public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to Edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}")); } if (contextModelObject.IsProposal()) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Application.GetFieldDefinitionLabelPluralized()} cannot be updated through the {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} Update process.")); } if (!contextModelObject.IsUpdatableViaProjectUpdateProcess) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} is not updatable via the {FieldDefinition.Project.GetFieldDefinitionLabel()} Update process")); } var projectIsEditableByUser = new ProjectUpdateAdminFeatureWithProjectContext().HasPermission(person, contextModelObject).HasPermission || contextModelObject.IsMyProject(person); if (!projectIsEditableByUser) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not editable by you.")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { bool isProposal = contextModelObject.IsProposal(); if (isProposal) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You cannot edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} because it is in the Proposal stage.")); } bool isPending = contextModelObject.IsPendingProject(); if (isPending) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You cannot edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} because it is a Pending Project.")); } bool isProjectStewardButCannotStewardThisProject = person != null && person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject); bool forbidEdit = !HasPermissionByPerson(person) || isProjectStewardButCannotStewardThisProject; if (forbidEdit) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}")); } if (person != null && person.HasRole(Role.ProgramEditor) && !person.CanProgramEditorManageProject(contextModelObject)) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { if (!HasPermissionByPerson(person)) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {contextModelObject.DisplayName}")); } if (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Approved) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"This {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} has been approved and can no longer be edited through this wizard.")); } if (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Rejected) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"This {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} has been rejected and can no longer be edited through this wizard.")); } var projectIsEditableByUser = contextModelObject.IsEditableToThisPerson(person); if (!projectIsEditableByUser) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not editable by you.")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { if (!HasPermissionByPerson(person)) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to view {contextModelObject.DisplayName}")); } if (contextModelObject.IsProposal() && person.IsAnonymousUser) { // do not allow if user is anonymous and do not show proposals to public if (!MultiTenantHelpers.ShowApplicationsToThePublic()) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you.")); } // do not allow if user is anonymous and show proposals to public and stage a stage other than pending if (MultiTenantHelpers.ShowApplicationsToThePublic() && contextModelObject.ProjectApprovalStatus != ProjectApprovalStatus.PendingApproval) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you.")); } } // "should only be visible and accessible to the following roles: Program Manager, Admin, Sitka Admin." bool projectCanOnlyBeSeenByAdmins = contextModelObject.ProjectType.LimitVisibilityToAdmin; bool personHasLimitedVisibilityRole = person.HasRole(Role.Admin) || person.HasRole(Role.SitkaAdmin) || person.HasRole(Role.ProjectSteward); if (projectCanOnlyBeSeenByAdmins && !personHasLimitedVisibilityRole) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you.")); } // Allowed return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Person contextModelObject) { if (contextModelObject == null) { return(PermissionCheckResult.MakeFailurePermissionCheckResult("The Person whose details you are requesting to see doesn't exist.")); } var userHasEditPermission = new UserEditBasicsFeature().HasPermissionByPerson(person); var userHasManagePermission = new ContactManageFeature().HasPermissionByPerson(person); var userViewingOwnPage = person.PersonID == contextModelObject.PersonID; #pragma warning disable 612 var userHasAppropriateRole = HasPermissionByPerson(person); #pragma warning restore 612 if (!userHasAppropriateRole) { return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don't permissions to view user details. If you aren't logged in, do that and try again.")); } //Only SitkaAdmin users should be able to see other SitkaAdmin users if (!person.HasRole(Role.SitkaAdmin) && contextModelObject.HasRole(Role.SitkaAdmin)) { return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don\'t have permission to view this user.")); } if (userViewingOwnPage || userHasEditPermission || userHasManagePermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don\'t have permission to view this user.")); }
public PermissionCheckResult HasPermission(Person person, Person contextModelObject) { var hasContactManagePermissions = new ContactManageFeature().HasPermissionByPerson(person); var hasAdminPermissions = new FirmaAdminFeature().HasPermissionByPerson(person); if (contextModelObject.PersonID == person.PersonID) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } if (!person.IsFullUser()) { if (hasContactManagePermissions) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } } else { if (hasAdminPermissions) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to edit {contextModelObject.FullNameFirstLast}")); }
public new PermissionCheckResult HasPermission(Person person, Project contextModelObject) { if (contextModelObject.ProjectStage == ProjectStage.Planned) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"Reported {FieldDefinition.PerformanceMeasure.GetFieldDefinitionLabelPluralized()} are not relevant for projects in the Planning/Design stage.")); } return(base.HasPermission(person, contextModelObject)); }
public PermissionCheckResult HasPermission(Person person, GrantAllocation contextModelObject) { if (person != null && person.PersonID != Person.AnonymousPersonID && person.HasAnyOfTheseRoles(GrantedRoles)) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult("You are not allowed to add files to Grant Allocations")); }
public PermissionCheckResult HasPermission(Person person, FirmaPage contextModelObject) { if (HasPermissionByPerson(person)) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult("Does not have administration privileges")); }
public PermissionCheckResult HasPermission(Person person, GrantAllocation contextModelObject) { if (person != null && person.PersonID != Person.AnonymousPersonID && GrantedRoles.Select(x => x.RoleID).Contains(person.RoleID)) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult("You are not allowed to add files to Grant Allocations")); }
