public static bool HasUserPermission(User user, int? CountryID, PermissionLevel requiredLevel, UserPermissionsContainer userPermissions = null)
{
if (user != null)
{
if (!String.IsNullOrEmpty(user.Permissions))
{
if (userPermissions == null)
{
userPermissions = JsonConvert.DeserializeObject<UserPermissionsContainer>(user.Permissions);
}
if (userPermissions.Permissions != null)
{
if (userPermissions.Permissions.Any(p => p.Level == PermissionLevel.Admin && (p.CountryID == null || p.CountryID == CountryID)))
{
//user is admin (for given country or all countries)
return true;
}
if (userPermissions.Permissions.Any(p => p.Level == requiredLevel && (p.CountryID == null || p.CountryID == CountryID)))
{
//user has required level of access (for given country or all countries)
return true;
}
}
}
}
return false;
}
public bool GrantPermission(User user, StandardPermissionAttributes permissionAttribute, string attributeValue, bool removeOnly, User administrator)
{
//to apply permissions we add or remove from the permissions list attached to the user details, we also maintain a string in the legacy semicolon seperated format for apps/code which still requires the older format.
var userDetails = dataModel.Users.FirstOrDefault(u => u.ID == user.ID);
if (userDetails != null)
{
UserPermissionsContainer userPermissions = new UserPermissionsContainer();
if (!String.IsNullOrEmpty(user.Permissions))
{
userPermissions = JsonConvert.DeserializeObject<UserPermissionsContainer>(user.Permissions);
}
//apply permission to legacypermission tag of user details
string attributeTag = "[" + permissionAttribute.ToString() + "=" + attributeValue + "];";
if (userPermissions.LegacyPermissions == null) userPermissions.LegacyPermissions = "";
if (userPermissions.Permissions == null) userPermissions.Permissions = new List<UserPermission>();
if (!removeOnly)
{
//add permission
//append permission attribute for user
//legacy format is [AttributeName1=Value];[AttributeName2=Value]; -legacy format is maintained as LegacyPermissions field in JSON format, for older apps (mainly older versions of OCM app)
if (!userPermissions.LegacyPermissions.Contains(attributeTag))
{
if (!userPermissions.LegacyPermissions.EndsWith(";") && userPermissions.LegacyPermissions != "") userPermissions.LegacyPermissions += ";";
userPermissions.LegacyPermissions += attributeTag;
//add permission to main permission list
if (permissionAttribute == StandardPermissionAttributes.CountryLevel_Editor)
{
var permission = new UserPermission();
if (attributeValue != "All")
{
permission.CountryID = int.Parse(attributeValue);
}
permission.Level = PermissionLevel.Editor;
userPermissions.Permissions.Add(permission);
}
//TODO: administrator permissions
AuditLogManager.Log(administrator, AuditEventType.PermissionGranted, "User: "******"; Permission:" + permissionAttribute.ToString(), null);
}
}
else
{
//remove permission
userPermissions.LegacyPermissions = userPermissions.LegacyPermissions.Replace(attributeTag, "");
if (permissionAttribute == StandardPermissionAttributes.CountryLevel_Editor)
{
if (attributeValue != "All")
{
int countryID = int.Parse(attributeValue);
userPermissions.Permissions.RemoveAll(p => p.Level == PermissionLevel.Editor && p.CountryID == countryID);
}
else
{
userPermissions.Permissions.RemoveAll(p => p.Level == PermissionLevel.Editor);
}
}
AuditLogManager.Log(administrator, AuditEventType.PermissionRemoved, "User: "******"; Permission:" + permissionAttribute.ToString(), null);
}
//remove requested permission attribute if it exists
if (userDetails.PermissionsRequested != null)
{
userDetails.PermissionsRequested = userDetails.PermissionsRequested.Replace(attributeTag, "");
}
userDetails.Permissions = JsonConvert.SerializeObject(userPermissions, Formatting.None, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
dataModel.SaveChanges();
return true;
}
else
{
return false;
}
}
public void ConvertUserPermissions()
{
//perform batch upgrade of all user permisions to include JSON formatted permissions and legacy format string
var userList = dataModel.Users.Where(u => u.Permissions != null);
foreach (var user in userList)
{
if (!user.Permissions.Contains("{"))
{
List<UserPermission> permissions = new List<UserPermission>();
//parse permissions
var pList = user.Permissions.Split(';');
foreach (var p in pList)
{
var legacyPermission = p.Trim();
if (!String.IsNullOrEmpty(legacyPermission))
{
var permission = new UserPermission();
//[CountryLevel_Editor=All];[Administrator=true];
bool parsedOK = false;
if (legacyPermission.StartsWith("[CountryLevel_Editor"))
{
permission.Level = PermissionLevel.Editor;
if (!legacyPermission.Contains("=All"))
{
var countryIDString = legacyPermission.Substring(p.IndexOf("=") + 1, legacyPermission.IndexOf("]") - (legacyPermission.IndexOf("=") + 1));
permission.CountryID = int.Parse(countryIDString);
}
parsedOK = true;
}
if (legacyPermission.StartsWith("[Administrator=true]"))
{
permission.Level = PermissionLevel.Admin;
parsedOK = true;
}
if (!parsedOK)
{
throw new Exception("Failed to parse permission: User" + user.ID + " :" + user.Permissions);
}
else
{
permissions.Add(permission);
}
}
}
UserPermissionsContainer allPermissions = new UserPermissionsContainer()
{
LegacyPermissions = user.Permissions, //preserve permissions string for legacy users
Permissions = permissions //express permission as a list of permission objects
};
user.Permissions = JsonConvert.SerializeObject(allPermissions, Formatting.None, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
}
}
dataModel.SaveChanges();
}