/// <summary> /// Can Approve Sub State User if: /// #) CMS Approvers /// #) Same State Ship Director /// #) Same State Approver Designate /// #) Same Sub State Approver Designates /// </summary> /// <param name="AccountInfo"></param> /// <param name="SubStateRegionId"></param> /// <returns></returns> public static bool IsApproverForSubState(UserAccount AccountInfo, int SubStateRegionId) { bool IsApprover = false; if (AccountInfo.Scope.IsEqual(Scope.CMS)) { return(IsApproverAtCMS(AccountInfo)); } else if (AccountInfo.Scope.IsEqual(Scope.State)) { var SubStates = LookupBLL.GetSubStateRegionsForState(AccountInfo.StateFIPS); if (SubStates != null && SubStates.Count > 0) { //Check if Sub State is part of Admin State [Same State check] if (SubStates.Keys.Contains(SubStateRegionId)) { return(IsApproverForState(AccountInfo, AccountInfo.StateFIPS)); } } } else if (AccountInfo.Scope.IsEqual(Scope.SubStateRegion)) //for clarity { var SubStateAdminProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(AccountInfo.UserId, true); foreach (UserRegionalAccessProfile SubStateProfile in SubStateAdminProfiles) { //Is admin is already checked while retrieving SubState profiles. Added for clarity. if (SubStateProfile.RegionId == SubStateRegionId) { return(SubStateProfile.IsAdmin && SubStateProfile.IsApproverDesignate); } } } return(IsApprover); }
public static bool CanEditAgencyUser(int AgencyId, bool UserIsAdmin, string StateFIPSOfAgency, bool UserIsApproverDesignate, UserViewData AdminData) { if (AdminData.IsCMSLevel) { return(AdminData.IsCMSAdmin); } else //State Level Users follow { //Kick out other state users if ((AdminData.StateFIPS != StateFIPSOfAgency)) { return(false); } //State Scope Users must be Admins if (AdminData.Scope.IsEqual(Scope.State)) { return(AdminData.IsStateAdmin); } else if (AdminData.Scope.IsEqual(Scope.SubStateRegion)) { IEnumerable <UserRegionalAccessProfile> AdminSubStateProfiles = AdminData.RegionalProfiles.Where(p => p.IsAdmin == true); foreach (UserRegionalAccessProfile adminProfile in AdminSubStateProfiles) { IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(adminProfile.RegionId); Agency matchingAgency = AgenciesForSubState.Where(ag => (ag.Id == AgencyId) && (ag.IsActive == true)).FirstOrDefault(); if (matchingAgency != null) { return(true); } } } else if (AdminData.Scope.IsEqual(Scope.Agency)) { //The Agency of the account requested must be part of Editor's Sub State region. IEnumerable <UserRegionalAccessProfile> AdminAgencyProfiles = AdminData.RegionalProfiles.Where(p => p.IsAdmin == true && p.RegionId == AgencyId); //We expect only one item in AdminAgencyProfiles after applying Where filter to regional profiles, but still living with same code. foreach (UserRegionalAccessProfile agencyProfile in AdminAgencyProfiles) { //Approvers can be edited by only higher scope admins. if (UserIsApproverDesignate) { return(false); } else if (UserIsAdmin) { return(agencyProfile.IsApproverDesignate); } else { return(true); } } } } return(false); }
/// <summary> /// To avoid the Business Object refer back to UserBLL, we would like to do the processing here, /// rather than User.cs where mapping is done. /// </summary> /// <param name="viewData"></param> /// <param name="accountInfo"></param> private static void StepUpViewData(ref UserViewData viewData) { string description = string.Empty; string title = string.Empty; //bool IsShipDirector = false; //Get the Role that match user account information Role r = LookupBLL.GetRole(viewData.Scope, viewData.IsAdmin); title = r.Name; //Set special description for Ship Director. if (r.IsStateAdmin) { //IsShipDirector = LookupBLL.IsShipDirector(viewData.UserId, viewData.StateFIPS); if (viewData.IsShipDirector) { description = "State SHIP Director"; title = "Ship Director"; } } //Set descriptors here for State/CMS. Other Users have it in their UserRegionalProfiles. if (r.scope.IsEqual(Scope.State) || r.scope.IsEqual(Scope.CMS)) { viewData.DescriptorIds = GetDescriptorsForUser(viewData.UserId, Constants.Defaults.DefaultValues.AgencyIdForNonAgencyUsers); } //Add Supervisor data for State and CMS level users. if (viewData.IsUserStateScope) { var reviewers = UserBLL.GetReviewersForUser(viewData.UserId, null); if (reviewers != null && reviewers.Count() > 0) { viewData.SupervisorIdForStateUser = reviewers.First().Key; viewData.SupervisorNameForStateUser = reviewers.First().Value; } } description = (description == string.Empty) ? r.Description : description; if (viewData.RegionalProfiles != null) { viewData.RegionalProfiles.ForEach(prof => prof.RegionScope = (Scope?)r.scope); } viewData.RoleDescription = description; viewData.RoleTitle = title; //viewData.IsShipDirector = IsShipDirector; }
