Пример #1
0
        public async Task <bool> ValidateAsync <TRequest>(TRequest request) where TRequest : IBaseRequest
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            var userOid = _currentUserProvider.GetCurrentUserOid();

            if (request is IProjectRequest projectRequest && !_projectAccessChecker.HasCurrentUserAccessToProject(projectRequest.ProjectName))
            {
                _logger.LogWarning($"Current user {userOid} don't have access to project {projectRequest.ProjectName}");
                return(false);
            }


            if (request is IPurchaseOrderCommandRequest poCommandRequest)
            {
                var projectName     = ""; // todo await _poHelper.GetProjectNameAsync(poCommandRequest.PurchaseOrderId);
                var accessToProject = _projectAccessChecker.HasCurrentUserAccessToProject(projectName);

                if (!accessToProject)
                {
                    _logger.LogWarning($"Current user {userOid} don't have access to project {projectName}");
                }

                var accessToContent = await HasCurrentUserAccessToContentAsync(poCommandRequest);

                if (!accessToContent)
                {
                    _logger.LogWarning($"Current user {userOid} don't have access to content {poCommandRequest.PurchaseOrderId}");
                }
                return(accessToProject && accessToContent);
            }

            if (request is IPurchaseOrderQueryRequest poQueryRequest)
            {
                var projectName = ""; // todo await _poHelper.GetProjectNameAsync(poQueryRequest.PurchaseOrderId);
                if (!_projectAccessChecker.HasCurrentUserAccessToProject(projectName))
                {
                    _logger.LogWarning($"Current user {userOid} don't have access to project {projectName}");
                    return(false);
                }
            }

            return(true);
        }
Пример #2
0
        public async Task <bool> ValidateAsync <TRequest>(TRequest request) where TRequest : IBaseRequest
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            var userOid = _currentUserProvider.GetCurrentUserOid();

            if (request is IProjectRequest projectRequest && !_projectAccessChecker.HasCurrentUserAccessToProject(projectRequest.ProjectName))
            {
                _logger.LogWarning($"Current user {userOid} doesn't have have access to project {projectRequest.ProjectName}");
                return(false);
            }

            if (request is ITagCommandRequest tagCommandRequest)
            {
                if (!await HasCurrentUserAccessToProjectAsync(tagCommandRequest.TagId, userOid))
                {
                    return(false);
                }

                if (!await HasCurrentUserAccessToContentAsync(tagCommandRequest))
                {
                    _logger.LogWarning($"Current user {userOid} doesn't have access to content {tagCommandRequest.TagId}");
                    return(false);
                }
            }

            if (request is ITagQueryRequest tagQueryRequest)
            {
                if (!await HasCurrentUserAccessToProjectAsync(tagQueryRequest.TagId, userOid))
                {
                    return(false);
                }
            }

            if (request is ICrossPlantQueryRequest)
            {
                if (!IsUserCrossPlantUser(userOid))
                {
                    return(false);
                }
            }

            return(true);
        }
Пример #3
0
        public async Task <bool> ValidateAsync <TRequest>(TRequest request) where TRequest : IBaseRequest
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            var userOid = _currentUserProvider.GetCurrentUserOid();

            if (request is IProjectRequest projectRequest &&
                !_projectAccessChecker.HasCurrentUserAccessToProject(projectRequest.ProjectName))
            {
                _logger.LogWarning($"Current user {userOid} don't have access to project {projectRequest.ProjectName}");
                return(false);
            }



            if (request is IInvitationCommandRequest invitationCommandRequest)
            {
                if (!await HasCurrentUserAccessToProjectAsync(invitationCommandRequest.InvitationId, userOid))
                {
                    return(false);
                }
            }

            if (request is IInvitationQueryRequest invitationQueryRequest)
            {
                if (!await HasCurrentUserAccessToProjectAsync(invitationQueryRequest.InvitationId, userOid))
                {
                    return(false);
                }
            }

            return(true);
        }