/// <inheritdoc/>
public IEnumerable <string> LocationIdsWithPermission(MeUser user, Permission permission)
{
var locations = user
.Permissions
.Where(up => up.LocationId != null)
.Where(up => _rolePermissions.Can((UserRoles)up.UserRole, permission))
.Select(up => up.LocationId);
return(locations);
}
/// <inheritdoc/>
public async Task <bool> HasPermission(string oktaId, Permission permission)
{
if (_authorizationSettings.Value.Disable)
{
return(true);
}
var meUser = await _userRetrievalService.Handle(new UserRetrievalByOktaIdQuery(oktaId));
if (meUser.Permissions != null)
{
var hasPermission = meUser.Permissions.Any(
p => _rolePermissions.Can((UserRoles)p.UserRole, permission) && p.LocationId != null);
if (hasPermission)
{
return(true);
}
}
return(false);
}
/// <inheritdoc/>
public async Task <bool> HasPermission(string emailAddress, ILocationPath document, Permission permission)
{
if (_authorizationSettings.Value.Disable)
{
return(true);
}
var meUser = await _userRetrievalService.Handle(new UserRetrievalByOktaIdQuery(emailAddress));
if (meUser.Permissions != null)
{
var hasPermission = meUser.Permissions.Any(
p => _rolePermissions.Can((UserRoles)p.UserRole, permission) &&
document.LocationIds().Any(l => l == p.LocationId));
if (hasPermission)
{
return(true);
}
}
return(false);
}
