sanAntonioSeniorGolf/API/Authentication/UserAuthentication.cs

using API.Authentication.GrantNames;
using API.Authentication.Interfaces;
using API.DTO.Base;
using API.Services;
using DAL.Models;

namespace API.Authentication
{
	public class UserAuthentication : IUserAuthentication
	{
		private readonly GrantService _grantService;
		private readonly ILogger<UserAuthentication> _logger;
		private readonly UserService _userService;
		public UserAuthentication(ILogger<UserAuthentication> logger, GrantService grantService, UserService userService)
		{
			_logger = logger;
			_grantService = grantService;
			_userService = userService;
		}

		public bool canGetAll(User user)
		{
			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
		}
		public bool canGet(User model, User user)
		{
			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
			       _grantService.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
		}
		public bool canAdd(UserDTO item, User user)
		{
			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanAdd);
		}

		// todo this needs to be made much better
		public bool canUpdate(User model, User user)
		{
			User origUser;
			if (model.id == user.id)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
				    || !_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
				    || !_grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)
				   )
					return false;

				// Don't let the user change their own permissionId
				if (model.permissionId != user.permissionId)
					return false;
				origUser = user;
			}
			else
			{
				origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
			}

			if (origUser.permissionId != model.permissionId)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
					return false;
			}

			if (origUser.firstName != user.firstName || origUser.lastName != user.lastName)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
					return false;
			}

			if (origUser.phoneNumber != user.phoneNumber)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
					return false;
			}

			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
			       || model.id == user.id &&
			       _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
			       || _grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
		}
		public bool canDelete(User model, User user)
		{
			return (_grantService.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
			        _grantService.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
			       && model.id != user.id;
		}
	}
}
added UserAuthentication 2024-07-15 13:23:58 -05:00			`using API.Authentication.GrantNames;`
			`using API.Authentication.Interfaces;`
			`using API.DTO.Base;`
			`using API.Services;`
			`using DAL.Models;`

			`namespace API.Authentication`
			`{`
			`public class UserAuthentication : IUserAuthentication`
			`{`
			`private readonly GrantService _grantService;`
			`private readonly ILogger<UserAuthentication> _logger;`
			`private readonly UserService _userService;`
			`public UserAuthentication(ILogger<UserAuthentication> logger, GrantService grantService, UserService userService)`
			`{`
			`_logger = logger;`
			`_grantService = grantService;`
			`_userService = userService;`
			`}`

			`public bool canGetAll(User user)`
			`{`
			`return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAll);`
			`}`
			`public bool canGet(User model, User user)`
			`{`
			`return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAny) \|\|`
			`_grantService.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);`
			`}`
			`public bool canAdd(UserDTO item, User user)`
			`{`
			`return _grantService.hasGrant(user.permissionId, UserGrantNames.CanAdd);`
			`}`

			`// todo this needs to be made much better`
			`public bool canUpdate(User model, User user)`
			`{`
			`User origUser;`
			`if (model.id == user.id)`
			`{`
			`if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)`
			`\|\| !_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)`
			`\|\| !_grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)`
			`)`
			`return false;`

			`// Don't let the user change their own permissionId`
			`if (model.permissionId != user.permissionId)`
			`return false;`
			`origUser = user;`
			`}`
			`else`
			`{`
			`origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");`
			`}`

			`if (origUser.permissionId != model.permissionId)`
			`{`
			`if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))`
			`return false;`
			`}`

			`if (origUser.firstName != user.firstName \|\| origUser.lastName != user.lastName)`
			`{`
			`if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))`
			`return false;`
			`}`

			`if (origUser.phoneNumber != user.phoneNumber)`
			`{`
			`if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))`
			`return false;`
			`}`

			`return _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)`
			`\|\| model.id == user.id &&`
			`_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)`
			`\|\| _grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);`
			`}`
			`public bool canDelete(User model, User user)`
			`{`
			`return (_grantService.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) \|\|`
			`_grantService.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))`
			`&& model.id != user.id;`
			`}`
			`}`
			`}`