protected override async Task <PermissionResult> CanUpdateAsync(Project original, Delta <UpdateProject> changes)
{
var changed = changes.GetEntity();
if (changes.ContainsChangedProperty(p => p.Name) && !await IsProjectNameAvailableInternalAsync(original.OrganizationId, changed.Name))
{
return(PermissionResult.DenyWithMessage("A project with this name already exists."));
}
return(await base.CanUpdateAsync(original, changes));
}
protected override async Task <PermissionResult> CanUpdateAsync(Organization original, Delta <NewOrganization> changes)
{
var changed = changes.GetEntity();
if (!await IsOrganizationNameAvailableInternalAsync(changed.Name))
{
return(PermissionResult.DenyWithMessage("A organization with this name already exists."));
}
return(await base.CanUpdateAsync(original, changes));
}
protected override async Task <PermissionResult> CanDeleteAsync(User value)
{
if (value.OrganizationIds.Count > 0)
{
return(PermissionResult.DenyWithMessage("Please delete or leave any organizations before deleting your account."));
}
if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && value.Id != CurrentUser.Id)
{
return(PermissionResult.Deny);
}
return(await base.CanDeleteAsync(value));
}
protected virtual async Task <PermissionResult> CanUpdateAsync(TModel original, Delta <TUpdateModel> changes)
{
if (original is IOwnedByOrganization orgModel && !CanAccessOrganization(orgModel.OrganizationId))
{
return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
}
if (changes.GetChangedPropertyNames().Contains("OrganizationId"))
{
return(PermissionResult.DenyWithMessage("OrganizationId cannot be modified."));
}
return(PermissionResult.Allow);
}
protected virtual async Task <PermissionResult> CanAddAsync(TModel value)
{
if (_isOrganization || !(value is IOwnedByOrganization orgModel))
{
return(PermissionResult.Allow);
}
if (!CanAccessOrganization(orgModel.OrganizationId))
{
return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
}
return(PermissionResult.Allow);
}
protected override async Task <PermissionResult> CanDeleteAsync(Organization value)
{
if (!String.IsNullOrEmpty(value.StripeCustomerId) && !User.IsInRole(AuthorizationRoles.GlobalAdmin))
{
return(PermissionResult.DenyWithMessage("An organization cannot be deleted if it has a subscription.", value.Id));
}
var projects = (await _projectRepository.GetByOrganizationIdAsync(value.Id)).Documents.ToList();
if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && projects.Any())
{
return(PermissionResult.DenyWithMessage("An organization cannot be deleted if it contains any projects.", value.Id));
}
return(await base.CanDeleteAsync(value));
}
protected override async Task <PermissionResult> CanAddAsync(Project value)
{
if (String.IsNullOrEmpty(value.Name))
{
return(PermissionResult.DenyWithMessage("Project name is required."));
}
if (!await IsProjectNameAvailableInternalAsync(value.OrganizationId, value.Name))
{
return(PermissionResult.DenyWithMessage("A project with this name already exists."));
}
if (!await _billingManager.CanAddProjectAsync(value))
{
return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add additional projects."));
}
return(await base.CanAddAsync(value));
}
protected override async Task <PermissionResult> CanAddAsync(Organization value)
{
if (String.IsNullOrEmpty(value.Name))
{
return(PermissionResult.DenyWithMessage("Organization name is required."));
}
if (!await IsOrganizationNameAvailableInternalAsync(value.Name))
{
return(PermissionResult.DenyWithMessage("A organization with this name already exists."));
}
if (!await _billingManager.CanAddOrganizationAsync(CurrentUser))
{
return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add an additional organization."));
}
return(await base.CanAddAsync(value));
}