From 374b8c64c92613635f94d89f5c97f5767c40c380 Mon Sep 17 00:00:00 2001
From: quentin <qrs01@snowtx.com>
Date: Mon, 19 Aug 2024 16:08:35 -0500
Subject: [PATCH] Added grantManager and authentication now uses
 GrantManager.cs

---
 API/Authentication/ColorAuthentication.cs     | 23 ++---
 API/Authentication/EventAuthentication.cs     | 23 ++---
 API/Authentication/GrantAuthentication.cs     | 23 ++---
 API/Authentication/ImageAuthentication.cs     | 23 ++---
 .../PermissionAuthentication.cs               | 23 ++---
 .../SavedEventAuthentication.cs               | 23 ++---
 API/Authentication/UserAuthentication.cs      | 49 ++++++-----
 API/Program.cs                                | 23 ++++-
 API/Services/GrantManager.cs                  | 85 +++++++++++++++++++
 API/Services/GrantService.cs                  | 61 -------------
 API/Services/Interfaces/IGrantManager.cs      | 11 +++
 11 files changed, 213 insertions(+), 154 deletions(-)
 create mode 100644 API/Services/GrantManager.cs
 create mode 100644 API/Services/Interfaces/IGrantManager.cs

diff --git a/API/Authentication/ColorAuthentication.cs b/API/Authentication/ColorAuthentication.cs
index f7c6bef..8cf00dd 100644
--- a/API/Authentication/ColorAuthentication.cs
+++ b/API/Authentication/ColorAuthentication.cs
@@ -2,42 +2,43 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class ColorAuthentication : IColorAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<ColorAuthentication> _logger;
-		public ColorAuthentication(ILogger<ColorAuthentication> logger, GrantService grantService)
+		public ColorAuthentication(ILogger<ColorAuthentication> logger, IGrantManager grantManager)
 		{
 			_logger = logger;
-			_grantService = grantService;
+			_grantManager = grantManager;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, ColorGrantNames.CanGetAll);
 		}
 		public bool canGet(Color model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, ColorGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, ColorGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, ColorGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(ColorDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanAdd);
+			return _grantManager.hasGrant(user.permissionId, ColorGrantNames.CanAdd);
 		}
 		public bool canUpdate(Color model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanUpdateAny) ||
-			       _grantService.getULongValues(user.permissionId, ColorGrantNames.CanUpdate).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, ColorGrantNames.CanUpdateAny) ||
+			       _grantManager.getULongValues(user.permissionId, ColorGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(Color model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanDeleteAny) ||
-			       _grantService.getULongValues(user.permissionId, ColorGrantNames.CanDelete).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, ColorGrantNames.CanDeleteAny) ||
+			       _grantManager.getULongValues(user.permissionId, ColorGrantNames.CanDelete).Exists(x => x == model.id);
 		}
 	}
 }
diff --git a/API/Authentication/EventAuthentication.cs b/API/Authentication/EventAuthentication.cs
index eb0766a..b98d4a6 100644
--- a/API/Authentication/EventAuthentication.cs
+++ b/API/Authentication/EventAuthentication.cs
@@ -2,43 +2,44 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class EventAuthentication : IEventAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<EventAuthentication> _logger;
 
-		public EventAuthentication(GrantService grantService, ILogger<EventAuthentication> logger)
+		public EventAuthentication(IGrantManager grantManager, ILogger<EventAuthentication> logger)
 		{
-			_grantService = grantService;
+			_grantManager = grantManager;
 			_logger = logger;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, EventGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, EventGrantNames.CanGetAll);
 		}
 		public bool canGet(Event model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, EventGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, EventGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, EventGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, EventGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(EventDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, EventGrantNames.CanAdd);
+			return _grantManager.hasGrant(user.permissionId, EventGrantNames.CanAdd);
 		}
 		public bool canUpdate(Event model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, EventGrantNames.CanUpdateAny) ||
-			       _grantService.getULongValues(user.permissionId, EventGrantNames.CanUpdate).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, EventGrantNames.CanUpdateAny) ||
+			       _grantManager.getULongValues(user.permissionId, EventGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(Event model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, EventGrantNames.CanDeleteAny) ||
-			       _grantService.getULongValues(user.permissionId, EventGrantNames.CanDelete).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, EventGrantNames.CanDeleteAny) ||
+			       _grantManager.getULongValues(user.permissionId, EventGrantNames.CanDelete).Exists(x => x == model.id);
 		}
 	}
 }
diff --git a/API/Authentication/GrantAuthentication.cs b/API/Authentication/GrantAuthentication.cs
index 7b95ebd..0dab376 100644
--- a/API/Authentication/GrantAuthentication.cs
+++ b/API/Authentication/GrantAuthentication.cs
@@ -2,34 +2,35 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class GrantAuthentication : IGrantAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<GrantAuthentication> _logger;
 
