public static People FilterPeopleToMatchAuthority(People people, Authority authority, int gracePeriod) { // First: If sysadmin, return the whole list uncensored. if (IsSystemAdministrator(authority)) { return(people); } SwarmDb databaseRead = SwarmDb.GetDatabaseForReading(); if (gracePeriod == -1) { gracePeriod = Membership.GracePeriod; } Dictionary <int, List <BasicMembership> > membershipTable = databaseRead.GetMembershipsForPeople(people.Identities, gracePeriod); Dictionary <int, int> geographyTable = databaseRead.GetPeopleGeographies(people.Identities); Dictionary <int, Person> clearedPeople = new Dictionary <int, Person>(); // TODO: Add org admin role, able to see previous members that aren't anonymized yet // Clear by organization roles foreach (BasicPersonRole role in authority.OrganizationPersonRoles) { Dictionary <int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Person person in people) { // Is the organization cleared in this officer's role for this to-be-viewed member? if (membershipTable.ContainsKey(person.Identity)) { foreach (BasicMembership membership in membershipTable[person.Identity]) { if (clearedOrganizations.ContainsKey(membership.OrganizationId) && authority.HasPermission(Permission.CanSeePeople, membership.OrganizationId, person.GeographyId, Flag.Default)) { if (membership.Active || (membership.Expires > DateTime.Now.AddDays(-gracePeriod) && membership.Expires.AddDays(1) > membership.DateTerminated && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default))) { clearedPeople[person.Identity] = person; break; } } } } /* -- commented out. This means "does the current authority have Org Admin privileges over Person"? * else if (CanSeeNonMembers) * { //person isn't member anywhere * clearedPeople[person.Identity] = person; * }*/ } } // Clear by node roles: // // For each node role, check if each member is in a cleared geography AND a cleared organization. // If so, permit view of this member. (A person in a branch of a geographical area for organizations X and Z // should see only people of those organizations only on those nodes.) foreach (BasicPersonRole role in authority.LocalPersonRoles) { Dictionary <int, BasicGeography> clearedGeographies = GeographyCache.GetGeographyHashtable(role.GeographyId); Dictionary <int, BasicOrganization> clearedOrganizations = OrganizationCache.GetOrganizationHashtable(role.OrganizationId); foreach (Person person in people) { // Is the node AND the organization cleared in this officer's role for this to-be-viewed member? if (membershipTable.ContainsKey(person.Identity)) { foreach (BasicMembership membership in membershipTable[person.Identity]) { int organizationClear = 0; int geographyClear = 0; if (clearedOrganizations.ContainsKey(membership.OrganizationId)) { organizationClear = membership.OrganizationId; if (clearedGeographies.ContainsKey(geographyTable[person.Identity])) { geographyClear = geographyTable[person.Identity]; } if (organizationClear > 0 && geographyClear > 0 && authority.HasPermission(Permission.CanSeePeople, organizationClear, geographyClear, Flag.Default)) { if (membership.Active || (membership.Expires > DateTime.Now.AddDays(-gracePeriod) && membership.Expires.AddDays(1) > membership.DateTerminated && authority.HasPermission(Permission.CanSeeExpiredDuringGracePeriod, membership.OrganizationId, person.GeographyId, Flag.Default))) { clearedPeople[person.Identity] = person; break; } } } } } } } // End: Assemble an array of the resulting cleared people People result = new People(); foreach (Person clearedPerson in clearedPeople.Values) { result.Add(clearedPerson); } return(result); }