private bool ValidateUserPreservesAdminRights(IUserGroup userGroup, List <string> newUserGroupEntityTokens)
{
string systemPerspectiveEntityToken = EntityTokenSerializer.Serialize(AttachingPoint.SystemPerspective.EntityToken);
Guid groupId = userGroup.Id;
string userName = UserSettings.Username;
var userGroupIds = UserGroupFacade.GetUserGroupIds(userName);
HashSet <Guid> groupsWithAccessToSystemPerspective = new HashSet <Guid>(GetGroupsThatHasAccessToPerspective(systemPerspectiveEntityToken));
if (groupsWithAccessToSystemPerspective.Contains(groupId) &&
!newUserGroupEntityTokens.Contains(systemPerspectiveEntityToken) &&
!UserPerspectiveFacade.GetSerializedEntityTokens(userName).Contains(systemPerspectiveEntityToken) &&
!userGroupIds.Any(anotherGroupId => anotherGroupId != groupId && groupsWithAccessToSystemPerspective.Contains(anotherGroupId)))
{
this.ShowMessage(DialogType.Message,
SR.GetString("Composite.Management", "EditUserWorkflow.EditErrorTitle"),
SR.GetString("Composite.Management", "EditUserWorkflow.EditOwnAccessToSystemPerspective"));
return(false);
}
return(true);
}
/// <summary>
/// Filtering search results to which the given user does not have read access permission.
/// </summary>
/// <param name="userName"></param>
public void FilterByUser(string userName)
{
Verify.ArgumentNotNullOrEmpty(userName, nameof(userName));
var tokens = new List <string> {
userName
};
using (ThreadDataManager.EnsureInitialize())
{
tokens.AddRange(UserGroupFacade.GetUserGroupIds(userName).Select(id => id.ToString()));
}
Selection.Add(new SearchQuerySelection
{
FieldName = DocumentFieldNames.ConsoleAccess,
Operation = SearchQuerySelectionOperation.Or,
Values = tokens.ToArray()
});
}