public static bool HasAccessToOperation(UserDto currentUser, UserOperation operation)
{
var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation);
//First test this, as it's the most common operation and it requires no db access
if (StudyAccessUtil.IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations))
{
return(true);
}
if (StudyAccessUtil.IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations))
{
return(true);
}
return(false);
}
public static bool HasAccessToOperationForStudy(UserDto currentUser, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
{
var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation);
//First thest this, as it's the most common operation and it requires no db access
if (IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails))
{
return(true);
}
if (IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved))
{
return(true);
}
if (IsAllowedBasedOnStudyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved))
{
return(true);
}
return(false);
}
public static string CreateAccessWhereClause(UserDto currentUser, UserOperation operation)
{
var ors = new List <string>();
var relevantPermissions = AllowedUserOperations.ForOperationQueryable(operation);
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantPermissions);
if (allowedForAppRolesQueryable.Any())
{
foreach (var curPermission in allowedForAppRolesQueryable)
{
if (
(currentUser.Admin && curPermission.AllowedForRoles.Contains(AppRoles.Admin)) ||
(currentUser.Sponsor && curPermission.AllowedForRoles.Contains(AppRoles.Sponsor)) ||
(currentUser.DatasetAdmin && curPermission.AllowedForRoles.Contains(AppRoles.DatasetAdmin))
)
{
var currentOr = ALWAYS_TRUE;
//Permission will be granted without restrictions (typically admin)
if (!curPermission.AppliesOnlyToNonHiddenStudies && !curPermission.AppliesOnlyIfUserIsStudyOwner)
{
return(null);
}
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
if (curPermission.AppliesOnlyIfUserIsStudyOwner)
{
currentOr += UserHasRole(currentUser, StudyRoles.StudyOwner);
}
ors.Add(currentOr);
}
}
}
if (currentUser.Employee)
{
var operationsAllowedForEmployeesOnly = AllowedUserOperations.ForAllNonExternalUserLevel(relevantPermissions);
foreach (var curPermission in operationsAllowedForEmployeesOnly)
{
var currentOr = ALWAYS_TRUE;
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
ors.Add(currentOr);
}
}
var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantPermissions);
if (allowedForStudyRolesQueryable.Any())
{
foreach (var curPermission in allowedForStudyRolesQueryable)
{
var currentOr = ALWAYS_TRUE;
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
currentOr += UserHasRole(currentUser, curPermission.AllowedForRoles);
ors.Add(currentOr);
}
}
if (ors.Count > 0)
{
var whereClauseBuilder = new StringBuilder();
foreach (var curOr in ors)
{
if (whereClauseBuilder.Length > 0)
{
whereClauseBuilder.Append(" OR ");
}
whereClauseBuilder.Append($"({curOr})");
}
return(whereClauseBuilder.ToString());
}
return(null);
}
