87 lines
2.8 KiB
C#
87 lines
2.8 KiB
C#
using API.Authentication.GrantNames;
|
|
using API.Authentication.Interfaces;
|
|
using API.DTO.Base;
|
|
using API.Services;
|
|
using API.Services.Interfaces;
|
|
using DAL.Models;
|
|
|
|
namespace API.Authentication
|
|
{
|
|
public class UserAuthentication : IUserAuthentication
|
|
{
|
|
private readonly IGrantManager _grantManager;
|
|
private readonly ILogger<UserAuthentication> _logger;
|
|
public UserAuthentication(ILogger<UserAuthentication> logger, IGrantManager grantManager)
|
|
{
|
|
_logger = logger;
|
|
_grantManager = grantManager;
|
|
}
|
|
|
|
public bool canGetAll(User user)
|
|
{
|
|
return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
|
|
}
|
|
public bool canGet(User model, User user)
|
|
{
|
|
return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
|
|
_grantManager.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
|
|
}
|
|
public bool canAdd(UserDTO item, User user)
|
|
{
|
|
return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanAdd);
|
|
}
|
|
|
|
// todo this needs to be made much better
|
|
public bool canUpdate(User model, User user)
|
|
{
|
|
User origUser = user;
|
|
if (model.id == user.id)
|
|
{
|
|
if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
|
|
|| !_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
|
|
|| !_grantManager.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)
|
|
)
|
|
return false;
|
|
|
|
// Don't let the user change their own permissionId
|
|
if (model.permissionId != user.permissionId)
|
|
return false;
|
|
origUser = user;
|
|
}
|
|
// else
|
|
// {
|
|
// origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
|
|
// }
|
|
|
|
if (origUser.permissionId != model.permissionId)
|
|
{
|
|
if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
|
|
return false;
|
|
}
|
|
|
|
if (origUser.firstName != user.firstName || origUser.lastName != user.lastName)
|
|
{
|
|
if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
|
|
return false;
|
|
}
|
|
|
|
if (origUser.phoneNumber != user.phoneNumber)
|
|
{
|
|
if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
|
|
return false;
|
|
}
|
|
|
|
return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
|
|
|| model.id == user.id &&
|
|
_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
|
|
|| _grantManager.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
|
|
}
|
|
public bool canDelete(User model, User user)
|
|
{
|
|
return (_grantManager.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
|
|
_grantManager.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
|
|
&& model.id != user.id;
|
|
}
|
|
}
|
|
}
|