public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
{
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations);
if (studyPermissionDetails.Restricted)
{
allowedForAppRolesQueryable = AllowedUserOperations.ForRestrictedStudies(allowedForAppRolesQueryable);
}
if (allowedForAppRolesQueryable.Any())
{
foreach (var curAllowance in allowedForAppRolesQueryable)
{
if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles))
{
if (curAllowance.AppliesOnlyIfUserIsStudyOwner)
{
if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, operation, roleBeingAddedOrRemoved, StudyRoles.StudyOwner))
{
return(true);
}
}
else
{
return(true);
}
}
}
}
return(false);
}
public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations)
{
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations);
if (allowedForAppRolesQueryable.Any())
{
foreach (var curAllowance in allowedForAppRolesQueryable)
{
if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles))
{
return(true);
}
}
}
return(false);
}
public static string CreateAccessWhereClause(UserDto currentUser, UserOperation operation)
{
var ors = new List <string>();
var relevantPermissions = AllowedUserOperations.ForOperationQueryable(operation);
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantPermissions);
if (allowedForAppRolesQueryable.Any())
{
foreach (var curPermission in allowedForAppRolesQueryable)
{
if (
(currentUser.Admin && curPermission.AllowedForRoles.Contains(AppRoles.Admin)) ||
(currentUser.Sponsor && curPermission.AllowedForRoles.Contains(AppRoles.Sponsor)) ||
(currentUser.DatasetAdmin && curPermission.AllowedForRoles.Contains(AppRoles.DatasetAdmin))
)
{
var currentOr = ALWAYS_TRUE;
//Permission will be granted without restrictions (typically admin)
if (!curPermission.AppliesOnlyToNonHiddenStudies && !curPermission.AppliesOnlyIfUserIsStudyOwner)
{
return(null);
}
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
if (curPermission.AppliesOnlyIfUserIsStudyOwner)
{
currentOr += UserHasRole(currentUser, StudyRoles.StudyOwner);
}
ors.Add(currentOr);
}
}
}
if (currentUser.Employee)
{
var operationsAllowedForEmployeesOnly = AllowedUserOperations.ForAllNonExternalUserLevel(relevantPermissions);
foreach (var curPermission in operationsAllowedForEmployeesOnly)
{
var currentOr = ALWAYS_TRUE;
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
ors.Add(currentOr);
}
}
var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantPermissions);
if (allowedForStudyRolesQueryable.Any())
{
foreach (var curPermission in allowedForStudyRolesQueryable)
{
var currentOr = ALWAYS_TRUE;
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
currentOr += UserHasRole(currentUser, curPermission.AllowedForRoles);
ors.Add(currentOr);
}
}
if (ors.Count > 0)
{
var whereClauseBuilder = new StringBuilder();
foreach (var curOr in ors)
{
if (whereClauseBuilder.Length > 0)
{
whereClauseBuilder.Append(" OR ");
}
whereClauseBuilder.Append($"({curOr})");
}
return(whereClauseBuilder.ToString());
}
return(null);
}