public override PermissionModel <ReportPermission> IsPermitted(int userId, Report report)
{
var permissionModel = PermissionModel <ReportPermission> .Create(ReportPermission.AddComment);
if (report.Private)
{
return(permissionModel.AppendPermission(() => userId == report.CreatorId));
}
return(report.Status switch
{
(int)ReportStatusType.Awaiting => permissionModel
.AppendPermission(() => userId == report.CreatorId && report.ReportComments.Count + 1 <=
ReportPermissionConstants.MaxCommentsWhenIsAwaiting)
.AppendPermission(() => userId == report.AssigneeId),
(int)ReportStatusType.Assigned => permissionModel
.AppendPermission(() => userId == report.CreatorId && report.ReportComments.Count + 1 <=
ReportPermissionConstants.MaxCommentsWhenIsAwaiting)
.AppendPermission(() => userId == report.AssigneeId &&
!report.ReportComments.Any(rc => rc.UserId == userId)),
(int)ReportStatusType.Opened => permissionModel
.AppendPermission(() => userId == report.CreatorId && report.ReportComments
.TakeLast(ReportPermissionConstants.MaxCommentsInRow).Any(rc => rc.UserId != userId))
.AppendPermission(() => report.ReportSubscribers.Any(rs => rs.UserId == userId) && report
.ReportComments
.TakeLast(ReportPermissionConstants.MaxCommentsInRow).Any(rc => rc.UserId != userId))
.AppendPermission(() => userId == report.AssigneeId),
(int)ReportStatusType.Closed => permissionModel
.AppendPermission(() => userId == report.CreatorId),
_ => permissionModel
});
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
ActionExecutedContext result;
Cost *= context.HttpContext.Request.Form.ContainsKey(AmountKey)
? int.Parse(context.HttpContext.Request.Form[AmountKey])
: 1;
var(database, httpContextReader, configuration) = (
context.HttpContext.RequestServices.GetService <IDatabase>(),
context.HttpContext.RequestServices.GetService <IHttpContextReader>(),
context.HttpContext.RequestServices.GetService <IConfiguration>());
var currentUser = await database.UserRepository.FindById(httpContextReader.CurrentUserId) ??
throw new AuthException("User not authorized");
bool isOwner = RoleDictionary.FindRoleTypeByUserRole(new("admin", currentUser.AdminRole)) == RoleType.Owner ||
configuration.IsDev(httpContextReader.CurrentUserId);
var hasToPayPermission = PermissionModel <PremiumPermission> .Create(PremiumPermission.HasToPay)
.AppendPermission(() => !isOwner && currentUser.Credits >= Cost);
var hasFreePremiumPermission = PermissionModel <PremiumPermission> .Create(PremiumPermission.HasFreePremium)
.AppendPermission(() => isOwner);
if (hasFreePremiumPermission.IsPermitted)
{
result = await next();
return;
}
else
{
if (!hasToPayPermission.IsPermitted)
{
throw new PremiumOperationException("You have not sufficient credits on your account");
}
else
{
currentUser.AddCredits(-Cost);
if (!await database.UserRepository.Update(currentUser))
{
throw new DatabaseException();
}
}
}
result = await next();
}
public override PermissionModel <ReportPermission> IsPermitted(int userId, Report report)
{
var permissionModel = PermissionModel <ReportPermission> .Create(ReportPermission.AttachImages);
if (report.Private)
{
return(permissionModel.AppendPermission(() => userId == report.CreatorId));
}
return(report.Status switch
{
(int)ReportStatusType.Awaiting => permissionModel
.AppendPermission(() => userId == report.CreatorId),
(int)ReportStatusType.Assigned => permissionModel
.AppendPermission(() => userId == report.CreatorId),
(int)ReportStatusType.Opened => permissionModel
.AppendPermission(() => userId == report.CreatorId)
.AppendPermission(() => userId == report.AssigneeId)
.AppendPermission(() => report.ReportSubscribers.Any(rs => rs.UserId == userId)),
_ => permissionModel
});
public void SetUp()
{
permissionModel = PermissionModel <ReportPermission> .Create(It.IsAny <ReportPermission>());
}