/// <summary> /// Can Approve Agency if Approver is one of the following: /// #) CMS Approvers /// #) Ship Director or State Approver /// #) Sub State Approver, where User Agency is part of Approver Sub State /// #) Same Agency Approver /// </summary> /// <param name="AccountInfo"></param> /// <param name="AgencyId"></param> /// <returns></returns> public static bool IsApproverForAgency(UserAccount AccountInfo, int AgencyId) { bool IsApprover = false; if (AccountInfo.Scope.IsEqual(Scope.CMS)) { return(IsApproverAtCMS(AccountInfo)); } else if (AccountInfo.Scope.IsEqual(Scope.State)) { return(IsApproverForState(AccountInfo, AccountInfo.StateFIPS)); } else if (AccountInfo.Scope.IsEqual(Scope.SubStateRegion)) //for clarity { var SubStateAdminProfiles = UserSubStateRegionBLL.GetUserSubStateRegionalProfiles(AccountInfo.UserId, true); foreach (UserRegionalAccessProfile SubStateProfile in SubStateAdminProfiles) { var AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(SubStateProfile.RegionId); if (AgenciesForSubState != null && AgenciesForSubState.Count() > 0) { foreach (Agency ag in AgenciesForSubState) { //If agency is part of the Admin Sub State if (ag.Id == AgencyId) { //Is admin is already checked while retrieving SubState profiles. Added for clarity. return(SubStateProfile.IsAdmin && SubStateProfile.IsApproverDesignate); } } } } } else if (AccountInfo.Scope.IsEqual(Scope.Agency)) { var AdminAgencies = UserAgencyBLL.GetUserAgencyProfiles(AccountInfo.UserId, true); foreach (UserRegionalAccessProfile agencyProfile in AdminAgencies) { //Is admin is already checked while retrieving Agency profiles. Added for clarity. if (agencyProfile.RegionId == AgencyId) { return(agencyProfile.IsAdmin && agencyProfile.IsApproverDesignate); } } } return(IsApprover); }
private static bool CanViewStateUser(UserViewData StateUserData, UserViewData ViewerData) { if (ViewerData.IsUserCMSScope) { return(true); } else if (ViewerData.IsUserCMSRegionalScope) { //CMS Regional Users have only 1 regional profile. However, we can loop to accomodate any future expectations. foreach (UserRegionalAccessProfile profile in ViewerData.RegionalProfiles) { IEnumerable <string> StatesForCMSRegion = LookupBLL.GetStatesForCMSRegion(profile.RegionId); if (StatesForCMSRegion.Contains(StateUserData.StateFIPS)) { return(true); } } } else if (ViewerData.IsUserStateScope && (ViewerData.StateFIPS == StateUserData.StateFIPS)) { //States can have only 1 ship director. //However, this logic will ensure that users viewing their own profile are allowed to do so. if (StateUserData.IsShipDirector) { return(ViewerData.IsShipDirector); } else if (StateUserData.IsStateAdmin) { return(ViewerData.IsStateAdmin); } else if (StateUserData.IsUserStateScope) //State User. This is obvious, still, will have it here so bad calls are caught. { return(true); } } //All others get knocked out. return(false); }
