protected void CheckAdditionalPermissionHandlers <TCommandHandler>(TCommandHandler _commandHandler, IExecutionContext executionContext, IPermissionValidationService _permissionValidationService) { // Hardcoded checking of a few additional handlers, but could use DI here to make this more flexible. if (_commandHandler is ILoggedInPermissionCheckHandler) { _permissionValidationService.EnforceIsLoggedIn(executionContext.UserContext); } if (_commandHandler is ICofoundryUserPermissionCheckHandler) { _permissionValidationService.EnforceHasPermissionToUserArea(CofoundryAdminUserArea.AreaCode, executionContext.UserContext); } }
private Role MapAndAddRole(AddRoleCommand command, IExecutionContext executionContext, List <Permission> permissions) { _permissionValidationService.EnforceHasPermissionToUserArea(command.UserAreaCode, executionContext.UserContext); var role = new Role(); role.Title = command.Title.Trim(); role.UserAreaCode = command.UserAreaCode; foreach (var permission in EnumerableHelper.Enumerate(permissions)) { role.Permissions.Add(permission); } _dbContext.Roles.Add(role); return(role); }
private async Task EnsureUserAreaExistsAndValidatePermission(List <Role> existingRoles, IExecutionContext executionContext) { var allUserAreaCodes = _roleDefinitions .Select(a => a.UserAreaCode) .Distinct(); foreach (var userAreaCode in allUserAreaCodes) { // Make sure we have permissions to this user area before we start adding roles _permissionValidationService.EnforceHasPermissionToUserArea(userAreaCode, executionContext.UserContext); // If the user area already exists on a role then we don't need to check it if (!existingRoles .Any(r => r.UserAreaCode == userAreaCode)) { await _commandExecutor.ExecuteAsync(new EnsureUserAreaExistsCommand(userAreaCode)); } } }