public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
{
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations);
if (studyPermissionDetails.Restricted)
{
allowedForAppRolesQueryable = AllowedUserOperations.ForRestrictedStudies(allowedForAppRolesQueryable);
}
if (allowedForAppRolesQueryable.Any())
{
foreach (var curAllowance in allowedForAppRolesQueryable)
{
if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles))
{
if (curAllowance.AppliesOnlyIfUserIsStudyOwner)
{
if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, operation, roleBeingAddedOrRemoved, StudyRoles.StudyOwner))
{
return(true);
}
}
else
{
return(true);
}
}
}
}
return(false);
}
public static bool IsAllowedForEmployeesWithoutAnyRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails = null)
{
if (!currentUser.Employee)
{
return(false);
}
var operationsAllowedWithoutRoles = AllowedUserOperations.ForAllNonExternalUserLevel(relevantOperations);
if (studyPermissionDetails != null && studyPermissionDetails.Restricted)
{
operationsAllowedWithoutRoles = AllowedUserOperations.ForRestrictedStudies(operationsAllowedWithoutRoles);
}
return(operationsAllowedWithoutRoles.Any());
}
public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations)
{
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations);
if (allowedForAppRolesQueryable.Any())
{
foreach (var curAllowance in allowedForAppRolesQueryable)
{
if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles))
{
return(true);
}
}
}
return(false);
}
public static bool HasAccessToOperation(UserDto currentUser, UserOperation operation)
{
var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation);
//First test this, as it's the most common operation and it requires no db access
if (StudyAccessUtil.IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations))
{
return(true);
}
if (StudyAccessUtil.IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations))
{
return(true);
}
return(false);
}
public static bool HasAccessToOperationForStudy(UserDto currentUser, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
{
var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation);
//First thest this, as it's the most common operation and it requires no db access
if (IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails))
{
return(true);
}
if (IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved))
{
return(true);
}
if (IsAllowedBasedOnStudyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved))
{
return(true);
}
return(false);
}
public static bool IsAllowedBasedOnStudyRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
{
var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantOperations);
if (studyPermissionDetails.Restricted)
{
allowedForStudyRolesQueryable = allowedForStudyRolesQueryable.Where(or => !or.AppliesOnlyToNonHiddenStudies);
}
if (allowedForStudyRolesQueryable.Any())
{
foreach (var curOpWithRole in allowedForStudyRolesQueryable)
{
if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, curOpWithRole.AllowedForRoles, operation, roleBeingAddedOrRemoved))
{
return(true);
}
}
}
return(false);
}
public static string CreateAccessWhereClause(UserDto currentUser, UserOperation operation)
{
var ors = new List <string>();
var relevantPermissions = AllowedUserOperations.ForOperationQueryable(operation);
var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantPermissions);
if (allowedForAppRolesQueryable.Any())
{
foreach (var curPermission in allowedForAppRolesQueryable)
{
if (
(currentUser.Admin && curPermission.AllowedForRoles.Contains(AppRoles.Admin)) ||
(currentUser.Sponsor && curPermission.AllowedForRoles.Contains(AppRoles.Sponsor)) ||
(currentUser.DatasetAdmin && curPermission.AllowedForRoles.Contains(AppRoles.DatasetAdmin))
)
{
var currentOr = ALWAYS_TRUE;
//Permission will be granted without restrictions (typically admin)
if (!curPermission.AppliesOnlyToNonHiddenStudies && !curPermission.AppliesOnlyIfUserIsStudyOwner)
{
return(null);
}
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
if (curPermission.AppliesOnlyIfUserIsStudyOwner)
{
currentOr += UserHasRole(currentUser, StudyRoles.StudyOwner);
}
ors.Add(currentOr);
}
}
}
if (currentUser.Employee)
{
var operationsAllowedForEmployeesOnly = AllowedUserOperations.ForAllNonExternalUserLevel(relevantPermissions);
foreach (var curPermission in operationsAllowedForEmployeesOnly)
{
var currentOr = ALWAYS_TRUE;
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
ors.Add(currentOr);
}
}
var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantPermissions);
if (allowedForStudyRolesQueryable.Any())
{
foreach (var curPermission in allowedForStudyRolesQueryable)
{
var currentOr = ALWAYS_TRUE;
if (curPermission.AppliesOnlyToNonHiddenStudies)
{
currentOr += NON_HIDDEN_CRITERIA;
}
currentOr += UserHasRole(currentUser, curPermission.AllowedForRoles);
ors.Add(currentOr);
}
}
if (ors.Count > 0)
{
var whereClauseBuilder = new StringBuilder();
foreach (var curOr in ors)
{
if (whereClauseBuilder.Length > 0)
{
whereClauseBuilder.Append(" OR ");
}
whereClauseBuilder.Append($"({curOr})");
}
return(whereClauseBuilder.ToString());
}
return(null);
}
