public async Task <IList <Project> > GetAvailableProjectsList(string userId) { if (userContext.IsAdmin()) { return(await dbContext.Projects .ToListAsync()); } return(await dbContext.Projects .Join(dbContext.UserProjects, p => p.ProjectId, up => up.ProjectId, (p, up) => new { Project = p, Assigment = up }) .Where(a => a.Assigment.UserId == userId) .Select(a => a.Project) .ToListAsync()); }
private async Task VerifyProjectAccess(Guid projectId) { if (!userContext.IsAdmin() && await dbContext.UserProjects.FirstOrDefaultAsync(up => up.ProjectId == projectId && up.UserId == userContext.UserId) == null) { throw new ApplicationException($"Current user [{userContext.UserId}] cannot execute this action for project [{projectId}]"); } }
private async Task VerifyAccessToProject(Guid projectId) { var project = await dbContext.Projects .Include(p => p.Users) .FirstOrDefaultAsync(p => p.ProjectId == projectId); if (project == null) { throw new ApplicationException($"Project [{projectId}] does not exist"); } if (!project.Users.Select(u => u.UserId).Contains(userContext.UserId) && !userContext.IsAdmin()) { throw new ApplicationException($"User[{userContext.UserId}] does not have access to project [{projectId}]"); } }