-		public GrantAuthentication(GrantService grantService, ILogger<GrantAuthentication> logger)
+		public GrantAuthentication(IGrantManager grantManager, ILogger<GrantAuthentication> logger)
 		{
-			_grantService = grantService;
+			_grantManager = grantManager;
 			_logger = logger;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, GrantGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, GrantGrantNames.CanGetAll);
 		}
 		public bool canGet(Grant model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, GrantGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, GrantGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, GrantGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, GrantGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(GrantDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, GrantGrantNames.CanAdd) && 
-			       _grantService.hasGrant(user.permissionId, item.name);
+			return _grantManager.hasGrant(user.permissionId, GrantGrantNames.CanAdd) && 
+			       _grantManager.hasGrant(user.permissionId, item.name);
 		}
 		public bool canUpdate(Grant model, User user)
 		{
@@ -38,9 +39,9 @@ namespace API.Authentication
 		}
 		public bool canDelete(Grant model, User user)
 		{
-			return (_grantService.hasGrant(user.permissionId, GrantGrantNames.CanDeleteAny) ||
-			       _grantService.getULongValues(user.permissionId, GrantGrantNames.CanDelete).Exists(x => x == model.id))
-				&& _grantService.hasGrant(user.permissionId, model.name);
+			return (_grantManager.hasGrant(user.permissionId, GrantGrantNames.CanDeleteAny) ||
+			       _grantManager.getULongValues(user.permissionId, GrantGrantNames.CanDelete).Exists(x => x == model.id))
+				&& _grantManager.hasGrant(user.permissionId, model.name);
 		}
 	}
 }
diff --git a/API/Authentication/ImageAuthentication.cs b/API/Authentication/ImageAuthentication.cs
index 9b23f52..f35d2c8 100644
--- a/API/Authentication/ImageAuthentication.cs
+++ b/API/Authentication/ImageAuthentication.cs
@@ -2,42 +2,43 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class ImageAuthentication : IImageAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<ImageAuthentication> _logger;
-		public ImageAuthentication(ILogger<ImageAuthentication> logger, GrantService grantService)
+		public ImageAuthentication(ILogger<ImageAuthentication> logger, IGrantManager grantManager)
 		{
 			_logger = logger;
-			_grantService = grantService;
+			_grantManager = grantManager;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ImageGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, ImageGrantNames.CanGetAll);
 		}
 		public bool canGet(Image model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ImageGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, ImageGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, ImageGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, ImageGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(ImageDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ImageGrantNames.CanAdd);
+			return _grantManager.hasGrant(user.permissionId, ImageGrantNames.CanAdd);
 		}
 		public bool canUpdate(Image model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ImageGrantNames.CanUpdateAny) ||
-			       _grantService.getULongValues(user.permissionId, ImageGrantNames.CanUpdate).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, ImageGrantNames.CanUpdateAny) ||
+			       _grantManager.getULongValues(user.permissionId, ImageGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(Image model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, ImageGrantNames.CanDeleteAny) ||
-			       _grantService.getULongValues(user.permissionId, ImageGrantNames.CanDelete).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, ImageGrantNames.CanDeleteAny) ||
+			       _grantManager.getULongValues(user.permissionId, ImageGrantNames.CanDelete).Exists(x => x == model.id);
 		}
 	}
 }
diff --git a/API/Authentication/PermissionAuthentication.cs b/API/Authentication/PermissionAuthentication.cs
index 1148239..50268ab 100644
--- a/API/Authentication/PermissionAuthentication.cs
+++ b/API/Authentication/PermissionAuthentication.cs
@@ -2,42 +2,43 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class PermissionAuthentication : IPermissionAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<PermissionAuthentication> _logger;
-		public PermissionAuthentication(ILogger<PermissionAuthentication> logger, GrantService grantService)
+		public PermissionAuthentication(ILogger<PermissionAuthentication> logger, IGrantManager grantManager)
 		{
 			_logger = logger;
-			_grantService = grantService;
+			_grantManager = grantManager;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, PermissionGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, PermissionGrantNames.CanGetAll);
