public UserFormAccessList GetAuthorisedForms(SecureSession session, RoleList roleList) { IEnumerable<string> keys = AssemblyResourceReader.GetResourceKeys(); string pattern = string.Format("Test_Data.ApplicationPermissions.FORM-([a-z0-9-]*)-USER-{0}", session.AuthenticatedUser.Id); Dictionary<string, List<string>> forms = new Dictionary<string, List<string>>(); foreach (string key in keys) { Match match = Regex.Match(key, pattern, RegexOptions.IgnoreCase); if (!match.Success) { continue; } string content = AssemblyResourceReader.ReadAsString(key); string formId = match.Groups[1].Value; ApplicationEntitlementList applicationEntitlements = JsonConvert.DeserializeObject<ApplicationEntitlementList>(content); foreach (ApplicationEntitlement entitlement in applicationEntitlements) { if (entitlement.AccessLevel > AccessLevel.NoAccess) { if (!forms.ContainsKey(formId)) { forms.Add(formId, new List<string>()); } forms[formId].Add(entitlement.StateName); } } } return new UserFormAccessList(forms.Select(kvp => new UserFormAccess(kvp.Key, kvp.Value.ToList()))); }
/// <summary> /// Gets the base <see cref="AccessLevel" /> applicable for a combination of user & application. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="application">The application.</param> /// <param name="roleList">The list of roles.</param> /// <param name="versionNumber">The version number of the form being accessed.</param> /// <returns>The base <see cref="AccessLevel" /> applicable for a combination of user & application.</returns> public virtual AccessLevel GetApplicationAccess(SecureSession session, Application application, RoleList roleList, int versionNumber) { if (this.IsAdministrator(session)) { return AccessLevel.Write; } if (!this.IsOrganisationEntitled(session, application)) { return AccessLevel.NoAccess; } string userId = this.GetSessionUserId(session); bool viewAllDrafts = session.AuthenticatedUser != null && this.GetSystemEntitlements(userId)[SystemEntitlementAccess.VIEW_DRAFT_APPLICATIONS] > AccessLevel.NoAccess; if (application.Draft && application.AssignedTo != userId && !viewAllDrafts) { return AccessLevel.NoAccess; } var systemEntitlements = this.GetSystemEntitlements(session.AuthenticatedUser != null ? session.AuthenticatedUser.Id : null); if (application.Draft && application.AssignedTo != userId && systemEntitlements[SystemEntitlementAccess.VIEW_DRAFT_APPLICATIONS] == AccessLevel.NoAccess) { return AccessLevel.NoAccess; } Dictionary<string, string> userRoles = this.DetermineRolesForUser(session, roleList, application); ApplicationEntitlementList applicationEntitlements = this.securityService.GetApplicationEntitlements(application.FormId, versionNumber, application.WorkflowState, userRoles.Keys); return applicationEntitlements.Any() ? applicationEntitlements.Max(e => e.AccessLevel) : AccessLevel.NoAccess; }
/// <summary> /// Gets the base <see cref="AccessLevel" /> applicable for a combination of user & application. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="application">The application.</param> /// <param name="roleList">The list of roles.</param> /// <param name="versionNumber">The version number of the form being accessed.</param> /// <returns>The base <see cref="AccessLevel" /> applicable for a combination of user & application.</returns> public AccessLevel GetApplicationAccess(SecureSession session, Application application, RoleList roleList, int versionNumber) { if (this.ImpersonatedSession != null && string.IsNullOrWhiteSpace(application.Id)) { this.ImpersonateEntitlements(session); } return this.wrappedProvider.GetApplicationAccess(session, application, roleList, versionNumber); }
/// <summary> /// Find all eligible applications and perform system transitions. /// </summary> /// <param name="session">A secure session.</param> public void DoWork(SecureSession session) { List<SystemTransitionWorkflowStateList> stateTransitionList = this.GetStateTransitions(session); foreach (var stateList in stateTransitionList) { foreach (WorkflowState state in stateList) { UnitOfWorkList<ApplicationWorkItem> work = this.FindWork(session, stateList.FormId, state); foreach (UnitOfWork<ApplicationWorkItem> workItem in work) { ApplicationWorkflowItem workflowItem = this.GetWorkflowItem(session, workItem); if (!string.IsNullOrWhiteSpace(workItem.Item.EmailAddress)) { workflowItem.UserEmail = workItem.Item.EmailAddress; workflowItem.UserId = workItem.Item.UserId; } else { workflowItem.UserId = session.AuthenticatedUser.Id; } ItemState oldState = new ItemState(workItem.Item.Application.WorkflowState); WorkflowResult result = this.workflowService.Trigger(workflowItem, workItem.Item.Transition, oldState); /* if (workItem.Item.Transition.Trigger == TriggerEvent.EmailLink) { this.MarkWorkflowActionProcessed(); } */ if (result == null || result.ExitState.Name == oldState.Name) { continue; } this.formServiceGateway.SubmitApplication(session, workItem.Item.Application, result.ExitState.Name, result.ExitAssignee, result.ExitAssigneeType); this.workflowService.LogStateChange(workflowItem, oldState, result.ExitState); } } /* // When paginating... work = this.FindWork(session, stateList.FormId, state); while (work.Count > 0) { // Get more work if available work = this.FindWork(session, stateList.FormId, state); } */ } }
