private async Task <EmployeeCreationVM> PrepareEmployeeEditionViewModel(EmployeeCreationVM employeeCreationVM, Employee concernedEmployee, UserRoles concernedEmployeesRoles, EditionPermissions editionPermissions) { var currentUserData = await GetCurrentUserData(); if (editionPermissions == null) { editionPermissions = await GetEditionPermission(concernedEmployee); } employeeCreationVM = await SetEmployeeCompanyAndManagerState(employeeCreationVM, editionPermissions); employeeCreationVM.ProfileDataEnabled = editionPermissions.AllowEditProfile; employeeCreationVM.ContactDataEnabled = editionPermissions.AllowEditContacts; employeeCreationVM.RolesListEnabled = editionPermissions.AllowEditAccess; //!concernedEmployee.Id.Equals(currentUserData.Item1.Id); employeeCreationVM.RolesList = await GetListAllowedRoles(currentUserData.Item3); employeeCreationVM.Roles = UserManagerExtensions.FromUserRoles(concernedEmployeesRoles).ToList(); employeeCreationVM.ManagerEnabled = editionPermissions.AllowChangeManager; employeeCreationVM.CompanyEnabled = editionPermissions.AllowChangeCompany; return(employeeCreationVM); }
private async Task <EditionPermissions> GetEditionPermission( Employee concernedEmployee) { ///User allowed edit account in the case when /// - Is not employee but company admin /// - Is redactor is privileged user from same company /// - If recactor ant concerned user is same persone var currentUserData = await GetCurrentUserData(); var currentUser = currentUserData.Item1; var currentUserRoles = currentUserData.Item3; var currentEmployee = currentUserData.Item2; bool isCompanyPriveleged = (currentUserRoles & (UserRoles.CompanyAdministrator | UserRoles.HRManager)) > 0; bool isAppAdministrator = (currentUserRoles & UserRoles.AppAdministrator) == UserRoles.AppAdministrator; if (concernedEmployee == null) { if (isCompanyPriveleged || isAppAdministrator) { EditionPermissions permissions = EditionPermissions.AllGranted; permissions.AllowChangeCompany = isAppAdministrator; permissions.AllowEditAccess = isAppAdministrator || ((currentUserRoles & UserRoles.CompanyAdministrator) == UserRoles.CompanyAdministrator); permissions.IsSelfEdition = false; return(permissions); } else { return(EditionPermissions.AllForbidden); } } bool allowEdition = (currentUser != null && (currentUserRoles & UserRoles.AppAdministrator) == UserRoles.AppAdministrator) || (currentEmployee != null && currentEmployee.CompanyId == concernedEmployee?.CompanyId && ((currentUserRoles & (UserRoles.CompanyAdministrator | UserRoles.HRManager)) > 0)) || currentEmployee != null && currentEmployee.Id == concernedEmployee?.Id; if (currentUser == null || !allowEdition) { return new EditionPermissions() { AllowEdition = false } } ; bool isItSelfEdition = concernedEmployee?.Id.Equals(currentUser.Id) ?? false; bool isItSameCompanyEdition = concernedEmployee.CompanyId == currentEmployee?.CompanyId; bool allowEditProfile = (isCompanyPriveleged & isItSameCompanyEdition) || isAppAdministrator; bool allowEditAccess = await GetAllowedRolesAsync(currentUserRoles, isItSelfEdition) != UserRoles.None; bool allowEditContact = isAppAdministrator || (isItSameCompanyEdition && isCompanyPriveleged) || isItSelfEdition; bool allowChangeManager = (isCompanyPriveleged && isItSameCompanyEdition) || isAppAdministrator; bool allowChangeCompany = (currentUserRoles & UserRoles.AppAdministrator) == UserRoles.AppAdministrator; bool allowRemoveProfile = (currentUserRoles & (UserRoles.AppAdministrator | UserRoles.CompanyAdministrator)) > UserRoles.None; return(new EditionPermissions() { AllowEdition = allowEdition, IsSelfEdition = isItSelfEdition, AllowEditAccess = allowEditAccess, AllowEditProfile = allowEditProfile, AllowEditContacts = allowEditContact, AllowChangeManager = allowChangeManager, AllowChangeCompany = allowChangeCompany, AllowRemoveAccount = allowRemoveProfile }); }
