/// <summary> /// Can do Permission to Document /// </summary> /// <param name="permission">The Permission.</param> /// <param name="document">The Document.</param> /// <returns>True if can.</returns> protected bool CanAsync(Permission permission, ILocationPath document) { var authorizationResult = AuthorizationService .AuthorizeAsync(User, document, new PermissionRequirement(permission)).Result; return(authorizationResult.Succeeded); }
private async Task <ActionResult <PutCaseBreakdownEventResponse> > UpsertEvent <TEvent, TRequest>( string examinationId, Permission permission, [FromBody] TRequest caseBreakdownEvent) where TEvent : IEvent { if (!ModelState.IsValid) { return(BadRequest(new PutCaseBreakdownEventResponse())); } if (caseBreakdownEvent == null) { return(BadRequest(new PutCaseBreakdownEventResponse())); } var user = await CurrentUser(); var theEvent = Mapper.Map <TEvent>(caseBreakdownEvent); theEvent = SetEventUserStatuses(theEvent, user); var examination = await _examinationRetrievalService.Handle(new ExaminationRetrievalQuery(examinationId, user)); if (examination == null) { return(NotFound(new PutCaseBreakdownEventResponse())); } if (!CanAsync(permission, examination)) { return(Forbid()); } var result = await _eventCreationService.Handle(new CreateEventQuery(examinationId, theEvent)); if (result == null) { return(NotFound(new PutCaseBreakdownEventResponse())); } var patientCard = Mapper.Map <PatientCardItem>(result.Examination); var res = new PutCaseBreakdownEventResponse { Header = patientCard, EventId = result.EventId }; return(Ok(res)); }
/// <summary> /// Locations With Permission. /// </summary> /// <param name="permission">Permission.</param> /// <returns>List of Location Ids.</returns> protected async Task <IEnumerable <string> > LocationsWithPermission(Permission permission) { var currentUser = await CurrentUser(); return(PermissionService.LocationIdsWithPermission(currentUser, permission).Distinct()); }