private static bool CanViewMultiAgencyUser(UserViewData AgencyUserData, UserViewData ViewerData) { if (ViewerData.IsUserCMSScope) { return(true); } else if (ViewerData.IsUserCMSRegionalScope) { //CMS Regional Users have only 1 regional profile. However, we can loop to accomodate any future expectations. foreach (UserRegionalAccessProfile profile in ViewerData.RegionalProfiles) { IEnumerable <string> StatesForCMSRegion = LookupBLL.GetStatesForCMSRegion(profile.RegionId); if (StatesForCMSRegion.Contains(AgencyUserData.StateFIPS)) { return(true); } } } else //State Level Users follow { //Kick out other state users if ((ViewerData.StateFIPS != AgencyUserData.StateFIPS)) { return(false); } //State Scope Users must be Admins if (ViewerData.IsUserStateScope) { return(true); } //Find if Sub States fall under one of the Agency of the User. if (ViewerData.IsUserSubStateRegionalScope) { IEnumerable <UserRegionalAccessProfile> viewerSubStateProfiles = ViewerData.RegionalProfiles; IEnumerable <UserRegionalAccessProfile> userAgencyProfiles = AgencyUserData.RegionalProfiles; foreach (UserRegionalAccessProfile viewerSubStateProfile in viewerSubStateProfiles) { IEnumerable <Agency> agenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(viewerSubStateProfile.RegionId); foreach (UserRegionalAccessProfile userAgencyProfile in userAgencyProfiles) { IEnumerable <Agency> matchingAgencies = agenciesForSubState.Where(ag => ag.Id == userAgencyProfile.RegionId); if (matchingAgencies != null && matchingAgencies.Count() > 0) { return(true); } } } } //Ofcourse, at this point, it get down to Agency User accessing Agency User //Still we will check the scope of the ViewerData so bad calls are caught. if (ViewerData.IsUserAgencyScope) { IEnumerable <UserRegionalAccessProfile> viewerAgencyProfiles = ViewerData.RegionalProfiles; IEnumerable <UserRegionalAccessProfile> userAgencyProfiles = AgencyUserData.RegionalProfiles; foreach (UserRegionalAccessProfile viewerAgencyProfile in viewerAgencyProfiles) { foreach (UserRegionalAccessProfile userAgencyProfile in userAgencyProfiles) { if (userAgencyProfile.RegionId == viewerAgencyProfile.RegionId) { if (userAgencyProfile.IsAdmin) { if (viewerAgencyProfile.IsAdmin) { return(true); } } else { return(true); } } } } } } //All other users are out return(false); }
private static bool CanViewMultiSubStateUser(UserViewData SubStateUserData, UserViewData ViewerData) { if (ViewerData.IsUserCMSScope) { return(true); } else if (ViewerData.IsUserCMSRegionalScope) { //CMS Regional Users have only 1 regional profile. However, we can loop to accomodate any future expectations. foreach (UserRegionalAccessProfile profile in ViewerData.RegionalProfiles) { IEnumerable <string> StatesForCMSRegion = LookupBLL.GetStatesForCMSRegion(profile.RegionId); if (StatesForCMSRegion.Contains(SubStateUserData.StateFIPS)) { return(true); } } } else //State Level Users follow { //Kick out other state users if ((ViewerData.StateFIPS != SubStateUserData.StateFIPS)) { return(false); } //State Scope Users must be Admins if (ViewerData.IsUserStateScope) { return(true); } //Kickout agency users. if (ViewerData.IsUserSubStateRegionalScope) { //The only possibility from now on, is Editor is a Sub State User. foreach (UserRegionalAccessProfile subStateUserProfile in SubStateUserData.RegionalProfiles) { foreach (UserRegionalAccessProfile viewerUserProfile in ViewerData.RegionalProfiles) { if (viewerUserProfile.RegionId == subStateUserProfile.RegionId) { //This logic is not perfect but close to what is possible. //If the SubStateUser is Admin, then we need to ensure that User cannot see it. //However, if the Viewer is also Admin, he can see it. //If SubState User is a User, any one in same SubState can view. if (subStateUserProfile.IsAdmin) { if (viewerUserProfile.IsAdmin) { return(true); } } else { return(true); } } } } } } //All other users are out return(false); }
public static bool CanAddUserToAgency(UserViewData AdminData, string StateFIPS, int AgencyIDRequested, bool NewUserRoleIsAdmin, bool ApproverRightsRequested) { if (ApproverRightsRequested) { //Approver rights request must be accompanied by Admin request //because only Admins can be approvers if (!NewUserRoleIsAdmin) { return(false); } if (AdminData.IsCMSAdmin && AdminData.IsCMSApproverDesignate) { return(true); } else { if (AdminData.StateFIPS == StateFIPS) { if (AdminData.IsShipDirector) { return(true); } else if (AdminData.IsStateAdmin) { return(AdminData.IsStateApproverDesignate); } else if (AdminData.IsUserSubStateRegionalScope) { //The Agency of the account requested must be part of Editor's Sub State region. IEnumerable <UserRegionalAccessProfile> AdminSubStateProfiles = AdminData.RegionalProfiles; foreach (UserRegionalAccessProfile subStateProfile in AdminSubStateProfiles) { if (subStateProfile.IsAdmin) { IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(subStateProfile.RegionId); foreach (Agency agency in AgenciesForSubState) { if (agency.Id == AgencyIDRequested) { return(subStateProfile.IsApproverDesignate); } } } } } return(false); } else { return(false); } } } else { if (AdminData.IsCMSAdmin) { return(true); } else { if (AdminData.StateFIPS == StateFIPS) { if (AdminData.IsStateAdmin) //includes ship director { return(true); } else if (AdminData.IsUserSubStateRegionalScope) { //The only possibility from now on, is Editor is a Sub State User. foreach (UserRegionalAccessProfile adminSubStateProfile in AdminData.RegionalProfiles) { if (adminSubStateProfile.IsAdmin) { IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(adminSubStateProfile.RegionId); foreach (Agency agency in AgenciesForSubState) { if (agency.Id == AgencyIDRequested) { return(true); } } } } } else if (AdminData.IsUserAgencyScope) { IEnumerable <UserRegionalAccessProfile> adminAgencyProfiles = AdminData.RegionalProfiles.Where(p => p.IsAdmin == true && p.RegionId == AgencyIDRequested); //Expecting only one item after adding the Where filter to RegionalProfiles; still moving with existing code. foreach (UserRegionalAccessProfile adminProfile in adminAgencyProfiles) { if (NewUserRoleIsAdmin) { return(adminProfile.IsApproverDesignate); } else { return(true); } } } return(false); } else { return(false); } } } }
private static bool CanEditMultiAgencyUser(UserViewData AgencyUserData, UserViewData EditorData) { if (EditorData.IsCMSLevel) { //At CMS/CMSRegional level, only CMSAdmin is allowed. return(EditorData.IsCMSAdmin); } else //State Level Users follow { //Kick out other state users if ((EditorData.StateFIPS != AgencyUserData.StateFIPS)) { return(false); } //State Scope Users must be Admins if (EditorData.Scope.IsEqual(Scope.State)) { return(EditorData.IsStateAdmin); } //Sub State User requesting Edit access on an Agency User. else if (EditorData.Scope.IsEqual(Scope.SubStateRegion)) { //The Agency of the account requested must be part of Editor's Sub State region. IEnumerable <UserRegionalAccessProfile> EditorSubStateProfiles = EditorData.RegionalProfiles.Where(p => p.IsAdmin == true); IEnumerable <UserRegionalAccessProfile> AgencyUserProfiles = AgencyUserData.RegionalProfiles; foreach (UserRegionalAccessProfile adminSubStProfile in EditorSubStateProfiles) { IEnumerable <Agency> AgenciesForSubState = LookupBLL.GetAgenciesForSubStateRegion(adminSubStProfile.RegionId); foreach (UserRegionalAccessProfile agencyprofile in AgencyUserProfiles) { //Find a match between one of the agencies of the User Vs Agencies of Sub States where Admin has access. Agency matchingAgency = AgenciesForSubState.Where(ag => (ag.Id == agencyprofile.RegionId) && (ag.IsActive == true)).FirstOrDefault(); if (matchingAgency != null) { return(true); } } } } //Agency level User requesting Edit access on an Agency level User. //It will be Agency level still I will put the If condition because I just like it :-, else if (EditorData.Scope.IsEqual(Scope.Agency)) { //The Agency of the account requested must be part of Editor's Sub State region. IEnumerable <UserRegionalAccessProfile> EditorAgencyProfiles = EditorData.RegionalProfiles.Where(p => p.IsAdmin == true); IEnumerable <UserRegionalAccessProfile> UserAgencyProfiles = AgencyUserData.RegionalProfiles; foreach (UserRegionalAccessProfile agencyProfile in UserAgencyProfiles) { //Approvers can be edited only by higher scope Admins. if (!agencyProfile.IsApproverDesignate) { foreach (UserRegionalAccessProfile editorAgency in EditorAgencyProfiles) { //User and Editor have access to same Agency if (editorAgency.RegionId == agencyProfile.RegionId) { //We know editor is already admin from the filter we did to EditorData.RegionalProfiles.Where(...) //Since admins cannot edit other admins, we ignore that condition as well if (agencyProfile.IsAdmin) { if (editorAgency.IsApproverDesignate) { return(true); } } else { return(true); } } } } } } } return(false); }