/// <summary> /// Creates a new application. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate form id in the token.</param> /// <param name="formId">The form id.</param> /// <param name="saveApplication">If set to <see langword="true"/>, save the newly created application.</param> /// <returns> /// The created application. /// </returns> public Application CreateApplication(SecureSession session, string formId, bool saveApplication = true) { string responseString = this.AddTokenAndInvoke(session.Token, new Func<string, bool, int?, string>(this.client.CreateApplication), formId, saveApplication, null); var template = new { Success = true, application = new Application() }; var returnObj = JsonConvert.DeserializeAnonymousType(responseString, template); return returnObj.application; }
public AccessLevel GetApplicationAccess(SecureSession session, Application application, RoleList roleList, int versionNumber) { string resourceString; string userId = session.AuthenticatedUser == null ? string.Empty : session.AuthenticatedUser.Id; string formName = string.Format("Test_Data.ApplicationPermissions.FORM-{0}-USER-{1}.json", application.FormId.PadLeft(2, '0'), userId); if (AssemblyResourceReader.TryReadAsString(formName, out resourceString)) { var applicationEntitlements = JsonConvert.DeserializeObject<ApplicationEntitlementList>(resourceString); applicationEntitlements = new ApplicationEntitlementList(applicationEntitlements.Where(e => e.ProductId == application.FormId && e.ProductVersion == application.FormVersion && e.StateName == application.WorkflowState && roleList.Contains(e.RoleId))); return applicationEntitlements.Max(e => e.AccessLevel); } return AccessLevel.NoAccess; }
public IEnumerable<Application> SearchApplications(SecureSession session, string formId, ApplicationSearchFilter filter, Pagination pagination = null) { int applicationId = ((MockSecureSession)session).ApplicationId; string jsonString = AssemblyResourceReader.ReadAsString(applicationId != 0 ? string.Format("Test_Data.Applications.APPLICATION-{0}.json", applicationId) : "Test_Data.Applications.APPLICATION-1.json"); List<Application> apps = JsonConvert.DeserializeObject<List<Application>>(jsonString); if (filter.ApplicationStates != null && filter.ApplicationStates.Count > 0) { return apps.Where(a => filter.ApplicationStates.Contains(a.WorkflowState)).ToList(); } return apps; }
/// <summary> /// Gets the application with an id matching <paramref name="applicationId"/>. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate form id in the token.</param> /// <param name="applicationId">The id of the application to get.</param> /// <param name="version">Which version of the application to get. Defaults to <see langword="null"/>.</param> /// <returns>The application with an id matching <paramref name="applicationId"/>.</returns> public Application GetApplication(SecureSession session, string applicationId, int? version = null) { string responseString = this.AddTokenAndInvoke(session.Token, new Func<string, int?, string>(this.client.GetApplication), applicationId, version); JObject obj = JObject.Parse(responseString); JToken applicationToken = obj.SelectToken("application"); if (applicationToken == null) { throw new KeyNotFoundException(string.Format(ExceptionMessages.UnknownApplication, applicationId)); } string application = applicationToken.ToString(); Application returnObj = JsonConvert.DeserializeObject<Application>(application); return returnObj; }
public List<ControlAccess> GetControlsAccess( SecureSession session, Application application, ControlList controlList, RoleList roleList, int versionNumber, AccessLevel? defaultAccessLevel = null) { string resourceString; if (AssemblyResourceReader.TryReadAsString(string.Format("Test_Data.ControlPermissions.FORM-{0}-USER-{1}.json", application.FormId.PadLeft(2, '0'), session.AuthenticatedUser.Id), out resourceString)) { var entitlements = JsonConvert.DeserializeObject<ControlEntitlementList>(resourceString); entitlements.Merge(); return new List<ControlAccess>(entitlements.Select(e => new ControlAccess(e.ControlId, e.AccessLevel))); } return new List<ControlAccess>(); }
