public async Task <IActionResult> ValidateInstantiation(string org, string app, [FromQuery] int partyId) { UserContext userContext = await _userHelper.GetUserContext(HttpContext); UserProfile user = await _profile.GetUserProfile(userContext.UserId); List <Party> partyList = await _authorization.GetPartyList(userContext.UserId); Application application = _appResourcesService.GetApplication(); if (application == null) { return(NotFound("Application not found")); } PartyTypesAllowed partyTypesAllowed = application.PartyTypesAllowed; Party partyUserRepresents = null; // Check if the user can represent the supplied partyId if (partyId != user.PartyId) { Party represents = InstantiationHelper.GetPartyByPartyId(partyList, partyId); if (represents == null) { // the user does not represent the chosen party id, is not allowed to initiate return(Ok(new InstantiationValidationResult { Valid = false, Message = "The user does not represent the supplied party", ValidParties = InstantiationHelper.FilterPartiesByAllowedPartyTypes(partyList, partyTypesAllowed) })); } partyUserRepresents = represents; } if (partyUserRepresents == null) { // if not set, the user represents itself partyUserRepresents = user.Party; } // Check if the application can be initiated with the party chosen bool canInstantiate = InstantiationHelper.IsPartyAllowedToInstantiate(partyUserRepresents, partyTypesAllowed); if (!canInstantiate) { return(Ok(new InstantiationValidationResult { Valid = false, Message = "The supplied party is not allowed to instantiate the application", ValidParties = InstantiationHelper.FilterPartiesByAllowedPartyTypes(partyList, partyTypesAllowed) })); } return(Ok(new InstantiationValidationResult { Valid = true, })); }
/// <summary> /// Checks if a party is allowed to initiate an application based on the applications AllowedPartyTypes /// </summary> /// <param name="party">The party to check</param> /// <param name="partyTypesAllowed">The allowed party types</param> /// <returns>True or false</returns> public static bool IsPartyAllowedToInstantiate(Party party, PartyTypesAllowed partyTypesAllowed) { if (party == null) { return(false); } if (partyTypesAllowed == null || (!partyTypesAllowed.BankruptcyEstate && !partyTypesAllowed.Organisation && !partyTypesAllowed.Person && !partyTypesAllowed.SubUnit)) { // if party types not set, all parties are allowed to initiate return(true); } PartyType partyType = party.PartyTypeName; bool isAllowed = false; bool isSubUnit = party.UnitType != null && (SUB_UNIT_CODE.Equals(party.UnitType.Trim()) || SUB_UNIT_CODE_AAFY.Equals(party.UnitType.Trim())); bool isMainUnit = !isSubUnit; bool isKbo = party.UnitType != null && BANKRUPTCY_CODE.Equals(party.UnitType.Trim()); switch (partyType) { case PartyType.Person: if (partyTypesAllowed.Person == true) { isAllowed = true; } break; case PartyType.Organisation: if (isMainUnit && partyTypesAllowed.Organisation) { isAllowed = true; } else if (isSubUnit && partyTypesAllowed.SubUnit) { isAllowed = true; } else if (isKbo && partyTypesAllowed.BankruptcyEstate) { isAllowed = true; } break; case PartyType.SelfIdentified: if (partyTypesAllowed.Person == true) { isAllowed = true; } break; } return(isAllowed); }
/// <summary> /// Filters a list of parties based on an applications allowed party types. /// </summary> /// <param name="parties">The list of parties to be filtered</param> /// <param name="partyTypesAllowed">The allowed party types</param> /// <returns>A list with the filtered parties</returns> public static List <Party> FilterPartiesByAllowedPartyTypes(List <Party> parties, PartyTypesAllowed partyTypesAllowed) { List <Party> allowed = new List <Party>(); if (parties == null || partyTypesAllowed == null) { return(allowed); } parties.ForEach(party => { bool canPartyInstantiate = IsPartyAllowedToInstantiate(party, partyTypesAllowed); bool isChildPartyAllowed = false; List <Party> allowedChildParties = null; if (party.ChildParties != null) { allowedChildParties = new List <Party>(); foreach (Party childParty in party.ChildParties) { if (IsPartyAllowedToInstantiate(childParty, partyTypesAllowed)) { allowedChildParties.Add(childParty); isChildPartyAllowed = true; } } } if (canPartyInstantiate && isChildPartyAllowed) { party.ChildParties = new List <Party>(); party.ChildParties.AddRange(allowedChildParties); allowed.Add(party); } else if (!canPartyInstantiate && isChildPartyAllowed) { party.ChildParties = new List <Party>(); party.OnlyHierarchyElementWithNoAccess = true; party.ChildParties.AddRange(allowedChildParties); allowed.Add(party); } else if (canPartyInstantiate) { party.ChildParties = new List <Party>(); allowed.Add(party); } }); return(allowed); }
/// <summary> /// Checks if a party is allowed to initiate an application based on the applications AllowedPartyTypes /// </summary> /// <param name="party">The party to check</param> /// <param name="partyTypesAllowed">The allowed party types</param> /// <returns>True or false</returns> public static bool IsPartyAllowedToInstantiate(Party party, PartyTypesAllowed partyTypesAllowed) { if (party == null) { return(false); } if (partyTypesAllowed == null || (!partyTypesAllowed.BankruptcyEstate && !partyTypesAllowed.Organization && !partyTypesAllowed.Person && !partyTypesAllowed.SubUnit)) { // if party types not set, all parties are allowed to initiate return(true); } PartyType partyType = party.PartyTypeName; bool isAllowed = false; switch (partyType) { case PartyType.Person: if (partyTypesAllowed.Person == true) { isAllowed = true; } break; case PartyType.Organization: if (partyTypesAllowed.Organization == true) { isAllowed = true; } else if (partyTypesAllowed.BankruptcyEstate == true) { // BankruptcyEstate is a sub group of organization if (party.UnitType != null && BANKRUPTCY_CODE.Equals(party.UnitType.Trim())) { // The org is a BankruptcyEstate, and BankruptcyEstate are allowed to initiate isAllowed = true; } } else if (partyTypesAllowed.SubUnit == true) { // SubUnit is a sub group of organization if (party.UnitType != null && (SUB_UNIT_CODE.Equals(party.UnitType.Trim()) || SUB_UNIT_CODE_AAFY.Equals(party.UnitType.Trim()))) { // The org is a SubUnit, and SubUnits are allowed to initiate isAllowed = true; } } break; case PartyType.SelfIdentified: if (partyTypesAllowed.Person == true) { isAllowed = true; } break; } return(isAllowed); }
/// <summary> /// Filters a list of parties based on an applications allowed party types. /// </summary> /// <param name="parties">The list of parties to be filtered</param> /// <param name="partyTypesAllowed">The allowed party types</param> /// <returns>A list with the filtered parties</returns> public static List <Party> FilterPartiesByAllowedPartyTypes(List <Party> parties, PartyTypesAllowed partyTypesAllowed) { List <Party> allowed = new List <Party>(); if (parties == null || partyTypesAllowed == null) { return(allowed); } parties.ForEach(party => { if (IsPartyAllowedToInstantiate(party, partyTypesAllowed)) { allowed.Add(party); } }); return(allowed); }