private static void CheckCommitmentStatus(Commitment commitment)
{
if (commitment.CommitmentStatus != CommitmentStatus.New && commitment.CommitmentStatus != CommitmentStatus.Active)
{
throw new InvalidOperationException($"Commitment {commitment.Id} cannot be updated because status is {commitment.CommitmentStatus}");
}
}
private static void CheckCommitmentCanBeUpdated(UpdateCommitmentAgreementCommand command, Commitment commitment)
{
CheckCommitmentStatus(commitment);
CheckEditStatus(command, commitment);
CheckAuthorization(command, commitment);
}
private static void CheckAuthorization(UpdateCommitmentAgreementCommand message, Commitment commitment)
{
switch (message.Caller.CallerType)
{
case CallerType.Provider:
if (commitment.ProviderId != message.Caller.Id)
{
throw new UnauthorizedException($"Provider {message.Caller.Id} not authorised to access commitment: {message.CommitmentId}, expected provider {commitment.ProviderId}");
}
break;
case CallerType.Employer:
if (commitment.EmployerAccountId != message.Caller.Id)
{
throw new UnauthorizedException($"Employer {message.Caller.Id} not authorised to access commitment: {message.CommitmentId}, expected employer {commitment.EmployerAccountId}");
}
break;
}
}
private static void CheckEditStatus(UpdateCommitmentAgreementCommand message, Commitment commitment)
{
switch (message.Caller.CallerType)
{
case CallerType.Provider:
if (commitment.EditStatus != EditStatus.Both && commitment.EditStatus != EditStatus.ProviderOnly)
{
throw new UnauthorizedException($"Provider {message.Caller.Id} not allowed to edit commitment: {message.CommitmentId}");
}
break;
case CallerType.Employer:
if (commitment.EditStatus != EditStatus.Both && commitment.EditStatus != EditStatus.EmployerOnly)
{
throw new UnauthorizedException($"Employer {message.Caller.Id} not allowed to edit commitment: {message.CommitmentId}");
}
break;
}
}