public Application CreateApplication(SecureSession session, string formId, bool saveApplication = true) { throw new NotImplementedException(); }
/// <summary> /// Validates the user is entitled to access the application. /// </summary> /// <param name="sessionData">The <see cref="SessionData"/> containing the application id.</param> /// <param name="applicationId">The application id.</param> /// <param name="controlName">The name of the attachment control.</param> /// <param name="minimumControlAccess">The minimum control access to check for.</param> /// <returns><see langword="true"/> if the user can access the application.</returns> /// <exception cref="SecurityException">The user is not authorized to access the application/control.</exception> private bool CanAccessControl(SessionData sessionData, string applicationId, string controlName, AccessLevel minimumControlAccess) { if (string.IsNullOrEmpty(applicationId)) { throw new NullReferenceException(); } User user = this.DataAccess.GetUserById(sessionData.UserId); if (user != null && user.IsAdministrator()) { return true; } SecureSession secureSession = new SecureSession(sessionData.DeserializationSource, sessionData.SessionId, user); RetrieveApplicationResponse response = this.applicationManager.GetApplicationSecure(sessionData, applicationId); ControlList controlList = new ControlList() { response.Product.FormDefinition.Pages.AllControls.FindRecursive(c => c.Name == controlName) }; ControlAccess controlsAccess = this.entitlementProvider.GetControlsAccess(secureSession, response.Application, controlList, this.DataAccess.GetRoleList(), response.Product.Version).First(); // Will throw exception if there is an invalid access request. if (controlsAccess.AccessLevel < minimumControlAccess) { throw new SecurityException(); } return true; }
public List<MetadataControlAccess> GetMetadataControlsAccess( SecureSession session, Application application, MetadataControlList metadataControlsList, RoleList roleList, int versionNumber, AccessLevel? defaultAccessLevel = null) { throw new NotImplementedException(); }
/// <summary> /// Gets a list of forms the user is authorised for and in what states. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="roleList">The list of roles.</param> /// <returns>A list of forms the user is authorised for and in what states, serialized as JSON.</returns> /// <remarks> /// A user is deemed to be authorised for a form if they have <see cref="AccessLevel.Read"/> access or greater /// to the form in at least one state. /// </remarks> public virtual UserFormAccessList GetAuthorisedForms(SecureSession session, RoleList roleList) { session = session ?? new SecureSession(); var organisationIds = session.AuthenticatedUser == null ? new string[0] : session.AuthenticatedUser.Organisations.Select(o => o.Key).ToArray(); Dictionary<string, string> roles = this.DetermineRolesForUser(session, roleList); var applicationEntitlements = this.securityService.GetApplicationEntitlements(organisationIds, null).GroupBy(e => new { e.ProductId, e.ProductVersion }); if (this.IsAdministrator(session)) { UserFormAccessList returnList = new UserFormAccessList(); foreach (var entitlement in applicationEntitlements) { List<string> allStates = entitlement.Select(e => e.StateName).Distinct().ToList(); returnList.Add(new UserFormAccess(entitlement.Key.ProductId, allStates)); } return returnList; } UserFormAccessList formAccessList = new UserFormAccessList(); string originatorRoleId = roleList.FirstOrDefault(r => r.RoleName == SecurityConstants.OriginatorRoleName && r.SystemDefined).Id; string assigneeRoleId = roleList.FirstOrDefault(r => r.RoleName == SecurityConstants.AssigneeRoleName && r.SystemDefined).Id; foreach (var entitlements in applicationEntitlements) { List<string> explicitStates = entitlements.Where(e => roles.ContainsKey(e.RoleId) && e.AccessLevel > AccessLevel.NoAccess) .Select(e => e.StateName).ToList(); List<string> ownedStates = new List<string>(); List<string> originatorStates = new List<string>(); if (session.AuthenticatedUser != null) { ownedStates = entitlements.Where(e => e.RoleId == assigneeRoleId && e.AccessLevel > AccessLevel.NoAccess).Select(e => e.StateName).ToList(); originatorStates = entitlements.Where(e => e.RoleId == originatorRoleId && e.AccessLevel > AccessLevel.NoAccess).Select(e => e.StateName).ToList(); } if (explicitStates.Count > 0 || ownedStates.Count > 0 || originatorStates.Count > 0) { Dictionary<string, List<string>> implicitStates = new Dictionary<string, List<string>> { { SecurityConstants.AssigneeRoleName, ownedStates }, { SecurityConstants.OriginatorRoleName, originatorStates } }; formAccessList.Add(new UserFormAccess(entitlements.Key.ProductId, explicitStates, implicitStates)); } } return formAccessList; }
