public override PermissionModel <ReportPermission> IsPermitted(int userId, Report report) { var permissionModel = PermissionModel <ReportPermission> .Create(ReportPermission.AddComment); if (report.Private) { return(permissionModel.AppendPermission(() => userId == report.CreatorId)); } return(report.Status switch { (int)ReportStatusType.Awaiting => permissionModel .AppendPermission(() => userId == report.CreatorId && report.ReportComments.Count + 1 <= ReportPermissionConstants.MaxCommentsWhenIsAwaiting) .AppendPermission(() => userId == report.AssigneeId), (int)ReportStatusType.Assigned => permissionModel .AppendPermission(() => userId == report.CreatorId && report.ReportComments.Count + 1 <= ReportPermissionConstants.MaxCommentsWhenIsAwaiting) .AppendPermission(() => userId == report.AssigneeId && !report.ReportComments.Any(rc => rc.UserId == userId)), (int)ReportStatusType.Opened => permissionModel .AppendPermission(() => userId == report.CreatorId && report.ReportComments .TakeLast(ReportPermissionConstants.MaxCommentsInRow).Any(rc => rc.UserId != userId)) .AppendPermission(() => report.ReportSubscribers.Any(rs => rs.UserId == userId) && report .ReportComments .TakeLast(ReportPermissionConstants.MaxCommentsInRow).Any(rc => rc.UserId != userId)) .AppendPermission(() => userId == report.AssigneeId), (int)ReportStatusType.Closed => permissionModel .AppendPermission(() => userId == report.CreatorId), _ => permissionModel });
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { ActionExecutedContext result; Cost *= context.HttpContext.Request.Form.ContainsKey(AmountKey) ? int.Parse(context.HttpContext.Request.Form[AmountKey]) : 1; var(database, httpContextReader, configuration) = ( context.HttpContext.RequestServices.GetService <IDatabase>(), context.HttpContext.RequestServices.GetService <IHttpContextReader>(), context.HttpContext.RequestServices.GetService <IConfiguration>()); var currentUser = await database.UserRepository.FindById(httpContextReader.CurrentUserId) ?? throw new AuthException("User not authorized"); bool isOwner = RoleDictionary.FindRoleTypeByUserRole(new("admin", currentUser.AdminRole)) == RoleType.Owner || configuration.IsDev(httpContextReader.CurrentUserId); var hasToPayPermission = PermissionModel <PremiumPermission> .Create(PremiumPermission.HasToPay) .AppendPermission(() => !isOwner && currentUser.Credits >= Cost); var hasFreePremiumPermission = PermissionModel <PremiumPermission> .Create(PremiumPermission.HasFreePremium) .AppendPermission(() => isOwner); if (hasFreePremiumPermission.IsPermitted) { result = await next(); return; } else { if (!hasToPayPermission.IsPermitted) { throw new PremiumOperationException("You have not sufficient credits on your account"); } else { currentUser.AddCredits(-Cost); if (!await database.UserRepository.Update(currentUser)) { throw new DatabaseException(); } } } result = await next(); }
public override PermissionModel <ReportPermission> IsPermitted(int userId, Report report) { var permissionModel = PermissionModel <ReportPermission> .Create(ReportPermission.AttachImages); if (report.Private) { return(permissionModel.AppendPermission(() => userId == report.CreatorId)); } return(report.Status switch { (int)ReportStatusType.Awaiting => permissionModel .AppendPermission(() => userId == report.CreatorId), (int)ReportStatusType.Assigned => permissionModel .AppendPermission(() => userId == report.CreatorId), (int)ReportStatusType.Opened => permissionModel .AppendPermission(() => userId == report.CreatorId) .AppendPermission(() => userId == report.AssigneeId) .AppendPermission(() => report.ReportSubscribers.Any(rs => rs.UserId == userId)), _ => permissionModel });
public void SetUp() { permissionModel = PermissionModel <ReportPermission> .Create(It.IsAny <ReportPermission>()); }