コード例 #1
0
        /// <summary>
        /// Get the company for the user along with Authorization info for what they can do with that company.
        /// For now we will assume: 1. Company Owner can do everything. 2. The employee can read, but not edit. 3. Everyone else is forbidden.
        /// This will only be used when the company is to be inferred from the user.
        /// </summary>
        /// <param name="professionalUserId"></param>
        /// <param name="includeAllEmployees">Do we return all employees with the company (will apply to company owners only for now)</param>
        /// <param name="authState"></param>
        /// <param name="isCompanyOwner"></param>
        /// <returns></returns>
        public Company GetAuthorization_ForCompanyAdmin_IfCompanyIdSelectedByUserId(Guid professionalUserId, bool includeAllEmployees, out AuthorizationState authState, out bool isCompanyOwner)
        {
            authState      = AuthorizationState.NotAllowed;
            isCompanyOwner = false;
            Company company = null;

            if (includeAllEmployees)
            {
                company = _companyQueries.GetCompanyAndAllEmployeesFromOwnerProfessionalUserId(professionalUserId);
            }
            else
            {
                company = _companyQueries.GetCompanyFromOwnerUserGuid(professionalUserId.ToString());
            }

            if (company != null)
            {
                // Owner - If it's the company owner, they have full rights.
                authState      = AuthorizationState.CreateReadUpdate;
                isCompanyOwner = true;
                return(company);
            }
            else
            {
                // Employee - If it's an employee, they can view.
                company = _companyQueries.GetCompanyAndThisEmployeeFromEmployeeProfessionalUserId(professionalUserId.ToString());
                if (company != null)
                {
                    authState      = AuthorizationState.ReadOnly;
                    isCompanyOwner = false;
                    return(company);
                }
            }

            // If it's anyone else, they can bugger off!
            return(company);
        }