Exemple #1
0
        private bool IsAuthorized()
        {
            /*  Approval Data Authorization Logic is written as follows:
             *      A: The Approver must be within the same State as the User whose profile is pending approval.
             *      B: The Approver must be an Admin ANDALSO an Approver Designate of Same Scope or Higher scope.
             *      C: If the account pending approval is for State Admin, then the Approver can be be a SHIP director or State Admin with Approver Designate rights.
             *      D: If the Approver is a CMS Level User, the Approver must be a CMS Admin with Approver Designate rights.
             *      E:  Introduced 03/07/2010 - User who is Admin with Descriptor ID 8 [Approver] can approve within A-D rule context.
             */

            //Lets Gather parameters here for verifying the business logic.
            string requestedState = ViewData.StateFIPS;
            Scope  requestedScope = ViewData.Scope;
            bool   IsCMSRegionAccountRequested = ViewData.IsUserCMSRegionalScope;
            bool   IsCMSAccountRequested       = ViewData.IsUserCMSScope;
            bool   IsAdminAccountRequested     = ViewData.IsAdmin;

            string ApproverState           = this.AccountInfo.StateFIPS;
            Scope  ApproverScope           = this.AccountInfo.Scope;
            int    ApproverUserId          = AccountInfo.UserId;
            bool   ApproverIsAdmin         = this.AccountInfo.IsAdmin;
            bool   IsApproverShipDirector  = this.AccountInfo.IsShipDirector;
            bool   IsApproverStateApprover = this.AccountInfo.IsStateAdmin && this.AccountInfo.IsApproverDesignate.HasValue &&
                                             this.AccountInfo.IsApproverDesignate.Value;
            bool IsApproverCMSApprover = this.AccountInfo.IsAdmin && this.AccountInfo.IsCMSScope &&
                                         this.AccountInfo.IsApproverDesignate.HasValue &&
                                         this.AccountInfo.IsApproverDesignate.Value;


            //General Rule: Admins of lower scope cannot approve Admins of higher scope.
            if (ApproverScope.IsLower(requestedScope))
            {
                return(false);
            }

            //Approve must always be Admin of some scope
            if (!ApproverRulesBLL.IsApprover(this.AccountInfo))
            {
                //if (!ApproverIsAdmin)
                return(false);
            }

            //CMS Admins can be approved by only approver designates.
            if (IsApproverCMSApprover)
            {
                return(true);
            }

            //CMS User/CMS Admin and CMS Regional requests can be approved only by a CMS Admin
            if (IsCMSRegionAccountRequested || IsCMSAccountRequested)
            {
                return(false);
            }


            //Move on to State Level Users Approval Request
            //For Non-CMS Users: States must match
            if (requestedState != ApproverState)
            {
                return(false);
            }
            else
            {
                //State Ship Directors can approve any one in the State.
                if (IsApproverShipDirector || IsApproverStateApprover)
                {
                    return(true);
                }

                if (requestedScope.IsEqual(Scope.State))
                {
                    //State Users can be approved by only State Directors or State Approvers.
                    //State Director and State approver rights were already checked, so need to reject all State requests.
                    return(false);
                }

                //For verifying Sub State access rights, lets get Sub State profiles of Approver
                IEnumerable <UserRegionalAccessProfile> approverSubStateAdminProfiles =
                    UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(ApproverUserId, true);
                if (requestedScope.IsEqual(Scope.SubStateRegion))
                {
                    //Approvers of Sub State Users and Admins can be the following:
                    // CMS Approver - which we already checked
                    // Ship Director & State Approvers - which we already checked.
                    //Now check for Sub State Approver of the Sub State ID requested.

