private async Task <bool> AuthoriseCreate(Guid personId, Guid userId) { var taskPersonTypes = await _personService.GetPersonTypes(personId); if (taskPersonTypes.Student) { if (User.IsType(UserTypes.Student)) { var student = await StudentService.GetByPersonId(personId); return(await AuthoriseStudent(student.Id)); } if (User.IsType(UserTypes.Staff)) { return(true); } } else if (taskPersonTypes.Employee) { if (await UserHasPermission(Permissions.People.StaffTasks.EditAllStaffTasks)) { return(true); } var taskStaffMember = await _staffMemberService.GetByPersonId(personId, false); var userStaffMember = await _staffMemberService.GetByUserId(userId, false); if (userStaffMember != null && taskStaffMember != null) { if (taskStaffMember.Id == userStaffMember.Id) { return(true); } return(await UserHasPermission(Permissions.People.StaffTasks.EditManagedStaffTasks) && await _staffMemberService.IsLineManager(taskStaffMember.Id, userStaffMember.Id)); } } return(false); }
private async Task <TaskAccessResponse> GetPermissionsForTasksPerson(Guid personId, bool edit) { var response = new TaskAccessResponse(); var user = await GetLoggedInUser(); if (user.PersonId.Value == personId) { response.IsOwner = true; } var person = await PersonService.GetPersonWithTypes(personId); if (person.PersonTypes.IsStaff) { var allStaffPermission = edit ? PermissionValue.PeopleEditAllStaffTasks : PermissionValue.PeopleViewAllStaffTasks; var managedStaffPermission = edit ? PermissionValue.PeopleEditManagedStaffTasks : PermissionValue.PeopleViewManagedStaffTasks; if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll, allStaffPermission)) { response.CanAccess = true; } if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll, managedStaffPermission)) { if (user.PersonId.HasValue) { var staffMember = await _staffMemberService.GetByPersonId(person.Person.Id.Value); var userPerson = await _staffMemberService.GetByPersonId(user.PersonId.Value); if (staffMember != null && userPerson != null) { if (await _staffMemberService.IsLineManager(staffMember.Id.Value, userPerson.Id.Value)) { response.CanAccess = true; } } } } } if (person.PersonTypes.IsContact) { var contactPermission = edit ? PermissionValue.PeopleEditContactTasks : PermissionValue.PeopleViewContactTasks; response.CanAccess = await User.HasPermission(RoleService, PermissionRequirement.RequireAll, contactPermission); } if (person.PersonTypes.IsStudent) { var studentPermission = edit ? PermissionValue.StudentEditStudentTasks : PermissionValue.StudentViewStudentTasks; response.CanAccess = await User.HasPermission(RoleService, PermissionRequirement.RequireAll, studentPermission); } return(response); }
public async Task <bool> CanAccessDirectory(Guid directoryId, bool edit) { var user = await GetLoggedInUser(); var directory = await _documentService.GetDirectoryById(directoryId); if (directory.Restricted) { if (user.UserType != UserTypes.Staff || directory.ParentId != null && !await CanAccessDirectory(directory.ParentId.Value, edit)) { return(false); } } if (await _documentService.DirectoryIsPrivate(directory.Id.Value)) { var dirOwner = await _personService.GetPersonWithTypesByDirectory(directory.Id.Value); if (dirOwner.PersonTypes.IsStaff) { var allStaffPermission = edit ? PermissionValue.PeopleEditAllStaffDocuments : PermissionValue.PeopleViewAllStaffDocuments; var ownStaffPermission = edit ? PermissionValue.PeopleEditOwnStaffDocuments : PermissionValue.PeopleViewOwnStaffDocuments; var managedStaffPermission = edit ? PermissionValue.PeopleEditManagedStaffDocuments : PermissionValue.PeopleViewManagedStaffDocuments; if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll, allStaffPermission)) { return(true); } if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll, ownStaffPermission)) { if (dirOwner.Person.Id == user.PersonId) { return(true); } } if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll, managedStaffPermission)) { if (user.PersonId.HasValue) { var staffMember = await _staffMemberService.GetByPersonId(dirOwner.Person.Id.Value); var lineManager = await _staffMemberService.GetByPersonId(user.PersonId.Value); if (staffMember != null && lineManager != null) { if (await _staffMemberService.IsLineManager(staffMember.Id.Value, lineManager.Id.Value)) { return(true); } } } } return(false); } if (dirOwner.PersonTypes.IsStudent) { var studentPermission = edit ? PermissionValue.StudentEditStudentDocuments : PermissionValue.StudentViewStudentDocuments; if (await User.HasPermission(RoleService, PermissionRequirement.RequireAll, studentPermission)) { return(true); } } return(user.UserType == UserTypes.Staff || user.PersonId == dirOwner.Person.Id); } return(true); }