 		}
 		public bool canGet(Permission model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, PermissionGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, PermissionGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, PermissionGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, PermissionGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(PermissionDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, PermissionGrantNames.CanAdd);
+			return _grantManager.hasGrant(user.permissionId, PermissionGrantNames.CanAdd);
 		}
 		public bool canUpdate(Permission model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, PermissionGrantNames.CanUpdateAny) ||
-			       _grantService.getULongValues(user.permissionId, PermissionGrantNames.CanUpdate).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, PermissionGrantNames.CanUpdateAny) ||
+			       _grantManager.getULongValues(user.permissionId, PermissionGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(Permission model, User user)
 		{
-			return (_grantService.hasGrant(user.permissionId, PermissionGrantNames.CanDeleteAny) ||
-			        _grantService.getULongValues(user.permissionId, PermissionGrantNames.CanDelete).Exists(x => x == model.id))
+			return (_grantManager.hasGrant(user.permissionId, PermissionGrantNames.CanDeleteAny) ||
+			        _grantManager.getULongValues(user.permissionId, PermissionGrantNames.CanDelete).Exists(x => x == model.id))
 			       && model.id != user.permissionId;
 		}
 	}
diff --git a/API/Authentication/SavedEventAuthentication.cs b/API/Authentication/SavedEventAuthentication.cs
index fe75588..9c49bc2 100644
--- a/API/Authentication/SavedEventAuthentication.cs
+++ b/API/Authentication/SavedEventAuthentication.cs
@@ -2,42 +2,43 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class SavedEventAuthentication : ISavedEventAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<SavedEventAuthentication> _logger;
-		public SavedEventAuthentication(ILogger<SavedEventAuthentication> logger, GrantService grantService)
+		public SavedEventAuthentication(ILogger<SavedEventAuthentication> logger, IGrantManager grantManager)
 		{
 			_logger = logger;
-			_grantService = grantService;
+			_grantManager = grantManager;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, SavedEventGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, SavedEventGrantNames.CanGetAll);
 		}
 		public bool canGet(SavedEvent model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, SavedEventGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, SavedEventGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, SavedEventGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, SavedEventGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(SavedEventDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, SavedEventGrantNames.CanAdd);
+			return _grantManager.hasGrant(user.permissionId, SavedEventGrantNames.CanAdd);
 		}
 		public bool canUpdate(SavedEvent model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, SavedEventGrantNames.CanUpdateAny) ||
-			       _grantService.getULongValues(user.permissionId, SavedEventGrantNames.CanUpdate).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, SavedEventGrantNames.CanUpdateAny) ||
+			       _grantManager.getULongValues(user.permissionId, SavedEventGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(SavedEvent model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, SavedEventGrantNames.CanDeleteAny) ||
-			       _grantService.getULongValues(user.permissionId, SavedEventGrantNames.CanDelete).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, SavedEventGrantNames.CanDeleteAny) ||
+			       _grantManager.getULongValues(user.permissionId, SavedEventGrantNames.CanDelete).Exists(x => x == model.id);
 		}
 	}
 }
diff --git a/API/Authentication/UserAuthentication.cs b/API/Authentication/UserAuthentication.cs
index 901d759..efee03e 100644
--- a/API/Authentication/UserAuthentication.cs
+++ b/API/Authentication/UserAuthentication.cs
@@ -2,45 +2,44 @@ using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
 using API.Services;
+using API.Services.Interfaces;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class UserAuthentication : IUserAuthentication
 	{
-		private readonly GrantService _grantService;
+		private readonly IGrantManager _grantManager;
 		private readonly ILogger<UserAuthentication> _logger;
-		private readonly UserService _userService;
-		public UserAuthentication(ILogger<UserAuthentication> logger, GrantService grantService, UserService userService)
+		public UserAuthentication(ILogger<UserAuthentication> logger, IGrantManager grantManager)
 		{
 			_logger = logger;
-			_grantService = grantService;
-			_userService = userService;
+			_grantManager = grantManager;
 		}
 
