public async Task <UserDTO> Handle(GrantRevokePermissionsCommand command) { var agg = await _session.Get <UserAggregate>(command.Input.ForId); var byAgg = await _session.Get <UserAggregate>(command.Input.ById); var permissionsToGrant = GetPermissionsToGrant(agg.PermissionList, command.Input.Permissions); var permissionsToRevoke = GetPermissionsToRevoke(agg.PermissionList, command.Input.Permissions); var grantPermAggs = new List <PermissionAggregate>(); var revokePermAggs = new List <PermissionAggregate>(); if (byAgg.IsAdmin) { if (permissionsToGrant.Any()) { foreach (var permission in permissionsToGrant) { grantPermAggs.Add(await _session.Get <PermissionAggregate>(permission.Key)); } var grantUserPermissionDTO = new GrantUserPermissionDTO { ForId = agg.Id, ById = byAgg.Id, PermissionsToGrant = permissionsToGrant }; agg.GrantPermission(byAgg, grantPermAggs, grantUserPermissionDTO); } if (permissionsToRevoke.Any()) { foreach (var permission in permissionsToRevoke) { revokePermAggs.Add(await _session.Get <PermissionAggregate>(permission.Key)); } var revokeUserPermissionDTO = new RevokeUserPermissionDTO { ForId = agg.Id, ById = byAgg.Id, PermissionsToRevoke = permissionsToRevoke }; agg.RevokePermission(byAgg, revokeUserPermissionDTO); } _email.SendPermissionsUpdatedMessage(agg, revokePermAggs, grantPermAggs); await _session.Commit(); } return(_mapper.Map <UserAggregate, UserDTO>(await _session.Get <UserAggregate>(agg.Id))); }