/// <summary>
/// Can Approve Sub State User if:
/// #) CMS Approvers
/// #) Same State Ship Director
/// #) Same State Approver Designate
/// #) Same Sub State Approver Designates
/// </summary>
/// <param name="AccountInfo"></param>
/// <param name="SubStateRegionId"></param>
/// <returns></returns>
public static bool IsApproverForSubState(UserAccount AccountInfo, int SubStateRegionId)
{
bool IsApprover = false;
if (AccountInfo.Scope.IsEqual(Scope.CMS))
{
return(IsApproverAtCMS(AccountInfo));
}
else if (AccountInfo.Scope.IsEqual(Scope.State))
{
var SubStates = LookupBLL.GetSubStateRegionsForState(AccountInfo.StateFIPS);
if (SubStates != null && SubStates.Count > 0)
{
//Check if Sub State is part of Admin State [Same State check]
if (SubStates.Keys.Contains(SubStateRegionId))
{
return(IsApproverForState(AccountInfo, AccountInfo.StateFIPS));
}
}
}
else if (AccountInfo.Scope.IsEqual(Scope.SubStateRegion)) //for clarity
{
var SubStateAdminProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(AccountInfo.UserId, true);
foreach (UserRegionalAccessProfile SubStateProfile in SubStateAdminProfiles)
{
//Is admin is already checked while retrieving SubState profiles. Added for clarity.
if (SubStateProfile.RegionId == SubStateRegionId)
{
return(SubStateProfile.IsAdmin && SubStateProfile.IsApproverDesignate);
}
}
}
return(IsApprover);
}
public static bool CanEditAgencyUser(int AgencyId, bool UserIsAdmin, string StateFIPSOfAgency, bool UserIsApproverDesignate, UserViewData AdminData)
{
if (AdminData.IsCMSLevel)
{
return(AdminData.IsCMSAdmin);
}
else //State Level Users follow
{
//Kick out other state users
if ((AdminData.StateFIPS != StateFIPSOfAgency))
{
return(false);
}
//State Scope Users must be Admins
if (AdminData.Scope.IsEqual(Scope.State))
{
return(AdminData.IsStateAdmin);
}
else if (AdminData.Scope.IsEqual(Scope.SubStateRegion))
{
IEnumerable <UserRegionalAccessProfile> AdminSubStateProfiles = AdminData.RegionalProfiles.Where(p => p.IsAdmin == true);
foreach (UserRegionalAccessProfile adminProfile in AdminSubStateProfiles)
{
IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(adminProfile.RegionId);
Agency matchingAgency = AgenciesForSubState.Where(ag => (ag.Id == AgencyId) && (ag.IsActive == true)).FirstOrDefault();
if (matchingAgency != null)
{
return(true);
}
}
}
else if (AdminData.Scope.IsEqual(Scope.Agency))
{
//The Agency of the account requested must be part of Editor's Sub State region.
IEnumerable <UserRegionalAccessProfile> AdminAgencyProfiles = AdminData.RegionalProfiles.Where(p => p.IsAdmin == true && p.RegionId == AgencyId);
//We expect only one item in AdminAgencyProfiles after applying Where filter to regional profiles, but still living with same code.
foreach (UserRegionalAccessProfile agencyProfile in AdminAgencyProfiles)
{
//Approvers can be edited by only higher scope admins.
if (UserIsApproverDesignate)
{
return(false);
}
else if (UserIsAdmin)
{
return(agencyProfile.IsApproverDesignate);
}
else
{
return(true);
}
}
}
}
return(false);
}
/// <summary>
/// To avoid the Business Object refer back to UserBLL, we would like to do the processing here,
/// rather than User.cs where mapping is done.
/// </summary>
/// <param name="viewData"></param>
/// <param name="accountInfo"></param>
private static void StepUpViewData(ref UserViewData viewData)
{
string description = string.Empty;
string title = string.Empty;
//bool IsShipDirector = false;
//Get the Role that match user account information
Role r = LookupBLL.GetRole(viewData.Scope, viewData.IsAdmin);
title = r.Name;
//Set special description for Ship Director.
if (r.IsStateAdmin)
{
//IsShipDirector = LookupBLL.IsShipDirector(viewData.UserId, viewData.StateFIPS);
if (viewData.IsShipDirector)
{
description = "State SHIP Director";
title = "Ship Director";
}
}
//Set descriptors here for State/CMS. Other Users have it in their UserRegionalProfiles.
if (r.scope.IsEqual(Scope.State) || r.scope.IsEqual(Scope.CMS))
{
viewData.DescriptorIds = GetDescriptorsForUser(viewData.UserId, Constants.Defaults.DefaultValues.AgencyIdForNonAgencyUsers);
}
//Add Supervisor data for State and CMS level users.
