protected void CheckAdditionalPermissionHandlers <TCommandHandler>(TCommandHandler _commandHandler, IExecutionContext executionContext, IPermissionValidationService _permissionValidationService)
{
// Hardcoded checking of a few additional handlers, but could use DI here to make this more flexible.
if (_commandHandler is ILoggedInPermissionCheckHandler)
{
_permissionValidationService.EnforceIsLoggedIn(executionContext.UserContext);
}
if (_commandHandler is ICofoundryUserPermissionCheckHandler)
{
_permissionValidationService.EnforceHasPermissionToUserArea(CofoundryAdminUserArea.AreaCode, executionContext.UserContext);
}
}
private Role MapAndAddRole(AddRoleCommand command, IExecutionContext executionContext, List <Permission> permissions)
{
_permissionValidationService.EnforceHasPermissionToUserArea(command.UserAreaCode, executionContext.UserContext);
var role = new Role();
role.Title = command.Title.Trim();
role.UserAreaCode = command.UserAreaCode;
foreach (var permission in EnumerableHelper.Enumerate(permissions))
{
role.Permissions.Add(permission);
}
_dbContext.Roles.Add(role);
return(role);
}
private async Task EnsureUserAreaExistsAndValidatePermission(List <Role> existingRoles, IExecutionContext executionContext)
{
var allUserAreaCodes = _roleDefinitions
.Select(a => a.UserAreaCode)
.Distinct();
foreach (var userAreaCode in allUserAreaCodes)
{
// Make sure we have permissions to this user area before we start adding roles
_permissionValidationService.EnforceHasPermissionToUserArea(userAreaCode, executionContext.UserContext);
// If the user area already exists on a role then we don't need to check it
if (!existingRoles
.Any(r => r.UserAreaCode == userAreaCode))
{
await _commandExecutor.ExecuteAsync(new EnsureUserAreaExistsCommand(userAreaCode));
}
}
}