private bool canReadOne(string resource)
{
// User is admin
if (user_position == Position.GOD)
{
return(true);
}
switch (resource)
{
case Resource.PROFILE:
return(true);
case Resource.MEMBERSHIP:
return(true);
case Resource.MEMBERSHIP_REQUEST:
{
// membershipRequest = mr
var mrService = new MembershipRequestService(new UnitOfWork());
var mrID = (int)context.ActionArguments["id"];
var mrToConsider = mrService.Get(mrID);
var is_mrOwner = mrToConsider.IDNumber.ToString() == user_id; // User_id is an instance variable.
if (is_mrOwner) // If user owns the request
{
return(true);
}
var activityCode = mrToConsider.ActivityCode;
var membershipService = new MembershipService(new UnitOfWork());
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin) // If user is a group admin of the activity that the request is sent to
{
return(true);
}
return(false);
}
case Resource.STUDENT:
// To add a membership for a student, you need to have the students identifier.
{
return(true);
}
case Resource.ADVISOR:
return(true);
case Resource.ACCOUNT:
// To add a membership for a person, you need to have the the person's identifier.
{
return(true);
}
default: return(false);
}
}
/*
* Operations
*/
// This operation is specifically for authorizing deny and allow operations on membership requests. These two operations don't
// Fit in nicely with the REST specificatino which is why there is a seperate case for them.
private bool canDenyAllow(string resource)
{
// User is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
switch (resource)
{
case Resource.MEMBERSHIP_REQUEST:
{
var mrID = (int)context.ActionArguments["id"];
// Get the veiw model from the repository
var mrService = new MembershipRequestService(new UnitOfWork());
var mrToConsider = mrService.Get(mrID);
// Populate the membershipRequest manually. Omit fields I don't need.
var activityCode = mrToConsider.ActivityCode;
var membershipService = new MembershipService(new UnitOfWork());
var is_activityLeader = membershipService.GetLeaderMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (is_activityLeader) // If user is the leader of the activity that the request is sent to.
{
return(true);
}
var is_activityAdvisor = membershipService.GetAdvisorMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (is_activityAdvisor) // If user is the advisor of the activity that the request is sent to.
{
return(true);
}
return(false);
}
default: return(false);
}
}
private ServiceBase getService(string className)
{
ServiceBase service = null;
if (className.Equals("com.liferay.portal.model.User"))
{
service = new UserService(_session);
}
else if (className.Equals("com.liferay.portal.model.Address"))
{
service = new AddressService(_session);
}
else if (className.Equals("com.liferay.portlet.asset.model.AssetCategory"))
{
service = new AssetCategoryService(_session);
}
else if (className.Equals("com.liferay.portlet.asset.model.AssetEntry"))
{
service = new AssetEntryService(_session);
}
else if (className.Equals("com.liferay.portlet.asset.model.AssetTag"))
{
service = new AssetTagService(_session);
}
else if (className.Equals("com.liferay.portlet.asset.model.AssetVocabulary"))
{
service = new AssetVocabularyService(_session);
}
else if (className.Equals("com.liferay.portlet.blogs.model.BlogsEntry"))
{
service = new BlogsEntryService(_session);
}
else if (className.Equals("com.liferay.portlet.bookmarks.model.BookmarksEntry"))
{
service = new BookmarksEntryService(_session);
}
else if (className.Equals("com.liferay.portlet.bookmarks.model.BookmarksFolder"))
{
service = new BookmarksFolderService(_session);
}
else if (className.Equals("com.liferay.portal.model.Company"))
{
service = new CompanyService(_session);
}
else if (className.Equals("com.liferay.portal.model.Contact"))
{
service = new ContactService(_session);
}
else if (className.Equals("com.liferay.portal.model.Country"))
{
service = new CountryService(_session);
}
else if (className.Equals("com.liferay.portlet.dynamicdatalists.model.DDLRecord"))
{
service = new DDLRecordService(_session);
}
else if (className.Equals("com.liferay.portlet.dynamicdatalists.model.DDLRecordSet"))
{
service = new DDLRecordSetService(_session);
}
else if (className.Equals("com.liferay.portlet.dynamicdatamapping.model.DDMStructure"))
{
service = new DDMStructureService(_session);
}
else if (className.Equals("com.liferay.portlet.dynamicdatamapping.model.DDMTemplate"))
{
service = new DDMTemplateService(_session);
}
else if (className.Equals("com.liferay.portlet.documentlibrary.model.DLFileEntry"))
{
service = new DLFileEntryService(_session);
}
else if (className.Equals("com.liferay.portlet.documentlibrary.model.DLFileEntryType"))
{
service = new DLFileEntryTypeService(_session);
}
else if (className.Equals("com.liferay.portlet.documentlibrary.model.DLFileVersion"))
{
service = new DLFileVersionService(_session);
}
else if (className.Equals("com.liferay.portlet.documentlibrary.model.DLFolder"))
{