if (viewData.IsUserStateScope)
{
var reviewers = UserBLL.GetReviewersForUser(viewData.UserId, null);
if (reviewers != null && reviewers.Count() > 0)
{
viewData.SupervisorIdForStateUser = reviewers.First().Key;
viewData.SupervisorNameForStateUser = reviewers.First().Value;
}
}
description = (description == string.Empty) ? r.Description : description;
if (viewData.RegionalProfiles != null)
{
viewData.RegionalProfiles.ForEach(prof => prof.RegionScope = (Scope?)r.scope);
}
viewData.RoleDescription = description;
viewData.RoleTitle = title;
//viewData.IsShipDirector = IsShipDirector;
}
/// <summary>
/// Can Approve Agency if Approver is one of the following:
/// #) CMS Approvers
/// #) Ship Director or State Approver
/// #) Sub State Approver, where User Agency is part of Approver Sub State
/// #) Same Agency Approver
/// </summary>
/// <param name="AccountInfo"></param>
/// <param name="AgencyId"></param>
/// <returns></returns>
public static bool IsApproverForAgency(UserAccount AccountInfo, int AgencyId)
{
bool IsApprover = false;
if (AccountInfo.Scope.IsEqual(Scope.CMS))
{
return(IsApproverAtCMS(AccountInfo));
}
else if (AccountInfo.Scope.IsEqual(Scope.State))
{
return(IsApproverForState(AccountInfo, AccountInfo.StateFIPS));
}
else if (AccountInfo.Scope.IsEqual(Scope.SubStateRegion)) //for clarity
{
var SubStateAdminProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(AccountInfo.UserId, true);
foreach (UserRegionalAccessProfile SubStateProfile in SubStateAdminProfiles)
{
var AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(SubStateProfile.RegionId);
if (AgenciesForSubState != null && AgenciesForSubState.Count() > 0)
{
foreach (Agency ag in AgenciesForSubState)
{
//If agency is part of the Admin Sub State
if (ag.Id == AgencyId)
{
//Is admin is already checked while retrieving SubState profiles. Added for clarity.
return(SubStateProfile.IsAdmin && SubStateProfile.IsApproverDesignate);
}
}
}
}
}
else if (AccountInfo.Scope.IsEqual(Scope.Agency))
{
var AdminAgencies = UserAgencyBLL.GetUserAgencyProfiles(AccountInfo.UserId, true);
foreach (UserRegionalAccessProfile agencyProfile in AdminAgencies)
{
//Is admin is already checked while retrieving Agency profiles. Added for clarity.
if (agencyProfile.RegionId == AgencyId)
{
return(agencyProfile.IsAdmin && agencyProfile.IsApproverDesignate);
}
}
}
return(IsApprover);
}
private static bool CanViewStateUser(UserViewData StateUserData, UserViewData ViewerData)
{
if (ViewerData.IsUserCMSScope)
{
return(true);
}
else if (ViewerData.IsUserCMSRegionalScope)
{
//CMS Regional Users have only 1 regional profile. However, we can loop to accomodate any future expectations.
foreach (UserRegionalAccessProfile profile in ViewerData.RegionalProfiles)
{
IEnumerable <string> StatesForCMSRegion = LookupBLL.GetStatesForCMSRegion(profile.RegionId);
if (StatesForCMSRegion.Contains(StateUserData.StateFIPS))
{
return(true);
}
}
}
else if (ViewerData.IsUserStateScope && (ViewerData.StateFIPS == StateUserData.StateFIPS))
{
//States can have only 1 ship director.
//However, this logic will ensure that users viewing their own profile are allowed to do so.
if (StateUserData.IsShipDirector)
{
return(ViewerData.IsShipDirector);
}
else if (StateUserData.IsStateAdmin)
{
return(ViewerData.IsStateAdmin);
}
else if (StateUserData.IsUserStateScope) //State User. This is obvious, still, will have it here so bad calls are caught.
{
return(true);
}
}
//All others get knocked out.
return(false);
}
private static bool CanViewMultiAgencyUser(UserViewData AgencyUserData, UserViewData ViewerData)
{
if (ViewerData.IsUserCMSScope)
{
return(true);
}
else if (ViewerData.IsUserCMSRegionalScope)
{
//CMS Regional Users have only 1 regional profile. However, we can loop to accomodate any future expectations.
foreach (UserRegionalAccessProfile profile in ViewerData.RegionalProfiles)
{
IEnumerable <string> StatesForCMSRegion = LookupBLL.GetStatesForCMSRegion(profile.RegionId);
if (StatesForCMSRegion.Contains(AgencyUserData.StateFIPS))
{
return(true);
}
}
}
else //State Level Users follow
{
//Kick out other state users
if ((ViewerData.StateFIPS != AgencyUserData.StateFIPS))
{
return(false);
}
//State Scope Users must be Admins
if (ViewerData.IsUserStateScope)
{
return(true);
}
//Find if Sub States fall under one of the Agency of the User.
