/// <summary> /// Gets security configurations for the field specified. /// </summary> /// <param name="securityContext">The security context.</param> /// <param name="fieldDefinition">The field definition.</param> /// <param name="identity">The user identity.</param> /// <returns>The collection of AggregateSecurityConfig objects.</returns> public static IList<SecurityConfig> GetSecurityConfigsForField(ISecurityContext securityContext, IBaseFieldDefinition fieldDefinition, IMQ1Identity identity) { var result = new HashSet<SecurityConfig>(); if (Utils.CurrentUserHasAdministratorRights) return new List<SecurityConfig>(); if (securityContext == null || fieldDefinition == null || identity == null) return new List<SecurityConfig>(); if (AlwaysVisible(fieldDefinition.SystemName)) return new List<SecurityConfig>(); var fieldConfigs = securityContext.GetConfigurationList(fieldDefinition.GetTableName(), fieldDefinition.SystemName); if (fieldConfigs != null) { fieldConfigs = fieldConfigs.Where(x => (x.BusinessUnitId == Constants.AllBusinessUnitsId || x.BusinessUnitId == identity.BusinessUnitId) && (x.RoleId == Constants.AllRolesId || identity.RolesId.Contains(x.RoleId)) && x.CanView).ToList(); if (!fieldConfigs.Any(c => c.StateGuid == Constants.AllStatesGuid && c.PersonFieldName == Constants.AllPersonFieldsSystemName)) { var personsForAllStates = fieldConfigs.Where(x => x.StateGuid == Constants.AllStatesGuid) .Select(x => x.PersonFieldName) .Distinct() .ToList(); var statesForAllPersons = fieldConfigs.Where(x => x.PersonFieldName == Constants.AllPersonFieldsSystemName) .Select(x => x.StateGuid) .Distinct() .ToList(); foreach (var config in fieldConfigs) { var secConf = new SecurityConfig( personsForAllStates.Contains(config.PersonFieldName) ? null : config.StateGuid.ToString("D"), statesForAllPersons.Contains(config.StateGuid) ? null : config.PersonFieldName); secConf.SetPersonId(identity.PersonId.ToString(CultureInfo.InvariantCulture)); result.Add(secConf); } } } return result.ToList(); }
/// <summary> /// Gets the value indicating whether user has chances to read value from the field specified. /// </summary> /// <param name="securityContext">The security context.</param> /// <param name="fieldDefinition">The field definition.</param> /// <param name="identity">The user identity.</param> /// <returns><c>true</c> if can calculate aggregates, otherwise <c>false</c>.</returns> public static bool CanAccessField(ISecurityContext securityContext, IBaseFieldDefinition fieldDefinition, IMQ1Identity identity) { if (securityContext == null || fieldDefinition == null || identity == null) return false; if (AlwaysVisible(fieldDefinition.SystemName)) return true; if (Utils.CurrentUserHasAdministratorRights) return true; var fieldConfigs = securityContext.GetConfigurationList(fieldDefinition.GetTableName(), fieldDefinition.SystemName); if (fieldConfigs != null) { var matches = fieldConfigs.Where(sc => (sc.BusinessUnitId == Constants.AllBusinessUnitsId || sc.BusinessUnitId == identity.BusinessUnitId) && (sc.RoleId == Constants.AllRolesId || identity.RolesId.Contains(sc.RoleId))).ToList(); if (matches.Any(x => x.CanView)) return true; } return false; }