public PermissionCheckResult HasPermission(Person person, Person contextModelObject) { var hasContactManagePermissions = new ContactManageFeature().HasPermissionByPerson(person); var hasAdminPermissions = new FirmaAdminFeature().HasPermissionByPerson(person); if (contextModelObject.PersonID == person.PersonID) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } if (!person.IsFullUser()) { if (hasContactManagePermissions) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } } else { if (hasAdminPermissions) { return(PermissionCheckResult.MakeSuccessPermissionCheckResult()); } } return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to edit {contextModelObject.FullNameFirstLast}")); }
public PermissionCheckResult HasPermission(FirmaSession firmaSession, Organization contextModelObject) { var hasPermissionByPerson = HasPermissionByFirmaSession(firmaSession); if (!hasPermissionByPerson) { return(new PermissionCheckResult($"You don't have permission to Edit {FieldDefinitionEnum.Organization.ToType().GetFieldDefinitionLabel()} {contextModelObject.GetDisplayName()}")); } var organizationIsEditableByUser = new FirmaAdminFeature().HasPermission(firmaSession).HasPermission || contextModelObject.PrimaryContactPerson != null && firmaSession.PersonID == contextModelObject.PrimaryContactPerson.PersonID; if (!organizationIsEditableByUser) { return(new PermissionCheckResult($"{FieldDefinitionEnum.Organization.ToType().GetFieldDefinitionLabel()} {contextModelObject.OrganizationID} is not editable by you.")); } return(new PermissionCheckResult()); }