diff --git a/src/Application/Addresses/Commands/AddAddress/AddAddressCommandAuthorizer.cs b/src/Application/Addresses/Commands/AddAddress/AddAddressCommandAuthorizer.cs index 6c88c27..b4bbe78 100644 --- a/src/Application/Addresses/Commands/AddAddress/AddAddressCommandAuthorizer.cs +++ b/src/Application/Addresses/Commands/AddAddress/AddAddressCommandAuthorizer.cs @@ -22,9 +22,10 @@ public class AddAddressCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Addresses/Commands/DeleteAddress/DeleteAddressCommandAuthorizer.cs b/src/Application/Addresses/Commands/DeleteAddress/DeleteAddressCommandAuthorizer.cs index 7b5bb31..66a9511 100644 --- a/src/Application/Addresses/Commands/DeleteAddress/DeleteAddressCommandAuthorizer.cs +++ b/src/Application/Addresses/Commands/DeleteAddress/DeleteAddressCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class DeleteAddressCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Addresses/Commands/UpdateAddress/UpdateAddressCommandAuthorizer.cs b/src/Application/Addresses/Commands/UpdateAddress/UpdateAddressCommandAuthorizer.cs index 80860d1..055fd69 100644 --- a/src/Application/Addresses/Commands/UpdateAddress/UpdateAddressCommandAuthorizer.cs +++ b/src/Application/Addresses/Commands/UpdateAddress/UpdateAddressCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class UpdateAddressCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Addresses/Queries/GetAddress/GetAddressQueryAuthorizer.cs b/src/Application/Addresses/Queries/GetAddress/GetAddressQueryAuthorizer.cs index d6cfa6c..9bb9784 100644 --- a/src/Application/Addresses/Queries/GetAddress/GetAddressQueryAuthorizer.cs +++ b/src/Application/Addresses/Queries/GetAddress/GetAddressQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetAddressQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Addresses/Queries/GetAddressesPage/GetAddressesPageQueryAuthorizer.cs b/src/Application/Addresses/Queries/GetAddressesPage/GetAddressesPageQueryAuthorizer.cs index 6521dde..c868ec9 100644 --- a/src/Application/Addresses/Queries/GetAddressesPage/GetAddressesPageQueryAuthorizer.cs +++ b/src/Application/Addresses/Queries/GetAddressesPage/GetAddressesPageQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetAddressesPageQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Aircrafts/Commands/AddAircraft/AddAircraftCommandAuthorizer.cs b/src/Application/Aircrafts/Commands/AddAircraft/AddAircraftCommandAuthorizer.cs index 46621fb..69c650f 100644 --- a/src/Application/Aircrafts/Commands/AddAircraft/AddAircraftCommandAuthorizer.cs +++ b/src/Application/Aircrafts/Commands/AddAircraft/AddAircraftCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Aircrafts.Commands.AddAircraft; @@ -9,23 +9,34 @@ public class AddAircraftCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public AddAircraftCommandAuthorizer(SessionUserService sessionUserService) + public AddAircraftCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(AddAircraftCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Aircrafts/Commands/DeleteAircraft/DeleteAircraftCommandAuthorizer.cs b/src/Application/Aircrafts/Commands/DeleteAircraft/DeleteAircraftCommandAuthorizer.cs index 1aeae2a..295c08b 100644 --- a/src/Application/Aircrafts/Commands/DeleteAircraft/DeleteAircraftCommandAuthorizer.cs +++ b/src/Application/Aircrafts/Commands/DeleteAircraft/DeleteAircraftCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Aircrafts.Commands.DeleteAircraft; @@ -9,23 +9,34 @@ public class DeleteAircraftCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public DeleteAircraftCommandAuthorizer(SessionUserService sessionUserService) + public DeleteAircraftCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(DeleteAircraftCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicel = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicel?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Aircrafts/Commands/UpdateAircraft/UpdateAircraftCommandAuthorizer.cs b/src/Application/Aircrafts/Commands/UpdateAircraft/UpdateAircraftCommandAuthorizer.cs index b15c281..a23a8bf 100644 --- a/src/Application/Aircrafts/Commands/UpdateAircraft/UpdateAircraftCommandAuthorizer.cs +++ b/src/Application/Aircrafts/Commands/UpdateAircraft/UpdateAircraftCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Aircrafts.Commands.UpdateAircraft; @@ -9,23 +9,34 @@ public class UpdateAircraftCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public UpdateAircraftCommandAuthorizer(SessionUserService sessionUserService) + public UpdateAircraftCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(UpdateAircraftCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Aircrafts/Queries/GetAircraft/GetAircraftQueryAuthorizer.cs b/src/Application/Aircrafts/Queries/GetAircraft/GetAircraftQueryAuthorizer.cs index a0cc4e2..aac2bd3 100644 --- a/src/Application/Aircrafts/Queries/GetAircraft/GetAircraftQueryAuthorizer.cs +++ b/src/Application/Aircrafts/Queries/GetAircraft/GetAircraftQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Aircrafts.Queries.GetAircraft; @@ -9,23 +9,34 @@ public class GetAircraftQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetAircraftQueryAuthorizer(SessionUserService sessionUserService) + public GetAircraftQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetAircraftQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicel = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicel?