protected async Task <bool> IsGranted(WorkContext workContext, IPermissionManager permissionManager)
{
var reqInfo = workContext.RequestInfo;
var cfgRecord = workContext.CurrentEntityConfigRecord;
_logger.LogDebug($"Request requires entity Id valued: {reqInfo.RequesteeId}");
if (HttpMethods.IsPost(reqInfo.Method) ||
(HttpMethods.IsGet(reqInfo.Method) && !reqInfo.RequesteeId.HasValue()))
{
_logger.LogDebug("User is granted - get all and post are always granted");
return(true);
}
_logger.LogDebug("Check usesr permissions");
var userId = workContext.CurrentUserId;
_logger.LogDebug($"Request requires permissions for user Id valued: {userId}");
var entityKey = cfgRecord.EntityKey;
_logger.LogDebug($"Request requires entity key valued: {entityKey}");
var permissionFunc = PermissionFuncs.GetByHttpMethod(reqInfo.Method);
if (permissionFunc == null)
{
return(false);
}
var permissionKey = permissionFunc(cfgRecord);
_logger.LogDebug($"Request requires permission key valued: {permissionKey}");
return(await permissionManager.UserHasPermissionOnEntity(userId, entityKey, permissionKey, reqInfo.RequesteeId));
}
public void AllFuncs()
{
string post = "post",
get = "get",
put = "put",
delete = "delete";
var tc = new EntityConfigRecord {
PermissionRecord = new PermissionRecord(post, get, put, delete)
};
PermissionFuncs.GetByHttpMethod(post)(tc).ShouldBe(post);
PermissionFuncs.GetByHttpMethod(get)(tc).ShouldBe(get);
PermissionFuncs.GetByHttpMethod(put)(tc).ShouldBe(put);
PermissionFuncs.GetByHttpMethod(delete)(tc).ShouldBe(delete);
}
public void ReturnsNullOnKeyNotExists()
{
PermissionFuncs.GetByHttpMethod("not-existst").ShouldBeNull();
}