public async Task <RequestAuthorizationResult> IsAuthorizedAsync(EditCommand <HomeworkEditCommand, HomeworkDetailsResponse> request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isTeacher = await context.Homeworks.IsTeacherAtHomework(currentUserId, request.Id); return(isTeacher ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure("Csak javító tanárok módosíthatják az adott házi feladatot.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(HomeworkSolutionSubmitCommand request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.HomeworkSolutions.AnyAsync(x => x.Id == request.Id && x.Student.UserId == currentUserId, cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure("A házi feladatot csak a készítő diák adhatja be.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(FileCreateCommand request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.HomeworkSolutions.AnyAsync( x => x.Id == request.SolutionId && x.Student.UserId == currentUserId, cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure("A felatmegoldást csak az azt létrehozó diák módosíthatja.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(TestCreateCommand request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.ClassSchoolYearSubjectTeachers.AnyAsync( x => x.ClassSchoolYearSubjectId == request.ClassSchoolYearSubjectId && x.Teacher.UserId == currentUserId, cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure("Csak a tárgyat tanító tanárok hozhatnak létre dolgozatot.")); }
private async Task <RequestAuthorizationResult> CanModifyTestAsync(Guid testId, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.ClassSchoolYearSubjectTeachers.AnyAsync( x => x.Id == testId && x.Teacher.UserId == currentUserId, cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure("Csak a tárgyat tanító tanárok módosíthatják a dolgozatot.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(TestAnswerGetQuery request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.TestAnswers.AnyAsync(x => x.Id == request.Id && (x.StudentTest.Student.UserId == currentUserId || x.StudentTest.Test.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.Any(t => t.Teacher.UserId == currentUserId)), cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure( "A dolgozatbeadáshoz csak a beadó diák, és a javító tanárok férhetnek hozzá.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(TestAnswerListQuery request, CancellationToken cancellationToken) { var test = await context.Tests.Include(x => x.ClassSchoolYearSubject) .ThenInclude(x => x.ClassSchoolYearSubjectTeachers) .ThenInclude(x => x.Teacher) .SingleAsync(x => x.Id == request.TestId, cancellationToken); var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = test.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.Any(x => x.Teacher.UserId == currentUserId); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure("Csak a javító tanárok listázhatják a dolgozatra beküldött megoldásokat.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(TestStartCommand request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.Tests.AnyAsync( x => x.Id == request.Id && x.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers .Any(t => t.Teacher.UserId == currentUserId), cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure( "Csak olyan tanár indíthatja el a dolgozatot, aki tanítja az adott tárgyat.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(HomeworkSolutionGetQuery request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var isAuthorized = await context.HomeworkSolutions .AnyAsync(x => x.Id == request.Id && (x.Student.UserId == currentUserId || x.Homework.Lesson.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers .Any(t => t.Teacher.UserId == currentUserId)), cancellationToken); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure( "A házifeladat megoldást csak a készítője, és a házi feladat javító tanárok tekinthetik meg.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(MessageGetQuery request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var message = await context.Messages.Include(x => x.SenderUser) .Include(x => x.ReceiverUserMessages) .ThenInclude(x => x.ClassRegisterUser) .SingleAsync(x => x.Id == request.Id, cancellationToken); if (message.SenderUserId == currentUserId || message.ReceiverUserMessages.Any(x => x.ClassRegisterUser.Id == currentUserId)) { return(RequestAuthorizationResult.Success); } return(RequestAuthorizationResult.Failure("Az üzenetet csak a címzettek és a küldő tekintheti meg.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(TaskAnswerDeleteCommand request, CancellationToken cancellationToken) { var answer = await context.TaskAnswers.Include(x => x.TestAnswer) .ThenInclude(x => x.StudentTest) .ThenInclude(x => x.Student) .SingleOrDefaultAsync(x => x.Id == request.Id, cancellationToken); var currentUserId = identityService.GetCurrentUserId(); if (answer == null || answer.TestAnswer.StudentTest.Student.UserId == currentUserId) { return(RequestAuthorizationResult.Success); } return(RequestAuthorizationResult.Failure("A feladatbeadást csak az azt beadó tanuló törölheti.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(AbsenceDeleteCommand request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var absence = await context.Absences.Include(x => x.Lesson) .ThenInclude(x => x.ClassSchoolYearSubject) .ThenInclude(x => x.ClassSchoolYearSubjectTeachers) .ThenInclude(x => x.Teacher) .SingleAsync(x => x.Id == request.Id, cancellationToken); if (!identityService.IsInRole(TenantRoleType.Administrator) && absence.Lesson.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.All(x => x.Teacher.UserId != currentUserId)) { return(RequestAuthorizationResult.Failure("A hiányzást csak a tárgy oktatói vagy az adminisztrátorok törölhetik.")); } return(RequestAuthorizationResult.Success); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(AbsenceCreateCommand request, CancellationToken cancellationToken) { var lesson = await context.Lessons.Include(x => x.ClassSchoolYearSubject) .ThenInclude(x => x.ClassSchoolYearSubjectTeachers) .ThenInclude(x => x.Teacher) .SingleAsync(x => x.Id == request.LessonId, cancellationToken); var currentUserId = identityService.GetCurrentUserId(); if (lesson.