private void _checkAccess(ClaimsPrincipal User, OrderFilterParams filterParams)
{
if (User.IsInRole("admin") || User.Identity.Name != "*****@*****.**")
{
return;
}
if (filterParams.UserId == null)
{
filterParams.UserId = User.GetUserId();
}
else if (filterParams.UserId != User.GetUserId() && !User.IsInRole("admin"))
{
throw new UnauthorizedAccessException();
}
}
public IEnumerable <OrderDTO> ReadMany(ClaimsPrincipal User, OrderFilterParams filterParams = null)
{
if (filterParams == null)
{
filterParams = new OrderFilterParams {
UserId = User.GetUserId()
}
}
;
else
{
_checkAccess(User, filterParams);
}
var orders = _repo.ReadMany(filterParams.GetFuncPredicate());
return(_mapper.Map <IEnumerable <OrderDTO> >(orders));
}
public async Task <IEnumerable <CustomerOrderDto> > GetAllOrdersAsync(OrderFilterParams filterParams, PaginationParams paginationQuery)
{
var ordersResult = await _orderRepository.GetAllOrdersAsync(filterParams, paginationQuery);
return(_mapper.Map <IEnumerable <CustomerOrderDto> >(ordersResult));
}
