private static int CheckSpecificValidRoles(Authority authority, RoleType[] roles,
Geography currentGeo, Organization currentOrg,
int thisFound, Flag flags)
{
if (authority.HasAnyRoleType(roles))
{
//Yes, we have one of the roles
foreach (RoleType r in roles)
{
if (authority.HasRoleType(r) && (Array.IndexOf(RoleTypes.AllLocalRoleTypes, r) > -1))
{
thisFound = authority.HasLocalRoleAtOrganizationGeography(currentOrg, currentGeo, r, flags) ? 1 : thisFound;
}
else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllOrganizationalRoleTypes, r) > -1)))
{
thisFound = authority.HasRoleAtOrganization(currentOrg, r, flags) ? 1 : thisFound;
}
else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllSystemRoleTypes, r) > -1)))
{ //System PersonRole
thisFound = 1;
}
// break if we found one that gives access
if (thisFound == 1)
{
return(thisFound);
}
}
// if we found one valid it would already have returned; return -1
thisFound = -1;
}
else
{
thisFound = -1; //No, we don't have any of the roles
}
return(thisFound);
}
public static People FilterPeopleToMatchAuthority(People people, Authority authority, int gracePeriod)
{
// First: If sysadmin, return the whole list uncensored.
if (IsSystemAdministrator(authority))
{
return(people);
}
SwarmDb databaseRead = SwarmDb.GetDatabaseForReading();
if (gracePeriod == -1)
{
gracePeriod = Membership.GracePeriod;
}
Dictionary <int, List <BasicMembership> > membershipTable =
databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod);
Dictionary <int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities);
Dictionary <int, Person> clearedPeople = new Dictionary <int, Person>();
// TODO: Add org admin role, able to see previous members that aren't anonymized yet
// Clear by organization roles
foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
{
Dictionary <int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
foreach (Person person in people)
{
// Is the organization cleared in this officer's role for this to-be-viewed member?
if (membershipTable.ContainsKey(person.Identity))
{
foreach (BasicMembership membership in membershipTable[person.Identity])
{
if (clearedOrganizations.ContainsKey(membership.OrganizationId)
&&
authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId,
person.GeographyId, Flag.Default))
{
if (membership.Active ||
(membership.Expires > DateTime.Now.AddDays(-gracePeriod) &&
membership.Expires.AddDays(1) > membership.DateTerminated
&&
authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod,
membership.OrganizationId, person.GeographyId, Flag.Default)))
{
clearedPeople[person.Identity] = person;
break;
}
}
}
}
/* -- commented out. This means "does the current authority have Org Admin privileges over Person"?
* else if (CanSeeNonMembers)
* { //person isn't member anywhere
* clearedPeople[person.Identity] = person;
* }*/
}
}
// Clear by node roles:
//
// For each node role, check if each member is in a cleared geography AND a cleared organization.
// If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z
// should see only people of those organizations only on those nodes.)
foreach (BasicPersonRole role in authority.LocalPersonRoles)
{
Dictionary <int, BasicGeography> clearedGeographies =
GeographyCache.GetGeographyHashtable(role.GeographyId);
Dictionary <int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
foreach (Person person in people)
{
// Is the node AND the organization cleared in this officer's role for this to-be-viewed member?
if (membershipTable.ContainsKey(person.Identity))
{
foreach (BasicMembership membership in membershipTable[person.Identity])
{
int organizationClear = 0;
int geographyClear = 0;
if (clearedOrganizations.ContainsKey(membership.OrganizationId))
{
organizationClear = membership.OrganizationId;
if (clearedGeographies.ContainsKey(geographyTable[person.Identity]))
{
geographyClear = geographyTable[person.Identity];
}
if (organizationClear > 0 &&
geographyClear > 0
&&
authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear,
Flag.Default))
{
if (membership.Active ||
(membership.Expires > DateTime.Now.AddDays(-gracePeriod) &&
membership.Expires.AddDays(1) > membership.DateTerminated
&&
authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod,
membership.OrganizationId, person.GeographyId, Flag.Default)))
{
clearedPeople[person.Identity] = person;
break;
}
}
}
}
}
}
}
// End: Assemble an array of the resulting cleared people
People result = new People();
foreach (Person clearedPerson in clearedPeople.Values)
{
result.Add(clearedPerson);
}
return(result);
}
public static People FilterPeopleToMatchAuthority(People people, Authority authority)
{
return(FilterPeopleToMatchAuthority(people, authority, -1));
// -1 indicates to respect grace period
}
public static Memberships FilterMembershipsToMatchAuthority(Memberships memberships, Geography personGeography,
Authority authority)
{
// First: If sysadmin, return the whole list uncensored.
