Esempio n. 1
0
        private async Task <bool> AuthoriseCreate(Guid personId, Guid userId)
        {
            var taskPersonTypes = await _personService.GetPersonTypes(personId);

            if (taskPersonTypes.Student)
            {
                if (User.IsType(UserTypes.Student))
                {
                    var student = await StudentService.GetByPersonId(personId);

                    return(await AuthoriseStudent(student.Id));
                }

                if (User.IsType(UserTypes.Staff))
                {
                    return(true);
                }
            }

            else if (taskPersonTypes.Employee)
            {
                if (await UserHasPermission(Permissions.People.StaffTasks.EditAllStaffTasks))
                {
                    return(true);
                }

                var taskStaffMember = await _staffMemberService.GetByPersonId(personId, false);

                var userStaffMember = await _staffMemberService.GetByUserId(userId, false);

                if (userStaffMember != null && taskStaffMember != null)
                {
                    if (taskStaffMember.Id == userStaffMember.Id)
                    {
                        return(true);
                    }

                    return(await UserHasPermission(Permissions.People.StaffTasks.EditManagedStaffTasks) &&
                           await _staffMemberService.IsLineManager(taskStaffMember.Id, userStaffMember.Id));
                }
            }

            return(false);
        }
Esempio n. 2
0
        private async Task <TaskAccessResponse> GetPermissionsForTasksPerson(Guid personId, bool edit)
        {
            var response = new TaskAccessResponse();

            var user = await GetLoggedInUser();

            if (user.PersonId.Value == personId)
            {
                response.IsOwner = true;
            }

            var person = await PersonService.GetPersonWithTypes(personId);

            if (person.PersonTypes.IsStaff)
            {
                var allStaffPermission =
                    edit ? PermissionValue.PeopleEditAllStaffTasks : PermissionValue.PeopleViewAllStaffTasks;
                var managedStaffPermission =
                    edit ? PermissionValue.PeopleEditManagedStaffTasks : PermissionValue.PeopleViewManagedStaffTasks;

                if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
                                             allStaffPermission))
                {
                    response.CanAccess = true;
                }

                if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
                                             managedStaffPermission))
                {
                    if (user.PersonId.HasValue)
                    {
                        var staffMember = await _staffMemberService.GetByPersonId(person.Person.Id.Value);

                        var userPerson = await _staffMemberService.GetByPersonId(user.PersonId.Value);

                        if (staffMember != null && userPerson != null)
                        {
                            if (await _staffMemberService.IsLineManager(staffMember.Id.Value, userPerson.Id.Value))
                            {
                                response.CanAccess = true;
                            }
                        }
                    }
                }
            }

            if (person.PersonTypes.IsContact)
            {
                var contactPermission =
                    edit ? PermissionValue.PeopleEditContactTasks : PermissionValue.PeopleViewContactTasks;

                response.CanAccess =
                    await User.HasPermission(RoleService, PermissionRequirement.RequireAll, contactPermission);
            }

            if (person.PersonTypes.IsStudent)
            {
                var studentPermission =
                    edit ? PermissionValue.StudentEditStudentTasks : PermissionValue.StudentViewStudentTasks;

                response.CanAccess =
                    await User.HasPermission(RoleService, PermissionRequirement.RequireAll, studentPermission);
            }

            return(response);
        }
Esempio n. 3
0
        public async Task <bool> CanAccessDirectory(Guid directoryId, bool edit)
        {
            var user = await GetLoggedInUser();

            var directory = await _documentService.GetDirectoryById(directoryId);

            if (directory.Restricted)
            {
                if (user.UserType != UserTypes.Staff || directory.ParentId != null &&
                    !await CanAccessDirectory(directory.ParentId.Value, edit))
                {
                    return(false);
                }
            }

            if (await _documentService.DirectoryIsPrivate(directory.Id.Value))
            {
                var dirOwner = await _personService.GetPersonWithTypesByDirectory(directory.Id.Value);

                if (dirOwner.PersonTypes.IsStaff)
                {
                    var allStaffPermission =
                        edit
                            ? PermissionValue.PeopleEditAllStaffDocuments
                            : PermissionValue.PeopleViewAllStaffDocuments;

                    var ownStaffPermission =
                        edit
                            ? PermissionValue.PeopleEditOwnStaffDocuments
                            : PermissionValue.PeopleViewOwnStaffDocuments;

                    var managedStaffPermission =
                        edit
                            ? PermissionValue.PeopleEditManagedStaffDocuments
                            : PermissionValue.PeopleViewManagedStaffDocuments;

                    if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
                                                 allStaffPermission))
                    {
                        return(true);
                    }

                    if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
                                                 ownStaffPermission))
                    {
                        if (dirOwner.Person.Id == user.PersonId)
                        {
                            return(true);
                        }
                    }

                    if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
                                                 managedStaffPermission))
                    {
                        if (user.PersonId.HasValue)
                        {
                            var staffMember = await _staffMemberService.GetByPersonId(dirOwner.Person.Id.Value);

                            var lineManager = await _staffMemberService.GetByPersonId(user.PersonId.Value);

                            if (staffMember != null && lineManager != null)
                            {
                                if (await _staffMemberService.IsLineManager(staffMember.Id.Value, lineManager.Id.Value))
                                {
                                    return(true);
                                }
                            }
                        }
                    }

                    return(false);
                }

                if (dirOwner.PersonTypes.IsStudent)
                {
                    var studentPermission =
                        edit
                            ? PermissionValue.StudentEditStudentDocuments
                            : PermissionValue.StudentViewStudentDocuments;

                    if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll,
                                                 studentPermission))
                    {
                        return(true);
                    }
                }

                return(user.UserType == UserTypes.Staff || user.PersonId == dirOwner.Person.Id);
            }

            return(true);
        }