public async Task <bool> IsHaveAccess(ActionExecutingContext context)
{
IServiceProvider serviceProvider = context.HttpContext.RequestServices;
IItemLookup itemLookup = serviceProvider.GetService(itemLookupServiceType) as IItemLookup;
IUserProvider userIdProvider = serviceProvider.GetService <IUserProvider>();
string currentUserId = userIdProvider.GetCurrentUserId(context.HttpContext);
bool isCurrentUserAdmin = await userIdProvider.IsInRoleAsync(currentUserId, RoleConstants.Administrator);
if (isCurrentUserAdmin) // admin has access to everything
{
return(true);
}
//Find the relevant item id from the request
string resourceId = GetPropertyValue(idArgumentName, (Dictionary <string, object>)context.ActionArguments);
if (resourceId != null)
{
string itemOwnerId = await itemLookup.GetOwnerId(resourceId);
return(currentUserId == itemOwnerId);
}
return(false);
}
public Checkout(IItemLookup itemLookup, ICheckoutMessagePrinter checkoutMessagePrinter)
{
_itemLookup = itemLookup;
_checkoutMessagePrinter = checkoutMessagePrinter;
}
public Checkout(IItemLookup itemLookup, ISpecialOfferLookup getSpecialOffers)
{
_itemLookup = itemLookup;
_getSpecialOffers = getSpecialOffers;
}