service = new DLFolderService(_session);
}
else if (className.Equals("com.liferay.portal.model.EmailAddress"))
{
service = new EmailAddressService(_session);
}
else if (className.Equals("com.liferay.portlet.expando.model.ExpandoColumn"))
{
service = new ExpandoColumnService(_session);
}
else if (className.Equals("com.liferay.portlet.expando.model.ExpandoValue"))
{
service = new ExpandoValueService(_session);
}
else if (className.Equals("com.liferay.portal.model.Group"))
{
service = new GroupService(_session);
}
else if (className.Equals("com.liferay.portal.model.Image"))
{
service = new ImageService(_session);
}
else if (className.Equals("com.liferay.portlet.journal.model.JournalArticle"))
{
service = new JournalArticleService(_session);
}
else if (className.Equals("com.liferay.portlet.journal.model.JournalFeed"))
{
service = new JournalFeedService(_session);
}
else if (className.Equals("com.liferay.portlet.journal.model.JournalFolder"))
{
service = new JournalFolderService(_session);
}
else if (className.Equals("com.liferay.portal.model.Layout"))
{
service = new LayoutService(_session);
}
else if (className.Equals("com.liferay.portal.model.LayoutBranch"))
{
service = new LayoutBranchService(_session);
}
else if (className.Equals("com.liferay.portal.model.LayoutPrototype"))
{
service = new LayoutPrototypeService(_session);
}
else if (className.Equals("com.liferay.portal.model.LayoutRevision"))
{
service = new LayoutRevisionService(_session);
}
else if (className.Equals("com.liferay.portal.model.LayoutSet"))
{
service = new LayoutSetService(_session);
}
else if (className.Equals("com.liferay.portal.model.LayoutSetPrototype"))
{
service = new LayoutSetPrototypeService(_session);
}
else if (className.Equals("com.liferay.portal.model.ListType"))
{
service = new ListTypeService(_session);
}
else if (className.Equals("com.liferay.portlet.messageboards.model.MBBan"))
{
service = new MBBanService(_session);
}
else if (className.Equals("com.liferay.portlet.messageboards.model.MBCategory"))
{
service = new MBCategoryService(_session);
}
else if (className.Equals("com.liferay.portlet.messageboards.model.MBMessage"))
{
service = new MBMessageService(_session);
}
else if (className.Equals("com.liferay.portlet.messageboards.model.MBThread"))
{
service = new MBThreadService(_session);
}
else if (className.Equals("com.liferay.portlet.mobiledevicerules.model.MDRAction"))
{
service = new MDRActionService(_session);
}
else if (className.Equals("com.liferay.portlet.mobiledevicerules.model.MDRRule"))
{
service = new MDRRuleService(_session);
}
else if (className.Equals("com.liferay.portlet.mobiledevicerules.model.MDRRuleGroup"))
{
service = new MDRRuleGroupService(_session);
}
else if (className.Equals("com.liferay.portlet.mobiledevicerules.model.MDRRuleGroupInstance"))
{
service = new MDRRuleGroupInstanceService(_session);
}
else if (className.Equals("com.liferay.portal.model.MembershipRequest"))
{
service = new MembershipRequestService(_session);
}
else if (className.Equals("com.liferay.portal.model.Organization"))
{
service = new OrganizationService(_session);
}
else if (className.Equals("com.liferay.portal.model.OrgLabor"))
{
service = new OrgLaborService(_session);
}
else if (className.Equals("com.liferay.portal.model.PasswordPolicy"))
{
service = new PasswordPolicyService(_session);
}
else if (className.Equals("Permission"))
{
service = new PermissionService(_session);
}
else if (className.Equals("com.liferay.portal.model.Phone"))
{
service = new PhoneService(_session);
}
else if (className.Equals("Portal"))
{
service = new PortalService(_session);
}
else if (className.Equals("com.liferay.portal.model.Portlet"))
{
service = new PortletService(_session);
}
else if (className.Equals("com.liferay.portal.model.PortletPreferences"))
{
service = new PortletPreferencesService(_session);
}
else if (className.Equals("com.liferay.portal.model.Repository"))
{
service = new RepositoryService(_session);
}
else if (className.Equals("com.liferay.portal.model.ResourcePermission"))
{
service = new ResourcePermissionService(_session);
}
else if (className.Equals("com.liferay.portal.model.Role"))
{
service = new RoleService(_session);
}
else if (className.Equals("com.liferay.portal.model.Team"))
{
service = new TeamService(_session);
}
else if (className.Equals("com.liferay.portal.model.UserGroup"))
{
service = new UserGroupService(_session);
}
else if (className.Equals("com.liferay.portal.model.UserGroupGroupRole"))
{
service = new UserGroupGroupRoleService(_session);
}
else if (className.Equals("com.liferay.portal.model.UserGroupRole"))
{
service = new UserGroupRoleService(_session);
}
else if (className.Equals("com.liferay.portlet.wiki.model.WikiNode"))
{
service = new WikiNodeService(_session);
}
else if (className.Equals("com.liferay.portlet.wiki.model.WikiPage"))
{
service = new WikiPageService(_session);
}
return(service);
}
private bool canDelete(string resource)
{