public ProductList<ProductSearchResult> GetProductList(SecureSession session) { IEnumerable<string> workflowJson = AssemblyResourceReader.ReadAllAsString(key => key.StartsWith("Test_Data.Products")); string jsonArray = string.Format("[{0}]", string.Join(",", workflowJson)); return JsonConvert.DeserializeObject<ProductList<ProductSearchResult>>(jsonArray); }
/// <summary> /// Gets the page entitlements that the user has. /// </summary> /// <param name="session">The session.</param> /// <param name="application">The application the user is trying to access.</param> /// <param name="pageList">The page list.</param> /// <param name="roleList">The list of roles.</param> /// <param name="versionNumber">The version number.</param> /// <param name="defaultAccessLevel">The default access level to use when there is no entitlement for a page. If not set it will default to the application base access level.</param> /// <returns> /// The page entitlements that the user has. /// </returns> public virtual List<PageAccess> GetPagesAccess(SecureSession session, Application application, PageList pageList, RoleList roleList, int versionNumber, AccessLevel? defaultAccessLevel = null) { return this.GetPagesAccess(session, application, pageList.Select(p => p.PageId), roleList, versionNumber, defaultAccessLevel); }
/// <summary> /// Returns the string that should be used to identify the user. /// </summary> /// <param name="session">The user session.</param> /// <returns>The string that should be used to identify the user.</returns> /// <remarks> /// If the user session contains an authenticated user, the user id /// is returned, otherwise the unique session token is returned. /// </remarks> private string GetSessionUserId(SecureSession session) { return session.AuthenticatedUser == null ? session.SessionId : session.AuthenticatedUser.Id; }
/// <summary> /// Gets the product with an id matching <paramref name="formId"/>. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate organisation id in the token.</param> /// <param name="formId">The form id to get.</param> /// <param name="versionNumber">The version number to retrieve. If <see langword="null"/> the most recent version is returned.</param> /// <param name="applicationId">The application id.</param> /// <param name="validateApplicationId">A flag indicating if the applicaiton Id needs to be validated.</param> /// <returns>The product with an id matching <paramref name="formId"/>.</returns> public ProductDefinition GetProduct(SecureSession session, string formId, int? versionNumber, string applicationId = null, bool? validateApplicationId = false) { string responseString = this.AddTokenAndInvoke(session.Token, new Func<string, int?, int?, string, bool?, string>(this.client.GetProduct), formId, null, versionNumber, applicationId, validateApplicationId); JObject obj = JObject.Parse(responseString); string success = obj.SelectToken("Success").ToString(); if (success == "False") { string message = obj.SelectToken("Message").ToString(); throw new FormServiceException(message); } string productStr = obj.SelectToken("metadata").ToString(); ProductDefinition product = JsonConvert.DeserializeObject<ProductDefinition>(productStr); return product; }
/// <summary> /// Submits the application. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate form id in the token.</param> /// <param name="application">The application to submit.</param> /// <param name="workflowState">The requested workflow state to move to.</param> /// <param name="assignee">The workflow assignee after moving to <paramref name="workflowState"/>.</param> /// <param name="assigneeType">The workflow assignee type.</param> /// <param name="submitPageId">The submit page id.</param> /// <returns>The submitted application.</returns> public Application SubmitApplication(SecureSession session, Application application, string workflowState, string assignee = null, ComparisonType? assigneeType = null, int? submitPageId = null) { string formId = application.FormId; string applicationId = application.ApplicationId; string applicationDataJson = JsonConvert.SerializeObject(application.ApplicationData); var metadata = new { requestedState = workflowState, assignee, assigneeType }; string metadataJson = JsonConvert.SerializeObject(metadata); string responseString = this.AddTokenAndInvoke(session.Token, new Func<string, string, string, string, int?, string>(this.client.SubmitApplication), formId, applicationId, applicationDataJson, metadataJson, submitPageId); var template = new { success = true, valid = true, errors = new Dictionary<string, List<string>>(), application = new Application() }; var responseObj = JsonConvert.DeserializeAnonymousType(responseString, template); if (!responseObj.valid) { throw new SubmitValidationException(responseObj.errors); } return responseObj.application; }
