//Granular Access End
public async Task <bool> CheckAccessInOpportunityAsync(Opportunity opportunity, PermissionNeededTo access, string requestId = "")
{
try
{
bool value = true;
if (StatusCodes.Status200OK == await CheckAccessFactoryAsync(access, requestId))
{
var currentUser = (_userContext.User.Claims).ToList().Find(x => x.Type == "preferred_username")?.Value;
if (!(opportunity.Content.TeamMembers).ToList().Any(teamMember => teamMember.Fields.UserPrincipalName == currentUser))
{
// This user is not having any write permissions, so he won't be able to update
_logger.LogError($"RequestId: {requestId} - CheckAccessInOpportunityAsync current user: {currentUser} AccessDeniedException");
value = false;
}
}
else
{
value = false;
}
return(value);
}
catch (Exception ex)
{
_logger.LogError($"RequestId: {requestId} - CheckAccessInOpportunityAsync Service Exception: {ex}");
return(false);
}
}
//Granular Access : Start
private async Task <(bool havePartial, bool haveAccess, bool haveSuperAcess)> CheckAccessAsync(PermissionNeededTo partialAccess, PermissionNeededTo actionAccess, PermissionNeededTo superAccess, string requestId)
{
bool haveAccess = false, haveSuperAcess = false, havePartial = false;
if (StatusCodes.Status200OK == await _authorizationService.CheckAccessFactoryAsync(superAccess, requestId))
{
havePartial = true; haveAccess = true; haveSuperAcess = true;
}
else
{
if (StatusCodes.Status200OK == await _authorizationService.CheckAccessFactoryAsync(actionAccess, requestId))
{
havePartial = true; haveAccess = true; haveSuperAcess = false;
}
else if (StatusCodes.Status200OK == await _authorizationService.CheckAccessFactoryAsync(partialAccess, requestId))
{
havePartial = true; haveAccess = false; haveSuperAcess = false;
}
else
{
havePartial = false; haveAccess = true; haveSuperAcess = false;
}
}
return(havePartial : havePartial, haveAccess : haveAccess, haveSuperAcess : haveSuperAcess);
}
//Granular Access Start
public async Task <StatusCodes> CheckAccessFactoryAsync(PermissionNeededTo action, string requestId = "")
{
try
{
var permissionsNeeded = new List <ApplicationCore.Entities.Permission>();
List <string> list = new List <string>();
//TODO:Enum would be better
switch (action)
{
case PermissionNeededTo.Create:
list.AddRange(new List <string> {
Access.Opportunity_Create.ToString()
});
break;
case PermissionNeededTo.ReadAll:
list.AddRange(new List <string> {
Access.Opportunities_Read_All.ToString(),
Access.Opportunities_ReadWrite_All.ToString()
});
break;
case PermissionNeededTo.Read:
list.AddRange(new List <string> {
Access.Opportunity_Read_All.ToString(),
Access.Opportunity_ReadWrite_All.ToString(),
});
break;
case PermissionNeededTo.ReadPartial:
list.AddRange(new List <string> {
Access.Opportunity_ReadWrite_Partial.ToString(),
Access.Opportunity_Read_Partial.ToString()
});
break;
case PermissionNeededTo.WriteAll:
list.AddRange(new List <string> {
Access.Opportunities_ReadWrite_All.ToString()
});
break;
case PermissionNeededTo.Write:
list.AddRange(new List <string> {
Access.Opportunity_ReadWrite_All.ToString()
});
break;
case PermissionNeededTo.WritePartial:
list.AddRange(new List <string> {
Access.Opportunity_ReadWrite_Partial.ToString()
});
break;
case PermissionNeededTo.Admin:
list.AddRange(new List <string> {
Access.Administrator.ToString()
});
break;
case PermissionNeededTo.DealTypeWrite:
list.AddRange(new List <string> {
Access.Opportunity_ReadWrite_Dealtype.ToString(),
Access.Opportunities_ReadWrite_All.ToString()
});
break;
case PermissionNeededTo.TeamWrite:
list.AddRange(new List <string> {
Access.Opportunity_ReadWrite_Team.ToString(),
Access.Opportunities_ReadWrite_All.ToString()
});
break;
}
//toLower
permissionsNeeded = (await _permissionRepository.GetAllAsync(requestId)).ToList().
//Where(x => list.Any(x.Name.Contains)).ToList();
Where(permissions => list.Any(req_per => req_per.ToLower() == permissions.Name.ToLower())).ToList();
var result = await CheckAccessAsync(permissionsNeeded, requestId);
return(result);
}
catch (Exception ex)
{
_logger.LogError($"RequestId: {requestId} - OpportunityFactory_CheckAccess Service Exception: {ex}");
throw new ResponseException($"RequestId: {requestId} - OpportunityFactory_CheckAccess Service Exception: {ex}");
}
}