public async Task <UserDTO> RevokePermission([FromBody] RevokeUserPermissionDTO input) { var command = new RevokeUserPermissionCommand(input); var result = await _commandDispatcher.Execute(command); return(result); }
public void RevokePermission(UserAggregate byAgg, RevokeUserPermissionDTO dto) { // only go through with revoke if the byAgg is an admin, or if the user is operating on themselves if (!byAgg.IsAdmin) { if (this.Id != byAgg.Id) { return; // invalid operation } } var markedForRemoval = new List <Guid>(); foreach (var permission in dto.PermissionsToRevoke) { // do not revoke permissions that are not in the Granted state if (!string.Equals(JsonConvert.DeserializeObject <string>(this.PermissionList[permission.Key].EventType), typeof(UserPermissionGrantedEvent).FullName)) { markedForRemoval.Add(permission.Key); } } markedForRemoval.ForEach(a => dto.PermissionsToRevoke.Remove(a)); if (dto.PermissionsToRevoke.Any()) { ApplyChange(new UserPermissionRevokedEvent(dto)); } }
public void user_permission_list_should_not_have_revoked_permission_after_UserPermissionRevokedEvent_when_permission_was_not_previously_granted() { // Assemble var agg = UserAggregateMockAggregate.SetupAdminUser(); var permissionAgg = UserAggregateMockAggregate.SetupTestPermission(); RevokeUserPermissionDTO revokeInput = new RevokeUserPermissionDTO() { ForId = agg.Id, ById = agg.Id, PermissionsToRevoke = new Dictionary <Guid, PermissionDetails> { { permissionAgg.Id, new PermissionDetails { Reason = "test revoke reason" } } } }; RequestUserPermissionsDTO requestInput = new RequestUserPermissionsDTO { ForId = agg.Id, ById = agg.Id, Requests = new Dictionary <Guid, PermissionDetails> { { permissionAgg.Id, new PermissionDetails { Reason = "TestReason" } } }, }; agg.UserRequestedPermissions(new List <PermissionAggregate> { permissionAgg }, requestInput); // Apply agg.RevokePermission(agg, revokeInput); // Assert var changes = agg.FlushUncommitedChanges(); Assert.Equal(2, changes.Length); Assert.Collection(changes, (e) => { Assert.IsType <UserCreatedEvent>(e); }, (e) => { Assert.IsType <UserPermissionsRequestedEvent>(e); } ); Assert.True(agg.PermissionList.ContainsKey(permissionAgg.Id)); Assert.Equal(agg.PermissionList[permissionAgg.Id].EventType, JsonConvert.SerializeObject(typeof(UserPermissionsRequestedEvent).FullName)); }
public void give_RevokeUserPermissionCommand_handler_should_call_session_Get_and_Commit_on_granted_permission() { // Assemble var mockAgg = new RevokeUserPermissionCommandHandlerMockAggregate(); var testAgg = mockAgg.SetupAdminUser(); var testPermissionAgg = mockAgg.SetupTestPermission(); mockAgg.setup_session_to_return_correct_aggregate(testAgg, testPermissionAgg); var grantHandler = mockAgg.GrantUserPermissionRequestHandlerFactory(); var revokeHandler = mockAgg.RevokeUserPermissionHandlerFactory(); var grantInput = new GrantUserPermissionDTO { ForId = testAgg.Id, ById = testAgg.Id, PermissionsToGrant = new Dictionary <Guid, PermissionDetails> { { testPermissionAgg.Id, new PermissionDetails { Reason = "testGrantReason" } } } }; var grantCommand = new GrantUserPermissionCommand(grantInput); var revokeInput = new RevokeUserPermissionDTO { ForId = testAgg.Id, ById = testAgg.Id, PermissionsToRevoke = new Dictionary <Guid, PermissionDetails> { { testPermissionAgg.Id, new PermissionDetails { Reason = "testRevokeReason" } } } }; var revokeCommand = new RevokeUserPermissionCommand(revokeInput); var grantResult = grantHandler.Handle(grantCommand); // Apply var revokeResult = revokeHandler.Handle(revokeCommand); // Assert Assert.True(mockAgg.SessionGetWasCalled); Assert.True(mockAgg.SessionCommitWasCalled); Assert.True(mockAgg.SessionGetPermisisonWasCalled); }