private async Task <bool> ValidateInput(Employee consernedEmployee, EmployeeCreationVM employeeVM, EditionPermissions permission) { if (consernedEmployee == null || !permission.AllowEdition) { return(false); } bool inputValid = permission.AllowEdition; bool rolesListValid = await ValidateRoles(consernedEmployee, employeeVM, permission.AllowEditAccess); if (!rolesListValid) { ModelState.AddModelError("", _DataLocalizer["You not autorized to change the roles"]); } inputValid &= rolesListValid; bool profileValid = ValidateProfileEdition(consernedEmployee, employeeVM, permission.AllowEditProfile); if (!profileValid) { ModelState.AddModelError("", _DataLocalizer["You not autorized to edit profile data"]); } inputValid &= profileValid; bool contactsValid = ValidateContactData(consernedEmployee, employeeVM, permission.AllowEditContacts); if (!contactsValid) { ModelState.AddModelError("", _DataLocalizer["You not autorized to edit contacts data"]); } inputValid &= contactsValid; bool managerValid = ValidateManagerData(consernedEmployee, employeeVM, permission.AllowChangeManager); if (!managerValid) { ModelState.AddModelError("", _DataLocalizer["You not autorized to change your manager"]); } inputValid &= managerValid; bool companyValid = await ValidateCompanyData(consernedEmployee, employeeVM, permission.AllowChangeCompany); if (!companyValid) { ModelState.AddModelError("", _DataLocalizer["You not autorized to change your manager"]); } inputValid &= companyValid; return(inputValid); }
//Todo: Review this section private async Task <EmployeeCreationVM> SetEmployeeCompanyAndManagerState(EmployeeCreationVM employeeCreationVM, EditionPermissions editionPermissions) { //Case when employee created by app admin var currentLoginData = await GetCurrentUserData(); var currentUserRoles = currentLoginData.Item3; var currentEmployee = currentLoginData.Item2; bool currentUserIsAppAdmin = (currentUserRoles & UserRoles.AppAdministrator) == UserRoles.AppAdministrator; bool currentUserIsCompanyPriveleged = (currentUserRoles & (UserRoles.CompanyAdministrator | UserRoles.HRManager)) > 0; employeeCreationVM.CompanyEnabled = editionPermissions.AllowChangeCompany; if (editionPermissions.AllowChangeCompany) { var companiesList = (await _UnitOfWork.Companies.WhereAsync(x => x.Active)) .Select(x => new SelectListItem(x.CompanyName, x.Id.ToString(), x.Id.Equals(employeeCreationVM?.CompanyId))).ToList(); companiesList.Insert(0, new SelectListItem(_DataLocalizer["Please select the company"], "0", true, true)); companiesList.Insert(1, new SelectListItem(_DataLocalizer["None"], String.Empty, true, !currentUserIsAppAdmin)); employeeCreationVM.Companies = companiesList; } else { if (currentEmployee?.CompanyId != null) { if (employeeCreationVM.CompanyId == null) { employeeCreationVM.CompanyId = currentEmployee.CompanyId; } if (employeeCreationVM.CompanyId != null) { if (currentEmployee?.Company != null) { employeeCreationVM.Company = currentEmployee.Company; } else { employeeCreationVM.Company = await _UnitOfWork.Companies.FindAsync(x => x.Id == (int)employeeCreationVM.CompanyId); } employeeCreationVM.Companies = new SelectListItem[] { new SelectListItem(employeeCreationVM.Company.CompanyName, employeeCreationVM.Company.Id.ToString(), true, true) }; } } } employeeCreationVM.ManagerEnabled = editionPermissions.AllowChangeManager; if (editionPermissions.AllowChangeManager) { var managers = await GetEmployeesByCompany(employeeCreationVM.CompanyId, employeeCreationVM.ManagerId); managers.Insert(0, new SelectListItem(_DataLocalizer["None"], null)); employeeCreationVM.Managers = managers; } else { if (employeeCreationVM?.Manager != null) { employeeCreationVM.Managers = new SelectListItem[] { new SelectListItem(employeeCreationVM.Manager.FormatEmployeeSNT(), employeeCreationVM.ManagerId, true, true) } } ; } return(employeeCreationVM); }