示例#1
0
        public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
        {
            var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations);

            if (studyPermissionDetails.Restricted)
            {
                allowedForAppRolesQueryable = AllowedUserOperations.ForRestrictedStudies(allowedForAppRolesQueryable);
            }

            if (allowedForAppRolesQueryable.Any())
            {
                foreach (var curAllowance in allowedForAppRolesQueryable)
                {
                    if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles))
                    {
                        if (curAllowance.AppliesOnlyIfUserIsStudyOwner)
                        {
                            if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, operation, roleBeingAddedOrRemoved, StudyRoles.StudyOwner))
                            {
                                return(true);
                            }
                        }
                        else
                        {
                            return(true);
                        }
                    }
                }
            }

            return(false);
        }
示例#2
0
        public static bool IsAllowedForEmployeesWithoutAnyRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails = null)
        {
            if (!currentUser.Employee)
            {
                return(false);
            }

            var operationsAllowedWithoutRoles = AllowedUserOperations.ForAllNonExternalUserLevel(relevantOperations);

            if (studyPermissionDetails != null && studyPermissionDetails.Restricted)
            {
                operationsAllowedWithoutRoles = AllowedUserOperations.ForRestrictedStudies(operationsAllowedWithoutRoles);
            }

            return(operationsAllowedWithoutRoles.Any());
        }
示例#3
0
        public static bool IsAllowedBasedOnAppRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations)
        {
            var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantOperations);

            if (allowedForAppRolesQueryable.Any())
            {
                foreach (var curAllowance in allowedForAppRolesQueryable)
                {
                    if (UserHasAnyOfTheseAppRoles(currentUser, curAllowance.AllowedForRoles))
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
示例#4
0
        public static bool HasAccessToOperation(UserDto currentUser, UserOperation operation)
        {
            var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation);

            //First test this, as it's the most common operation and it requires no db access
            if (StudyAccessUtil.IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations))
            {
                return(true);
            }

            if (StudyAccessUtil.IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations))
            {
                return(true);
            }

            return(false);
        }
示例#5
0
        public static bool HasAccessToOperationForStudy(UserDto currentUser, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
        {
            var onlyRelevantOperations = AllowedUserOperations.ForOperationQueryable(operation);

            //First thest this, as it's the most common operation and it requires no db access
            if (IsAllowedForEmployeesWithoutAnyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails))
            {
                return(true);
            }

            if (IsAllowedBasedOnAppRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved))
            {
                return(true);
            }

            if (IsAllowedBasedOnStudyRoles(currentUser, onlyRelevantOperations, studyPermissionDetails, operation, roleBeingAddedOrRemoved))
            {
                return(true);
            }

            return(false);
        }
示例#6
0
        public static bool IsAllowedBasedOnStudyRoles(UserDto currentUser, IEnumerable <OperationPermission> relevantOperations, IHasStudyPermissionDetails studyPermissionDetails, UserOperation operation, string roleBeingAddedOrRemoved = null)
        {
            var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantOperations);

            if (studyPermissionDetails.Restricted)
            {
                allowedForStudyRolesQueryable = allowedForStudyRolesQueryable.Where(or => !or.AppliesOnlyToNonHiddenStudies);
            }

            if (allowedForStudyRolesQueryable.Any())
            {
                foreach (var curOpWithRole in allowedForStudyRolesQueryable)
                {
                    if (UserHasAnyOfTheseStudyRoles(currentUser.Id, studyPermissionDetails, curOpWithRole.AllowedForRoles, operation, roleBeingAddedOrRemoved))
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
示例#7
0
        public static string CreateAccessWhereClause(UserDto currentUser, UserOperation operation)
        {
            var ors = new List <string>();

            var relevantPermissions = AllowedUserOperations.ForOperationQueryable(operation);

            var allowedForAppRolesQueryable = AllowedUserOperations.ForAppRolesLevel(relevantPermissions);

            if (allowedForAppRolesQueryable.Any())
            {
                foreach (var curPermission in allowedForAppRolesQueryable)
                {
                    if (
                        (currentUser.Admin && curPermission.AllowedForRoles.Contains(AppRoles.Admin)) ||
                        (currentUser.Sponsor && curPermission.AllowedForRoles.Contains(AppRoles.Sponsor)) ||
                        (currentUser.DatasetAdmin && curPermission.AllowedForRoles.Contains(AppRoles.DatasetAdmin))
                        )
                    {
                        var currentOr = ALWAYS_TRUE;

                        //Permission will be granted without restrictions (typically admin)
                        if (!curPermission.AppliesOnlyToNonHiddenStudies && !curPermission.AppliesOnlyIfUserIsStudyOwner)
                        {
                            return(null);
                        }

                        if (curPermission.AppliesOnlyToNonHiddenStudies)
                        {
                            currentOr += NON_HIDDEN_CRITERIA;
                        }

                        if (curPermission.AppliesOnlyIfUserIsStudyOwner)
                        {
                            currentOr += UserHasRole(currentUser, StudyRoles.StudyOwner);
                        }

                        ors.Add(currentOr);
                    }
                }
            }

            if (currentUser.Employee)
            {
                var operationsAllowedForEmployeesOnly = AllowedUserOperations.ForAllNonExternalUserLevel(relevantPermissions);

                foreach (var curPermission in operationsAllowedForEmployeesOnly)
                {
                    var currentOr = ALWAYS_TRUE;

                    if (curPermission.AppliesOnlyToNonHiddenStudies)
                    {
                        currentOr += NON_HIDDEN_CRITERIA;
                    }

                    ors.Add(currentOr);
                }
            }

            var allowedForStudyRolesQueryable = AllowedUserOperations.ForStudySpecificRolesLevel(relevantPermissions);

            if (allowedForStudyRolesQueryable.Any())
            {
                foreach (var curPermission in allowedForStudyRolesQueryable)
                {
                    var currentOr = ALWAYS_TRUE;

                    if (curPermission.AppliesOnlyToNonHiddenStudies)
                    {
                        currentOr += NON_HIDDEN_CRITERIA;
                    }

                    currentOr += UserHasRole(currentUser, curPermission.AllowedForRoles);

                    ors.Add(currentOr);
                }
            }

            if (ors.Count > 0)
            {
                var whereClauseBuilder = new StringBuilder();

                foreach (var curOr in ors)
                {
                    if (whereClauseBuilder.Length > 0)
                    {
                        whereClauseBuilder.Append(" OR ");
                    }

                    whereClauseBuilder.Append($"({curOr})");
                }

                return(whereClauseBuilder.ToString());
            }

            return(null);
        }