switch (resource)
{
case Resource.SHIFT:
if (user_position == Position.STUDENT)
{
return(true);
}
return(false);
case Resource.MEMBERSHIP:
{
// User is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
var membershipService = new MembershipService(new UnitOfWork());
var membershipID = (int)context.ActionArguments["id"];
var membershipToConsider = membershipService.GetSpecificMembership(membershipID);
var is_membershipOwner = membershipToConsider.ID_NUM.ToString() == user_id;
if (is_membershipOwner)
{
return(true);
}
var activityCode = membershipToConsider.ACT_CDE;
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin)
{
return(true);
}
return(false);
}
case Resource.MEMBERSHIP_REQUEST:
{
// User is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
// membershipRequest = mr
var mrService = new MembershipRequestService(new UnitOfWork());
var mrID = (int)context.ActionArguments["id"];
var mrToConsider = mrService.Get(mrID);
var is_mrOwner = mrToConsider.IDNumber.ToString() == user_id;
if (is_mrOwner)
{
return(true);
}
var activityCode = mrToConsider.ActivityCode;
var membershipService = new MembershipService(new UnitOfWork());
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin)
{
return(true);
}
return(false);
}
case Resource.STUDENT:
return(false); // No one should be able to delete a student through our API
case Resource.ADVISOR:
return(false);
case Resource.ADMIN:
return(false);
case Resource.NEWS:
{
var newsID = context.ActionArguments["newsID"];
var newsService = new NewsService(new UnitOfWork());
var newsItem = newsService.Get((int)newsID);
// only expired news items may be deleted
var todaysDate = System.DateTime.Now;
var newsDate = (System.DateTime)newsItem.Entered;
var dateDiff = (todaysDate - newsDate).Days;
if (newsDate == null || dateDiff >= 14)
{
return(false);
}
// user is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
// user is news item author
string newsAuthor = newsItem.ADUN;
if (user_name == newsAuthor)
{
return(true);
}
return(false);
}
default: return(false);
}
}
private bool canDelete(string resource)
{
switch (resource)
{
case Resource.MEMBERSHIP:
{
// User is admin
if (user_position == Position.GOD)
{
return(true);
}
var membershipService = new MembershipService(new UnitOfWork());
var membershipID = (int)context.ActionArguments["id"];
var membershipToConsider = membershipService.Get(membershipID);
var is_membershipOwner = membershipToConsider.IDNumber.ToString() == user_id;
if (is_membershipOwner)
{
return(true);
}
var activityCode = membershipToConsider.ActivityCode;
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin)
{
return(true);
}
return(false);
}
case Resource.MEMBERSHIP_REQUEST:
{
// User is admin
if (user_position == Position.GOD)
{
return(true);
}
// membershipRequest = mr
var mrService = new MembershipRequestService(new UnitOfWork());
var mrID = (int)context.ActionArguments["id"];
var mrToConsider = mrService.Get(mrID);
var is_mrOwner = mrToConsider.IDNumber.ToString() == user_id;
if (is_mrOwner)
{
return(true);
}
var activityCode = mrToConsider.ActivityCode;
var membershipService = new MembershipService(new UnitOfWork());
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin)
{
return(true);
}
return(false);
}
case Resource.STUDENT:
return(false); // No one should be able to delete a student through our API
case Resource.ADVISOR:
return(false);
case Resource.ADMIN:
return(false);
default: return(false);
}
}
private bool canDelete(string resource)
{
switch (resource)
{
case Resource.SHIFT:
if (user_position == Position.STUDENT)
{
return(true);
}
return(false);
case Resource.MEMBERSHIP:
{
// User is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
var membershipService = new MembershipService(new UnitOfWork());
var membershipID = (int)context.ActionArguments["id"];
var membershipToConsider = membershipService.GetSpecificMembership(membershipID);
var is_membershipOwner = membershipToConsider.ID_NUM.ToString() == user_id;
if (is_membershipOwner)
{
return(true);
}
var activityCode = membershipToConsider.ACT_CDE;
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin)
{
return(true);
}
return(false);
}
case Resource.MEMBERSHIP_REQUEST:
{
// User is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
// membershipRequest = mr
var mrService = new MembershipRequestService(new UnitOfWork());
var mrID = (int)context.ActionArguments["id"];
var mrToConsider = mrService.Get(mrID);
var is_mrOwner = mrToConsider.IDNumber.ToString() == user_id;
if (is_mrOwner)
{
return(true);
}
var activityCode = mrToConsider.ActivityCode;
var membershipService = new MembershipService(new UnitOfWork());
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin)
{
return(true);
}
return(false);
}
case Resource.STUDENT:
return(false); // No one should be able to delete a student through our API
case Resource.HOUSING:
{
// The housing admins can update the application information (i.e. probation, offcampus program, etc.)
