private async Task <bool> AuthoriseCreate(Guid personId, Guid userId)
{
var taskPersonTypes = await _personService.GetPersonTypes(personId);
if (taskPersonTypes.Student)
{
if (User.IsType(UserTypes.Student))
{
var student = await StudentService.GetByPersonId(personId);
return(await AuthoriseStudent(student.Id));
}
if (User.IsType(UserTypes.Staff))
{
return(true);
}
}
else if (taskPersonTypes.Employee)
{
if (await UserHasPermission(Permissions.People.StaffTasks.EditAllStaffTasks))
{
return(true);
}
var taskStaffMember = await _staffMemberService.GetByPersonId(personId, false);
var userStaffMember = await _staffMemberService.GetByUserId(userId, false);
if (userStaffMember != null && taskStaffMember != null)
{
if (taskStaffMember.Id == userStaffMember.Id)
{
return(true);
}
return(await UserHasPermission(Permissions.People.StaffTasks.EditManagedStaffTasks) &&
await _staffMemberService.IsLineManager(taskStaffMember.Id, userStaffMember.Id));
}
}
return(false);
}
private async Task <TaskAccessResponse> GetPermissionsForTasksPerson(Guid personId, bool edit)
{
var response = new TaskAccessResponse();
var user = await GetLoggedInUser();
if (user.PersonId.Value == personId)
{
response.IsOwner = true;
}
var person = await PersonService.GetPersonWithTypes(personId);
if (person.PersonTypes.IsStaff)
{
var allStaffPermission =
edit ? PermissionValue.PeopleEditAllStaffTasks : PermissionValue.PeopleViewAllStaffTasks;
var managedStaffPermission =
edit ? PermissionValue.PeopleEditManagedStaffTasks : PermissionValue.PeopleViewManagedStaffTasks;
if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
allStaffPermission))
{
response.CanAccess = true;
}
if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
managedStaffPermission))
{
if (user.PersonId.HasValue)
{
var staffMember = await _staffMemberService.GetByPersonId(person.Person.Id.Value);
var userPerson = await _staffMemberService.GetByPersonId(user.PersonId.Value);
if (staffMember != null && userPerson != null)
{
if (await _staffMemberService.IsLineManager(staffMember.Id.Value, userPerson.Id.Value))
{
response.CanAccess = true;
}
}
}
}
}
if (person.PersonTypes.IsContact)
{
var contactPermission =
edit ? PermissionValue.PeopleEditContactTasks : PermissionValue.PeopleViewContactTasks;
response.CanAccess =
await User.HasPermission(RoleService, PermissionRequirement.RequireAll, contactPermission);
}
if (person.PersonTypes.IsStudent)
{
var studentPermission =
edit ? PermissionValue.StudentEditStudentTasks : PermissionValue.StudentViewStudentTasks;
response.CanAccess =
await User.HasPermission(RoleService, PermissionRequirement.RequireAll, studentPermission);
}
return(response);
}
public async Task <bool> CanAccessDirectory(Guid directoryId, bool edit)
{
var user = await GetLoggedInUser();
var directory = await _documentService.GetDirectoryById(directoryId);
if (directory.Restricted)
{
if (user.UserType != UserTypes.Staff || directory.ParentId != null &&
!await CanAccessDirectory(directory.ParentId.Value, edit))
{
return(false);
}
}
if (await _documentService.DirectoryIsPrivate(directory.Id.Value))
{
var dirOwner = await _personService.GetPersonWithTypesByDirectory(directory.Id.Value);
if (dirOwner.PersonTypes.IsStaff)
{
var allStaffPermission =
edit
? PermissionValue.PeopleEditAllStaffDocuments
: PermissionValue.PeopleViewAllStaffDocuments;
var ownStaffPermission =
edit
? PermissionValue.PeopleEditOwnStaffDocuments
: PermissionValue.PeopleViewOwnStaffDocuments;
var managedStaffPermission =
edit
? PermissionValue.PeopleEditManagedStaffDocuments
: PermissionValue.PeopleViewManagedStaffDocuments;
if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
allStaffPermission))
{
return(true);
}
if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
ownStaffPermission))
{
if (dirOwner.Person.Id == user.PersonId)
{
return(true);
}
}
if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
managedStaffPermission))
{
if (user.PersonId.HasValue)
{
var staffMember = await _staffMemberService.GetByPersonId(dirOwner.Person.Id.Value);
var lineManager = await _staffMemberService.GetByPersonId(user.PersonId.Value);
if (staffMember != null && lineManager != null)
{
if (await _staffMemberService.IsLineManager(staffMember.Id.Value, lineManager.Id.Value))
{
return(true);
}
}
}
}
return(false);
}
if (dirOwner.PersonTypes.IsStudent)
{
var studentPermission =
edit
? PermissionValue.StudentEditStudentDocuments
: PermissionValue.StudentViewStudentDocuments;
if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
studentPermission))
{
return(true);
}
}
return(user.UserType == UserTypes.Staff || user.PersonId == dirOwner.Person.Id);
}
return(true);
}
