/// <summary> /// Extends expression list with authentication filters /// </summary> /// <param name="session">Data Access object</param> /// <param name="expressions">List of filters</param> /// <param name="option">Hierarchical filter by sort of company</param> public static string GetSecurityInfoStringForSQL(IDalSession session, SecurityInfoOptions option, string aliasName, string clause) { List<ICriterion> expressions = new List<ICriterion>(); string query = ""; GetSecurityInfo(session, expressions, option); if (expressions != null) { foreach (ICriterion criterion in expressions) { query = (query != string.Empty ? " and " : "") + criterion.ToString(); } } if (aliasName != string.Empty) query = query.Replace("this_.", aliasName + "."); if (clause != string.Empty) query = " " + clause + " " + query; return query; }
/// <summary> /// Extends expression list with authentication filters /// </summary> /// <param name="session">Data Access object</param> /// <param name="expressions">List of filters</param> /// <param name="option">Hierarchical filter by sort of company</param> public static void GetSecurityInfo(IDalSession session, List<ICriterion> expressions, SecurityInfoOptions option) { ICriterion crit = null; ICriterion crit1 = null; ICriterion crit2 = null; ILogin login = GetCurrentLogin(session); if (login != null) { if (option == SecurityInfoOptions.NoFilter) { if (login is AssetManagerEmployeeLogin) option = SecurityInfoOptions.Both; else if (login is CustomerLogin) throw new System.Security.Authentication.AuthenticationException("The no filter option is only available for stichting employees"); } if (login is StichtingEmployeeLogin) { switch (option) { case SecurityInfoOptions.ManagedsAcctsOnly: crit1 = Expression.Sql(string.Format("this_.AccountID IN (SELECT AccountID FROM vweInternalAccounts WHERE (ManagementCompanyID = {0}))", ((StichtingEmployeeLogin)login).Employer.Key)); crit2 = Expression.Sql(string.Format("this_.AccountID NOT IN (SELECT TradingAccountID FROM ManagementCompanies WHERE (ManagementCompanyID = {0}))", ((StichtingEmployeeLogin)login).Employer.Key)); crit = Expression.And(crit1, crit2); break; case SecurityInfoOptions.TradingAcctOnly: crit = Expression.Sql(string.Format("this_.AccountID IN (SELECT TradingAccountID FROM ManagementCompanies WHERE (ManagementCompanyID = {0}))", ((StichtingEmployeeLogin)login).Employer.Key)); break; case SecurityInfoOptions.NoFilter: // Do Nothing crit = null; break; default: crit1 = Expression.Sql(string.Format("this_.AccountID IN (SELECT AccountID FROM vweInternalAccounts WHERE (ManagementCompanyID = {0}))", ((StichtingEmployeeLogin)login).Employer.Key)); crit2 = Expression.Sql(string.Format("this_.AccountID IN (SELECT TradingAccountID FROM ManagementCompanies WHERE (ManagementCompanyID = {0}))", ((StichtingEmployeeLogin)login).Employer.Key)); crit = Expression.Or(crit1, crit2); break; } } else if (login is AssetManagerEmployeeLogin) { crit1 = Expression.Sql(string.Format("this_.AccountID IN (SELECT AccountID FROM vweInternalAccounts WHERE (ManagementCompanyID = {0}))", ((AssetManagerEmployeeLogin)login).Employer.Key)); crit2 = Expression.Sql(string.Format("this_.AccountID IN (SELECT TradingAccountID FROM ManagementCompanies WHERE (ManagementCompanyID = {0}))", ((AssetManagerEmployeeLogin)login).Employer.Key)); crit = Expression.Or(crit1, crit2); } else if (login is CustomerLogin) { // TODO -> Get Account from Customer, take AssetManager into account crit = null; } } else throw new System.Security.Authentication.AuthenticationException("You are not a registered user"); if (crit != null) { if (expressions == null) expressions = new List<ICriterion>(); expressions.Add(crit); } }