sanAntonioSeniorGolf/API/Authentication/UserAuthentication.cs

using API.Authentication.GrantNames;
using API.Authentication.Interfaces;
using API.DTO.Base;
using API.Services;
using API.Services.Interfaces;
using DAL.Models;

namespace API.Authentication
{
	public class UserAuthentication : IUserAuthentication
	{
		private readonly IGrantManager _grantManager;
		private readonly ILogger<UserAuthentication> _logger;
		public UserAuthentication(ILogger<UserAuthentication> logger, IGrantManager grantManager)
		{
			_logger = logger;
			_grantManager = grantManager;
		}

		public bool canGetAll(User user)
		{
			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanGetAll);
		}
		public bool canGet(User model, User user)
		{
			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanGetAny) ||
			       _grantManager.getULongValues(user.permissionId, UserGrantNames.CanGet).Exists(x => x == model.id);
		}
		public bool canAdd(UserDTO item, User user)
		{
			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanAdd);
		}

		// todo this needs to be made much better
		public bool canUpdate(User model, User user)
		{
			User origUser = user;
			if (model.id == user.id)
			{
				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
				    || !_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
				   )
					return false;

				// Don't let the user change their own permissionId
				if (model.permissionId != user.permissionId)
					return false;
				origUser = user;
			}
			// else
			// {
			// 	origUser = _userService.getNoAuthentication(model.id) ?? throw new InvalidOperationException("Model is null.");
			// }

			if (origUser.permissionId != model.permissionId)
			{
				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdatePermission))
					return false;
			}

			if (origUser.firstName != user.firstName || origUser.lastName != user.lastName)
			{
				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateNames))
					return false;
			}

			if (origUser.phoneNumber != user.phoneNumber)
			{
				if (!_grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdatePhoneNumber))
					return false;
			}

			return _grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateAny)
			       || model.id == user.id &&
			       _grantManager.hasGrant(user.permissionId, UserGrantNames.CanUpdateSelf)
			       || _grantManager.getULongValues(user.permissionId, UserGrantNames.CanUpdate).Exists(x => x == model.id);
		}
		public bool canDelete(User model, User user)
		{
			return (_grantManager.hasGrant(user.permissionId, UserGrantNames.CanDeleteAny) ||
			        _grantManager.getULongValues(user.permissionId, UserGrantNames.CanDelete).Exists(x => x == model.id))
			       && model.id != user.id;
		}
		public bool canChangePassword(User destUser, User changingUser, bool oldPasswordMatchNew)
		{
			return (destUser.id == changingUser.id && _grantManager.hasGrant(changingUser.permissionId, UserGrantNames.CanChangePasswordSelf) && oldPasswordMatchNew) ||
			       _grantManager.hasGrant(changingUser.permissionId, UserGrantNames.CanChangePasswordOthers);
		}
	}
}