e.Action == ActionsEnum.Edit && user.ID != CurrentUser.ID || e.Action == ActionsEnum.Select && user.RoleID > (int)RolesEnum.Manager; } else if (e.EntityName == "ProjectTask") { ProjectTask it = e.Entity as ProjectTask; e.Cancel = it.Project.ContractorID != CurrentUser.ContractorID; } else if (e.EntityName == "Project") { Project it = e.Entity as Project; e.Cancel = (e.Action == ActionsEnum.Delete && it.CreatorID != CurrentUser.ID) || it.ContractorID != CurrentUser.ContractorID; } else if (e.EntityName == "Employee") { Employee it = e.Entity as Employee; e.Cancel = e.Action != ActionsEnum.Select || it.User != null && it.User.RoleID > (int)RolesEnum.Boss; } } else if (CurrentUser.RoleID >= (int)RolesEnum.Watcher) { e.Cancel = e.Action != ActionsEnum.Select; } }
public ActionResult UploadToTask(int ProjectID, int?TaskID, string TaskName) { BuildingEntities db = (BuildingEntities)this.db; User user = HttpContext.CurrentUser(); if (Request.Files.Count < 1) { return(Json(new { Code = 202, Success = false, Message = "No files uploaded!" })); } Project project = db.Projects.FirstOrDefault(val => val.ID == ProjectID); if (project == null) { return(Json(new { Code = 202, Success = false, Message = "Project not found!" })); } CheckPermissionsEventArgs e = new CheckPermissionsEventArgs(db, "Projects", "Project", project, EntityJs.Client.Events.ActionsEnum.Select); project.OnCheckPermissions(e); if (e.Cancel) { return(Json(new { Code = 202, Success = false, Message = "You can't operate with this project!" })); } ProjectTask task = null; if (TaskID > 0) { task = db.ProjectTasks.FirstOrDefault(val => val.ID == TaskID); if (task == null) { return(Json(new { Code = 202, Success = false, Message = "Task not found!" })); } e = new CheckPermissionsEventArgs(db, "ProjectTasks", "ProjectTask", task, EntityJs.Client.Events.ActionsEnum.Edit); task.OnCheckPermissions(e); if (e.Cancel) { return(Json(new { Code = 202, Success = false, Message = "You can't edit this task!" })); } } int code; string message; UploadFileHelper helper = new UploadFileHelper(this.db as BuildingEntities); Folder folder = helper.GetFolder(project, TaskName, true); Models.File file = helper.UploadFiles(-1, folder.ID, out code, out message, false); Models.ProjectFile pfile = file != null?file.ProjectFiles.FirstOrDefault(val => val.ProjectID == ProjectID) : null; if (pfile != null) { pfile.ProjectTask = task; db.SaveChanges(); } var data = new { Code = code, Message = message, File = file != null?file.ToJson() : null, ProjectFile = pfile != null?pfile.ToJson() : null }; return(this.Json(data)); }