UFN_SECURITY_APPUSER_GRANTED_BATCH_IN_NONRACROLE
Returns true if the given user has permissions to the given batch in a role that has not constituent security defined.
Return
| Return Type |
|---|
| bit |
Parameters
| Parameter | Parameter Type | Mode | Description |
|---|---|---|---|
| @APPUSERID | uniqueidentifier | IN | |
| @BATCHID | uniqueidentifier | IN |
Definition
Copy
CREATE function dbo.UFN_SECURITY_APPUSER_GRANTED_BATCH_IN_NONRACROLE
(
@APPUSERID uniqueidentifier,
@BATCHID uniqueidentifier
)
returns bit as
/*
Returns true if the given user has permissions to the given batch
in a role whose security group is blank
This function is optimized for use from the Blackbaud.AppFx.Security.Catalog.ConstitRecordSecurityService
class which implements the RecordSecurity service for Constituent record security.
As such, it assumes that a check for DENY occurs outside this function
and also assumes that a check for if the user is ISSYSADMIN occurs outside
this function.
*/
begin
--If user granted permission to the feature in a role with no ringfence then
--the user has permission regardless of the record in question.
if exists
(
select
1
from
dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHTEMPLATE as SV
with (NOEXPAND, INDEX(IX_V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHTEMPLATE_BATCHTEMPLATEID_APPUSERID))
inner join dbo.BATCH on SV.BATCHTEMPLATEID = BATCH.BATCHTEMPLATEID
WHERE
SV.APPUSERID = @APPUSERID AND
BATCH.ID = @BATCHID AND
SV.GRANTORDENY = 1 AND
SV.RECORDSECURITYMODE = 0
union all
select
1
from
dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHTYPE as SV
inner join dbo.BATCHTEMPLATE on BATCHTEMPLATE.BATCHTYPECATALOGID = SV.BATCHTYPECATALOGID
inner join dbo.BATCH on BATCH.BATCHTEMPLATEID = BATCHTEMPLATE.ID
where
SV.APPUSERID = @APPUSERID
AND BATCH.ID = @BATCHID
AND SV.GRANTORDENY = 1
AND SV.RECORDSECURITYMODE = 0
union all
select
1
from
dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHWORKFLOWSTATE as SV
with (NOEXPAND, INDEX(IX_V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHWORKFLOWSTATE_BATCHWORKFLOWSTATEID_APPUSERID))
inner join dbo.BATCH on BATCH.BATCHWORKFLOWSTATEID = SV.BATCHWORKFLOWSTATEID
where
SV.APPUSERID = @APPUSERID
AND BATCH.ID = @BATCHID
AND SV.GRANTORDENY = 1
AND SV.RECORDSECURITYMODE = 0
union all
select
1
from
dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHPROCESSOR as SV
with (NOEXPAND, INDEX(IX_V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHTEMPLATEPROCESSOR_BATCHTEMPLATEID_APPUSERID))
inner join dbo.BATCH on BATCH.BATCHTEMPLATEID = SV.BATCHTEMPLATEID
where
SV.APPUSERID = @APPUSERID
AND BATCH.ID = @BATCHID
AND SV.GRANTORDENY = 1
AND SV.RECORDSECURITYMODE = 0
union all
select
1
from
dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHTEMPLATEAPPROVER as SV
with (NOEXPAND, INDEX(IX_V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BATCHTEMPLATEAPPROVER_BATCHTEMPLATEID_APPUSERID))
inner join dbo.BATCH on BATCH.BATCHTEMPLATEID = SV.BATCHTEMPLATEID
where
SV.APPUSERID = @APPUSERID
AND BATCH.ID = @BATCHID
AND SV.GRANTORDENY = 1
AND SV.RECORDSECURITYMODE = 0
)
return 1;
return 0;
end