public bool HasAccessToMenu(ENTUserAccountEO userAccount, ENTRoleEOList roles) { if (IsAlwaysEnabled) { return(true); } //Loop through all the roles this user is in. The first time the user has //access to the menu item then return true. If you get through all the //roles then the user does not have access to this menu item. foreach (var role in roles) { //Check if this user is in this role if (role.RoleUserAccounts.IsUserInRole(userAccount.ID)) { //Try to find the capability with the menu item Id. IEnumerable <ENTRoleCapabilityEO> capabilities = role.RoleCapabilities.GetByMenuItemId(ID); if (capabilities.Any(capability => (capability != null) && (capability.AccessFlag != ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum.None))) { return(true); } } } //If it gets here then the user didn't have access to this menu item. BUT they may have access //to one of its children, now check the children and if they have access to any of them then //return true. if (ChildMenuItems.Count > 0) { return(ChildMenuItems.Any(child => child.HasAccessToMenu(userAccount, roles))); } //If it never found a role with any capability then return false. return(false); }
/// <summary> /// The capabilities are least restrictive. If a user is in more then one role and one has edit and the other is read only /// then edit is returned. /// </summary> /// <param name="capabilityId"></param> /// <param name="rolesWithCapabilities"></param> /// <returns></returns> public ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum GetCapabilityAccess(int capabilityId, ENTRoleEOList rolesWithCapabilities) { var retVal = ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum.None; //The roles in the user object do not include the capabilities. foreach (var role in Roles) { var roleWithCapabilities = rolesWithCapabilities.GetByRoleId(role.ID); foreach (var capability in roleWithCapabilities.RoleCapabilities) { if (capability.Capability.ID == capabilityId) { if (capability.AccessFlag == ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum.Edit) { return(ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum.Edit); } if (capability.AccessFlag == ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum.ReadOnly) { //Since this is least restrictive temporarirly set the return value to read only. retVal = ENTRoleCapabilityEO.CapabiiltyAccessFlagEnum.ReadOnly; } } } } return(retVal); }
public ENTUserAccountEO() { Roles = new ENTRoleEOList(); }