                    //Approve must be Sub State Admin to approve a Sub State User
                    if (approverSubStateAdminProfiles != null && approverSubStateAdminProfiles.Count() > 0)
                    {
                        //Sub State User can be approved by Sub State Admin of Same Sub State Region
                        int SubStateRegionIDOfRequestor = ViewData.RegionalProfiles[0].RegionId;
                        foreach (UserRegionalAccessProfile approverSubState in approverSubStateAdminProfiles)
                        {
                            if (approverSubState.RegionId == SubStateRegionIDOfRequestor)
                            {
                                return(approverSubState.IsApproverDesignate);
                            }
                        }
                    }
                    return(false);
                }

                //Logic below is for Agency Scope account approval requests.
                //Agency Scope requests can be approved by Sub State Approvers as well as Agency Approvers.
                if (ApproverScope.IsEqual(Scope.SubStateRegion))
                {
                    if (approverSubStateAdminProfiles != null && approverSubStateAdminProfiles.Count() > 0)
                    {
                        //The Agency of the account requested must be part of Approver's Sub State region.
                        int AgencyOfAccountRequested = ViewData.RegionalProfiles[0].RegionId;
                        foreach (UserRegionalAccessProfile subStateprofile in approverSubStateAdminProfiles)
                        {
                            //Get Agencies for substate
                            IEnumerable <ShiptalkLogic.BusinessObjects.Agency> agencyProfiles = LookupBLL.GetAgenciesForSubStateRegion(subStateprofile.RegionId);
                            foreach (ShiptalkLogic.BusinessObjects.Agency agency in agencyProfiles)
                            {
                                if (agency.Id == AgencyOfAccountRequested)
                                {
                                    return(subStateprofile.IsApproverDesignate);
                                }
                            }
                        }
                    }
                    return(false);
                }
                else
                {
                    //Here, it is evident that Approver is an Agency Level person and also account Request is for agency scope.
                    //All Agency requests could be approved by Agency Approvers, SubState approvers or Ship Director or CMS approvers
                    int AgencyOfAccountRequested = ViewData.RegionalProfiles[0].RegionId;
                    IEnumerable <UserRegionalAccessProfile> approverAgencyAdminProfiles =
                        UserAgencyBLL.GetUserAgencyProfiles(ApproverUserId, true);

                    foreach (UserRegionalAccessProfile approverAgencyprofile in approverAgencyAdminProfiles)
                    {
                        if (approverAgencyprofile.RegionId == AgencyOfAccountRequested)
                        {
                            return(approverAgencyprofile.IsApproverDesignate);
                        }
                    }
                    return(false);
                }
            }
        }
Exemple #2
0
        private void PopulateAgenciesForSubStateUser()
        {
            IEnumerable <UserRegionalAccessProfile> SubStateProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(UserId, true);
            List <KeyValuePair <int, string> >      Agencies         = new List <KeyValuePair <int, string> >();

            foreach (UserRegionalAccessProfile subStProfile in SubStateProfiles)
            {
                IEnumerable <ShiptalkLogic.BusinessObjects.Agency> AgencyForSubState = LookupBLL.GetAgenciesForSubStateRegion(subStProfile.RegionId);
                Agencies.AddRange(AgencyForSubState.Where(elem => elem.IsActive == true).Select(p => (new KeyValuePair <int, string>(p.Id.Value, p.Name))));
            }

            if (Agencies != null && Agencies.Count > 1)
            {
                ddlAgency.DataSource = Agencies.Distinct().OrderBy(p => p.Value);
            }
            else
            {
                ddlAgency.DataSource = Agencies;
            }

            ddlAgency.DataTextField  = "Value";
            ddlAgency.DataValueField = "Key";
            ddlAgency.DataBind();

            if (Agencies == null || Agencies.Count() == 0)
            {
                ddlAgency.Items.Add(new ListItem("No agencies available", "0"));
            }
            else if (Agencies.Count() > 1)
            {
                ddlAgency.Items.Insert(0, new ListItem("-- Select agency --", "0"));
                //ddlRoles.SelectedValue = "0";
            }
        }
        private void PopulateAgenciesForSubStateUser()
        {
            IEnumerable <UserRegionalAccessProfile> SubStateProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(UserId, false);
            List <KeyValuePair <int, string> >      Agencies         = new List <KeyValuePair <int, string> >();

            foreach (UserRegionalAccessProfile subStProfile in SubStateProfiles)
            {
                IEnumerable <ShiptalkLogic.BusinessObjects.Agency> AgencyForSubState = LookupBLL.GetAgenciesForSubStateRegion(subStProfile.RegionId);
                Agencies.AddRange(AgencyForSubState.Where(elem => elem.IsActive == true).Select(p => (new KeyValuePair <int, string>(p.Id.Value, p.Name))));
            }
            if (Agencies != null && Agencies.Count > 0)
            {
                ddlAgency.DataSource = Agencies.Distinct().OrderBy(p => p.Value);
            }
            else
            {
                ddlAgency.DataSource = Agencies;
            }