 		public bool canGetAll(User user)
 		{
-			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
+			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
 		}
 		public bool canGet(User model, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
-			       _grantService.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
+			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
+			       _grantManager.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(UserDTO item, User user)
 		{
-			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanAdd);
+			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanAdd);
 		}
 
 		// todo this needs to be made much better
 		public bool canUpdate(User model, User user)
 		{
-			User origUser;
+			User origUser = user;
 			if (model.id == user.id)
 			{
-				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
-				    || !_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
-				    || !_grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)
+				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
+				    || !_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
+				    || !_grantManager.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)
 				   )
 					return false;
 
@@ -49,38 +48,38 @@ namespace API.Authentication
 					return false;
 				origUser = user;
 			}
-			else
-			{
-				origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
-			}
+			// else
+			// {
+			// 	origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
+			// }
 
 			if (origUser.permissionId != model.permissionId)
 			{
-				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
+				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
 					return false;
 			}
 
 			if (origUser.firstName != user.firstName || origUser.lastName != user.lastName)
 			{
-				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
+				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
 					return false;
 			}
 
 			if (origUser.phoneNumber != user.phoneNumber)
 			{
-				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
+				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
 					return false;
 			}
 
-			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
+			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
 			       || model.id == user.id &&
-			       _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
-			       || _grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
+			       _grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
+			       || _grantManager.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(User model, User user)
 		{
-			return (_grantService.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
-			        _grantService.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
+			return (_grantManager.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
+			        _grantManager.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
 			       && model.id != user.id;
 		}
 	}
diff --git a/API/Program.cs b/API/Program.cs
index d0754c6..699dc4d 100644
--- a/API/Program.cs
+++ b/API/Program.cs
@@ -15,8 +15,23 @@ using InvalidOperationException = System.InvalidOperationException;
 
 namespace API
 {
-	internal class Program
+	internal static class Program
 	{
+		public static IServiceCollection AddLazyResolution(this IServiceCollection services)
+		{
+			return services.AddTransient(
+				typeof(Lazy<>),
+				typeof(LazilyResolved<>));
+		}
+
+		private class LazilyResolved<T> : Lazy<T>
+		{
+			public LazilyResolved(IServiceProvider serviceProvider)
+				: base(serviceProvider.GetRequiredService<T>)
+			{
+			}
+		}
+		
 		public static void Main(string[] args)
 		{
 			WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
@@ -58,12 +73,15 @@ namespace API
 			builder.Services.AddTransient<IGrantAuthentication, GrantAuthentication>();
 			builder.Services.AddTransient<IImageAuthentication, ImageAuthentication>();
 			builder.Services.AddTransient<IColorAuthentication, ColorAuthentication>();
-			builder.Services.AddTransient<IColorAuthentication, ColorAuthentication>();
+			builder.Services.AddTransient<IPermissionAuthentication, PermissionAuthentication>();
+			builder.Services.AddTransient<ISavedEventAuthentication, SavedEventAuthentication>();
+			builder.Services.AddTransient<IUserAuthentication, UserAuthentication>();
 
 			builder.Services.AddTransient<IHashingFactory, HashingFactory>();
 
 			builder.Services.AddTransient<IHashingAlgorithm, Pbkdf2>();
 
+			builder.Services.AddTransient<IGrantManager, GrantManager>();
 			builder.Services.AddTransient<IUserManager, UserManager>(options =>
 			{
 				UserService userService = options.GetRequiredService<UserService>();
@@ -79,6 +97,7 @@ namespace API
 
 
 			builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
+			builder.Services.AddLazyResolution();
 
 			WebApplication app = builder.Build();
 
