private DocumentOpenLevel GetDocumentLevel(int nodeId) { var userId = _userId; if (userId == -1) { return(DocumentOpenLevel.OpenMinor); } if (userId < -1) { return(DocumentOpenLevel.Denied); } List <int> identities; try { identities = SecurityHandler.GetIdentitiesByMembership(_user, nodeId); } catch (EntityNotFoundException) { return(DocumentOpenLevel.Denied); } List <AceInfo> entries; try { using (new SystemAccount()) entries = SecurityHandler.GetEffectiveEntries(nodeId); } catch (Exception ex) // LOGGED { //TODO: collect aggregated errors per query instead of logging every error SnLog.WriteWarning($"GetEffectiveEntries threw an exception for id {nodeId}. Error: {ex}"); return(DocumentOpenLevel.Denied); } var allowBits = 0UL; var denyBits = 0UL; foreach (var entry in entries) { if (identities.Contains(entry.IdentityId)) { allowBits |= entry.AllowBits; denyBits |= entry.DenyBits; } } allowBits = allowBits & ~denyBits; var docLevel = DocumentOpenLevel.Denied; if ((allowBits & PermissionType.See.Mask) > 0) { docLevel = DocumentOpenLevel.See; } if ((allowBits & PermissionType.Preview.Mask) > 0) { docLevel = DocumentOpenLevel.Preview; } if ((allowBits & PermissionType.PreviewWithoutRedaction.Mask) > 0) { docLevel = DocumentOpenLevel.Open; } if ((allowBits & PermissionType.OpenMinor.Mask) > 0) { docLevel = DocumentOpenLevel.OpenMinor; } return(docLevel); }