            ddlAgency.DataTextField  = "Value";
            ddlAgency.DataValueField = "Key";
            ddlAgency.DataBind();

            if (Agencies == null || Agencies.Count() == 0)
            {
                ddlAgency.Items.Add(new ListItem("No agencies available", "0"));
                btnSubmit.Enabled = false;
            }
            else if (Agencies.Count() > 0)
            {
                btnSubmit.Enabled = true;
                ddlAgency.Items.Insert(0, new ListItem("<-- Select agency -->", "0"));
            }


            //clean up the dependent dropdowns if the user is substate admin..
            if (AccountInfo.Scope == Scope.SubStateRegion && AccountInfo.IsAdmin)
            {
                ddlCountyOfActivityEvent.Items.Clear();
                ddlZipCodeOfActivityEvent.Items.Clear();
            }
        }
        protected void PopulateAgencyList()
        {
            List <KeyValuePair <int, string> > AgencyListObj = new List <KeyValuePair <int, string> >();

            //All Agencies where User is Admin.
            IEnumerable <UserRegionalAccessProfile> AgenciesWhereUserIsAdmin = null;

            IDictionary <int, string> AllAgenciesInState = LookupBLL.GetAgenciesForState(UserData.StateFIPS);


            if (IsCreatorAgencyScope)
            {
                AgenciesWhereUserIsAdmin = UserAgencyBLL.GetUserAgencyProfiles(this.AccountInfo.UserId, true);

                KeyValuePair <int, string>?matchingAgency = null;
                //get KeyValue Pair of all agencies in state where the Creator[the person who is adding the User] is Admin
                foreach (UserRegionalAccessProfile AgencyAdminProfile in AgenciesWhereUserIsAdmin)
                {
                    matchingAgency = AllAgenciesInState.Where(p => p.Key == AgencyAdminProfile.RegionId).FirstOrDefault();
                    if (matchingAgency.HasValue)
                    {
                        AgencyListObj.Add(matchingAgency.Value);
                        matchingAgency = null;
                    }
                }
            }
            else if (IsCreatorSubStateScope)
            {
                IEnumerable <UserRegionalAccessProfile> SubStatesWhereUserIsAdmin =
                    UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(this.AccountInfo.UserId, true);

                if (SubStatesWhereUserIsAdmin != null && SubStatesWhereUserIsAdmin.Count() > 0)
                {
                    //Collect Agencies that are part of Creator's Sub State regions.
                    foreach (UserRegionalAccessProfile subStateprofile in SubStatesWhereUserIsAdmin)
                    {
                        //Get Agencies for substate
                        IEnumerable <ShiptalkLogic.BusinessObjects.Agency> agencyProfiles = LookupBLL.GetAgenciesForSubStateRegion(subStateprofile.RegionId);
                        if (agencyProfiles != null && agencyProfiles.Count() > 0)
                        {
                            AgencyListObj.AddRange(agencyProfiles.Select(p => new KeyValuePair <int, string>(p.Id.Value, p.Name)));
                        }
                    }
                }
            }
            else
            {
                AgencyListObj = AllAgenciesInState.ToList <KeyValuePair <int, string> >();
            }

            //Before we return the list of Agencies we need to remove the Agencies that the User is already assigned to,
            //so that the user is not added to the same Agency again.
            if (AgencyListObj != null && AgencyListObj.Count > 0)
            {
                IEnumerable <UserRegionalAccessProfile> ExistingAgencies = null;
                ExistingAgencies = UserAgencyBLL.GetUserAgencyProfiles(UserProfileUserId, false);

                if (ExistingAgencies != null && ExistingAgencies.Count() > 0)
                {
                    KeyValuePair <int, string>?existAgency = null;
                    foreach (UserRegionalAccessProfile ExistingAgency in ExistingAgencies)
                    {
                        existAgency = AgencyListObj.Where(p => p.Key == ExistingAgency.RegionId).FirstOrDefault();
                        if (existAgency.HasValue)
                        {
                            AgencyListObj.Remove(existAgency.Value);
                            existAgency = null;
                        }
                    }
                }
            }

            this.AgencyList = AgencyListObj;
        }