if (IsSystemAdministrator(authority))
{
return(memberships);
}
Dictionary <int, Membership> clearedMemberships = new Dictionary <int, Membership>();
//
foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
{
Dictionary <int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
foreach (Membership membership in memberships)
{
bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);
if (organizationClear
&&
authority.HasPermission(Permission.CanViewMemberships, membership.OrganizationId,
membership.Person.GeographyId, Flag.Default))
{
clearedMemberships[membership.Identity] = membership;
}
}
}
foreach (BasicPersonRole role in authority.LocalPersonRoles)
{
Dictionary <int, BasicGeography> clearedGeographies =
GeographyCache.GetGeographyHashtable(role.GeographyId);
Dictionary <int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
bool geographyClear = clearedGeographies.ContainsKey(personGeography.Identity);
geographyClear = geographyClear &&
authority.HasPermission(Permission.CanViewMemberships, role.OrganizationId,
personGeography.Identity, Flag.Default);
if (geographyClear)
{
foreach (Membership membership in memberships)
{
bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);
if (organizationClear)
{
clearedMemberships[membership.Identity] = membership;
}
}
}
}
// Assemble the array
Memberships result = new Memberships();
foreach (Membership membership in clearedMemberships.Values)
{
result.Add(membership);
}
return(result);
}
/// <summary>
/// Checks for authorization for a specific activity.
/// </summary>
/// <param name="permissionsNeeded">The permissions to allow or disallow.</param>
/// <param name="organizationId">The organization the activity is applied to.</param>
/// <param name="geographyId">The node the activity is applied to, or zero for world.</param>
/// <param name="authority">The authority to test against.</param>
/// <returns>True if allowed under current authority.</returns>
public static bool CheckAuthorization(PermissionSet permissionsNeeded, int organizationId, int geoNodeId,
Authority authority, Flag flags)
{
if (permissionsNeeded == null)
{
return(false);
}
Geography currentGeo = null;
if (geoNodeId > 0)
{
try
{
currentGeo = Geography.FromIdentity(geoNodeId);
}
catch
{
}
}
Organization currentOrg = null;
if (organizationId > 0)
{
try
{
currentOrg = Organization.FromIdentity(organizationId);
}
catch
{
}
}
foreach (PermissionSet.Item perm in permissionsNeeded)
{
int thisFound = 0;
Geography innerCurrentGeo = null;
Organization innerCurrentOrg = null;
if (perm.geographyId > 0)
{
try
{
innerCurrentGeo = Geography.FromIdentity(perm.geographyId);
}
catch
{
}
}
else
{
innerCurrentGeo = currentGeo;
}
if (perm.orgId > 0)
{
try
{
innerCurrentOrg = Organization.FromIdentity(perm.orgId);
}
catch
{
}
}
else
{
innerCurrentOrg = currentOrg;
}
RoleType[] rolesForPerm = {};
if (PermissonsDict.ContainsKey(perm.perm))
{
rolesForPerm = PermissonsDict[perm.perm];
}
if (perm.perm == Permission.CanSeeSelf)
{
thisFound = 1;
}
else if (rolesForPerm.Length > 0)
{
thisFound = CheckSpecificValidRoles(authority, rolesForPerm, innerCurrentGeo, innerCurrentOrg,
thisFound, flags);
}
if (permissionsNeeded.NeedOne && thisFound == 1)
{
return(true);
}
if (permissionsNeeded.NeedAll && thisFound == -1)
{
return(false);
}
}
//If Need all and not already returned, no false one was found
if (permissionsNeeded.NeedAll)
{
return(true);
}
return(false);
}
public static Authority GetPersonAuthority(int personId)
{
return
(Authority.FromBasic(SwarmDb.GetDatabaseForReading().GetPersonAuthority(Person.FromIdentity(personId))));
}
public static People FilterPeopleToMatchAuthority (People people, Authority authority, int gracePeriod)
{
// First: If sysadmin, return the whole list uncensored.
