/// <summary>
/// Determine whether a user has a permission via the user's roles alone or optionally
/// via her dispositions against a segregated entity.
/// For proper performance, ensure that <see cref="User.Roles"/>,
/// <see cref="User.Dispositions"/> and their <see cref="Disposition.Type"/>
/// are prefetched.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="permissionCodeName">
/// The <see cref="Permission.CodeName"/> of the <see cref="Permission"/>.
/// </param>
/// <param name="segregatedEntity">The optional segregated entity to check user dispositions against.</param>
public bool UserHasPermission(U user, string permissionCodeName, ISegregatedEntity segregatedEntity = null)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (permissionCodeName == null)
{
throw new ArgumentNullException(nameof(permissionCodeName));
}
var rolesAccessRight = GetRolesAccessRight(user);
// If roles alone yield access right to the permission, return true.
if (rolesAccessRight.HasPermission(permissionCodeName))
{
return(true);
}
if (segregatedEntity != null)
{
// Determine whether a disposition yields access right to the manager.
var dispositionsAccessRight = GetDispositionsAccessRight(user, segregatedEntity);
return(dispositionsAccessRight.HasPermission(permissionCodeName));
}
return(false);
}
/// <summary>
/// Determine whether a manager is supported via the user's roles alone or optionally
/// via her dispositions against a segregated entity.
/// For proper performance, ensure that <see cref="User.Roles"/>,
/// <see cref="User.Dispositions"/> and their <see cref="Disposition.Type"/>
/// are prefetched.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="managerType">The .NET class type of the manager.</param>
/// <param name="segregatedEntity">The optional segregated entity to check user dispositions against.</param>
public bool CanUserAccessManager(U user, Type managerType, ISegregatedEntity segregatedEntity = null)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (managerType == null)
{
throw new ArgumentNullException(nameof(managerType));
}
var rolesAccessRight = GetRolesAccessRight(user);
// If roles alone yield access right to the manager, return true.
if (rolesAccessRight.SupportsManager(managerType))
{
return(true);
}
if (segregatedEntity != null)
{
// Determine whether a disposition yields access right to the manager.
var dispositionsAccessRight = GetDispositionsAccessRight(user, segregatedEntity);
return(dispositionsAccessRight.SupportsManager(managerType));
}
return(false);
}
/// <summary> /// Get the access right that stems from the <see cref="User.Dispositions"/> of /// a <see cref="User"/> over a segregated entity. /// </summary> /// <param name="user">The user.</param> /// <param name="segregatedEntity">The segregated entity.</param> /// <returns>Returns the combined <see cref="AccessRight"/>.</returns> private AccessRight GetDispositionsAccessRight(User user, ISegregatedEntity segregatedEntity) => GetDispositionsAccessRight(user, segregatedEntity.SegregationID);
