added UserAuthentication

API/Authentication/GrantNames/UserGrantNames.cs

@@ -0,0 +1,18 @@
+namespace API.Authentication.GrantNames
+{
+	public static class UserGrantNames
+	{
+		public const string CanGetAll = "api.user.get.all";
+		public const string CanGetAny = "api.user.get.any";
+		public const string CanGet = "api.user.get";
+		public const string CanAdd = "api.user.add";
+		public const string CanUpdateAny = "api.user.update.any";
+		public const string CanUpdate = "api.user.update";
+		public const string CanUpdateSelf = "api.user.update.self";
+		public const string CanUpdateNames = "api.user.update.names";
+		public const string CanUpdatePhoneNumber = "api.user.update.phoneNumber";
+		public const string CanUpdatePermission = "api.user.update.permission";
+		public const string CanDeleteAny = "api.user.delete.any";
+		public const string CanDelete = "api.user.delete";
+	}
+}

API/Authentication/Interfaces/IUserAuthentication.cs

@@ -0,0 +1,9 @@
+using API.DTO.Base;
+using DAL.Models;
+
+namespace API.Authentication.Interfaces
+{
+	public interface IUserAuthentication : IGenericAuthentication<UserDTO, User>
+	{
+	}
+}

API/Authentication/UserAuthentication.cs

@@ -0,0 +1,87 @@
+using API.Authentication.GrantNames;
+using API.Authentication.Interfaces;
+using API.DTO.Base;
+using API.Services;
+using DAL.Models;
+
+namespace API.Authentication
+{
+	public class UserAuthentication : IUserAuthentication
+	{
+		private readonly GrantService _grantService;
+		private readonly ILogger<UserAuthentication> _logger;
+		private readonly UserService _userService;
+		public UserAuthentication(ILogger<UserAuthentication> logger, GrantService grantService, UserService userService)
+		{
+			_logger = logger;
+			_grantService = grantService;
+			_userService = userService;
+		}
+
+		public bool canGetAll(User user)
+		{
+			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
+		}
+		public bool canGet(User model, User user)
+		{
+			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
+			       _grantService.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
+		}
+		public bool canAdd(UserDTO item, User user)
+		{
+			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanAdd);
+		}
+
+		// todo this needs to be made much better
+		public bool canUpdate(User model, User user)
+		{
+			User origUser;
+			if (model.id == user.id)
+			{
+				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
+				    || !_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
+				    || !_grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)
+				   )
+					return false;
+
+				// Don't let the user change their own permissionId
+				if (model.permissionId != user.permissionId)
+					return false;
+				origUser = user;
+			}
+			else
+			{
+				origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
+			}
+
+			if (origUser.permissionId != model.permissionId)
+			{
+				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
+					return false;
+			}
+
+			if (origUser.firstName != user.firstName || origUser.lastName != user.lastName)
+			{
+				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
+					return false;
+			}
+
+			if (origUser.phoneNumber != user.phoneNumber)
+			{
+				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
+					return false;
+			}
+
+			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
+			       || model.id == user.id &&
+			       _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
+			       || _grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
+		}
+		public bool canDelete(User model, User user)
+		{
+			return (_grantService.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
+			        _grantService.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
+			       && model.id != user.id;
+		}
+	}
+}

API/Controllers/UserController.cs

@@ -10,7 +10,7 @@ namespace API.Controllers
 {
 	[ApiController]
 	[Route("api/v1/[controller]")]
-	public class UserController : CRUDBase<UserController, UserDTO, UserUpdateDTO, User, AuditUser, IYesAuthentication, UserService>
+	public class UserController : CRUDBase<UserController, UserDTO, UserUpdateDTO, User, AuditUser, IUserAuthentication, UserService>
 	{
 		public UserController(ILogger<UserController> logger, UserService userService, UserService service) : base(logger, userService, service)
 		{

API/Program.cs

@@ -45,7 +45,7 @@ namespace API
 			{
 				ILogger<UserService> logger = options.GetRequiredService<ILogger<UserService>>();
 				SASGContext context = options.GetRequiredService<SASGContext>();
-				IYesAuthentication authentication = options.GetRequiredService<IYesAuthentication>();
+				IUserAuthentication authentication = options.GetRequiredService<IUserAuthentication>();
 				PermissionService permissionService = options.GetRequiredService<PermissionService>();
 
 				ulong defaultUserPermission = UInt64.Parse(builder.Configuration["defaultUserPermission"] ?? throw new InvalidOperationException("defaultUserPermission is null"));
@@ -55,6 +55,11 @@ namespace API
 
 			builder.Services.AddTransient<IYesAuthentication, YesAuthentication>();
 			builder.Services.AddTransient<IColorAuthentication, ColorAuthentication>();
+			builder.Services.AddTransient<IEventAuthentication, EventAuthentication>();
+			builder.Services.AddTransient<IGrantAuthentication, GrantAuthentication>();
+			builder.Services.AddTransient<IImageAuthentication, ImageAuthentication>();
+			builder.Services.AddTransient<IColorAuthentication, ColorAuthentication>();
+			builder.Services.AddTransient<IColorAuthentication, ColorAuthentication>();
 
 			builder.Services.AddTransient<IHashingFactory, HashingFactory>();
 

API/Services/UserService.cs

@@ -7,11 +7,11 @@ using DAL.Models.Audits;
 
 namespace API.Services
 {
-	public class UserService : ServiceBase<UserService, UserDTO, User, AuditUser, IYesAuthentication>
+	public class UserService : ServiceBase<UserService, UserDTO, User, AuditUser, IUserAuthentication>
 	{
 		private readonly ulong _defaultUserPermission;
 		private readonly PermissionService _permissionService;
-		public UserService(ILogger<UserService> logger, SASGContext context, IYesAuthentication auth, PermissionService permissionService, ulong defaultUserPermission) : base(logger, context, auth)
+		public UserService(ILogger<UserService> logger, SASGContext context, IUserAuthentication auth, PermissionService permissionService, ulong defaultUserPermission) : base(logger, context, auth)
 		{
 			_permissionService = permissionService;
 			_defaultUserPermission = defaultUserPermission;