public void StudyAccessQueryBuilder_ShouldContainStudyName2()
{
var user = new UserDto {
DatasetAdmin = true
};
var result = StudyAccessQueryBuilder.CreateAccessWhereClause(user, UserOperation.Sandbox_OpenInternet);
Assert.Contains("(1 = 1 AND sp.UserId = 0 AND sp.RoleName IN ('Sponsor Rep','Vendor Admin'))", result);
}
public void StudyAccessQueryBuilder_ShouldContainStudyName4(UserOperation userOperation)
{
var user = new UserDto {
Employee = true
};
var result = StudyAccessQueryBuilder.CreateAccessWhereClause(user, userOperation);
Assert.Null(result);
}
protected string WrapSingleEntityQueryWithAccessProjection(UserDto currentUser, string dataQuery, UserOperation operation)
{
var accessWherePart = StudyAccessQueryBuilder.CreateAccessWhereClause(currentUser, operation);
var completeQuery = $"WITH dataCte AS ({dataQuery})";
completeQuery += " ,accessCte as (SELECT [Id] FROM Studies s INNER JOIN [dbo].[StudyParticipants] sp on s.Id = sp.StudyId WHERE s.Id=@studyId";
if (!string.IsNullOrWhiteSpace(accessWherePart))
{
completeQuery += $" AND ({accessWherePart})";
}
completeQuery += " ) SELECT DISTINCT d.*, (CASE WHEN a.Id IS NOT NULL THEN 1 ELSE 0 END) As Authorized from dataCte d LEFT JOIN accessCte a on d.StudyId = a.Id ";
return(completeQuery);
}
public async Task <IEnumerable <StudyListItemDto> > GetListAsync()
{
IEnumerable <StudyListItemDto> studies;
var user = await _userService.GetCurrentUserAsync();
var studiesQuery = "SELECT DISTINCT [Id], [Name], [Description], [Vendor], [Restricted], [LogoUrl] FROM [dbo].[Studies] s";
studiesQuery += " INNER JOIN [dbo].[StudyParticipants] sp on s.Id = sp.StudyId";
studiesQuery += " WHERE s.Closed = 0";
var studiesAccessWherePart = StudyAccessQueryBuilder.CreateAccessWhereClause(user, UserOperation.Study_Read);
if (!string.IsNullOrWhiteSpace(studiesAccessWherePart))
{
studiesQuery += $" AND ({studiesAccessWherePart})";
}
studies = await RunDapperQueryMultiple <StudyListItemDto>(studiesQuery);
return(studies);
}
