/// <summary>
/// Generally, users can only add/remove individuals to/from requests associated with their own 'request entity'. This applies mainly to
/// initiators. Initiators may also only view requests associated with their own request entity.
///
/// Checks whether given user is allowed to modify this screening request (during the initiation and validation stages).
/// i.e., add and remove persons, propose new persons to attach to the screening request.
///
/// This method was ported from stored procedure logic in Profiling1.
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public virtual bool UserHasPermission(AdminUser user)
{
if (user != null)
{
if (this.Creator == user || // (initiator) can view requests they created
user.HasSameRequestEntityAs(this.Creator) || // (initiator) can view requests created by others from the same request entity
user.RequestEntities.Contains(this.RequestEntity) || // (initiator) can view requests when they are a member of the requests' assigned request entity
user.ScreeningEntities.Count > 0) // any screening entity member can view any request
{
return(true);
}
}
return(false);
}