/// <summary> /// Returns <see langword="true"/> if default application access should be overridden, /// for example if the user is an Administrator or a Service account, otherwise returns /// <see langword="false"/>. /// </summary> /// <param name="session">The user session.</param> /// <returns> /// <see langword="true"/> if default application access should be overridden, /// for example if the user is an Administrator or a Service account, otherwise returns /// <see langword="false"/>. /// </returns> private bool IsAdministrator(SecureSession session) { if (session == null || session.AuthenticatedUser == null) { return false; } return session.AuthenticatedUser.IsAdministrator(); }
/// <summary> /// Retrieve a list of applications based on the search criteria. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate form id in the token.</param> /// <param name="formId">The form id.</param> /// <param name="filter">The search filter, serialised as JSON.</param> /// <param name="pagination">The paging information, serialised as JSON.</param> /// <returns>A list of applications based on the search criteria.</returns> public IEnumerable<Application> SearchApplications(SecureSession session, string formId, ApplicationSearchFilter filter, Pagination pagination = null) { string filterJson = JsonConvert.SerializeObject(filter); string paginationJson = pagination == null ? null : JsonConvert.SerializeObject(pagination); string responseString = this.AddTokenAndInvoke(session.Token, new Func<string, string, string, string>(this.client.FindApplications), formId, filterJson, paginationJson); var template = new { success = true, applications = new Application[0], pagination = new Pagination() }; var responseObj = JsonConvert.DeserializeAnonymousType(responseString, template); return responseObj.applications; }
/// <summary> /// Saves the application. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate form id in the token.</param> /// <param name="application">The application to save.</param> /// <returns>The saved application.</returns> public Application SaveApplication(SecureSession session, Application application) { string formId = application.FormId; string applicationId = application.ApplicationId; string applicationDataJson = JsonConvert.SerializeObject(application.ApplicationData); string responseString = this.AddTokenAndInvoke(session.Token, new Func<string, string, string, bool, bool, string>(this.client.SaveApplication), formId, applicationId, applicationDataJson, false, false); var template = new { success = true, application = new Application() }; var returnObj = JsonConvert.DeserializeAnonymousType(responseString, template); return returnObj.application; }
/// <summary> /// Gets the list of forms. /// </summary> /// <param name="session">An authenticated or unauthenticated session that contains the appropriate organisation id in the token.</param> /// <returns>The list of forms.</returns> public ProductList<ProductSearchResult> GetProductList(SecureSession session) { string responseString = this.AddTokenAndInvoke(session.Token, new Func<string>(this.client.GetProductList)); var template = new { response = new { Success = true, Products = new ProductList<ProductSearchResult>() } }; var responseObj = JsonConvert.DeserializeAnonymousType(responseString, template); return responseObj.response.Products; }
public Application GetApplication(SecureSession session, string applicationId, int? version = null) { throw new NotImplementedException(); }
public List<PageAccess> GetPagesAccess( SecureSession session, Application application, IEnumerable<int> pageIds, RoleList roleList, int versionNumber, AccessLevel? defaultAccessLevel = null) { throw new NotImplementedException(); }
public ProductDefinition GetProduct(SecureSession session, string formId, int? versionNumber, string applicationId = null, bool? validateApplicatiobnId = false) { throw new NotImplementedException(); }
