public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to Edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
}
if (contextModelObject.IsProposal())
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Application.GetFieldDefinitionLabelPluralized()} cannot be updated through the {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} Update process."));
}
if (!contextModelObject.IsUpdatableViaProjectUpdateProcess)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} is not updatable via the {FieldDefinition.Project.GetFieldDefinitionLabel()} Update process"));
}
var projectIsEditableByUser = new ProjectUpdateAdminFeatureWithProjectContext().HasPermission(person, contextModelObject).HasPermission || contextModelObject.IsMyProject(person);
if (!projectIsEditableByUser)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not editable by you."));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
bool isProposal = contextModelObject.IsProposal();
if (isProposal)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You cannot edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} because it is in the Proposal stage."));
}
bool isPending = contextModelObject.IsPendingProject();
if (isPending)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You cannot edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} because it is a Pending Project."));
}
bool isProjectStewardButCannotStewardThisProject = person != null && person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject);
bool forbidEdit = !HasPermissionByPerson(person) || isProjectStewardButCannotStewardThisProject;
if (forbidEdit)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
}
if (person != null && person.HasRole(Role.ProgramEditor) && !person.CanProgramEditorManageProject(contextModelObject))
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
if (!HasPermissionByPerson(person))
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {contextModelObject.DisplayName}"));
}
if (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Approved)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"This {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} has been approved and can no longer be edited through this wizard."));
}
if (contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Rejected)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"This {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} has been rejected and can no longer be edited through this wizard."));
}
var projectIsEditableByUser = contextModelObject.IsEditableToThisPerson(person);
if (!projectIsEditableByUser)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not editable by you."));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
if (!HasPermissionByPerson(person))
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to view {contextModelObject.DisplayName}"));
}
if (contextModelObject.IsProposal() && person.IsAnonymousUser)
{
// do not allow if user is anonymous and do not show proposals to public
if (!MultiTenantHelpers.ShowApplicationsToThePublic())
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you."));
}
// do not allow if user is anonymous and show proposals to public and stage a stage other than pending
if (MultiTenantHelpers.ShowApplicationsToThePublic() && contextModelObject.ProjectApprovalStatus != ProjectApprovalStatus.PendingApproval)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you."));
}
}
// "should only be visible and accessible to the following roles: Program Manager, Admin, Sitka Admin."
bool projectCanOnlyBeSeenByAdmins = contextModelObject.ProjectType.LimitVisibilityToAdmin;
bool personHasLimitedVisibilityRole = person.HasRole(Role.Admin) || person.HasRole(Role.SitkaAdmin) || person.HasRole(Role.ProjectSteward);
if (projectCanOnlyBeSeenByAdmins && !personHasLimitedVisibilityRole)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.ProjectID} is not visible to you."));
}
// Allowed
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Person contextModelObject)
{
if (contextModelObject == null)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult("The Person whose details you are requesting to see doesn't exist."));
}
var userHasEditPermission = new UserEditBasicsFeature().HasPermissionByPerson(person);
var userHasManagePermission = new ContactManageFeature().HasPermissionByPerson(person);
var userViewingOwnPage = person.PersonID == contextModelObject.PersonID;
#pragma warning disable 612
var userHasAppropriateRole = HasPermissionByPerson(person);
#pragma warning restore 612
if (!userHasAppropriateRole)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don't permissions to view user details. If you aren't logged in, do that and try again."));
}
//Only SitkaAdmin users should be able to see other SitkaAdmin users
if (!person.HasRole(Role.SitkaAdmin) && contextModelObject.HasRole(Role.SitkaAdmin))
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don\'t have permission to view this user."));
