public async Task ValidatePermissionsAsync(User user, IExecutionContext executionContext) { if (user.UserId == executionContext.UserContext.UserId) { throw new NotPermittedException("A user cannot reset the password on their own user account."); } var userArea = _userAreaDefinitionRepository.GetRequiredByCode(user.UserAreaCode); if (userArea is CofoundryAdminUserArea) { _permissionValidationService.EnforcePermission(new CofoundryUserResetPasswordPermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserResetPasswordPermission(), executionContext.UserContext); } await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext); }
private async Task ValidatePasswordAsync( UpdateUserPasswordByUserIdCommand command, User user, IExecutionContext executionContext ) { await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext); var userArea = _userAreaRepository.GetRequiredByCode(user.UserAreaCode); _passwordUpdateCommandHelper.ValidateUserArea(userArea); _passwordUpdateCommandHelper.ValidatePermissions(userArea, executionContext); var context = NewPasswordValidationContext.MapFromUser(user); context.Password = command.NewPassword; context.PropertyName = nameof(command.NewPassword); context.ExecutionContext = executionContext; await _newPasswordValidationService.ValidateAsync(context); }
private async Task ValidateCustomPermissionsAsync(User user, IExecutionContext executionContext) { if (user.IsSystemAccount) { throw new NotPermittedException("You cannot delete the system account."); } if (user.UserAreaCode == CofoundryAdminUserArea.Code) { _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext); } if (user.UserId == executionContext.UserContext.UserId) { throw new NotPermittedException("You cannot delete your own user account via this api."); } // Only super admins can delete super admin await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext); }