private static void CombineToAccessRightsMap(
IDictionary <string, AccessRight> map,
References references,
PermissionAssignment assignment)
{
if (map == null)
{
throw new ArgumentNullException(nameof(map));
}
if (references == null)
{
throw new ArgumentNullException(nameof(references));
}
if (assignment == null)
{
throw new ArgumentNullException(nameof(assignment));
}
var permission = assignment.Permission;
foreach (var reference in references)
{
string codeName = reference.CodeName;
AccessRight accessRight;
if (!map.TryGetValue(codeName, out accessRight))
{
accessRight = new AccessRight();
map[codeName] = accessRight;
}
foreach (var entityAccess in permission.EntityAccesses)
{
accessRight.CombineEntityAccess(entityAccess);
}
foreach (var managerAccess in permission.ManagerAccesses)
{
accessRight.CombineManagerAccess(managerAccess.ManagerType);
}
accessRight.CombinePermission(permission.CodeName);
foreach (var statePathAccess in permission.StatePathAccesses)
{
accessRight.CombineStatePathAccess(statePathAccess.StatePathCodeName);
}
}
}
/// <summary>
/// Combine selected access rights found in an access rights dictionary.
/// </summary>
/// <param name="accessRightsMapByCodeName">An access rights dictionary.</param>
/// <param name="codeNames">The keys used to fetch items from the dictionary.</param>
/// <returns>Returns the combined access right.</returns>
private static AccessRight CombineAccessRights(
IReadOnlyDictionary <string, AccessRight> accessRightsMapByCodeName,
IEnumerable <string> codeNames)
{
var combinedAccessRight = new AccessRight();
foreach (string codeName in codeNames)
{
if (accessRightsMapByCodeName.TryGetValue(codeName, out AccessRight accessRight))
{
combinedAccessRight.Combine(accessRight);
}
}
return(combinedAccessRight);
}
/// <summary>
/// Determine whether a user can execute a <see cref="StatePath"/>
/// over a stateful instance.
/// </summary>
/// <typeparam name="ST">The type of state transitions, derived from <see cref="StateTransition{U}"/>.</typeparam>
/// <param name="user">The user.</param>
/// <param name="stateful">The stateful instance.</param>
/// <param name="statePath">The state path to execute.</param>
public bool CanUserExecuteStatePath <ST>(U user, IStateful <U, ST> stateful, StatePath statePath)
where ST : StateTransition <U>
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (stateful == null)
{
throw new ArgumentNullException(nameof(stateful));
}
if (statePath == null)
{
throw new ArgumentNullException(nameof(statePath));
}
if (!CanUserReadEntity(user, stateful) || !CanUserWriteEntity(user, stateful))
{
return(false);
}
var rolesAccessRight = GetRolesAccessRight(user);
if (rolesAccessRight.SupportsStatePath(statePath))
{
return(true);
}
if (stateful is ISegregatedEntity segregatedStateful)
{
AccessRight dispositionsAccessRight = GetDispositionsAccessRight(user, segregatedStateful);
return(dispositionsAccessRight.SupportsStatePath(statePath));
}
return(false);
}