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.All(x => x.Teacher.UserId != currentUserId)) { return(RequestAuthorizationResult.Failure( "Csak olyan tanárok vehetnek fel hiányzást, akik tanítják az adott tárgyat, az osztálynak a tanévben.")); } return(RequestAuthorizationResult.Success); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(GradeCreateCommand request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var classSchoolYearSubjectTeachers = await context.ClassSchoolYearSubjectTeachers .Include(x => x.Teacher) .Where(x => x.ClassSchoolYearSubject.SubjectId == request.SubjectId && x.ClassSchoolYearSubject.ClassSchoolYear.Class.Students.Any(s => s.Id == request.StudentId) && x.ClassSchoolYearSubject.ClassSchoolYear.SchoolYearId == request.SchoolYearId) .ToListAsync(cancellationToken); if (classSchoolYearSubjectTeachers.All(x => x.Teacher.UserId != currentUserId)) { return(RequestAuthorizationResult.Failure( "Csak olyan tanár írhat be jegyet, aki tanítja az adott tárgyat az adott tanévben az osztálynak.")); } return(RequestAuthorizationResult.Success); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(EditCommand <AbsenceStateSetCommand> request, CancellationToken cancellationToken) { var absence = await context.Absences.Include(x => x.Lesson) .ThenInclude(x => x.ClassSchoolYearSubject) .ThenInclude(x => x.ClassSchoolYear) .ThenInclude(x => x.Class) .ThenInclude(x => x.HeadTeacher) .SingleAsync(x => x.Id == request.Id, cancellationToken); if (!identityService.IsInRole(TenantRoleType.Administrator) && identityService.GetCurrentUserId() != absence.Lesson.ClassSchoolYearSubject.ClassSchoolYear.Class.HeadTeacher.UserId) { return(RequestAuthorizationResult.Failure("Egy hiányzás állapotát csak egy adminisztrátor vagy az osztályfőnök állíthatja.")); } return(RequestAuthorizationResult.Success); }
private RequestAuthorizationResult CheckUserAuthorizationInTenant(Guid tenantId) { if (identityService.IsInGlobalRole(GlobalRoleType.TenantAdministrator)) { return(RequestAuthorizationResult.Success); } if (!identityService.IsInRole(TenantRoleType.Administrator)) { return(RequestAuthorizationResult.Failure("Az iskolát csak a rendszeradminisztrátorok és adminisztrátorok tekinthetik meg.")); } var userTenantId = identityService.GetTenantId(); return(userTenantId == tenantId ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure( "Az adminisztrátorok csak a saját iskoláik megtekintésére jogosultak.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(AbsenceListQuery request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var student = await context.Students.Include(x => x.Class) .ThenInclude(x => x.HeadTeacher) .Include(x => x.StudentParents) .ThenInclude(x => x.Parent) .SingleAsync(x => x.Id == request.StudentId, cancellationToken); if (identityService.IsInRole(TenantRoleType.Administrator) || currentUserId == student.UserId || student.Class.HeadTeacher.UserId == currentUserId || student.StudentParents.Any(x => x.Parent.UserId == currentUserId)) { return(RequestAuthorizationResult.Success); } return(RequestAuthorizationResult.Failure( "Egy diák hiányzásait csak az osztályfőnök, a diák, a szülei és az adminisztrátorok tekinthetik meg.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(FileGetQuery request, CancellationToken cancellationToken) { var currentUserId = identityService.GetCurrentUserId(); var file = await context.Files.Include(x => x.HomeworkSolution) .ThenInclude(x => x.Student) .Include(x => x.HomeworkSolution) .ThenInclude(x => x.Homework) .ThenInclude(x => x.Lesson) .ThenInclude(x => x.ClassSchoolYearSubject) .ThenInclude(x => x.ClassSchoolYearSubjectTeachers) .ThenInclude(x => x.Teacher) .SingleAsync(x => x.Id == request.FileId, cancellationToken); var isAuthorized = file.HomeworkSolution.Student.UserId == currentUserId || file.HomeworkSolution.Homework.Lesson.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.Any(x => x.Teacher.UserId == currentUserId); return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure( "A beadott fájlokat csak a beadó diák és a javító tanárok tekinthetik meg.")); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(EditCommand <LessonCancellationSetCommand> request, CancellationToken cancellationToken) { if (!identityService.IsInRole(TenantRoleType.Administrator) && !identityService.IsInRole(TenantRoleType.Teacher)) { return(RequestAuthorizationResult.Failure("Csak adminisztrátorok és tanárok állíthatják az óra állapotát.")); } var currentUserId = identityService.GetCurrentUserId(); var lesson = await context.Lessons.Include(x => x.ClassSchoolYearSubject) .ThenInclude(x => x.ClassSchoolYearSubjectTeachers) .ThenInclude(x => x.Teacher) .SingleAsync(x => x.Id == request.Id, cancellationToken); if (identityService.IsInRole(TenantRoleType.Teacher) && lesson.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.All(x => x.Teacher.UserId != currentUserId)) { return(RequestAuthorizationResult.Failure("Csak olyan tanár állíthatja az óra állapotát aki az adott tárgyat tartja.")); } return(RequestAuthorizationResult.Success); }
public async Task <RequestAuthorizationResult> IsAuthorizedAsync(TaskAnswerGetQuery request, CancellationToken cancellationToken) { var isAuthorized = false; var currentUserId = identityService.GetCurrentUserId(); if (identityService.IsInRole(TenantRoleType.Student)) { isAuthorized = await context.TaskAnswers.AnyAsync( x => x.Id == request.Id && x.TestAnswer.StudentTest.Student.UserId == currentUserId, cancellationToken); } else if (identityService.IsInRole(TenantRoleType.Teacher)) { isAuthorized = await context.TaskAnswers.AnyAsync( x => x.Id == request.Id && x.TestAnswer.StudentTest.Test.ClassSchoolYearSubject.ClassSchoolYearSubjectTeachers.Any(t => t.Teacher.UserId == currentUserId), cancellationToken); } return(isAuthorized ? RequestAuthorizationResult.Success : RequestAuthorizationResult.Failure( "A feladatmegoldást csak a beadó diák és a javító tanár tekintheti meg.")); }