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Aircrafts/Queries/GetAircraftsPage/GetAircraftsPageQueryAuthorizer.cs b/src/Application/Aircrafts/Queries/GetAircraftsPage/GetAircraftsPageQueryAuthorizer.cs index 41b94bb..2871ed3 100644 --- a/src/Application/Aircrafts/Queries/GetAircraftsPage/GetAircraftsPageQueryAuthorizer.cs +++ b/src/Application/Aircrafts/Queries/GetAircraftsPage/GetAircraftsPageQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Aircrafts.Queries.GetAircraftsPage; @@ -9,23 +9,34 @@ public class GetAircraftsPageQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetAircraftsPageQueryAuthorizer(SessionUserService sessionUserService) + public GetAircraftsPageQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetAircraftsPageQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Authentication/Commands/RenewAccessToken/RenewAccessTokenCommandAuthorizer.cs b/src/Application/Authentication/Commands/RenewAccessToken/RenewAccessTokenCommandAuthorizer.cs index 3d102fc..96f0a24 100644 --- a/src/Application/Authentication/Commands/RenewAccessToken/RenewAccessTokenCommandAuthorizer.cs +++ b/src/Application/Authentication/Commands/RenewAccessToken/RenewAccessTokenCommandAuthorizer.cs @@ -1,5 +1,4 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; -// using cuqmbr.TravelGuide.Application.Common.Services; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Authenticaion.Commands.RenewAccessToken; @@ -7,19 +6,8 @@ namespace cuqmbr.TravelGuide.Application.Authenticaion.Commands.RenewAccessToken public class RenewAccessTokenCommandAuthorizer : AbstractRequestAuthorizer { - // private readonly SessionUserService _sessionUserService; - // - // public RenewAccessTokenCommandAuthorizer(SessionUserService currentUserService) - // { - // _sessionUserService = currentUserService; - // } - public override void BuildPolicy(RenewAccessTokenCommand request) { UseRequirement(new AllowAllRequirement()); - // UseRequirement(new MustBeAuthenticatedRequirement - // { - // IsAuthenticated = _sessionUserService.IsAuthenticated - // }); } } diff --git a/src/Application/Authentication/Commands/RevokeRefreshToken/RevokeRefreshTokenCommandAuthorizer.cs b/src/Application/Authentication/Commands/RevokeRefreshToken/RevokeRefreshTokenCommandAuthorizer.cs index c0fe1d9..6ee840d 100644 --- a/src/Application/Authentication/Commands/RevokeRefreshToken/RevokeRefreshTokenCommandAuthorizer.cs +++ b/src/Application/Authentication/Commands/RevokeRefreshToken/RevokeRefreshTokenCommandAuthorizer.cs @@ -1,4 +1,5 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Services; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Authenticaion.Commands.RevokeRefreshToken; @@ -6,8 +7,18 @@ namespace cuqmbr.TravelGuide.Application.Authenticaion.Commands.RevokeRefreshTok public class RevokeRefreshTokenCommandAuthorizer : AbstractRequestAuthorizer { + private readonly SessionUserService _sessionUserService; + + public RevokeRefreshTokenCommandAuthorizer(SessionUserService currentUserService) + { + _sessionUserService = currentUserService; + } + public override void BuildPolicy(RevokeRefreshTokenCommand request) { - UseRequirement(new AllowAllRequirement()); + UseRequirement(new MustBeAuthenticatedRequirement + { + IsAuthenticated = _sessionUserService.IsAuthenticated + }); } } diff --git a/src/Application/Buses/Commands/AddBus/AddBusCommandAuthorizer.cs b/src/Application/Buses/Commands/AddBus/AddBusCommandAuthorizer.cs index 5e16639..ad47b23 100644 --- a/src/Application/Buses/Commands/AddBus/AddBusCommandAuthorizer.cs +++ b/src/Application/Buses/Commands/AddBus/AddBusCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Buses.Commands.AddBus; @@ -9,23 +9,34 @@ public class AddBusCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public AddBusCommandAuthorizer(SessionUserService sessionUserService) + public AddBusCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(AddBusCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Buses/Commands/DeleteBus/DeleteBusCommandAuthorizer.cs b/src/Application/Buses/Commands/DeleteBus/DeleteBusCommandAuthorizer.cs index f5858c7..24e4d72 100644 --- a/src/Application/Buses/Commands/DeleteBus/DeleteBusCommandAuthorizer.cs +++ b/src/Application/Buses/Commands/DeleteBus/DeleteBusCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Buses.Commands.DeleteBus; @@ -9,23 +9,34 @@ public class DeleteBusCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public DeleteBusCommandAuthorizer(SessionUserService sessionUserService) + public DeleteBusCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(DeleteBusCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicel = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicel?