officereso/sanAntonioSeniorGolf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SignupAuthentication canAddOthers for admin

Browse Source
This commit is contained in:
quentin 2024-10-29 19:13:15 -05:00
parent 048ccd7c4c
commit d48186d4d6
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
API/Authentication/GrantNames/SignupGrantNames.cs
View File

@ -10,5 +10,6 @@ namespace API.Authentication.GrantNames
public const string CanUpdate = "api.signup.update"; public const string CanUpdate = "api.signup.update";
public const string CanDeleteAny = "api.signup.delete.any"; public const string CanDeleteAny = "api.signup.delete.any";
public const string CanDelete = "api.signup.delete"; public const string CanDelete = "api.signup.delete";
public const string CanAddOthers = "api.signup.add.others";
} }
} }

10
API/Authentication/SignupAuthentication.cs
View File

@ -10,15 +10,15 @@ namespace API.Authentication
{ {
private readonly IGrantManager _grantManager; private readonly IGrantManager _grantManager;
private readonly ILogger<SignupAuthentication> _logger; private readonly ILogger<SignupAuthentication> _logger;
public SignupAuthentication(IGrantManager grantManager, ILogger<SignupAuthentication> logger) public SignupAuthentication(IGrantManager grantManager, ILogger<SignupAuthentication> logger)
{ {
_grantManager = grantManager; _grantManager = grantManager;
_logger = logger; _logger = logger;
} }
//todo make more restrictive //todo make more restrictive
public bool canGetAll(User user) public bool canGetAll(User user)
{ {
return _grantManager.hasGrant(user.permissionId, SignupGrantNames.CanGetAll); return _grantManager.hasGrant(user.permissionId, SignupGrantNames.CanGetAll);
@ -30,7 +30,9 @@ namespace API.Authentication
} }
public bool canAdd(SignupDTO item, User user) public bool canAdd(SignupDTO item, User user)
{ {
return _grantManager.hasGrant(user.permissionId, SignupGrantNames.CanAdd); if (item.userId == user.id)
return _grantManager.hasGrant(user.permissionId, SignupGrantNames.CanAdd);
return _grantManager.hasGrant(user.permissionId, SignupGrantNames.CanAddOthers);
} }
public bool canUpdate(Signup model, User user) public bool canUpdate(Signup model, User user)
{ {