public void StudyAccessQueryBuilder_ShouldContainStudyName2() { var user = new UserDto { DatasetAdmin = true }; var result = StudyAccessQueryBuilder.CreateAccessWhereClause(user, UserOperation.Sandbox_OpenInternet); Assert.Contains("(1 = 1 AND sp.UserId = 0 AND sp.RoleName IN ('Sponsor Rep','Vendor Admin'))", result); }
public void StudyAccessQueryBuilder_ShouldContainStudyName4(UserOperation userOperation) { var user = new UserDto { Employee = true }; var result = StudyAccessQueryBuilder.CreateAccessWhereClause(user, userOperation); Assert.Null(result); }
protected string WrapSingleEntityQueryWithAccessProjection(UserDto currentUser, string dataQuery, UserOperation operation) { var accessWherePart = StudyAccessQueryBuilder.CreateAccessWhereClause(currentUser, operation); var completeQuery = $"WITH dataCte AS ({dataQuery})"; completeQuery += " ,accessCte as (SELECT [Id] FROM Studies s INNER JOIN [dbo].[StudyParticipants] sp on s.Id = sp.StudyId WHERE s.Id=@studyId"; if (!string.IsNullOrWhiteSpace(accessWherePart)) { completeQuery += $" AND ({accessWherePart})"; } completeQuery += " ) SELECT DISTINCT d.*, (CASE WHEN a.Id IS NOT NULL THEN 1 ELSE 0 END) As Authorized from dataCte d LEFT JOIN accessCte a on d.StudyId = a.Id "; return(completeQuery); }
public async Task <IEnumerable <StudyListItemDto> > GetListAsync() { IEnumerable <StudyListItemDto> studies; var user = await _userService.GetCurrentUserAsync(); var studiesQuery = "SELECT DISTINCT [Id], [Name], [Description], [Vendor], [Restricted], [LogoUrl] FROM [dbo].[Studies] s"; studiesQuery += " INNER JOIN [dbo].[StudyParticipants] sp on s.Id = sp.StudyId"; studiesQuery += " WHERE s.Closed = 0"; var studiesAccessWherePart = StudyAccessQueryBuilder.CreateAccessWhereClause(user, UserOperation.Study_Read); if (!string.IsNullOrWhiteSpace(studiesAccessWherePart)) { studiesQuery += $" AND ({studiesAccessWherePart})"; } studies = await RunDapperQueryMultiple <StudyListItemDto>(studiesQuery); return(studies); }