public Access(Organization organization, Geography geography, AccessAspect aspect, AccessType type)
{
this.Organization = organization;
this.Geography = geography;
this.Aspect = aspect;
this.Type = type;
}
public Access(Organization organization, Geography geography, AccessAspect aspect, AccessType type)
{
this.Organization = organization;
this.Geography = geography;
this.Aspect = aspect;
this.Type = type;
}
public bool CanSeePerson(Person person, AccessAspect aspect = AccessAspect.Participation)
{
if (aspect != AccessAspect.Participation && aspect != AccessAspect.PersonalData)
{
throw new ArgumentException(@"AccessAspect needs to reflect visibility of people data", "aspect");
}
// Three cases:
// 1) the current Position has system-level access.
// 2) the current Position has org-level, but not system-level, access.
// 3) the current Position has org-and-geo-level access.
if (HasSystemAccess(AccessType.Read)) // case 1
{
// Still filter to the current Organization, even though we have systemwide access
if (person.ParticipatesInOrganizationOrParent(Organization))
{
return(true);
}
}
// Is this Person a Participant of an org or sub-org where the current Authority
// has organizationwide access? Case 2.
if (
HasAccess(new Access(Organization, aspect, AccessType.Read)))
{
if (person.ParticipatesInOrganizationOrParent(Organization))
{
return(true);
}
}
// Finally, determine by geography AND organization.
if (Position == null || Position.Geography == null)
{
return(false);
}
if (
HasAccess(new Access(Organization, Position.Geography, aspect, AccessType.Read)))
{
if (person.ParticipatesInOrganizationOrParent(Organization))
{
if (person.GeographyId == Position.GeographyId || person.Geography.Inherits(Position.Geography))
{
return(true);
}
}
}
return(false);
}
public People FilterPeople(People rawList, AccessAspect aspect = AccessAspect.Participation)
{
if (aspect != AccessAspect.Participation && aspect != AccessAspect.PersonalData)
{
throw new ArgumentException(@"AccessAspect needs to reflect visibility of people data", "aspect");
}
// Three cases:
// 1) the current Position has system-level access.
// 2) the current Position has org-level, but not system-level, access.
// 3) the current Position has org-and-geo-level access.
Dictionary <int, bool> orgLookup = new Dictionary <int, bool>();
Dictionary <int, bool> geoLookup = new Dictionary <int, bool>();
People result = new People();
// Org lookup will always be needed. Geo lookup may be needed for case 3.
Organizations orgStructure = this.Organization.ThisAndBelow();
int[] orgIds = orgStructure.Identities;
foreach (int orgId in orgIds)
{
orgLookup[orgId] = true;
}
orgLookup[Organization.Identity] = true;
Dictionary <int, List <BasicParticipation> > membershipLookup = null;
if (HasSystemAccess(AccessType.Read) || HasAccess(new Access(Organization, aspect, AccessType.Read)))
{
// cases 1 and 2: systemwide access, return everybody at or under the current Organization,
// or org-wide read access (at least) to participant/personal data at current Organization
// Optimization: Get all memberships in advance, without instantiating logic objects
membershipLookup = Participations.GetParticipationsForPeople(rawList.Identities, 0);
foreach (Person person in rawList)
{
// For each person, we must test the list of active memberships to see if one of
// them is visible to this Authority - if it's a membership in an org at or below the
// Authority object's organization
if (membershipLookup.ContainsKey(person.Identity))
{
List <BasicParticipation> list = membershipLookup[person.Identity];
foreach (BasicParticipation basicMembership in list)
{
if (orgLookup.ContainsKey(basicMembership.OrganizationId))
{
// hit - this person has an active membership that makes them visible to this Authority
result.Add(person);
break;
}
}
}
}
return(result);
}
// Case 3: Same as above but also check for Geography (in an AND pattern).
if (this.Position == null)
{
// No access at all. That was an easy case!
return(new People()); // return empty list
}
if (this.Position.Geography == null)
{
// Org-level position, but one that doesn't have access to personal data, apparently.
return(new People()); // empty list again
}
if (!HasAccess(new Access(this.Organization, Position.Geography, aspect, AccessType.Read)))
{
// No people access for active position. Also a reasonably easy case.
return(new People()); // also return empty list
}
Geographies geoStructure = this.Position.Geography.ThisAndBelow();
int[] geoIds = geoStructure.Identities;
foreach (int geoId in geoIds)
{
geoLookup[geoId] = true;
}
geoLookup[Position.GeographyId] = true;
// Optimization: Get all memberships in advance, without instantiating logic objects
Dictionary <int, List <BasicParticipation> > personLookup =
Participations.GetParticipationsForPeople(rawList.Identities, 0);
foreach (Person person in rawList)
{
// For each person, we must test the list of active memberships to see if one of
// them is visible to this Authority - if it's a membership in an org at or below the
// Authority object's organization - and also test the person's Geography against
// the list (lookup) of visible Geographies. We do Geographies first, because that test is
// much cheaper.
if (geoLookup[person.GeographyId])
{
// Geography hit. Test Membership / Organization.
List <BasicParticipation> list = personLookup[person.Identity];
foreach (BasicParticipation basicMembership in list)
{
if (orgLookup.ContainsKey(basicMembership.OrganizationId))
{
// Organization hit - this person has an active membership that makes them visible to this Authority
result.Add(person);
}
}
}
}
return(result);
}
public Access(Organization organization, AccessAspect aspect, AccessType type)
{
this.Organization = organization;
this.Aspect = aspect;
this.Type = type;
}
public Access(AccessAspect aspect, AccessType type)
{
this.Aspect = aspect;
this.Type = type;
}
public Access(AccessAspect aspect, AccessType type = AccessType.Write) // Default to demanding r/w access unless r/o specified
{
this.Aspect = aspect;
this.Type = type;
}
public Access (AccessAspect aspect, AccessType type)
{
this.Aspect = aspect;
this.Type = type;
}
public Access(Organization organization, AccessAspect aspect, AccessType type)
{
this.Organization = organization;
this.Aspect = aspect;
this.Type = type;
}
