public Access(Organization organization, Geography geography, AccessAspect aspect, AccessType type) { this.Organization = organization; this.Geography = geography; this.Aspect = aspect; this.Type = type; }
public bool CanSeePerson(Person person, AccessAspect aspect = AccessAspect.Participation) { if (aspect != AccessAspect.Participation && aspect != AccessAspect.PersonalData) { throw new ArgumentException(@"AccessAspect needs to reflect visibility of people data", "aspect"); } // Three cases: // 1) the current Position has system-level access. // 2) the current Position has org-level, but not system-level, access. // 3) the current Position has org-and-geo-level access. if (HasSystemAccess(AccessType.Read)) // case 1 { // Still filter to the current Organization, even though we have systemwide access if (person.ParticipatesInOrganizationOrParent(Organization)) { return(true); } } // Is this Person a Participant of an org or sub-org where the current Authority // has organizationwide access? Case 2. if ( HasAccess(new Access(Organization, aspect, AccessType.Read))) { if (person.ParticipatesInOrganizationOrParent(Organization)) { return(true); } } // Finally, determine by geography AND organization. if (Position == null || Position.Geography == null) { return(false); } if ( HasAccess(new Access(Organization, Position.Geography, aspect, AccessType.Read))) { if (person.ParticipatesInOrganizationOrParent(Organization)) { if (person.GeographyId == Position.GeographyId || person.Geography.Inherits(Position.Geography)) { return(true); } } } return(false); }
public People FilterPeople(People rawList, AccessAspect aspect = AccessAspect.Participation) { if (aspect != AccessAspect.Participation && aspect != AccessAspect.PersonalData) { throw new ArgumentException(@"AccessAspect needs to reflect visibility of people data", "aspect"); } // Three cases: // 1) the current Position has system-level access. // 2) the current Position has org-level, but not system-level, access. // 3) the current Position has org-and-geo-level access. Dictionary <int, bool> orgLookup = new Dictionary <int, bool>(); Dictionary <int, bool> geoLookup = new Dictionary <int, bool>(); People result = new People(); // Org lookup will always be needed. Geo lookup may be needed for case 3. Organizations orgStructure = this.Organization.ThisAndBelow(); int[] orgIds = orgStructure.Identities; foreach (int orgId in orgIds) { orgLookup[orgId] = true; } orgLookup[Organization.Identity] = true; Dictionary <int, List <BasicParticipation> > membershipLookup = null; if (HasSystemAccess(AccessType.Read) || HasAccess(new Access(Organization, aspect, AccessType.Read))) { // cases 1 and 2: systemwide access, return everybody at or under the current Organization, // or org-wide read access (at least) to participant/personal data at current Organization // Optimization: Get all memberships in advance, without instantiating logic objects membershipLookup = Participations.GetParticipationsForPeople(rawList.Identities, 0); foreach (Person person in rawList) { // For each person, we must test the list of active memberships to see if one of // them is visible to this Authority - if it's a membership in an org at or below the // Authority object's organization if (membershipLookup.ContainsKey(person.Identity)) { List <BasicParticipation> list = membershipLookup[person.Identity]; foreach (BasicParticipation basicMembership in list) { if (orgLookup.ContainsKey(basicMembership.OrganizationId)) { // hit - this person has an active membership that makes them visible to this Authority result.Add(person); break; } } } } return(result); } // Case 3: Same as above but also check for Geography (in an AND pattern). if (this.Position == null) { // No access at all. That was an easy case! return(new People()); // return empty list } if (this.Position.Geography == null) { // Org-level position, but one that doesn't have access to personal data, apparently. return(new People()); // empty list again } if (!HasAccess(new Access(this.Organization, Position.Geography, aspect, AccessType.Read))) { // No people access for active position. Also a reasonably easy case. return(new People()); // also return empty list } Geographies geoStructure = this.Position.Geography.ThisAndBelow(); int[] geoIds = geoStructure.Identities; foreach (int geoId in geoIds) { geoLookup[geoId] = true; } geoLookup[Position.GeographyId] = true; // Optimization: Get all memberships in advance, without instantiating logic objects Dictionary <int, List <BasicParticipation> > personLookup = Participations.GetParticipationsForPeople(rawList.Identities, 0); foreach (Person person in rawList) { // For each person, we must test the list of active memberships to see if one of // them is visible to this Authority - if it's a membership in an org at or below the // Authority object's organization - and also test the person's Geography against // the list (lookup) of visible Geographies. We do Geographies first, because that test is // much cheaper. if (geoLookup[person.GeographyId]) { // Geography hit. Test Membership / Organization. List <BasicParticipation> list = personLookup[person.Identity]; foreach (BasicParticipation basicMembership in list) { if (orgLookup.ContainsKey(basicMembership.OrganizationId)) { // Organization hit - this person has an active membership that makes them visible to this Authority result.Add(person); } } } } return(result); }
public Access(Organization organization, AccessAspect aspect, AccessType type) { this.Organization = organization; this.Aspect = aspect; this.Type = type; }
public Access(AccessAspect aspect, AccessType type) { this.Aspect = aspect; this.Type = type; }
public Access(AccessAspect aspect, AccessType type = AccessType.Write) // Default to demanding r/w access unless r/o specified { this.Aspect = aspect; this.Type = type; }
public Access (AccessAspect aspect, AccessType type) { this.Aspect = aspect; this.Type = type; }