diff --git a/API/Services/GrantManager.cs b/API/Services/GrantManager.cs
new file mode 100644
index 0000000..42e8e5c
--- /dev/null
+++ b/API/Services/GrantManager.cs
@@ -0,0 +1,85 @@
+using API.Services.Interfaces;
+using DAL.Contexts;
+using DAL.Models;
+using System.Linq.Expressions;
+
+namespace API.Services
+{
+	public class GrantManager : IGrantManager
+	{
+		private ILogger<GrantManager> _logger;
+		private SASGContext _context;
+		
+		public GrantManager(ILogger<GrantManager> logger, SASGContext context)
+		{
+			_logger = logger;
+			_context = context;
+		}
+
+		private IEnumerable<Grant> getGrant(Expression<Func<Grant, bool>> whereClause)
+		{
+			return _context.Set<Grant>().Where(whereClause);
+		}
+		
+		public bool hasGrant(ulong permissionId, string grantName)
+		{
+			return getGrant(x => x.permissionId == permissionId && x.name.Equals(grantName)).Any();
+		}
+		
+		public List<string> getValues(ulong permissionId, string grantName)
+		{
+			List<Grant> grants = getGrant(x => x.permissionId == permissionId && x.name.StartsWith(grantName + ".")).ToList();
+
+			List<string> values = [];
+			foreach (Grant grant in grants)
+			{
+				string value = grant.name.Substring(grantName.Length);
+				if (value.Contains('.'))
+					// Were not looking at a value and instead another grant
+					continue;
+
+				values.Add(value);
+			}
+
+			return values;
+		}
+
+		public List<string> getStringValues(ulong permissionId, string grantName)
+		{
+			List<string> values = getValues(permissionId, grantName);
+
+			// Get rid of numbers
+			values = values.Where(x => !Int32.TryParse(x, out int _)).ToList();
+
+			return values;
+		}
+
+		public List<int> getIntValues(ulong permissionId, string grantName)
+		{
+			List<string> values = getValues(permissionId, grantName);
+			List<int> intValues = [];
+
+			Parallel.ForEach(values, x =>
+			{
+				if (Int32.TryParse(x, out int parsed))
+					intValues.Add(parsed);
+			});
+
+			return intValues;
+		}
+
+		public List<ulong> getULongValues(ulong permissionId, string grantName)
+		{
+			List<string> values = getValues(permissionId, grantName);
+			List<ulong> uLongValues = [];
+
+			Parallel.ForEach(values, x =>
+			{
+				if (UInt64.TryParse(x, out ulong parsed))
+					uLongValues.Add(parsed);
+			});
+
+			return uLongValues;
+		}
+	}
+}
diff --git a/API/Services/GrantService.cs b/API/Services/GrantService.cs
index 7ef1a80..b5e2d06 100644
--- a/API/Services/GrantService.cs
+++ b/API/Services/GrantService.cs
@@ -11,66 +11,5 @@ namespace API.Services
 		public GrantService(ILogger<GrantService> logger, SASGContext context, IGrantAuthentication auth) : base(logger, context, auth)
 		{
 		}
-
-		public bool hasGrant(ulong permissionId, string grantName)
-		{
-			return getNoAuthentication(x => x.permissionId == permissionId && x.name.Equals(grantName)).Any();
-		}
-
-		public List<string> getValues(ulong permissionId, string grantName)
-		{
-			List<Grant> grants = getNoAuthentication(x => x.permissionId == permissionId && x.name.StartsWith(grantName + ".")).ToList();
-
-			List<string> values = [];
-			foreach (Grant grant in grants)
-			{
-				string value = grant.name.Substring(grantName.Length);
-				if (value.Contains('.'))
-					// Were not looking at a value and instead another grant
-					continue;
-
-				values.Add(value);
-			}
-
-			return values;
-		}
-
-		public List<string> getStringValues(ulong permissionId, string grantName)
-		{
-			List<string> values = getValues(permissionId, grantName);
-
-			// Get rid of numbers
-			values = values.Where(x => !Int32.TryParse(x, out int _)).ToList();
-
-			return values;
-		}
-
-		public List<int> getIntValues(ulong permissionId, string grantName)
-		{
-			List<string> values = getValues(permissionId, grantName);
-			List<int> intValues = [];
-
-			Parallel.ForEach(values, x =>
-			{
-				if (Int32.TryParse(x, out int parsed))
-					intValues.Add(parsed);
-			});
-
-			return intValues;
-		}
-
-		public List<ulong> getULongValues(ulong permissionId, string grantName)
-		{
-			List<string> values = getValues(permissionId, grantName);
-			List<ulong> uLongValues = [];
-
-			Parallel.ForEach(values, x =>
-			{
-				if (UInt64.TryParse(x, out ulong parsed))
-					uLongValues.Add(parsed);
-			});
-
-			return uLongValues;
-		}
 	}
 }
diff --git a/API/Services/Interfaces/IGrantManager.cs b/API/Services/Interfaces/IGrantManager.cs
new file mode 100644
index 0000000..b615e27
--- /dev/null
+++ b/API/Services/Interfaces/IGrantManager.cs
@@ -0,0 +1,11 @@
+namespace API.Services.Interfaces
+{
+	public interface IGrantManager
+	{
+		public bool hasGrant(ulong permissionId, string grantName);
+		public List<string> getValues(ulong permissionId, string grantName);
+		public List<string> getStringValues(ulong permissionId, string grantName);
+		public List<int> getIntValues(ulong permissionId, string grantName);
+		public List<ulong> getULongValues(ulong permissionId, string grantName);
+	}
+}