if (ViewerData.IsUserSubStateRegionalScope)
{
IEnumerable <UserRegionalAccessProfile> viewerSubStateProfiles = ViewerData.RegionalProfiles;
IEnumerable <UserRegionalAccessProfile> userAgencyProfiles = AgencyUserData.RegionalProfiles;
foreach (UserRegionalAccessProfile viewerSubStateProfile in viewerSubStateProfiles)
{
IEnumerable <Agency> agenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(viewerSubStateProfile.RegionId);
foreach (UserRegionalAccessProfile userAgencyProfile in userAgencyProfiles)
{
IEnumerable <Agency> matchingAgencies = agenciesForSubState.Where(ag => ag.Id == userAgencyProfile.RegionId);
if (matchingAgencies != null && matchingAgencies.Count() > 0)
{
return(true);
}
}
}
}
//Ofcourse, at this point, it get down to Agency User accessing Agency User
//Still we will check the scope of the ViewerData so bad calls are caught.
if (ViewerData.IsUserAgencyScope)
{
IEnumerable <UserRegionalAccessProfile> viewerAgencyProfiles = ViewerData.RegionalProfiles;
IEnumerable <UserRegionalAccessProfile> userAgencyProfiles = AgencyUserData.RegionalProfiles;
foreach (UserRegionalAccessProfile viewerAgencyProfile in viewerAgencyProfiles)
{
foreach (UserRegionalAccessProfile userAgencyProfile in userAgencyProfiles)
{
if (userAgencyProfile.RegionId == viewerAgencyProfile.RegionId)
{
if (userAgencyProfile.IsAdmin)
{
if (viewerAgencyProfile.IsAdmin)
{
return(true);
}
}
else
{
return(true);
}
}
}
}
}
}
//All other users are out
return(false);
}
private static bool CanViewMultiSubStateUser(UserViewData SubStateUserData, UserViewData ViewerData)
{
if (ViewerData.IsUserCMSScope)
{
return(true);
}
else if (ViewerData.IsUserCMSRegionalScope)
{
//CMS Regional Users have only 1 regional profile. However, we can loop to accomodate any future expectations.
foreach (UserRegionalAccessProfile profile in ViewerData.RegionalProfiles)
{
IEnumerable <string> StatesForCMSRegion = LookupBLL.GetStatesForCMSRegion(profile.RegionId);
if (StatesForCMSRegion.Contains(SubStateUserData.StateFIPS))
{
return(true);
}
}
}
else //State Level Users follow
{
//Kick out other state users
if ((ViewerData.StateFIPS != SubStateUserData.StateFIPS))
{
return(false);
}
//State Scope Users must be Admins
if (ViewerData.IsUserStateScope)
{
return(true);
}
//Kickout agency users.
if (ViewerData.IsUserSubStateRegionalScope)
{
//The only possibility from now on, is Editor is a Sub State User.
foreach (UserRegionalAccessProfile subStateUserProfile in SubStateUserData.RegionalProfiles)
{
foreach (UserRegionalAccessProfile viewerUserProfile in ViewerData.RegionalProfiles)
{
if (viewerUserProfile.RegionId == subStateUserProfile.RegionId)
{
//This logic is not perfect but close to what is possible.
//If the SubStateUser is Admin, then we need to ensure that User cannot see it.
//However, if the Viewer is also Admin, he can see it.
//If SubState User is a User, any one in same SubState can view.
if (subStateUserProfile.IsAdmin)
{
if (viewerUserProfile.IsAdmin)
{
return(true);
}
}
else
{
return(true);
}
}
}
}
}
}
//All other users are out
return(false);
}
public static bool CanAddUserToAgency(UserViewData AdminData, string StateFIPS, int AgencyIDRequested, bool NewUserRoleIsAdmin, bool ApproverRightsRequested)
{
if (ApproverRightsRequested)
{
//Approver rights request must be accompanied by Admin request
//because only Admins can be approvers
if (!NewUserRoleIsAdmin)
{
return(false);
}
if (AdminData.IsCMSAdmin && AdminData.IsCMSApproverDesignate)
{
return(true);
}
else
{
if (AdminData.StateFIPS == StateFIPS)
{
if (AdminData.IsShipDirector)
{
return(true);
}
else if (AdminData.IsStateAdmin)
{
return(AdminData.IsStateApproverDesignate);
}
else if (AdminData.IsUserSubStateRegionalScope)
{
//The Agency of the account requested must be part of Editor's Sub State region.
