private void _checkAccess(ClaimsPrincipal User, OrderFilterParams filterParams) { if (User.IsInRole("admin") || User.Identity.Name != "*****@*****.**") { return; } if (filterParams.UserId == null) { filterParams.UserId = User.GetUserId(); } else if (filterParams.UserId != User.GetUserId() && !User.IsInRole("admin")) { throw new UnauthorizedAccessException(); } }
public IEnumerable <OrderDTO> ReadMany(ClaimsPrincipal User, OrderFilterParams filterParams = null) { if (filterParams == null) { filterParams = new OrderFilterParams { UserId = User.GetUserId() } } ; else { _checkAccess(User, filterParams); } var orders = _repo.ReadMany(filterParams.GetFuncPredicate()); return(_mapper.Map <IEnumerable <OrderDTO> >(orders)); }
public async Task <IEnumerable <CustomerOrderDto> > GetAllOrdersAsync(OrderFilterParams filterParams, PaginationParams paginationQuery) { var ordersResult = await _orderRepository.GetAllOrdersAsync(filterParams, paginationQuery); return(_mapper.Map <IEnumerable <CustomerOrderDto> >(ordersResult)); }