public static bool CheckAuthorization(HttpContext httpContext, Site site, CourseTerm courseTerm, AuthScope scope, int minLevel, int maxLevel)
{
AssessTrackDataRepository data = new AssessTrackDataRepository();
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
IPrincipal user = httpContext.User;
if (!user.Identity.IsAuthenticated)
{
return false;
}
//Get the user's profile and see if they have
//the required access level
Profile profile = data.GetLoggedInProfile();
switch (scope)
{
case AuthScope.Application:
{
if (profile.AccessLevel < minLevel || profile.AccessLevel > maxLevel)
return false;
break;
}
case AuthScope.Site:
{
SiteMember member = data.GetSiteMemberByMembershipID(site,profile.MembershipID);
if (member == null ||
(member.AccessLevel < minLevel || member.AccessLevel > maxLevel))
return false;
}
break;
case AuthScope.CourseTerm:
{
CourseTermMember member = data.GetCourseTermMemberByMembershipID(courseTerm, profile.MembershipID);
if (member == null ||
(member.AccessLevel < minLevel || member.AccessLevel > maxLevel))
return false;
}
break;
default:
//TODO Do some logging here maybe?
return false;
}
return true;
}
public double Score()
{
AssessTrackDataRepository repo = new AssessTrackDataRepository();
return Score(repo.GetLoggedInProfile());
}
double ITaggable.Score()
{
AssessTrackDataRepository repo = new AssessTrackDataRepository();
return (this as ITaggable).Score(repo.GetLoggedInProfile());
}