public async Task <UserDTO> Handle(GrantRevokePermissionsCommand command) { var agg = await _session.Get <UserAggregate>(command.Input.ForId); var byAgg = await _session.Get <UserAggregate>(command.Input.ById); var permissionsToGrant = GetPermissionsToGrant(agg.PermissionList, command.Input.Permissions); var permissionsToRevoke = GetPermissionsToRevoke(agg.PermissionList, command.Input.Permissions); var grantPermAggs = new List <PermissionAggregate>(); var revokePermAggs = new List <PermissionAggregate>(); if (byAgg.IsAdmin) { if (permissionsToGrant.Any()) { foreach (var permission in permissionsToGrant) { grantPermAggs.Add(await _session.Get <PermissionAggregate>(permission.Key)); } var grantUserPermissionDTO = new GrantUserPermissionDTO { ForId = agg.Id, ById = byAgg.Id, PermissionsToGrant = permissionsToGrant }; agg.GrantPermission(byAgg, grantPermAggs, grantUserPermissionDTO); } if (permissionsToRevoke.Any()) { foreach (var permission in permissionsToRevoke) { revokePermAggs.Add(await _session.Get <PermissionAggregate>(permission.Key)); } var revokeUserPermissionDTO = new RevokeUserPermissionDTO { ForId = agg.Id, ById = byAgg.Id, PermissionsToRevoke = permissionsToRevoke }; agg.RevokePermission(byAgg, revokeUserPermissionDTO); } _email.SendPermissionsUpdatedMessage(agg, revokePermAggs, grantPermAggs); await _session.Commit(); } return(_mapper.Map <UserAggregate, UserDTO>(await _session.Get <UserAggregate>(agg.Id))); }
public async void given_revokeuserpermissionscommand_command_dispatcher_should_get_same_command_created_in_controller() { //Assemble var mockAgg = new UserControllerMockAggregate(); var id = new Guid(); var userId = new Guid(); var requests = new Dictionary <Guid, PermissionDetails> { { new Guid(), new PermissionDetails { EventType = "testEvent", IsPending = true, Reason = "testReason", RequestedBy = id, RequestedFor = userId, RequestDate = new DateTime() } } }; var input = new RevokeUserPermissionDTO() { ById = id, ForId = userId, PermissionsToRevoke = requests }; var command = new RevokeUserPermissionCommand(input); mockAgg.setup_dispatcher_to_verify_revokeUserPermissionRequestCommands_are_the_same(command); var controller = mockAgg.CreateUserController(); //Apply var result = await controller.RevokePermission(input); //Assert Assert.IsType <UserDTO>(result); Assert.Equal(result.Id, input.ForId); Assert.Equal(result.PermissionList, input.PermissionsToRevoke); }
public UserPermissionRevokedEvent(RevokeUserPermissionDTO dto) { ForId = dto.ForId; ById = dto.ById; foreach (var permission in dto.PermissionsToRevoke) { var reason = String.IsNullOrWhiteSpace(permission.Value.Reason) ? "Reason Not Specified": permission.Value.Reason; var p = new PermissionDetails { EventType = JsonConvert.SerializeObject(GetType().FullName), IsPending = false, Reason = reason, RequestDate = TimeStamp, RequestedBy = dto.ById, RequestedFor = dto.ForId }; PermissionsToRevoke[permission.Key] = p; } }
public void user_permission_list_should_have_revoked_permission_after_UserPermissionRevokedEvent_when_permission_was_previously_granted() { // Assemble var agg = UserAggregateMockAggregate.SetupAdminUser(); var permissionAgg = UserAggregateMockAggregate.SetupTestPermission(); GrantUserPermissionDTO input = new GrantUserPermissionDTO { ForId = agg.Id, ById = agg.Id, PermissionsToGrant = new Dictionary <Guid, PermissionDetails> { { permissionAgg.Id, new PermissionDetails { Reason = "test grant Reason" } } } }; agg.GrantPermission(agg, new List <PermissionAggregate> { permissionAgg }, input); RevokeUserPermissionDTO revokeInput = new RevokeUserPermissionDTO() { ForId = agg.Id, ById = agg.Id, PermissionsToRevoke = new Dictionary <Guid, PermissionDetails> { { permissionAgg.Id, new PermissionDetails { Reason = "test revoke reason" } } } }; // Apply agg.RevokePermission(agg, revokeInput); // Assert var changes = agg.FlushUncommitedChanges(); Assert.Equal(3, changes.Length); Assert.Collection(changes, (e) => { Assert.IsType <UserCreatedEvent>(e); }, (e) => { Assert.IsType <UserPermissionGrantedEvent>(e); }, (e) => { Assert.IsType <UserPermissionRevokedEvent>(e); var @event = (UserPermissionRevokedEvent)e; Assert.NotEqual(Guid.Empty, @event.Id); Assert.Equal(3, @event.Version); Assert.Equal(agg.Id, @event.ForId); Assert.Equal(agg.Id, @event.ById); Assert.True(@event.PermissionsToRevoke.ContainsKey(permissionAgg.Id)); Assert.Equal(@event.PermissionsToRevoke[permissionAgg.Id].EventType, JsonConvert.SerializeObject(typeof(UserPermissionRevokedEvent).FullName)); }); Assert.True(agg.PermissionList.ContainsKey(permissionAgg.Id)); Assert.Equal(agg.PermissionList[permissionAgg.Id].EventType, JsonConvert.SerializeObject(typeof(UserPermissionRevokedEvent).FullName)); }
public RevokeUserPermissionCommand(RevokeUserPermissionDTO input) { Input = input; }