}
if (userViewingOwnPage || userHasEditPermission || userHasManagePermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult("You don\'t have permission to view this user."));
}
public PermissionCheckResult HasPermission(Person person, Person contextModelObject)
{
var hasContactManagePermissions = new ContactManageFeature().HasPermissionByPerson(person);
var hasAdminPermissions = new FirmaAdminFeature().HasPermissionByPerson(person);
if (contextModelObject.PersonID == person.PersonID)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
if (!person.IsFullUser())
{
if (hasContactManagePermissions)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
}
else
{
if (hasAdminPermissions)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to edit {contextModelObject.FullNameFirstLast}"));
}
public PermissionCheckResult HasPermission(Person person, GrantAllocation contextModelObject)
{
if (person != null && person.PersonID != Person.AnonymousPersonID && person.HasAnyOfTheseRoles(GrantedRoles))
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult("You are not allowed to add files to Grant Allocations"));
}
public new PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
if (contextModelObject.ProjectStage == ProjectStage.Planned)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"Reported {FieldDefinition.PerformanceMeasure.GetFieldDefinitionLabelPluralized()} are not relevant for projects in the Planning/Design stage."));
}
return(base.HasPermission(person, contextModelObject));
}
public PermissionCheckResult HasPermission(Person person, FirmaPage contextModelObject)
{
if (HasPermissionByPerson(person))
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult("Does not have administration privileges"));
}
public PermissionCheckResult HasPermission(Person person, GrantAllocation contextModelObject)
{
if (person != null && person.PersonID != Person.AnonymousPersonID && GrantedRoles.Select(x => x.RoleID).Contains(person.RoleID))
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult("You are not allowed to add files to Grant Allocations"));
}
public PermissionCheckResult HasPermission(Person person, GisUploadAttempt contextModelObject)
{
if (contextModelObject.GisUploadAttemptCreatePerson.PersonID == person.PersonID)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit this upload attempt"));
}
public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardPersonnelAndBenefitsLineItem contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete this {FieldDefinition.GrantAllocationAwardPersonnelAndBenefitsLineItem.GetFieldDefinitionLabel()}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardLandownerCostShareLineItem contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {FieldDefinition.GrantAllocationAwardLandownerCostShare} with ID: {contextModelObject.GrantAllocationAwardLandownerCostShareLineItemID}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, GrantAllocationAward contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.GrantAllocationAwardName}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, GrantAllocationAwardContractorInvoice contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {FieldDefinition.GrantAllocationAwardContractorInvoice} with ID: {contextModelObject.GrantAllocationAwardContractorInvoiceDescription}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.DisplayName}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Invoice contextModelObject)
{
bool userHasPermission = HasPermissionByPerson(person);
if (userHasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Invoice {contextModelObject.InvoiceID} - {contextModelObject.InvoiceIdentifyingName}"));
}
public PermissionCheckResult HasPermission(Person person, GrantAllocationFileResource contextModelObject)
{
bool userHasPermission = HasPermissionByPerson(person);
if (userHasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to manage the Grant Allocation file {contextModelObject.DisplayName}"));
}
public PermissionCheckResult HasPermission(Person person, Grant contextModelObject)
{
bool userHasPermission = HasPermissionByPerson(person);
if (userHasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Grant {contextModelObject.GrantName}"));
}
public PermissionCheckResult HasPermission(Person person, PriorityLandscapeFileResource contextModelObject)
{
bool userHasPermission = HasPermissionByPerson(person);
if (userHasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to manage the {FieldDefinition.PriorityLandscape.FieldDefinitionDisplayName} file {contextModelObject.DisplayName}"));
}
public PermissionCheckResult HasPermission(Person person, GrantModificationNoteInternal contextModelObject)
{
bool userHasPermission = HasPermissionByPerson(person);
if (userHasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to Internal Notes on Grant Modification {contextModelObject.GrantModification.GrantModificationName}"));
}