// If the user is a student, then the user must be on an application and be an editor to update the application
HousingService housingService = new HousingService(new UnitOfWork());
if (housingService.CheckIfHousingAdmin(user_id))
{
return(true);
}
else if (user_position == Position.STUDENT)
{
string sess_cde = Helpers.GetCurrentSession().SessionCode;
int? applicationID = housingService.GetApplicationID(user_name, sess_cde);
int requestedApplicationID = (int)context.ActionArguments["applicationID"];
if (applicationID.HasValue && applicationID.Value == requestedApplicationID)
{
var editorUsername = housingService.GetEditorUsername(applicationID.Value);
if (editorUsername.ToLower() == user_name.ToLower())
{
return(true);
}
return(false);
}
return(false);
}
return(false);
}
case Resource.ADVISOR:
return(false);
case Resource.ADMIN:
return(false);
case Resource.HOUSING_ADMIN:
{
// Only the superadmins can remove a housing admin from the whitelist
// Super admins have unrestricted access by default: no need to check
return(false);
}
case Resource.NEWS:
{
var newsID = context.ActionArguments["newsID"];
var newsService = new NewsService(new UnitOfWork());
var newsItem = newsService.Get((int)newsID);
// only expired news items may be deleted
var todaysDate = System.DateTime.Now;
var newsDate = (System.DateTime)newsItem.Entered;
var dateDiff = (todaysDate - newsDate).Days;
if (newsDate == null || dateDiff >= 14)
{
return(false);
}
// user is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
// user is news item author
string newsAuthor = newsItem.ADUN;
if (user_name == newsAuthor)
{
return(true);
}
return(false);
}
default: return(false);
}
}
private bool canReadOne(string resource)
{
// User is admin
if (user_position == Position.SUPERADMIN)
{
return(true);
}
switch (resource)
{
case Resource.PROFILE:
return(true);
case Resource.MEMBERSHIP:
return(true);
case Resource.MEMBERSHIP_REQUEST:
{
// membershipRequest = mr
var mrService = new MembershipRequestService(new UnitOfWork());
var mrID = (int)context.ActionArguments["id"];
var mrToConsider = mrService.Get(mrID);
var is_mrOwner = mrToConsider.IDNumber.ToString() == user_id; // User_id is an instance variable.
if (is_mrOwner) // If user owns the request
{
return(true);
}
var activityCode = mrToConsider.ActivityCode;
var membershipService = new MembershipService(new UnitOfWork());
var isGroupAdmin = membershipService.GetGroupAdminMembershipsForActivity(activityCode).Where(x => x.IDNumber.ToString() == user_id).Count() > 0;
if (isGroupAdmin) // If user is a group admin of the activity that the request is sent to
{
return(true);
}
return(false);
}
case Resource.STUDENT:
// To add a membership for a student, you need to have the students identifier.
// NOTE: I don't believe the 'student' resource is currently being used in API
{
return(true);
}
case Resource.ADVISOR:
return(true);
case Resource.ACCOUNT:
{
// Membership group admins can access ID of members using their email
// NOTE: In the future, probably only email addresses should be stored
// in memberships, since we would rather not give students access to
// other students' account information
var membershipService = new MembershipService(new UnitOfWork());
var isGroupAdmin = membershipService.IsGroupAdmin(Int32.Parse(user_id));
if (isGroupAdmin) // If user is a group admin of the activity that the request is sent to
{
return(true);
}
// faculty and police can access student account information
if (user_position == Position.FACSTAFF ||
user_position == Position.POLICE)
{
return(true);
}
return(false);
}
case Resource.HOUSING:
{
// The members of the apartment application can only read their application
HousingService housingService = new HousingService(new UnitOfWork());
string sess_cde = Helpers.GetCurrentSession().SessionCode;
int? applicationID = housingService.GetApplicationID(user_name, sess_cde);
int requestedApplicationID = (int)context.ActionArguments["applicationID"];
if (applicationID.HasValue && applicationID.Value == requestedApplicationID)
{
return(true);
}
return(false);
}
case Resource.NEWS:
return(true);
default: return(false);
}
}