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Buses/Commands/UpdateBus/UpdateBusCommandAuthorizer.cs b/src/Application/Buses/Commands/UpdateBus/UpdateBusCommandAuthorizer.cs index 1b05021..11be53a 100644 --- a/src/Application/Buses/Commands/UpdateBus/UpdateBusCommandAuthorizer.cs +++ b/src/Application/Buses/Commands/UpdateBus/UpdateBusCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Buses.Commands.UpdateBus; @@ -9,23 +9,34 @@ public class UpdateBusCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public UpdateBusCommandAuthorizer(SessionUserService sessionUserService) + public UpdateBusCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(UpdateBusCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Buses/Queries/GetBus/GetBusQueryAuthorizer.cs b/src/Application/Buses/Queries/GetBus/GetBusQueryAuthorizer.cs index a22724c..1a898b1 100644 --- a/src/Application/Buses/Queries/GetBus/GetBusQueryAuthorizer.cs +++ b/src/Application/Buses/Queries/GetBus/GetBusQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Buses.Queries.GetBus; @@ -9,23 +9,34 @@ public class GetBusQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetBusQueryAuthorizer(SessionUserService sessionUserService) + public GetBusQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetBusQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicel = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicel?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Buses/Queries/GetBusesPage/GetBusesPageQueryAuthorizer.cs b/src/Application/Buses/Queries/GetBusesPage/GetBusesPageQueryAuthorizer.cs index 8c26e31..74b0c99 100644 --- a/src/Application/Buses/Queries/GetBusesPage/GetBusesPageQueryAuthorizer.cs +++ b/src/Application/Buses/Queries/GetBusesPage/GetBusesPageQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Buses.Queries.GetBusesPage; @@ -9,23 +9,34 @@ public class GetBusesPageQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetBusesPageQueryAuthorizer(SessionUserService sessionUserService) + public GetBusesPageQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetBusesPageQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Cities/Commands/AddCity/AddCityCommandAuthorizer.cs b/src/Application/Cities/Commands/AddCity/AddCityCommandAuthorizer.cs index 18d5425..32ff5c8 100644 --- a/src/Application/Cities/Commands/AddCity/AddCityCommandAuthorizer.cs +++ b/src/Application/Cities/Commands/AddCity/AddCityCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class AddCityCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Cities/Commands/DeleteCity/DeleteCityCommandAuthorizer.cs b/src/Application/Cities/Commands/DeleteCity/DeleteCityCommandAuthorizer.cs index f966a4e..9295ca7 100644 --- a/src/Application/Cities/Commands/DeleteCity/DeleteCityCommandAuthorizer.cs +++ b/src/Application/Cities/Commands/DeleteCity/DeleteCityCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class DeleteCityCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Cities/Commands/UpdateCity/UpdateCityCommandAuthorizer.cs b/src/Application/Cities/Commands/UpdateCity/UpdateCityCommandAuthorizer.cs index 263feaa..376f57d 100644 --- a/src/Application/Cities/Commands/UpdateCity/UpdateCityCommandAuthorizer.cs +++ b/src/Application/Cities/Commands/UpdateCity/UpdateCityCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class UpdateCityCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Cities/Queries/GetCitiesPage/GetCitiesPageQueryAuthorizer.cs b/src/Application/Cities/Queries/GetCitiesPage/GetCitiesPageQueryAuthorizer.cs index e52cd0d..a14f95d 100644 --- a/src/Application/Cities/Queries/GetCitiesPage/GetCitiesPageQueryAuthorizer.cs +++ b/src/Application/Cities/Queries/GetCitiesPage/GetCitiesPageQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetCitiesPageQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Cities/Queries/GetCity/GetCityQueryAuthorizer.cs b/src/Application/Cities/Queries/GetCity/GetCityQueryAuthorizer.cs index 875847f..d811478 100644 --- a/src/Application/Cities/Queries/GetCity/GetCityQueryAuthorizer.cs +++ b/src/Application/Cities/Queries/GetCity/GetCityQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetCityQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Common/Authorization/MustBeInRolesRequirement.cs