public PermissionCheckResult HasPermission(Person person, Program contextModelObject)
{
bool userHasPermission = HasPermissionByPerson(person);
if (userHasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have access to { Models.FieldDefinition.Program.GetFieldDefinitionLabel()} {contextModelObject.ProgramName}"));
}
public PermissionCheckResult HasPermission(Person person, PerformanceMeasure contextModelObject)
{
var hasPermissionByPerson = HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to Edit {FieldDefinition.TaxonomyBranch.GetFieldDefinitionLabelPluralized()} for {MultiTenantHelpers.GetPerformanceMeasureName()} {contextModelObject.PerformanceMeasureDisplayName}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
var isProjectStewardButCannotStewardThisProject = person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject);
var forbidAdmin = !HasPermissionByPerson(person) || isProjectStewardButCannotStewardThisProject;
if (forbidAdmin)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
var possiblePermissionDeniedMessage = $"{Models.FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName} is not deletable by you";
if (new ProjectDeleteFeature().HasPermission(person, contextModelObject).HasPermission)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
bool userHasPermission = contextModelObject.IsMyProject(person) &&
(contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Draft || contextModelObject.ProjectApprovalStatus == ProjectApprovalStatus.Rejected);
return(PermissionCheckResult.MakeConditionalPermissionCheckResult(userHasPermission, possiblePermissionDeniedMessage));
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
if (contextModelObject.IsProposal())
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{FieldDefinition.Application.GetFieldDefinitionLabelPluralized()} cannot be updated through the {Models.FieldDefinition.Project.GetFieldDefinitionLabel()} Update process."));
}
var forbidAdmin = !HasPermissionByPerson(person) ||
person.HasRole(Role.ProjectSteward) &&
!person.CanStewardProject(contextModelObject);
string possiblePermissionDeniedMessage = $"You don't have permission to make Administrative actions on {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}";
return(PermissionCheckResult.MakeConditionalPermissionCheckResult(!forbidAdmin, possiblePermissionDeniedMessage));
}
public PermissionCheckResult HasPermission(Person person, Person contextModelObject)
{
var hasPermissionByPerson = new ContactManageFeature().HasPermissionByPerson(person);
if (!hasPermissionByPerson)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to delete {contextModelObject.FullNameFirstLast}"));
}
if (contextModelObject.IsFullUser())
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"{contextModelObject.FullNameFirstLast} cannot be deleted because they are a user with an account."));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, ProjectDocument contextModelObject)
{
var isProjectDocumentStewardButCannotStewardThisProjectDocument = person.HasRole(Role.ProjectSteward) && !person.CanStewardProject(contextModelObject.Project);
var forbidAdmin = !HasPermissionByPerson(person) || isProjectDocumentStewardButCannotStewardThisProjectDocument;
if (forbidAdmin)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You don't have permission to edit documents for {FieldDefinition.Project.GetFieldDefinitionLabel()} {contextModelObject.DisplayName}"));
}
if (contextModelObject.Project.IsProposal() || contextModelObject.Project.IsPendingProject())
{
return(new ProjectCreateFeature().HasPermission(person, contextModelObject.Project));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, Project contextModelObject)
{
var projectLabel = FieldDefinition.Project.GetFieldDefinitionLabel();
if (!HasPermissionByPerson(person))
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to approve this {projectLabel}."));
}
if (person.Role.RoleID == Role.ProjectSteward.RoleID &&
!person.CanStewardProject(contextModelObject))
{
var organizationLabel = FieldDefinition.Organization.GetFieldDefinitionLabel();
return(PermissionCheckResult.MakeFailurePermissionCheckResult($"You do not have permission to approve this {projectLabel} based on your relationship to the {projectLabel}'s {organizationLabel}."));
}
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
public PermissionCheckResult HasPermission(Person person, CustomPage contextModelObject)
{
if (contextModelObject == null)
{
return(PermissionCheckResult.MakeFailurePermissionCheckResult("custom page is null/invalid"));
}
var isVisible = contextModelObject.CustomPageDisplayType == CustomPageDisplayType.Public ||
(!person.IsAnonymousUser &&
contextModelObject.CustomPageDisplayType == CustomPageDisplayType.Protected);
if (isVisible)
{
return(PermissionCheckResult.MakeSuccessPermissionCheckResult());
}
return(PermissionCheckResult.MakeFailurePermissionCheckResult("Does not have custom page view privileges"));
}
