public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null) { var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations); if (studyPermissionDetails.Restricted) { allowedForAppRolesQueryable = AllowedUserOperations.ForRestrictedStudies(allowedForAppRolesQueryable); } if (allowedForAppRolesQueryable.Any()) { foreach (var curAllowance in allowedForAppRolesQueryable) { if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles)) { if (curAllowance.AppliesOnlyIfUserIsStudyOwner) { if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, operation, roleBeingAddedOrRemoved, StudyRoles.StudyOwner)) { return(true); } } else { return(true); } } } } return(false); }
public static bool IsAllowedForEmployeesWithoutAnyRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails = null) { if (!currentUser.Employee) { return(false); } var operationsAllowedWithoutRoles = AllowedUserOperations.ForAllNonExternalUserLevel(relevantOperations); if (studyPermissionDetails != null && studyPermissionDetails.Restricted) { operationsAllowedWithoutRoles = AllowedUserOperations.ForRestrictedStudies(operationsAllowedWithoutRoles); } return(operationsAllowedWithoutRoles.Any()); }
public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations) { var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations); if (allowedForAppRolesQueryable.Any()) { foreach (var curAllowance in allowedForAppRolesQueryable) { if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles)) { return(true); } } } return(false); }
public static bool HasAccessToOperation(UserDto currentUser, UserOperation operation) { var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation); //First test this, as it's the most common operation and it requires no db access if (StudyAccessUtil.IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations)) { return(true); } if (StudyAccessUtil.IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations)) { return(true); } return(false); }
public static bool HasAccessToOperationForStudy(UserDto currentUser, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null) { var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation); //First thest this, as it's the most common operation and it requires no db access if (IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails)) { return(true); } if (IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved)) { return(true); } if (IsAllowedBasedOnStudyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved)) { return(true); } return(false); }
public static bool IsAllowedBasedOnStudyRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null) { var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantOperations); if (studyPermissionDetails.Restricted) { allowedForStudyRolesQueryable = allowedForStudyRolesQueryable.Where(or => !or.AppliesOnlyToNonHiddenStudies); } if (allowedForStudyRolesQueryable.Any()) { foreach (var curOpWithRole in allowedForStudyRolesQueryable) { if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, curOpWithRole.AllowedForRoles, operation, roleBeingAddedOrRemoved)) { return(true); } } } return(false); }
public static string CreateAccessWhereClause(UserDto currentUser, UserOperation operation) { var ors = new List <string>(); var relevantPermissions = AllowedUserOperations.ForOperationQueryable(operation); var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantPermissions); if (allowedForAppRolesQueryable.Any()) { foreach (var curPermission in allowedForAppRolesQueryable) { if ( (currentUser.Admin && curPermission.AllowedForRoles.Contains(AppRoles.Admin)) || (currentUser.Sponsor && curPermission.AllowedForRoles.Contains(AppRoles.Sponsor)) || (currentUser.DatasetAdmin && curPermission.AllowedForRoles.Contains(AppRoles.DatasetAdmin)) ) { var currentOr = ALWAYS_TRUE; //Permission will be granted without restrictions (typically admin) if (!curPermission.AppliesOnlyToNonHiddenStudies && !curPermission.AppliesOnlyIfUserIsStudyOwner) { return(null); } if (curPermission.AppliesOnlyToNonHiddenStudies) { currentOr += NON_HIDDEN_CRITERIA; } if (curPermission.AppliesOnlyIfUserIsStudyOwner) { currentOr += UserHasRole(currentUser, StudyRoles.StudyOwner); } ors.Add(currentOr); } } } if (currentUser.Employee) { var operationsAllowedForEmployeesOnly = AllowedUserOperations.ForAllNonExternalUserLevel(relevantPermissions); foreach (var curPermission in operationsAllowedForEmployeesOnly) { var currentOr = ALWAYS_TRUE; if (curPermission.AppliesOnlyToNonHiddenStudies) { currentOr += NON_HIDDEN_CRITERIA; } ors.Add(currentOr); } } var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantPermissions); if (allowedForStudyRolesQueryable.Any()) { foreach (var curPermission in allowedForStudyRolesQueryable) { var currentOr = ALWAYS_TRUE; if (curPermission.AppliesOnlyToNonHiddenStudies) { currentOr += NON_HIDDEN_CRITERIA; } currentOr += UserHasRole(currentUser, curPermission.AllowedForRoles); ors.Add(currentOr); } } if (ors.Count > 0) { var whereClauseBuilder = new StringBuilder(); foreach (var curOr in ors) { if (whereClauseBuilder.Length > 0) { whereClauseBuilder.Append(" OR "); } whereClauseBuilder.Append($"({curOr})"); } return(whereClauseBuilder.ToString()); } return(null); }