IEnumerable <UserRegionalAccessProfile> AdminSubStateProfiles = AdminData.RegionalProfiles;
foreach (UserRegionalAccessProfile subStateProfile in AdminSubStateProfiles)
{
if (subStateProfile.IsAdmin)
{
IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(subStateProfile.RegionId);
foreach (Agency agency in AgenciesForSubState)
{
if (agency.Id == AgencyIDRequested)
{
return(subStateProfile.IsApproverDesignate);
}
}
}
}
}
return(false);
}
else
{
return(false);
}
}
}
else
{
if (AdminData.IsCMSAdmin)
{
return(true);
}
else
{
if (AdminData.StateFIPS == StateFIPS)
{
if (AdminData.IsStateAdmin) //includes ship director
{
return(true);
}
else if (AdminData.IsUserSubStateRegionalScope)
{
//The only possibility from now on, is Editor is a Sub State User.
foreach (UserRegionalAccessProfile adminSubStateProfile in AdminData.RegionalProfiles)
{
if (adminSubStateProfile.IsAdmin)
{
IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(adminSubStateProfile.RegionId);
foreach (Agency agency in AgenciesForSubState)
{
if (agency.Id == AgencyIDRequested)
{
return(true);
}
}
}
}
}
else if (AdminData.IsUserAgencyScope)
{
IEnumerable <UserRegionalAccessProfile> adminAgencyProfiles = AdminData.RegionalProfiles.Where(p => p.IsAdmin == true && p.RegionId == AgencyIDRequested);
//Expecting only one item after adding the Where filter to RegionalProfiles; still moving with existing code.
foreach (UserRegionalAccessProfile adminProfile in adminAgencyProfiles)
{
if (NewUserRoleIsAdmin)
{
return(adminProfile.IsApproverDesignate);
}
else
{
return(true);
}
}
}
return(false);
}
else
{
return(false);
}
}
}
}
private static bool CanEditMultiAgencyUser(UserViewData AgencyUserData, UserViewData EditorData)
{
if (EditorData.IsCMSLevel)
{
//At CMS/CMSRegional level, only CMSAdmin is allowed.
return(EditorData.IsCMSAdmin);
}
else //State Level Users follow
{
//Kick out other state users
if ((EditorData.StateFIPS != AgencyUserData.StateFIPS))
{
return(false);
}
//State Scope Users must be Admins
if (EditorData.Scope.IsEqual(Scope.State))
{
return(EditorData.IsStateAdmin);
}
//Sub State User requesting Edit access on an Agency User.
else if (EditorData.Scope.IsEqual(Scope.SubStateRegion))
{
//The Agency of the account requested must be part of Editor's Sub State region.
IEnumerable <UserRegionalAccessProfile> EditorSubStateProfiles = EditorData.RegionalProfiles.Where(p => p.IsAdmin == true);
IEnumerable <UserRegionalAccessProfile> AgencyUserProfiles = AgencyUserData.RegionalProfiles;
foreach (UserRegionalAccessProfile adminSubStProfile in EditorSubStateProfiles)
{
IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(adminSubStProfile.RegionId);
foreach (UserRegionalAccessProfile agencyprofile in AgencyUserProfiles)
{
//Find a match between one of the agencies of the User Vs Agencies of Sub States where Admin has access.
Agency matchingAgency = AgenciesForSubState.Where(ag => (ag.Id == agencyprofile.RegionId) && (ag.IsActive == true)).FirstOrDefault();
if (matchingAgency != null)
{
return(true);
}
}
}
}
//Agency level User requesting Edit access on an Agency level User.
//It will be Agency level still I will put the If condition because I just like it :-,
else if (EditorData.Scope.IsEqual(Scope.Agency))
{
//The Agency of the account requested must be part of Editor's Sub State region.
IEnumerable <UserRegionalAccessProfile> EditorAgencyProfiles = EditorData.RegionalProfiles.Where(p => p.IsAdmin == true);
IEnumerable <UserRegionalAccessProfile> UserAgencyProfiles = AgencyUserData.RegionalProfiles;
foreach (UserRegionalAccessProfile agencyProfile in UserAgencyProfiles)
{
//Approvers can be edited only by higher scope Admins.
if (!agencyProfile.IsApproverDesignate)
{
foreach (UserRegionalAccessProfile editorAgency in EditorAgencyProfiles)
{
//User and Editor have access to same Agency
if (editorAgency.RegionId == agencyProfile.RegionId)
{
//We know editor is already admin from the filter we did to EditorData.RegionalProfiles.Where(...)
//Since admins cannot edit other admins, we ignore that condition as well
if (agencyProfile.IsAdmin)
{
if (editorAgency.IsApproverDesignate)
{
return(true);
}
}
else
{
return(true);
}
}
}
}
}
}
}
return(false);
}