protected bool CanEditUserStatus(ClubPoolPrincipal principal, User user)
{
// admins can edit the status of all users, officers can edit the status of
// all other non admins but not themselves, normal users can not edit status
var editorIsAdmin = principal.IsInRole(Roles.Administrators);
if (editorIsAdmin) {
// admins can edit the status of all other users
return true;
}
var editorIsOfficer = principal.IsInRole(Roles.Officers);
if (!editorIsOfficer) {
// if the user is neither admin nor officer, can't edit any status
return false;
}
// if we get here, editor is officer, can edit status of other non-admin
// users but not self
var editingSelf = user.Id == principal.UserId;
var userIsAdmin = user.Roles.Where(r => r.Name.Equals(Roles.Administrators)).Any();
return (!(editingSelf || userIsAdmin));
}
protected bool CanEditUserPassword(ClubPoolPrincipal principal, User user)
{
// admins & self can edit password
return principal.IsInRole(Roles.Administrators) || principal.UserId == user.Id;
}
protected bool CanEditUserRoles(ClubPoolPrincipal principal, User user)
{
// only admins can edit roles
return principal.IsInRole(Roles.Administrators);
}
protected bool CanEditUser(ClubPoolPrincipal principal, User user)
{
// admins & officers can edit the basic properties of all users,
// normal users can edit their own basic properties
var editorIsAdmin = principal.IsInRole(Roles.Administrators);
var editorIsOfficer = principal.IsInRole(Roles.Officers);
var editingSelf = user.Id == principal.UserId;
return editingSelf || editorIsOfficer || editorIsAdmin;
}