if (IsSystemAdministrator(authority))
{
return people;
}
SwarmDb databaseRead = SwarmDb.GetDatabaseForReading();
if (gracePeriod == -1)
gracePeriod = Membership.GracePeriod;
Dictionary<int, List<BasicMembership>> membershipTable = databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod);
Dictionary<int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities);
var clearedPeople = new Dictionary<int, Person>();
// Clear by organization roles
bool CanSeeNonMembers = authority.HasPermission(Permission.CanSeeNonMembers,Organization.PPSEid,-1,Flag.AnyGeographyExactOrganization);
foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
{
Dictionary<int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
foreach (Person person in people)
{
// Is the organization cleared in this officer's role for this to-be-viewed member?
if (membershipTable.ContainsKey(person.Identity))
{
foreach (BasicMembership membership in membershipTable[person.Identity])
{
if (clearedOrganizations.ContainsKey(membership.OrganizationId)
&& authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId, person.GeographyId, Flag.Default))
{
if (membership.Active
|| (membership.Expires > DateTime.Now.AddDays(-gracePeriod)
&& membership.Expires.AddDays(1) > membership.DateTerminated
&& authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default)))
{
clearedPeople[person.Identity] = person;
break;
}
}
}
}
else if (CanSeeNonMembers)
{ //person isn't member anywhere
clearedPeople[person.Identity] = person;
}
}
}
// Clear by node roles:
//
// For each node role, check if each member is in a cleared geography AND a cleared organization.
// If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z
// should see only people of those organizations only on those nodes.)
foreach (BasicPersonRole role in authority.LocalPersonRoles)
{
Dictionary<int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId);
Dictionary<int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
foreach (Person person in people)
{
// Is the node AND the organization cleared in this officer's role for this to-be-viewed member?
if (membershipTable.ContainsKey(person.Identity))
{
foreach (BasicMembership membership in membershipTable[person.Identity])
{
int organizationClear = 0;
int geographyClear = 0;
if (clearedOrganizations.ContainsKey(membership.OrganizationId))
{
organizationClear = membership.OrganizationId;
if (clearedGeographies.ContainsKey(geographyTable[person.Identity]))
{
geographyClear = geographyTable[person.Identity];
}
if (organizationClear > 0
&& geographyClear > 0
&& authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear, Flag.Default))
{
if (membership.Active
|| (membership.Expires > DateTime.Now.AddDays(-gracePeriod)
&& membership.Expires.AddDays(1) > membership.DateTerminated
&& authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default)))
{
clearedPeople[person.Identity] = person;
break;
}
}
}
}
}
}
}
// End: Assemble an array of the resulting cleared people
var result = new People();
foreach (Person clearedPerson in clearedPeople.Values)
{
result.Add(clearedPerson);
}
return result;
}
public static People FilterPeopleToMatchAuthority (People people, Authority authority)
{
return FilterPeopleToMatchAuthority(people, authority, -1);
// -1 indicates to respect grace period
}
public static Memberships FilterMembershipsToMatchAuthority (Memberships memberships, Geography personGeography,
Authority authority)
{
// First: If sysadmin, return the whole list uncensored.