/// <summary> /// Determines the applicable roles for <paramref name="session"/>. /// </summary> /// <param name="session">Contains session and user information used to determine access rights.</param> /// <param name="roleList">The list of roles.</param> /// <param name="application">The application, if relevant Defaults to <see langword="null"/>.</param> /// <returns>The applicable roles for <paramref name="session"/>.</returns> private Dictionary<string, string> DetermineRolesForUser(SecureSession session, RoleList roleList, Application application = null) { session = session ?? new SecureSession(); application = application ?? new Application(); Role publicRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.PublicRoleName); Dictionary<string, string> roleDict = publicRole == null ? new Dictionary<string, string>() : new Dictionary<string, string> { { publicRole.Id, publicRole.RoleName } }; string compareTo = this.GetSessionUserId(session); if (application.IsCreatedBy(compareTo)) { Role originatorRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.OriginatorRoleName); if (originatorRole != null) { roleDict.Add(originatorRole.Id, originatorRole.RoleName); } } if (session.AuthenticatedUser == null) { return roleDict; } if (session.AuthenticatedUser.IsAdministrator()) { foreach (var role in roleList) { if (roleDict.ContainsKey(role.Id)) { continue; } roleDict.Add(role.Id, role.RoleName); } return roleDict; } foreach (var userRole in session.AuthenticatedUser.Roles) { if (roleList.Exists(role => role.Id == userRole.Key && role.Enabled)) { roleDict.Add(userRole.Key, userRole.Value); } } if (!string.IsNullOrEmpty(application.AssignedTo) && session.AuthenticatedUser.Id == application.AssignedTo) { Role assigneeRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.AssigneeRoleName); if (assigneeRole != null) { roleDict.Add(assigneeRole.Id, assigneeRole.RoleName); } } return roleDict; }
public Application SaveApplication(SecureSession session, Application application) { throw new NotImplementedException(); }
/// <summary> /// Gets the page access level for each page in <paramref name="pageIds"/>. /// </summary> /// <param name="session">The session.</param> /// <param name="application">The application the user is trying to access.</param> /// <param name="pageIds">The page IDs list.</param> /// <param name="roleList">The list of roles.</param> /// <param name="versionNumber">The version number.</param> /// <param name="defaultAccessLevel">The default access level to use when there is no entitlement for a page. If not set it will default to the application base access level.</param> /// <returns>The page entitlements that the user has.</returns> public List<PageAccess> GetPagesAccess(SecureSession session, Application application, IEnumerable<int> pageIds, RoleList roleList, int versionNumber, AccessLevel? defaultAccessLevel = null) { var userRoles = this.DetermineRolesForUser(session, roleList, application); var pageEntitlements = this.securityService.GetPageEntitlements(application.FormId, versionNumber, application.WorkflowState, userRoles.Keys); pageEntitlements.Merge(); if (session.AuthenticatedUser.IsAdministrator()) { return pageIds.Select(pageId => new PageAccess(pageId, AccessLevel.Read)).ToList(); } if (!defaultAccessLevel.HasValue) { defaultAccessLevel = this.GetApplicationAccess(session, application, roleList, versionNumber); } return pageIds.Select( pageId => { var entitlement = pageEntitlements.FirstOrDefault(e => e.PageId == pageId); if (entitlement == null) { return new PageAccess(pageId, defaultAccessLevel.Value); } return new PageAccess(pageId, entitlement.AccessLevel); }).ToList(); }
public Application SubmitApplication(SecureSession session, Application application, string workflowState, string assignee = null, ComparisonType? assigneeType = null, int? submitPageId = null) { throw new NotImplementedException(); }
/// <summary> /// Returns <see langword="true"/> if the user / session has the correct organisation /// entitlements to view <paramref name="application"/>, otherwise returns /// <see langword="false"/>. /// </summary> /// <param name="session">The user session.</param> /// <param name="application">The application.</param> /// <returns> /// <see langword="true"/> if the user / session has the correct organisation /// entitlements to view <paramref name="application"/>, otherwise <see langword="false"/>. /// </returns> private bool IsOrganisationEntitled(SecureSession session, Application application) { if (session == null || session.AuthenticatedUser == null) { // Have to assume public users are entitled to all orgs. return true; } if (session.AuthenticatedUser != null && session.AuthenticatedUser.AccountType == AccountType.Service) { return true; } // Ignore org entitlements for originator and assignee. string compareTo = this.GetSessionUserId(session); if (application.IsCreatedBy(compareTo) || application.IsAssignedTo(compareTo)) { return true; } return !string.IsNullOrEmpty(application.OrganisationId) && session.AuthenticatedUser.GetAllOrganisations().ContainsKey(application.OrganisationId); }