protected override async Task <Task> HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, Booking resource)
{
if (context.User == null || resource == null)
{
return(Task.CompletedTask);
}
// If not asking for Create or Read permission and user is not a Boat Owner, return.
if (requirement.Name != Constants.Create &&
requirement.Name != Constants.Read &&
!context.User.IsInRole(RoleName.BoatOwner))
{
return(Task.CompletedTask);
}
// Get the current logged in user's attached Person, and then its related BoatOwner object
var loggedPerson = await _userService.GetUserAsync(context.User);
var boatOwner = _userService.GetBoatOwnerFromPerson(loggedPerson);
// Make sure we load all the information we need about the boat in the bookingBoat
var bookingBoat = await _boatService.GetSingle(resource.BoatId);
// Verify whether the boat owner that asks for access matches the resource's boat owner information
if (boatOwner.BoatOwnerId == bookingBoat.BoatOwnerId)
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
// GET: Boat/Details/5
public async Task <IActionResult> Details(int?id)
{
try
{
var boat = await _boatService.GetSingle(id);
// Challenge whether the user is the boat's owner, an admin or a manager
var isAuthorized = await _authorizationService.AuthorizeAsync(User, boat, Operation.Read);
// If he owns the access to the boat indeed
if (isAuthorized.Succeeded)
{
// Return a view with that specific boat
return(View(boat));
}
// If the user shouldn't be able to see that boat's information, forbid the access
return(Forbid());
}
catch (BusinessException)
{
return(View("Error"));
}
}
public async Task <ActionResult <Booking> > CreateBookingLocally(int boatId, int spotId, string start, string end)
{
var startDate = DateTime.Parse(start);
var endDate = DateTime.Parse(end);
// Find boat & spot objects in db
var boat = await _boatService.GetSingle(boatId);
var spot = await _spotService.GetSingle(spotId);
// Check whether the logged user owns the boat
var isAuthorized = await _authorizationService.AuthorizeAsync(User, boat, Operation.Book);
if (!isAuthorized.Succeeded)
{
return(Unauthorized());
}
// get booking from session if created before
var booking = HttpContext.Session.Get <Booking>("Booking");
// Check whether booking is consistent, and if not, reinitialize
if (booking is null || booking.BookingReferenceNo == 0 || booking.BoatId != boatId)
{
booking = new Booking {
BoatId = boatId
};
await _bookingService.Create(booking);
}
// If the spot fits the boat
if (HelperMethods.DoesSpotFitBoat(boat, spot))
{
// And the selected dates are valid
if (HelperMethods.AreDatesValid(startDate, endDate))
{
// Next 5 lines make sure that no dates overlap in the
// booking's booking lines You cannot physically be in two
// places at the same time
bool areBookingLinesDatesValid = true;
foreach (BookingLine bookingLine in booking.BookingLines)
{
if (HelperMethods.AreDatesIntersecting(bookingLine.StartDate, bookingLine.EndDate, startDate, endDate))
{
areBookingLinesDatesValid = false;
}
}
// Finally, if all conditions are met
if (areBookingLinesDatesValid)
{
// Add bookingLine to the booking lines inside the booking
booking = _bookingService.CreateBookingLine(booking, startDate, endDate, spot);
}
}
}
// store booking object in the session
// don't yet know whether you rewrite value if you add it with the same key or if it needs to be removed first
//HttpContext.Session.Remove("Booking");
HttpContext.Session.Set("Booking", booking);
// hopefully serialization is not needed and returns booking in json format
return(Ok(booking));
}