public PermissionCheckResult HasPermission(Person person, GisUploadAttempt contextModelObject) { if (contextModelObject.GisUploadAttemptCreatePerson.PersonID == person.PersonID) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit this upload attempt")); }
public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardPersonnelAndBenefitsLineItem contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete this {FieldDefinition.GrantAllocationAwardPersonnelAndBenefitsLineItem.GetFieldDefinitionLabel()}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardLandownerCostShareLineItem contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {FieldDefinition.GrantAllocationAwardLandownerCostShare} with ID: {contextModelObject.GrantAllocationAwardLandownerCostShareLineItemID}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, GrantAllocationAward contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.GrantAllocationAwardName}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardContractorInvoice contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {FieldDefinition.GrantAllocationAwardContractorInvoice} with ID: {contextModelObject.GrantAllocationAwardContractorInvoiceDescription}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.DisplayName}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Invoice contextModelObject) { bool userHasPermission = HasPermissionByPerson(person); if (userHasPermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Invoice {contextModelObject.InvoiceID} - {contextModelObject.InvoiceIdentifyingName}")); }
public PermissionCheckResult HasPermission(Person person, PriorityLandscapeFileResource contextModelObject) { bool userHasPermission = HasPermissionByPerson(person); if (userHasPermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to manage the {FieldDefinition.PriorityLandscape.FieldDefinitionDisplayName} file {contextModelObject.DisplayName}")); }
public PermissionCheckResult HasPermission(Person person, GrantAllocationFileResource contextModelObject) { bool userHasPermission = HasPermissionByPerson(person); if (userHasPermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to manage the Grant Allocation file {contextModelObject.DisplayName}")); }
public PermissionCheckResult HasPermission(Person person, Program contextModelObject) { bool userHasPermission = HasPermissionByPerson(person); if (userHasPermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to { Models.FieldDefinition.Program.GetFieldDefinitionLabel()} {contextModelObject.ProgramName}")); }
public PermissionCheckResult HasPermission(Person person, Grant contextModelObject) { bool userHasPermission = HasPermissionByPerson(person); if (userHasPermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Grant {contextModelObject.GrantName}")); }
public PermissionCheckResult HasPermission(Person person, GrantModificationNoteInternal contextModelObject) { bool userHasPermission = HasPermissionByPerson(person); if (userHasPermission) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Internal Notes on Grant Modification {contextModelObject.GrantModification.GrantModificationName}")); }
public PermissionCheckResult HasPermission(Person person, PerformanceMeasure contextModelObject) { var hasPermissionByPerson = HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to Edit {FieldDefinition.TaxonomyBranch.GetFieldDefinitionLabelPluralized()} for {MultiTenantHelpers.GetPerformanceMeasureName()} {contextModelObject.PerformanceMeasureDisplayName}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { var isProjectStewardButCannotStewardThisProject = person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject); var forbidAdmin = !HasPermissionByPerson(person) || isProjectStewardButCannotStewardThisProject; if (forbidAdmin) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { if (contextModelObject.IsProposal()) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Application.GetFieldDefinitionLabelPluralized()} cannot be updated through the {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} Update process.")); } var forbidAdmin = !HasPermissionByPerson(person) || person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject); string possiblePermissionDeniedMessage = $"You don't have permission to make Administrative actions on {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"; return(PermissionCheckResult.MakeConditionalPermissionCheckResult(!forbidAdmin, possiblePermissionDeniedMessage)); }
public PermissionCheckResult HasPermission(Person person, Person contextModelObject) { var hasPermissionByPerson = new ContactManageFeature().HasPermissionByPerson(person); if (!hasPermissionByPerson) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.FullNameFirstLast}")); } if (contextModelObject.IsFullUser()) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{contextModelObject.FullNameFirstLast} cannot be deleted because they are a user with an account.")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, ProjectDocument contextModelObject) { var isProjectDocumentStewardButCannotStewardThisProjectDocument = person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject.Project); var forbidAdmin = !HasPermissionByPerson(person) || isProjectDocumentStewardButCannotStewardThisProjectDocument; if (forbidAdmin) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit documents for {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}")); } if (contextModelObject.Project.IsProposal() || contextModelObject.Project.IsPendingProject()) { return(new ProjectCreateFeature().HasPermission(person, contextModelObject.Project)); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, Project contextModelObject) { var projectLabel = FieldDefinition.Project.GetFieldDefinitionLabel(); if (!HasPermissionByPerson(person)) { return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to approve this {projectLabel}.")); } if (person.Role.RoleID == Role.ProjectSteward.RoleID && !person.CanStewardProject(contextModelObject)) { var organizationLabel = FieldDefinition.Organization.GetFieldDefinitionLabel(); return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to approve this {projectLabel} based on your relationship to the {projectLabel}'s {organizationLabel}.")); } return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); }
public PermissionCheckResult HasPermission(Person person, CustomPage contextModelObject) { if (contextModelObject == null) { return(PermissionCheckResult.MakeFailurePermissionCheckResult("custom page is null/invalid")); } var isVisible = contextModelObject.CustomPageDisplayType == CustomPageDisplayType.Public || (!person.IsAnonymousUser && contextModelObject.CustomPageDisplayType == CustomPageDisplayType.Protected); if (isVisible) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } return(PermissionCheckResult.MakeFailurePermissionCheckResult("Does not have custom page view privileges")); }