/// <summary>
/// Get the company for the user along with Authorization info for what they can do with that company.
/// For now we will assume: 1. Company Owner can do everything. 2. The employee can read, but not edit. 3. Everyone else is forbidden.
/// This will only be used when the company is to be inferred from the user.
/// </summary>
/// <param name="professionalUserId"></param>
/// <param name="includeAllEmployees">Do we return all employees with the company (will apply to company owners only for now)</param>
/// <param name="authState"></param>
/// <param name="isCompanyOwner"></param>
/// <returns></returns>
public Company GetAuthorization_ForCompanyAdmin_IfCompanyIdSelectedByUserId(Guid professionalUserId, bool includeAllEmployees, out AuthorizationState authState, out bool isCompanyOwner)
{
authState = AuthorizationState.NotAllowed;
isCompanyOwner = false;
Company company = null;
if (includeAllEmployees)
{
company = _companyQueries.GetCompanyAndAllEmployeesFromOwnerProfessionalUserId(professionalUserId);
}
else
{
company = _companyQueries.GetCompanyFromOwnerUserGuid(professionalUserId.ToString());
}
if (company != null)
{
// Owner - If it's the company owner, they have full rights.
authState = AuthorizationState.CreateReadUpdate;
isCompanyOwner = true;
return(company);
}
else
{
// Employee - If it's an employee, they can view.
company = _companyQueries.GetCompanyAndThisEmployeeFromEmployeeProfessionalUserId(professionalUserId.ToString());
if (company != null)
{
authState = AuthorizationState.ReadOnly;
isCompanyOwner = false;
return(company);
}
}
// If it's anyone else, they can bugger off!
return(company);
}