public bool HasAccess (Access access) { if (access == null) { return true; } // TEMPORARY access control lists // TODO: Build access control list from org chart, compare against required access string ids = string.Empty; if (access.Type == AccessType.Write) { ids = access.Organization.Parameters.TemporaryAccessListWrite; } else if (access.Type == AccessType.Read) { ids = access.Organization.Parameters.TemporaryAccessListWrite + " " + access.Organization.Parameters.TemporaryAccessListRead; // Write access implies read access } List<string> resultingPeople = new List<string>(); string[] idStrings = ids.Trim().Replace(" ", " ").Split(' '); foreach (string idString in idStrings) { if (Int32.Parse(idString) == this.Identity) { return true; } } return false; }
/// <summary> /// Determines if this Authority has a particular Access. /// </summary> /// <param name="access">The access desired.</param> /// <returns>True if access can be granted.</returns> public bool HasAccess(Access access) { if (access == null) { throw new ArgumentNullException("access", @"Access cannot be null, but must always be explicitly specified. Specify AccessAspect.Null if null access is desired."); } if (access.Aspect == AccessAspect.Null) { // Null security (like Dashboard), so return true return(true); } // Check for participant financials if (access.Aspect == AccessAspect.Financials && access.Type == AccessType.Read) { if (access.Organization.ParticipantFinancialsEnabled) { // This organization has decided to open its financial reports to all participants. Reselect the access request to "participant" level. access = new Access(access.Organization, AccessAspect.Participant); } } // Check for Participant access level if (access.Aspect == AccessAspect.Participant) { // Check that a membership (or whatever this org calls it) exists, for this org or a parentline org if (Person.ParticipatesInOrganizationOrParent(access.Organization)) { return(true); } } // if Open Ledgers, return true if ((access.Aspect == AccessAspect.Bookkeeping || access.Aspect == AccessAspect.Financials) && access.Type == AccessType.Read && this.Person.Identity == Swarm.Person.OpenLedgersIdentity) { return(true); } // We're at the end of generic access control - now, check against position assignments // Check if the person is currently acting at sysadmin level if (HasSystemAccess(access.Type)) { return(true); } // If system-level access was requested and has not been granted at this point, deny it if (access.Organization == null) { return(false); } // Organization-level or geography-level access requested if (Assignment == null) { // No assignment to ask, therefore, no access return(false); } // Ask the current position assignment if it has the requested access Position currentPosition = Assignment.Position; currentPosition.AssignGeography(Assignment.Geography); return(currentPosition.HasAccess(access)); }