/// <summary>
/// Revoke any and all access a rights holder has to an entity.
/// </summary>
/// <param name="rightsHolderId">The rights holder's id.</param>
/// <param name="entityId">The entity's id.</param>
/// <returns>The error code.</returns>
internal static ErrorCode RevokeAccess(Guid rightsHolderId, Guid entityId)
{
DataModelTransaction transaction = DataModelTransaction.Current;
DataModel dataModel = new DataModel();
Guid currentUserId = TradingSupport.UserId;
UserRow currentUserRow = DataModel.User.UserKey.Find(currentUserId);
RightsHolderRow rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
Guid rightsHolderTenantId;
AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);
// Determine whether current user has write access to the entity.
if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
{
return(ErrorCode.AccessDenied);
}
rightsHolderRow.AcquireReaderLock(transaction);
rightsHolderTenantId = rightsHolderRow.TenantId;
rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);
// Determine whether current user's tenant is upstream from rights holder we're modifying.
if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
{
return(ErrorCode.AccessDenied);
}
if (accessControlRow != null)
{
accessControlRow.AcquireWriterLock(transaction);
dataModel.DestroyAccessControl(new object[] { accessControlRow.AccessControlId }, accessControlRow.RowVersion);
}
else
{
return(ErrorCode.RecordNotFound);
}
return(ErrorCode.Success);
}