b/src/Application/Common/Authorization/MustBeInAnyOfRolesRequirement.cs similarity index 57% rename from src/Application/Common/Authorization/MustBeInRolesRequirement.cs rename to src/Application/Common/Authorization/MustBeInAnyOfRolesRequirement.cs index 8035dd0..4a293fb 100644 --- a/src/Application/Common/Authorization/MustBeInRolesRequirement.cs +++ b/src/Application/Common/Authorization/MustBeInAnyOfRolesRequirement.cs @@ -1,31 +1,22 @@ using MediatR.Behaviors.Authorization; -using Microsoft.Extensions.Localization; using cuqmbr.TravelGuide.Domain.Enums; namespace cuqmbr.TravelGuide.Application.Common.Authorization; -public class MustBeInRolesRequirement : IAuthorizationRequirement +public class MustBeInAnyOfRolesRequirement : IAuthorizationRequirement { public ICollection UserRoles { get; init; } public ICollection RequiredRoles { get; init; } - class MustBeInRolesRequirementHandler : - IAuthorizationHandler + class MustBeInAnyOfRolesRequirementHandler : + IAuthorizationHandler { - private readonly IStringLocalizer _localizer; - - public MustBeInRolesRequirementHandler(IStringLocalizer localizer) - { - _localizer = localizer; - } - public Task Handle( - MustBeInRolesRequirement request, + MustBeInAnyOfRolesRequirement request, CancellationToken cancellationToken) { - var isUserInRequiredRoles = - request.UserRoles?.Any(ur => request.RequiredRoles.Contains(ur)) - ?? false; + var isUserInRequiredRoles = request.UserRoles + .Any(ur => request.RequiredRoles.Contains(ur)); if (!isUserInRequiredRoles) { diff --git a/src/Application/Common/Authorization/MustBeObjectOwnerOrAdminRequirement.cs b/src/Application/Common/Authorization/MustBeObjectOwnerOrAdminRequirement.cs new file mode 100644 index 0000000..d33ffc3 --- /dev/null +++ b/src/Application/Common/Authorization/MustBeObjectOwnerOrAdminRequirement.cs @@ -0,0 +1,42 @@ +using MediatR.Behaviors.Authorization; +using cuqmbr.TravelGuide.Domain.Enums; + +namespace cuqmbr.TravelGuide.Application.Common.Authorization; + +public class MustBeObjectOwnerOrAdminRequirement : IAuthorizationRequirement +{ + public ICollection? UserRoles { get; init; } + + public Guid? UserGuid { get; init; } + public Guid? RequiredGuid { get; init; } + + class MustBeObjectOwnerOrAdminRequirementHandler : + IAuthorizationHandler + { + public Task Handle( + MustBeObjectOwnerOrAdminRequirement request, + CancellationToken cancellationToken) + { + var isAdmin = request?.UserRoles + ?.Any(ur => ur.Equals(IdentityRole.Administrator)) ?? + false; + + if (isAdmin) + { + return Task.FromResult(AuthorizationResult.Succeed()); + } + + if (request?.UserGuid == null || request?.RequiredGuid == null) + { + return Task.FromResult(AuthorizationResult.Fail()); + } + + if (request.UserGuid == request.RequiredGuid) + { + return Task.FromResult(AuthorizationResult.Succeed()); + } + + return Task.FromResult(AuthorizationResult.Fail()); + } + } +} diff --git a/src/Application/Companies/Commands/AddCompany/AddCompanyCommandAuthorizer.cs b/src/Application/Companies/Commands/AddCompany/AddCompanyCommandAuthorizer.cs index ea238b8..d7f9f45 100644 --- a/src/Application/Companies/Commands/AddCompany/AddCompanyCommandAuthorizer.cs +++ b/src/Application/Companies/Commands/AddCompany/AddCompanyCommandAuthorizer.cs @@ -19,10 +19,10 @@ public class AddCompanyCommandAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Companies/Commands/DeleteCompany/DeleteCompanyCommandAuthorizer.cs b/src/Application/Companies/Commands/DeleteCompany/DeleteCompanyCommandAuthorizer.cs index 446421d..d71fa4e 100644 --- a/src/Application/Companies/Commands/DeleteCompany/DeleteCompanyCommandAuthorizer.cs +++ b/src/Application/Companies/Commands/DeleteCompany/DeleteCompanyCommandAuthorizer.cs @@ -19,10 +19,10 @@ public class DeleteCompanyCommandAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Companies/Commands/UpdateCompany/UpdateCompanyCommandAuthorizer.cs b/src/Application/Companies/Commands/UpdateCompany/UpdateCompanyCommandAuthorizer.cs index a3f754b..b1b41da 100644 --- a/src/Application/Companies/Commands/UpdateCompany/UpdateCompanyCommandAuthorizer.cs +++ b/src/Application/Companies/Commands/UpdateCompany/UpdateCompanyCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Companies.Commands.UpdateCompany; @@ -9,23 +9,34 @@ public class UpdateCompanyCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public UpdateCompanyCommandAuthorizer(SessionUserService sessionUserService) + public UpdateCompanyCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(UpdateCompanyCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Companies/Queries/GetCompaniesPage/GetCompaniesPageQueryAuthorizer.cs b/src/Application/Companies/Queries/GetCompaniesPage/GetCompaniesPageQueryAuthorizer.cs index 3ed1e1a..d449f07 100644 --- a/src/Application/Companies/Queries/GetCompaniesPage/GetCompaniesPageQueryAuthorizer.cs +++ b/src/Application/Companies/Queries/GetCompaniesPage/GetCompaniesPageQueryAuthorizer.cs @@ -1,6 +1,4 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; -using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Companies.Queries.GetCompaniesPage; @@ -8,24 +6,8 @@ namespace cuqmbr.TravelGuide.Application.Companies.Queries.GetCompaniesPage; public class GetCompaniesPageQueryAuthorizer : AbstractRequestAuthorizer { - private readonly SessionUserService _sessionUserService; - - public GetCompaniesPageQueryAuthorizer(SessionUserService sessionUserService) - { - _sessionUserService = sessionUserService; - } - public override void BuildPolicy(GetCompaniesPageQuery request) { - UseRequirement(new MustBeAuthenticatedRequirement - { - IsAuthenticated= _sessionUserService.IsAuthenticated - }); - - UseRequirement(new MustBeInRolesRequirement - { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles - }); + UseRequirement(new AllowAllRequirement()); } } diff --git a/src/Application/Companies/Queries/GetCompany/GetCompanyQueryAuthorizer.cs b/src/Application/Companies/Queries/GetCompany/GetCompanyQueryAuthorizer.cs index f83a0b8..eadbd4d 100644 --- a/src/Application/Companies/Queries/GetCompany/GetCompanyQueryAuthorizer.cs +++ b/src/Application/Companies/Queries/GetCompany/GetCompanyQueryAuthorizer.cs @@ -1,6 +1,4 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; -using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Companies.Queries.GetCompany; @@ -8,24 +6,8 @@ namespace cuqmbr.TravelGuide.Application.Companies.Queries.GetCompany; public class GetCompanyQueryAuthorizer : AbstractRequestAuthorizer { - private readonly SessionUserService _sessionUserService; - - public GetCompanyQueryAuthorizer(SessionUserService sessionUserService) - { - _sessionUserService = sessionUserService; - } - public override void BuildPolicy(GetCompanyQuery request) { - UseRequirement(new MustBeAuthenticatedRequirement - { - IsAuthenticated= _sessionUserService.IsAuthenticated - }); - - UseRequirement(new MustBeInRolesRequirement - { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles - }); + UseRequirement(new AllowAllRequirement()); } } diff --git a/src/Application/Countries/Commands/AddCountry/AddCountryCommandAuthorizer.cs b/src/Application/Countries/Commands/AddCountry/AddCountryCommandAuthorizer.cs index 930de98..832728e 100644 --- a/src/Application/Countries/Commands/AddCountry/AddCountryCommandAuthorizer.cs +++ b/src/Application/Countries/Commands/AddCountry/AddCountryCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class AddCountryCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Countries/Commands/DeleteCountry/DeleteCountryCommandAuthorizer.cs b/src/Application/Countries/Commands/DeleteCountry/DeleteCountryCommandAuthorizer.cs index 1c327b1..8492015 100644 --- a/src/Application/Countries/Commands/DeleteCountry/DeleteCountryCommandAuthorizer.cs +++ b/src/Application/Countries/Commands/DeleteCountry/DeleteCountryCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class DeleteCountryCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Countries/Commands/UpdateCountry/UpdateCountryCommandAuthorizer.cs b/src/Application/Countries/Commands/UpdateCountry/UpdateCountryCommandAuthorizer.cs index dcdfbe7..1279663 100644 --- a/src/Application/Countries/Commands/UpdateCountry/UpdateCountryCommandAuthorizer.cs +++ b/src/Application/Countries/Commands/UpdateCountry/UpdateCountryCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class UpdateCountryCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Countries/Queries/GetCountriesPage/GetCountriesPageQueryAuthorizer.cs b/src/Application/Countries/Queries/GetCountriesPage/GetCountriesPageQueryAuthorizer.cs index 24ac4df..5b527aa 100644 --- a/src/Application/Countries/Queries/GetCountriesPage/GetCountriesPageQueryAuthorizer.cs +++ b/src/Application/Countries/Queries/GetCountriesPage/GetCountriesPageQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetCountriesPageQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Countries/Queries/GetCountry/GetCountryQueryAuthorizer.cs b/src/Application/Countries/Queries/GetCountry/GetCountryQueryAuthorizer.cs index f158344..a57b9d9 100644 --- a/src/Application/Countries/Queries/GetCountry/GetCountryQueryAuthorizer.cs +++ b/src/Application/Countries/Queries/GetCountry/GetCountryQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetCountryQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Employees/Commands/AddEmployee/AddEmployeeCommandAuthorizer.cs b/src/Application/Employees/Commands/AddEmployee/AddEmployeeCommandAuthorizer.cs index 1255c27..cb39878 100644 --- a/src/Application/Employees/Commands/AddEmployee/AddEmployeeCommandAuthorizer.cs +++ b/src/Application/Employees/Commands/AddEmployee/AddEmployeeCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Employees.Commands.AddEmployee; @@ -9,23 +9,34 @@ public class AddEmployeeCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public AddEmployeeCommandAuthorizer(SessionUserService sessionUserService) + public AddEmployeeCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(AddEmployeeCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Employees/Commands/DeleteEmployee/DeleteEmployeeCommandAuthorizer.cs b/src/Application/Employees/Commands/DeleteEmployee/DeleteEmployeeCommandAuthorizer.cs index f5b826f..9d07ec0 100644 --- a/src/Application/Employees/Commands/DeleteEmployee/DeleteEmployeeCommandAuthorizer.cs +++ b/src/Application/Employees/Commands/DeleteEmployee/DeleteEmployeeCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Employees.Commands.DeleteEmployee; @@ -9,23 +9,34 @@ public class DeleteEmployeeCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public DeleteEmployeeCommandAuthorizer(SessionUserService sessionUserService) + public DeleteEmployeeCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(DeleteEmployeeCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var employee = _unitOfWork.EmployeeRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = employee?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Employees/Commands/UpdateEmployee/UpdateEmployeeCommandAuthorizer.cs b/src/Application/Employees/Commands/UpdateEmployee/UpdateEmployeeCommandAuthorizer.cs index 52bd256..dcc01e3 100644 --- a/src/Application/Employees/Commands/UpdateEmployee/UpdateEmployeeCommandAuthorizer.cs +++ b/src/Application/Employees/Commands/UpdateEmployee/UpdateEmployeeCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Employees.Commands.UpdateEmployee; @@ -9,23 +9,34 @@ public class UpdateEmployeeCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public UpdateEmployeeCommandAuthorizer(SessionUserService sessionUserService) + public UpdateEmployeeCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(UpdateEmployeeCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Employees/Queries/GetEmployee/GetEmployeeQueryAuthorizer.cs b/src/Application/Employees/Queries/GetEmployee/GetEmployeeQueryAuthorizer.cs index 5334ff2..00535f8 100644 --- a/src/Application/Employees/Queries/GetEmployee/GetEmployeeQueryAuthorizer.cs +++ b/src/Application/Employees/Queries/GetEmployee/GetEmployeeQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Employees.Queries.GetEmployee; @@ -9,23 +9,34 @@ public class GetEmployeeQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetEmployeeQueryAuthorizer(SessionUserService sessionUserService) + public GetEmployeeQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetEmployeeQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var employee = _unitOfWork.EmployeeRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = employee?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Employees/Queries/GetEmployeesPage/GetEmployeesPageQueryAuthorizer.cs b/src/Application/Employees/Queries/GetEmployeesPage/GetEmployeesPageQueryAuthorizer.cs index b86a3cb..12b2cae 100644 --- a/src/Application/Employees/Queries/GetEmployeesPage/GetEmployeesPageQueryAuthorizer.cs +++ b/src/Application/Employees/Queries/GetEmployeesPage/GetEmployeesPageQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Employees.Queries.GetEmployeesPage; @@ -9,23 +9,34 @@ public class GetEmployeesPageQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetEmployeesPageQueryAuthorizer(SessionUserService sessionUserService) + public GetEmployeesPageQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetEmployeesPageQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Identity/Accounts/Commands/AddAccount/AddAccountCommandAuthorizer.cs b/src/Application/Identity/Accounts/Commands/AddAccount/AddAccountCommandAuthorizer.cs index 2e62d6b..5cf1ed3 100644 --- a/src/Application/Identity/Accounts/Commands/AddAccount/AddAccountCommandAuthorizer.cs +++ b/src/Application/Identity/Accounts/Commands/AddAccount/AddAccountCommandAuthorizer.cs @@ -23,7 +23,7 @@ public class AddAccountCommandAuthorizer : IsAuthenticated= _sessionAccountService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionAccountService.Roles diff --git a/src/Application/Identity/Accounts/Commands/DeleteAccount/DeleteAccountCommandAuthorizer.cs b/src/Application/Identity/Accounts/Commands/DeleteAccount/DeleteAccountCommandAuthorizer.cs index 4019940..8898f22 100644 --- a/src/Application/Identity/Accounts/Commands/DeleteAccount/DeleteAccountCommandAuthorizer.cs +++ b/src/Application/Identity/Accounts/Commands/DeleteAccount/DeleteAccountCommandAuthorizer.cs @@ -23,7 +23,7 @@ public class DeleteAccountCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Identity/Accounts/Commands/UpdateAccount/UpdateAccountCommandAuthorizer.cs