public async Task ValidatePermissionsAsync(User user, IExecutionContext executionContext)
{
if (user.UserId == executionContext.UserContext.UserId)
{
throw new NotPermittedException("A user cannot reset the password on their own user account.");
}
var userArea = _userAreaDefinitionRepository.GetRequiredByCode(user.UserAreaCode);
if (userArea is CofoundryAdminUserArea)
{
_permissionValidationService.EnforcePermission(new CofoundryUserResetPasswordPermission(), executionContext.UserContext);
}
else
{
_permissionValidationService.EnforcePermission(new NonCofoundryUserResetPasswordPermission(), executionContext.UserContext);
}
await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext);
}
private async Task ValidatePasswordAsync(
UpdateUserPasswordByUserIdCommand command,
User user,
IExecutionContext executionContext
)
{
await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext);
var userArea = _userAreaRepository.GetRequiredByCode(user.UserAreaCode);
_passwordUpdateCommandHelper.ValidateUserArea(userArea);
_passwordUpdateCommandHelper.ValidatePermissions(userArea, executionContext);
var context = NewPasswordValidationContext.MapFromUser(user);
context.Password = command.NewPassword;
context.PropertyName = nameof(command.NewPassword);
context.ExecutionContext = executionContext;
await _newPasswordValidationService.ValidateAsync(context);
}
private async Task ValidateCustomPermissionsAsync(User user, IExecutionContext executionContext)
{
if (user.IsSystemAccount)
{
throw new NotPermittedException("You cannot delete the system account.");
}
if (user.UserAreaCode == CofoundryAdminUserArea.Code)
{
_permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
}
else
{
_permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
}
if (user.UserId == executionContext.UserContext.UserId)
{
throw new NotPermittedException("You cannot delete your own user account via this api.");
}
// Only super admins can delete super admin
await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext);
}