if (IsSystemAdministrator(authority))
{
return memberships;
}
var clearedMemberships = new Dictionary<int, Membership>();
//
foreach (BasicPersonRole role in authority.OrganizationPersonRoles)
{
Dictionary<int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
foreach (Membership membership in memberships)
{
bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);
if (organizationClear
&& authority.HasPermission(Permission.CanViewMemberships, membership.OrganizationId, membership.Person.GeographyId, Flag.Default))
{
clearedMemberships[membership.Identity] = membership;
}
}
}
foreach (BasicPersonRole role in authority.LocalPersonRoles)
{
Dictionary<int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId);
Dictionary<int, BasicOrganization> clearedOrganizations =
OrganizationCache.GetOrganizationHashtable(role.OrganizationId);
bool geographyClear = clearedGeographies.ContainsKey(personGeography.Identity);
geographyClear = geographyClear && authority.HasPermission(Permission.CanViewMemberships, role.OrganizationId, personGeography.Identity, Flag.Default);
if (geographyClear)
{
foreach (Membership membership in memberships)
{
bool organizationClear = clearedOrganizations.ContainsKey(membership.OrganizationId);
if (organizationClear)
{
clearedMemberships[membership.Identity] = membership;
}
}
}
}
// Assemble the array
var result = new Memberships();
foreach (Membership membership in clearedMemberships.Values)
{
result.Add(membership);
}
return result;
}
private static int CheckSpecificValidRoles (Authority authority, RoleType[] roles,
Geography currentGeo, Organization currentOrg,
int thisFound, Flag flags)
{
if (authority.HasAnyRoleType(roles))
{
//Yes, we have one of the roles
foreach (RoleType r in roles)
{
if (authority.HasRoleType(r) && (Array.IndexOf(RoleTypes.AllLocalRoleTypes, r) > -1))
{
thisFound = authority.HasLocalRoleAtOrganizationGeography(currentOrg, currentGeo, r, flags) ? 1 : thisFound;
}
else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllOrganizationalRoleTypes, r) > -1)))
{
thisFound = authority.HasRoleAtOrganization(currentOrg, r, flags) ? 1 : thisFound;
}
else if (authority.HasRoleType(r) && ((Array.IndexOf(RoleTypes.AllSystemRoleTypes, r) > -1)))
{ //System PersonRole
thisFound = 1;
}
// break if we found one that gives access
if (thisFound == 1)
return thisFound;
}
// if we found one valid it would already have returned; return -1
thisFound = -1;
}
else
thisFound = -1; //No, we don't have any of the roles
return thisFound;
}
/// <summary>
/// Checks for authorization for a specific activity.
/// </summary>
/// <param name="permissionsNeeded">The permissions to allow or disallow.</param>
/// <param name="organizationId">The organization the activity is applied to.</param>
/// <param name="geographyId">The node the activity is applied to, or zero for world.</param>
/// <param name="authority">The authority to test against.</param>
/// <returns>True if allowed under current authority.</returns>
public static bool CheckAuthorization (PermissionSet permissionsNeeded, int organizationId, int geoNodeId, Authority authority, Flag flags)
{
if (permissionsNeeded == null)
return false;
Geography currentGeo = null;
if (geoNodeId > 0)
{
try { currentGeo = Geography.FromIdentity(geoNodeId); }
catch { }
}
Organization currentOrg = null;
if (organizationId > 0)
{
try { currentOrg = Organization.FromIdentity(organizationId); }
catch { }
}
foreach (PermissionSet.Item perm in permissionsNeeded)
{
int thisFound = 0;
Geography innerCurrentGeo = null;
Organization innerCurrentOrg = null;
if (perm.geographyId > 0)
{
try { innerCurrentGeo = Geography.FromIdentity(perm.geographyId); }
catch { }
}
else
innerCurrentGeo = currentGeo;
if (perm.orgId > 0)
{
try { innerCurrentOrg = Organization.FromIdentity(perm.orgId); }
catch { }
}
else
innerCurrentOrg = currentOrg;
RoleType[] rolesForPerm = new RoleType[] { };
if (PermissonsDict.ContainsKey(perm.perm))
rolesForPerm = PermissonsDict[perm.perm];
if (perm.perm == Permission.CanSeeSelf)
thisFound = 1;
else if (rolesForPerm.Length > 0)
thisFound = CheckSpecificValidRoles(authority, rolesForPerm, innerCurrentGeo, innerCurrentOrg, thisFound, flags);
if (permissionsNeeded.NeedOne && thisFound == 1)
return true;
if (permissionsNeeded.NeedAll && thisFound == -1)
return false;
}
//If Need all and not already returned, no false one was found
if (permissionsNeeded.NeedAll)
return true;
else
return false;
}
