protected override async Task HandleOrderCancellationAsync(AuthorizationHandlerContext context, OrderOperationAuthorizationRequirement requirement, Order resource) { if (!await _permissionChecker.IsGrantedAsync(OrdersPermissions.Orders.Cancel)) { context.Fail(); return; } if (resource.CustomerUserId != _currentUser.GetId()) { if (!await _permissionChecker.IsGrantedAsync(OrdersPermissions.Orders.Manage)) { context.Fail(); return; } if (!await _storeOwnerStore.IsStoreOwnerAsync(resource.StoreId, _currentUser.GetId()) && !await _permissionChecker.IsGrantedAsync(OrdersPermissions.Orders.CrossStore)) { context.Fail(); return; } } if (!resource.IsPaid()) { context.Succeed(requirement); return; } }
protected override async Task HandleOrderCreationAsync(AuthorizationHandlerContext context, OrderOperationAuthorizationRequirement requirement, OrderCreationResource resource) { if (!await IsProductsPublishedAsync(resource.Input, resource.ProductDictionary)) { context.Fail(); return; } if (!await IsInventoriesSufficientAsync(resource.Input, resource.ProductDictionary)) { context.Fail(); return; } context.Succeed(requirement); }