Esempio n. 1
0
        public async Task <Mail> GetDetails(int mailId)
        {
            var  activeUserId = GetActiveUserId();
            bool canReadAll   = HasPermission(Permission.ReadAllMail);
            var  mail         = await _mailRepository.GetByIdAsync(mailId);

            if (mail == null)
            {
                throw new GraException("The requested mail could not be accessed or does not exist.");
            }
            if (mail.FromUserId == activeUserId || mail.ToUserId == activeUserId || canReadAll)
            {
                return(mail);
            }
            _logger.LogError($"User {activeUserId} doesn't have permission to view details for message {mailId}.");
            throw new GraException("Permission denied.");
        }