private void SetupAdminLinksPanel() { //Approval by All Admins; At State Scope : Ship Directors - This is DefaultAdminRights //pendingRegistrations.Visible = AccessRulesBLL.HasDefaultAdminRights(this.AccountInfo); pendingRegistrations.Visible = ApproverRulesBLL.IsApprover(this.AccountInfo); pendingUniqueIds.Visible = IsAuthorizedForUniqueID; lbtnDownloadUniqueID.Visible = IsAuthorizedForUniqueID; //Add Users by all Admins, even at State Level. AddUserLink.Visible = IsAnAdminUser; Inactivity180.Visible = IsAnAdminUser; AdminLinksPanel.Visible = (pendingRegistrations.Visible | AddUserLink.Visible); }
protected void formView_PreRender(object sender, EventArgs e) { if (!IsPostBack) { var cbApproverObj = formView.FindControl("cbIsApprover") as CheckBox; if (cbApproverObj != null) { cbApproverObj.Enabled = ApproverRulesBLL.IsApprover(this.AccountInfo); } } else { ReBindSubStateList(); BindDescriptors(); SetSelectedDescriptorsForUser(); } }
private bool IsAuthorized() { /* Approval Data Authorization Logic is written as follows: * A: The Approver must be within the same State as the User whose profile is pending approval. * B: The Approver must be an Admin ANDALSO an Approver Designate of Same Scope or Higher scope. * C: If the account pending approval is for State Admin, then the Approver can be be a SHIP director or State Admin with Approver Designate rights. * D: If the Approver is a CMS Level User, the Approver must be a CMS Admin with Approver Designate rights. * E: Introduced 03/07/2010 - User who is Admin with Descriptor ID 8 [Approver] can approve within A-D rule context. */ //Lets Gather parameters here for verifying the business logic. string requestedState = ViewData.StateFIPS; Scope requestedScope = ViewData.Scope; bool IsCMSRegionAccountRequested = ViewData.IsUserCMSRegionalScope; bool IsCMSAccountRequested = ViewData.IsUserCMSScope; bool IsAdminAccountRequested = ViewData.IsAdmin; string ApproverState = this.AccountInfo.StateFIPS; Scope ApproverScope = this.AccountInfo.Scope; int ApproverUserId = AccountInfo.UserId; bool ApproverIsAdmin = this.AccountInfo.IsAdmin; bool IsApproverShipDirector = this.AccountInfo.IsShipDirector; bool IsApproverStateApprover = this.AccountInfo.IsStateAdmin && this.AccountInfo.IsApproverDesignate.HasValue && this.AccountInfo.IsApproverDesignate.Value; bool IsApproverCMSApprover = this.AccountInfo.IsAdmin && this.AccountInfo.IsCMSScope && this.AccountInfo.IsApproverDesignate.HasValue && this.AccountInfo.IsApproverDesignate.Value; //General Rule: Admins of lower scope cannot approve Admins of higher scope. if (ApproverScope.IsLower(requestedScope)) { return(false); } //Approve must always be Admin of some scope if (!ApproverRulesBLL.IsApprover(this.AccountInfo)) { //if (!ApproverIsAdmin) return(false); } //CMS Admins can be approved by only approver designates. if (IsApproverCMSApprover) { return(true); } //CMS User/CMS Admin and CMS Regional requests can be approved only by a CMS Admin if (IsCMSRegionAccountRequested || IsCMSAccountRequested) { return(false); } //Move on to State Level Users Approval Request //For Non-CMS Users: States must match if (requestedState != ApproverState) { return(false); } else { //State Ship Directors can approve any one in the State. if (IsApproverShipDirector || IsApproverStateApprover) { return(true); } if (requestedScope.IsEqual(Scope.State)) { //State Users can be approved by only State Directors or State Approvers. //State Director and State approver rights were already checked, so need to reject all State requests. return(false); } //For verifying Sub State access rights, lets get Sub State profiles of Approver IEnumerable <UserRegionalAccessProfile> approverSubStateAdminProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(ApproverUserId, true); if (requestedScope.IsEqual(Scope.SubStateRegion)) { //Approvers of Sub State Users and Admins can be the following: // CMS Approver - which we already checked // Ship Director & State Approvers - which we already checked. //Now check for Sub State Approver of the Sub State ID requested. //Approve must be Sub State Admin to approve a Sub State User if (approverSubStateAdminProfiles != null && approverSubStateAdminProfiles.Count() > 0) { //Sub State User can be approved by Sub State Admin of Same Sub State Region int SubStateRegionIDOfRequestor = ViewData.RegionalProfiles[0].RegionId; foreach (UserRegionalAccessProfile approverSubState in approverSubStateAdminProfiles) { if (approverSubState.RegionId == SubStateRegionIDOfRequestor) { return(approverSubState.IsApproverDesignate); } } } return(false); } //Logic below is for Agency Scope account approval requests. //Agency Scope requests can be approved by Sub State Approvers as well as Agency Approvers. if (ApproverScope.IsEqual(Scope.SubStateRegion)) { if (approverSubStateAdminProfiles != null && approverSubStateAdminProfiles.Count() > 0) { //The Agency of the account requested must be part of Approver's Sub State region. int AgencyOfAccountRequested = ViewData.RegionalProfiles[0].RegionId; foreach (UserRegionalAccessProfile subStateprofile in approverSubStateAdminProfiles) { //Get Agencies for substate IEnumerable <ShiptalkLogic.BusinessObjects.Agency> agencyProfiles = LookupBLL.GetAgenciesForSubStateRegion(subStateprofile.RegionId); foreach (ShiptalkLogic.BusinessObjects.Agency agency in agencyProfiles) { if (agency.Id == AgencyOfAccountRequested) { return(subStateprofile.IsApproverDesignate); } } } } return(false); } else { //Here, it is evident that Approver is an Agency Level person and also account Request is for agency scope. //All Agency requests could be approved by Agency Approvers, SubState approvers or Ship Director or CMS approvers int AgencyOfAccountRequested = ViewData.RegionalProfiles[0].RegionId; IEnumerable <UserRegionalAccessProfile> approverAgencyAdminProfiles = UserAgencyBLL.GetUserAgencyProfiles(ApproverUserId, true); foreach (UserRegionalAccessProfile approverAgencyprofile in approverAgencyAdminProfiles) { if (approverAgencyprofile.RegionId == AgencyOfAccountRequested) { return(approverAgencyprofile.IsApproverDesignate); } } return(false); } } }