protected void CheckEducationOrganization(ClaimValidatorRequest request)
{
var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
var localEducationAgencyId =
request.GetNullableIdByName(ClaimValidatorRequest.LocalEducationAgencyParameterName);
var userInfo = UserInformation.Current;
if (schoolId.HasUsableValue())
{
var claimValidatorSchoolEdOrgs =
SecurityAssertionProvider.GetEducationOrganizationHierarchy(schoolId.Value);
if (
userInfo.AssociatedOrganizations.Any(
org =>
org.ClaimTypes.Contains(ClaimType) &&
(claimValidatorSchoolEdOrgs.Contains(org.EducationOrganizationId) ||
SecurityAssertionProvider.GetEducationOrganizationHierarchy(org.EducationOrganizationId)
.Contains(schoolId.Value))))
{
return;
}
}
else if (localEducationAgencyId.HasUsableValue())
{
var claimValidatorLocalEducationAgencyEdOrgs =
SecurityAssertionProvider.GetEducationOrganizationHierarchy(localEducationAgencyId.Value);
if (
userInfo.AssociatedOrganizations.Any(
org =>
org.ClaimTypes.Contains(ClaimType) &&
(claimValidatorLocalEducationAgencyEdOrgs.Contains(org.EducationOrganizationId) ||
SecurityAssertionProvider.GetEducationOrganizationHierarchy(org.EducationOrganizationId)
.Contains(localEducationAgencyId.Value))))
{
return;
}
}
throw new UserAccessDeniedException(Implementations.SecurityAssertionProvider.NoEducationOrganizationPermissionErrorMessage);
}
protected void CheckLea(ClaimValidatorRequest request)
{
var lea = request.GetNullableIdByName(ClaimValidatorRequest.LocalEducationAgencyParameterName);
if (null == lea) return;
var userInfo = UserInformation.Current;
//Look at LEA or higher.
var claimValidatorLeaEdorgs = SecurityAssertionProvider.GetEducationOrganizationHierarchy((int)lea);
if (userInfo.AssociatedOrganizations.Any(
n => ((n.ClaimTypes.Contains(ClaimType)) &&
(claimValidatorLeaEdorgs.Contains(n.EducationOrganizationId) || //The user has an explict claim for the LEA or State level
(SecurityAssertionProvider.GetEducationOrganizationHierarchy(n.EducationOrganizationId).Contains((int)lea)))))) //The user has the lea within the hierarchy of one of thier claims.
//Note: Can not look higher than LEA in this last check because the State agency ID always comes back in the hierarchy.
return;
throw new UserAccessDeniedException(Implementations.SecurityAssertionProvider.NoEducationOrganizationPermissionErrorMessage);
}
protected override object HandleRequest(ClaimValidatorRequest request)
{
var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
if (schoolId.HasValue)
ValidateClaimSchoolStaff(request, ClaimType);
else
ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
var customStudentListId = request.GetNullableIdByName(ClaimValidatorRequest.CustomStudentListParameterName);
if (customStudentListId.HasValue && schoolId.HasValue)
{
try
{
ValidateClaimSchoolCustomStudentListStaff(request, ClaimType);
}
catch (UserAccessDeniedException)
{
// this lets a LEA level user modify a LEA custom student list at a school level
ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
ValidateClaimLocalEducationAgencyCustomStudentListStaff(request, ClaimType);
}
}
else if (customStudentListId.HasValue)
ValidateClaimLocalEducationAgencyCustomStudentListStaff(request, ClaimType);
return null;
}
protected override object HandleRequest(ClaimValidatorRequest request)
{
var staffUSI = request.GetNullableLongIdByName(ClaimValidatorRequest.StaffParameterName);
if (staffUSI.HasValue)
{
var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
if (schoolId.HasValue)
ValidateClaimSchoolStaff(request, ClaimType);
else
ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
}
else
{
var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
if (schoolId.HasValue)
ValidateClaimSchool(request, ClaimType);
else
ValidateClaimLocalEducationAgency(request, ClaimType);
}
return null;
}
protected override object HandleRequest(ClaimValidatorRequest request)
{
var studentListType = request.GetParameterValueByName(ClaimValidatorRequest.StudentListTypeParameterName);
var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
var staffUSI = request.GetNullableLongIdByName(ClaimValidatorRequest.StaffParameterName);
// DJWhite 4 Jan 2012: Default null or empty to NONE which is equivalent to ALL.
if (String.IsNullOrEmpty(studentListType)) studentListType = StudentListType.None.ToString();
switch (studentListType.ToLower())
{
case ClaimValidatorRequest.StudentListEnumSection:
if (!schoolId.HasValue)
throw new UserAccessDeniedException(ClaimValidatorRequest.InvalidParameterErrorMessage);
if (staffUSI.HasValue)
ValidateClaimSchoolStaffSection(request, ClaimType);
else
ValidateClaimSchoolSection(request, ClaimType);
break;
case ClaimValidatorRequest.StudentListEnumCohort:
if (staffUSI.HasValue)
{
if (schoolId.HasValue)
ValidateClaimSchoolCohortStaff(request, ClaimType);
else
ValidateClaimLocalEducationAgencyCohortStaff(request, ClaimType);
}
else
{
if (schoolId.HasValue)
ValidateClaimSchoolCohort(request, ClaimType);
else
ValidateClaimLocalEducationAgencyCohort(request, ClaimType);
}
break;
case ClaimValidatorRequest.StudentListEnumCustomStudentList:
ValidateClaimSchoolCustomStudentListStaff(request, ClaimType);
break;
case ClaimValidatorRequest.StudentListEnumMetricsBasedWatchList:
case ClaimValidatorRequest.StudentListEnumAll:
case ClaimValidatorRequest.StudentListEnumNone:
if (staffUSI.HasValue)
{
if (schoolId.HasValue)
ValidateClaimSchoolStaff(request, ClaimType);
else
ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
}
else
{
if (schoolId.HasValue)
ValidateClaimSchool(request, ClaimType);
else
ValidateClaimLocalEducationAgency(request, ClaimType);
}
break;
default:
throw new UserAccessDeniedException(ClaimValidatorRequest.InvalidParameterErrorMessage);
}
return null;
}
protected override object HandleRequest(ClaimValidatorRequest request)
{
ValidateCurrentUserIsStaff(request);
var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
if (schoolId.HasValue)
ValidateClaimSchoolStaff(request, ClaimType);
else
ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
return null;
}
