public async Task <UserDTO> Handle(GrantRevokePermissionsCommand command)
{
var agg = await _session.Get <UserAggregate>(command.Input.ForId);
var byAgg = await _session.Get <UserAggregate>(command.Input.ById);
var permissionsToGrant = GetPermissionsToGrant(agg.PermissionList, command.Input.Permissions);
var permissionsToRevoke = GetPermissionsToRevoke(agg.PermissionList, command.Input.Permissions);
var grantPermAggs = new List <PermissionAggregate>();
var revokePermAggs = new List <PermissionAggregate>();
if (byAgg.IsAdmin)
{
if (permissionsToGrant.Any())
{
foreach (var permission in permissionsToGrant)
{
grantPermAggs.Add(await _session.Get <PermissionAggregate>(permission.Key));
}
var grantUserPermissionDTO = new GrantUserPermissionDTO
{
ForId = agg.Id,
ById = byAgg.Id,
PermissionsToGrant = permissionsToGrant
};
agg.GrantPermission(byAgg, grantPermAggs, grantUserPermissionDTO);
}
if (permissionsToRevoke.Any())
{
foreach (var permission in permissionsToRevoke)
{
revokePermAggs.Add(await _session.Get <PermissionAggregate>(permission.Key));
}
var revokeUserPermissionDTO = new RevokeUserPermissionDTO
{
ForId = agg.Id,
ById = byAgg.Id,
PermissionsToRevoke = permissionsToRevoke
};
agg.RevokePermission(byAgg, revokeUserPermissionDTO);
}
_email.SendPermissionsUpdatedMessage(agg, revokePermAggs, grantPermAggs);
await _session.Commit();
}
return(_mapper.Map <UserAggregate, UserDTO>(await _session.Get <UserAggregate>(agg.Id)));
}
