/// <summary>
/// Determines the applicable roles for <paramref name="session"/>.
/// </summary>
/// <param name="session">Contains session and user information used to determine access rights.</param>
/// <param name="roleList">The list of roles.</param>
/// <param name="application">The application, if relevant Defaults to <see langword="null"/>.</param>
/// <returns>The applicable roles for <paramref name="session"/>.</returns>
private Dictionary<string, string> DetermineRolesForUser(SecureSession session, RoleList roleList, Application application = null)
{
session = session ?? new SecureSession();
application = application ?? new Application();
Role publicRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.PublicRoleName);
Dictionary<string, string> roleDict = publicRole == null ? new Dictionary<string, string>() : new Dictionary<string, string> { { publicRole.Id, publicRole.RoleName } };
string compareTo = this.GetSessionUserId(session);
if (application.IsCreatedBy(compareTo))
{
Role originatorRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.OriginatorRoleName);
if (originatorRole != null)
{
roleDict.Add(originatorRole.Id, originatorRole.RoleName);
}
}
if (session.AuthenticatedUser == null)
{
return roleDict;
}
if (session.AuthenticatedUser.IsAdministrator())
{
foreach (var role in roleList)
{
if (roleDict.ContainsKey(role.Id))
{
continue;
}
roleDict.Add(role.Id, role.RoleName);
}
return roleDict;
}
foreach (var userRole in session.AuthenticatedUser.Roles)
{
if (roleList.Exists(role => role.Id == userRole.Key && role.Enabled))
{
roleDict.Add(userRole.Key, userRole.Value);
}
}
if (!string.IsNullOrEmpty(application.AssignedTo) && session.AuthenticatedUser.Id == application.AssignedTo)
{
Role assigneeRole = roleList.FirstOrDefault(r => r.SystemDefined && r.RoleName == SecurityConstants.AssigneeRoleName);
if (assigneeRole != null)
{
roleDict.Add(assigneeRole.Id, assigneeRole.RoleName);
}
}
return roleDict;
}
