public async Task <bool> CheckUserCanEdit(long userId, int inspectionId) { var wsre = await _context.WSRE.FindAsync(inspectionId); var user = await _context.USER_TABLE.FindAsync(userId); if (wsre == null || user == null) { return(false); } var jobsiteId = wsre.JobsiteId; bool hasAccess = AuthorizeUserAccess.verifyAccessToJobsite(userId, jobsiteId, false); if (!hasAccess) { return(false); } if (user.JobRoles.Select(j => j.USER_GROUP.groupname.ToLower()).Contains("inspector") || user.JobRoles.Select(j => j.USER_GROUP.groupname.ToLower()).Contains("interpreter") || user.JobRoles.Select(j => j.USER_GROUP.groupname.ToLower()).Contains("administrator") || user.JobRoles.Select(j => j.USER_GROUP.groupname.ToLower()).Contains("super user")) { return(true); } return(false); }
/// <summary> /// Checks if the given user id is allowed to view the given inspection. /// </summary> /// <param name="userId">The user Id to check the access for</param> /// <param name="inspectionId">The inspection Id to check the access for</param> /// <returns>True if user is allowed to access the inspection</returns> public async Task <bool> VerifyUserAccessToInspection(long userId, int inspectionId) { var wsre = await _context.WSRE.FindAsync(inspectionId); if (wsre == null) { return(false); } var jobsiteId = wsre.JobsiteId; return(AuthorizeUserAccess.verifyAccessToJobsite(userId, jobsiteId, false)); }