From 71cabbd5483a5b0f8a8b97b0d1009b13e24e1222 Mon Sep 17 00:00:00 2001
From: quentin <qrs01@snowtx.com>
Date: Fri, 12 Jul 2024 23:29:28 -0500
Subject: [PATCH] Added GrantAuthentication

---
 API/Authentication/GrantAuthentication.cs     | 46 +++++++++++++++++++
 .../GrantNames/GrantGrantNames.cs             | 14 ++++++
 .../Interfaces/IGrantAuthentication.cs        |  9 ++++
 API/Controllers/GrantController.cs            |  2 +-
 API/Services/GrantService.cs                  |  4 +-
 5 files changed, 72 insertions(+), 3 deletions(-)
 create mode 100644 API/Authentication/GrantAuthentication.cs
 create mode 100644 API/Authentication/GrantNames/GrantGrantNames.cs
 create mode 100644 API/Authentication/Interfaces/IGrantAuthentication.cs

diff --git a/API/Authentication/GrantAuthentication.cs b/API/Authentication/GrantAuthentication.cs
new file mode 100644
index 0000000..7b95ebd
--- /dev/null
+++ b/API/Authentication/GrantAuthentication.cs
@@ -0,0 +1,46 @@
+using API.Authentication.GrantNames;
+using API.Authentication.Interfaces;
+using API.DTO.Base;
+using API.Services;
+using DAL.Models;
+
+namespace API.Authentication
+{
+	public class GrantAuthentication : IGrantAuthentication
+	{
+		private readonly GrantService _grantService;
+		private readonly ILogger<GrantAuthentication> _logger;
+
+		public GrantAuthentication(GrantService grantService, ILogger<GrantAuthentication> logger)
+		{
+			_grantService = grantService;
+			_logger = logger;
+		}
+
+		public bool canGetAll(User user)
+		{
+			return _grantService.hasGrant(user.permissionId, GrantGrantNames.CanGetAll);
+		}
+		public bool canGet(Grant model, User user)
+		{
+			return _grantService.hasGrant(user.permissionId, GrantGrantNames.CanGetAny) ||
+			       _grantService.getULongValues(user.permissionId, GrantGrantNames.CanGet).Exists(x => x == model.id);
+		}
+		public bool canAdd(GrantDTO item, User user)
+		{
+			return _grantService.hasGrant(user.permissionId, GrantGrantNames.CanAdd) && 
+			       _grantService.hasGrant(user.permissionId, item.name);
+		}
+		public bool canUpdate(Grant model, User user)
+		{
+			// Doesn't make sense to update the name of a grant. The updater can just delete and remake.
+			return false;
+		}
+		public bool canDelete(Grant model, User user)
+		{
+			return (_grantService.hasGrant(user.permissionId, GrantGrantNames.CanDeleteAny) ||
+			       _grantService.getULongValues(user.permissionId, GrantGrantNames.CanDelete).Exists(x => x == model.id))
+				&& _grantService.hasGrant(user.permissionId, model.name);
+		}
+	}
+}
diff --git a/API/Authentication/GrantNames/GrantGrantNames.cs b/API/Authentication/GrantNames/GrantGrantNames.cs
new file mode 100644
index 0000000..866fbd4
--- /dev/null
+++ b/API/Authentication/GrantNames/GrantGrantNames.cs
@@ -0,0 +1,14 @@
+namespace API.Authentication.GrantNames
+{
+	public static class GrantGrantNames
+	{
+		public const string CanGetAll = "api.grant.get.all";
+		public const string CanGetAny = "api.grant.get.any";
+		public const string CanGet = "api.grant.get";
+		public const string CanAdd = "api.grant.add";
+		public const string CanUpdateAny = "api.grant.update.any";
+		public const string CanUpdate = "api.grant.update";
+		public const string CanDeleteAny = "api.grant.delete.any";
+		public const string CanDelete = "api.grant.delete";
+	}
+}
diff --git a/API/Authentication/Interfaces/IGrantAuthentication.cs b/API/Authentication/Interfaces/IGrantAuthentication.cs
new file mode 100644
index 0000000..fb76ceb
--- /dev/null
+++ b/API/Authentication/Interfaces/IGrantAuthentication.cs
@@ -0,0 +1,9 @@
+using API.DTO.Base;
+using DAL.Models;
+
+namespace API.Authentication.Interfaces
+{
+	public interface IGrantAuthentication : IGenericAuthentication<GrantDTO, Grant>
+	{
+	}
+}
diff --git a/API/Controllers/GrantController.cs b/API/Controllers/GrantController.cs
index aab1210..0e1b48a 100644
--- a/API/Controllers/GrantController.cs
+++ b/API/Controllers/GrantController.cs
@@ -10,7 +10,7 @@ namespace API.Controllers
 {
 	[ApiController]
 	[Route("api/v1/[controller]")]
-	public class GrantController : CRUDBase<GrantController, GrantDTO, GrantUpdateDTO, Grant, AuditGrant, IYesAuthentication, GrantService>
+	public class GrantController : CRUDBase<GrantController, GrantDTO, GrantUpdateDTO, Grant, AuditGrant, IGrantAuthentication, GrantService>
 	{
 		public GrantController(ILogger<GrantController> logger, UserService userService, GrantService service) : base(logger, userService, service)
 		{
diff --git a/API/Services/GrantService.cs b/API/Services/GrantService.cs
index 648ef5d..7ef1a80 100644
--- a/API/Services/GrantService.cs
+++ b/API/Services/GrantService.cs
@@ -6,9 +6,9 @@ using DAL.Models.Audits;
 
 namespace API.Services
 {
-	public class GrantService : ServiceBase<GrantService, GrantDTO, Grant, AuditGrant, IYesAuthentication>
+	public class GrantService : ServiceBase<GrantService, GrantDTO, Grant, AuditGrant, IGrantAuthentication>
 	{
-		public GrantService(ILogger<GrantService> logger, SASGContext context, IYesAuthentication auth) : base(logger, context, auth)
+		public GrantService(ILogger<GrantService> logger, SASGContext context, IGrantAuthentication auth) : base(logger, context, auth)
 		{
 		}