protected override async Task <Task> HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, Issue issue) { ObjectId userId = context.User.GetUserId(); if (context.User is null || issue is null) { return(Task.CompletedTask); } Project issueProject = await _projectRepository.GetAsync(issue.ProjectId); if (issueProject is null) { return(Task.CompletedTask); } Company issueCompany = await _companyRepository.GetAsync(issueProject.CompanyId); if (issueCompany is null) { return(Task.CompletedTask); } IEnumerable <State> projectStates = issueProject.States; if (projectStates is null) { return(Task.CompletedTask); } State currentIssueState = projectStates.FirstOrDefault(ps => ps.Id.Equals(issue.StateId)); if (currentIssueState is null) { return(Task.CompletedTask); } PropertyUser projectUser = issueProject.Users?.FirstOrDefault(usr => usr.UserId.Equals(userId)); PropertyUser companyUser = issueCompany.Users?.FirstOrDefault(usr => usr.UserId.Equals(userId)); IList <ObjectId> userRoles = AuthorizationUtils.RolesOfUser(projectUser, companyUser); switch (currentIssueState.Phase) { case State.NegotiationPhase: ValidateRequirmentInNegotiationPhase(context, requirement, userRoles); break; case State.ProcessingPhase: ValidateRequirmentInProcessingPhase(context, requirement, userRoles); break; case State.ConclusionPhase: ValidateRequirmentInConclusionPhase(context, requirement, userRoles); break; } return(Task.CompletedTask); }