sanAntonioSeniorGolf/API/Authentication/UserAuthentication.cs

using API.Authentication.GrantNames;
using API.Authentication.Interfaces;
using API.DTO.Base;
using API.Services;
using DAL.Models;

namespace API.Authentication
{
	public class UserAuthentication : IUserAuthentication
	{
		private readonly GrantService _grantService;
		private readonly ILogger<UserAuthentication> _logger;
		private readonly UserService _userService;
		public UserAuthentication(ILogger<UserAuthentication> logger, GrantService grantService, UserService userService)
		{
			_logger = logger;
			_grantService = grantService;
			_userService = userService;
		}

		public bool canGetAll(User user)
		{
			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
		}
		public bool canGet(User model, User user)
		{
			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
			       _grantService.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
		}
		public bool canAdd(UserDTO item, User user)
		{
			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanAdd);
		}

		// todo this needs to be made much better
		public bool canUpdate(User model, User user)
		{
			User origUser;
			if (model.id == user.id)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
				    || !_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
				    || !_grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id)
				   )
					return false;

				// Don't let the user change their own permissionId
				if (model.permissionId != user.permissionId)
					return false;
				origUser = user;
			}
			else
			{
				origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
			}

			if (origUser.permissionId != model.permissionId)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
					return false;
			}

			if (origUser.firstName != user.firstName || origUser.lastName != user.lastName)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
					return false;
			}

			if (origUser.phoneNumber != user.phoneNumber)
			{
				if (!_grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
					return false;
			}

			return _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
			       || model.id == user.id &&
			       _grantService.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
			       || _grantService.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
		}
		public bool canDelete(User model, User user)
		{
			return (_grantService.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
			        _grantService.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
			       && model.id != user.id;
		}
	}
}