protected override async Task HandleOrderCancellationAsync(AuthorizationHandlerContext context,
OrderOperationAuthorizationRequirement requirement, Order resource)
{
if (!await _permissionChecker.IsGrantedAsync(OrdersPermissions.Orders.Cancel))
{
context.Fail();
return;
}
if (resource.CustomerUserId != _currentUser.GetId())
{
if (!await _permissionChecker.IsGrantedAsync(OrdersPermissions.Orders.Manage))
{
context.Fail();
return;
}
if (!await _storeOwnerStore.IsStoreOwnerAsync(resource.StoreId, _currentUser.GetId()) &&
!await _permissionChecker.IsGrantedAsync(OrdersPermissions.Orders.CrossStore))
{
context.Fail();
return;
}
}
if (!resource.IsPaid())
{
context.Succeed(requirement);
return;
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, StorePermissionAuthorizationRequirement requirement, StoreInfo storeInfo)
{
var userId = context.User?.FindUserId();
if (userId.HasValue)
{
var isStoreOwner = await _storeOwnerStore.IsStoreOwnerAsync(storeInfo.StoreId, userId.Value);
if (isStoreOwner)
{
if (!requirement.PolicyName.IsNullOrWhiteSpace())
{
if (await _permissionChecker.IsGrantedAsync(context.User, requirement.PolicyName))
{
context.Succeed(requirement);
}
}
else
{
context.Succeed(requirement);
}
}
}
}