b/src/Application/Identity/Accounts/Commands/UpdateAccount/UpdateAccountCommandAuthorizer.cs index ed54a5a..023bceb 100644 --- a/src/Application/Identity/Accounts/Commands/UpdateAccount/UpdateAccountCommandAuthorizer.cs +++ b/src/Application/Identity/Accounts/Commands/UpdateAccount/UpdateAccountCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class UpdateAccountCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Identity/Accounts/Queries/GetAccount/GetAccountQueryAuthorizer.cs b/src/Application/Identity/Accounts/Queries/GetAccount/GetAccountQueryAuthorizer.cs index 56954d3..99ec778 100644 --- a/src/Application/Identity/Accounts/Queries/GetAccount/GetAccountQueryAuthorizer.cs +++ b/src/Application/Identity/Accounts/Queries/GetAccount/GetAccountQueryAuthorizer.cs @@ -22,7 +22,7 @@ public class GetAccountQueryAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Identity/Accounts/Queries/GetAccountsPage/GetAccountsPageQueryAuthorizer.cs b/src/Application/Identity/Accounts/Queries/GetAccountsPage/GetAccountsPageQueryAuthorizer.cs index 79d158a..53a7a30 100644 --- a/src/Application/Identity/Accounts/Queries/GetAccountsPage/GetAccountsPageQueryAuthorizer.cs +++ b/src/Application/Identity/Accounts/Queries/GetAccountsPage/GetAccountsPageQueryAuthorizer.cs @@ -22,7 +22,7 @@ public class GetAccountsPageQueryAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Identity/Roles/Queries/GetRolesPage/GetRolesPageQueryAuthorizer.cs b/src/Application/Identity/Roles/Queries/GetRolesPage/GetRolesPageQueryAuthorizer.cs index cc167f7..c21d365 100644 --- a/src/Application/Identity/Roles/Queries/GetRolesPage/GetRolesPageQueryAuthorizer.cs +++ b/src/Application/Identity/Roles/Queries/GetRolesPage/GetRolesPageQueryAuthorizer.cs @@ -22,7 +22,7 @@ public class GetRolesPageQueryAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Regions/Commands/AddRegion/AddRegionCommandAuthorizer.cs b/src/Application/Regions/Commands/AddRegion/AddRegionCommandAuthorizer.cs index 7accab4..f2b0ec6 100644 --- a/src/Application/Regions/Commands/AddRegion/AddRegionCommandAuthorizer.cs +++ b/src/Application/Regions/Commands/AddRegion/AddRegionCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class AddRegionCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Regions/Commands/DeleteRegion/DeleteRegionCommandAuthorizer.cs b/src/Application/Regions/Commands/DeleteRegion/DeleteRegionCommandAuthorizer.cs index 07f9266..3d5a52c 100644 --- a/src/Application/Regions/Commands/DeleteRegion/DeleteRegionCommandAuthorizer.cs +++ b/src/Application/Regions/Commands/DeleteRegion/DeleteRegionCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class DeleteRegionCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Regions/Commands/UpdateRegion/UpdateRegionCommandAuthorizer.cs b/src/Application/Regions/Commands/UpdateRegion/UpdateRegionCommandAuthorizer.cs index 2ef62f7..7f7d408 100644 --- a/src/Application/Regions/Commands/UpdateRegion/UpdateRegionCommandAuthorizer.cs +++ b/src/Application/Regions/Commands/UpdateRegion/UpdateRegionCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class UpdateRegionCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Regions/Queries/GetRegion/GetRegionQueryAuthorizer.cs b/src/Application/Regions/Queries/GetRegion/GetRegionQueryAuthorizer.cs index f3fd0f3..2d56d94 100644 --- a/src/Application/Regions/Queries/GetRegion/GetRegionQueryAuthorizer.cs +++ b/src/Application/Regions/Queries/GetRegion/GetRegionQueryAuthorizer.cs @@ -22,9 +22,10 @@ public class GetRegionQueryAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Regions/Queries/GetRegionsPage/GetRegionsPageQueryAuthorizer.cs b/src/Application/Regions/Queries/GetRegionsPage/GetRegionsPageQueryAuthorizer.cs index 248159e..1f9fb10 100644 --- a/src/Application/Regions/Queries/GetRegionsPage/GetRegionsPageQueryAuthorizer.cs +++ b/src/Application/Regions/Queries/GetRegionsPage/GetRegionsPageQueryAuthorizer.cs @@ -22,9 +22,10 @@ public class GetRegionsPageQueryAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Routes/Commands/AddRoute/AddRouteCommandAuthorizer.cs b/src/Application/Routes/Commands/AddRoute/AddRouteCommandAuthorizer.cs index 559ff04..5240e74 100644 --- a/src/Application/Routes/Commands/AddRoute/AddRouteCommandAuthorizer.cs +++ b/src/Application/Routes/Commands/AddRoute/AddRouteCommandAuthorizer.cs @@ -19,12 +19,13 @@ public class AddRouteCommandAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Routes/Commands/DeleteRoute/DeleteRouteCommandAuthorizer.cs b/src/Application/Routes/Commands/DeleteRoute/DeleteRouteCommandAuthorizer.cs index ec3a774..fd47ef4 100644 --- a/src/Application/Routes/Commands/DeleteRoute/DeleteRouteCommandAuthorizer.cs +++ b/src/Application/Routes/Commands/DeleteRoute/DeleteRouteCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class DeleteRouteCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Routes/Commands/UpdateRoute/UpdateRouteCommandAuthorizer.cs b/src/Application/Routes/Commands/UpdateRoute/UpdateRouteCommandAuthorizer.cs index b4f32e6..1f714da 100644 --- a/src/Application/Routes/Commands/UpdateRoute/UpdateRouteCommandAuthorizer.cs +++ b/src/Application/Routes/Commands/UpdateRoute/UpdateRouteCommandAuthorizer.cs @@ -22,7 +22,7 @@ public class UpdateRouteCommandAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/Routes/Queries/GetRoute/GetRouteQueryAuthorizer.cs b/src/Application/Routes/Queries/GetRoute/GetRouteQueryAuthorizer.cs index 16ec495..eba39e0 100644 --- a/src/Application/Routes/Queries/GetRoute/GetRouteQueryAuthorizer.cs +++ b/src/Application/Routes/Queries/GetRoute/GetRouteQueryAuthorizer.cs @@ -19,12 +19,13 @@ public class GetRouteQueryAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/Routes/Queries/GetRoutesPage/GetRoutesPageQueryAuthorizer.cs b/src/Application/Routes/Queries/GetRoutesPage/GetRoutesPageQueryAuthorizer.cs index 57e0d8e..62ae9a3 100644 --- a/src/Application/Routes/Queries/GetRoutesPage/GetRoutesPageQueryAuthorizer.cs +++ b/src/Application/Routes/Queries/GetRoutesPage/GetRoutesPageQueryAuthorizer.cs @@ -22,9 +22,10 @@ public class GetRoutesPageQueryAuthorizer : IsAuthenticated= _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { - RequiredRoles = [IdentityRole.Administrator], + RequiredRoles = + [IdentityRole.Administrator, IdentityRole.CompanyOwner], UserRoles = _sessionUserService.Roles }); } diff --git a/src/Application/TicketGroups/Commands/AddTicketGroup/AddTicketGroupCommandAuthorizer.cs b/src/Application/TicketGroups/Commands/AddTicketGroup/AddTicketGroupCommandAuthorizer.cs index 256e9a3..192bf72 100644 --- a/src/Application/TicketGroups/Commands/AddTicketGroup/AddTicketGroupCommandAuthorizer.cs +++ b/src/Application/TicketGroups/Commands/AddTicketGroup/AddTicketGroupCommandAuthorizer.cs @@ -19,10 +19,10 @@ public class AddTicketGroupCommandAuthorizer : { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + UseRequirement(new MustBeInAnyOfRolesRequirement { RequiredRoles = [IdentityRole.Administrator], UserRoles = _sessionUserService.Roles diff --git a/src/Application/TicketGroups/Queries/GetTicketGroup/GetTicketGroupQueryAuthorizer.cs b/src/Application/TicketGroups/Queries/GetTicketGroup/GetTicketGroupQueryAuthorizer.cs index 4305de1..b9b0782 100644 --- a/src/Application/TicketGroups/Queries/GetTicketGroup/GetTicketGroupQueryAuthorizer.cs +++ b/src/Application/TicketGroups/Queries/GetTicketGroup/GetTicketGroupQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.TicketGroups.Queries.GetTicketGroup; @@ -9,23 +9,34 @@ public class GetTicketGroupQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetTicketGroupQueryAuthorizer(SessionUserService sessionUserService) + public GetTicketGroupQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetTicketGroupQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var ticketGroup = _unitOfWork.TicketGroupRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Account!, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = ticketGroup?.Account?.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/TicketGroups/Queries/GetTicketGroupsPage/GetTicketGroupsPageQueryAuthorizer.cs b/src/Application/TicketGroups/Queries/GetTicketGroupsPage/GetTicketGroupsPageQueryAuthorizer.cs index ba67439..0a105d6 100644 --- a/src/Application/TicketGroups/Queries/GetTicketGroupsPage/GetTicketGroupsPageQueryAuthorizer.cs +++ b/src/Application/TicketGroups/Queries/GetTicketGroupsPage/GetTicketGroupsPageQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.TicketGroups.Queries.GetTicketGroupsPage; @@ -9,23 +9,33 @@ public class GetTicketGroupsPageQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetTicketGroupsPageQueryAuthorizer(SessionUserService sessionUserService) + public GetTicketGroupsPageQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetTicketGroupsPageQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var account = _unitOfWork.AccountRepository + .GetOneAsync( + e => e.Guid == request.AccountGuid, CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = account?.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Trains/Commands/AddTrain/AddTrainCommandAuthorizer.cs b/src/Application/Trains/Commands/AddTrain/AddTrainCommandAuthorizer.cs index 256c7ea..ad27294 100644 --- a/src/Application/Trains/Commands/AddTrain/AddTrainCommandAuthorizer.cs +++ b/src/Application/Trains/Commands/AddTrain/AddTrainCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Trains.Commands.AddTrain; @@ -9,23 +9,34 @@ public class AddTrainCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public AddTrainCommandAuthorizer(SessionUserService sessionUserService) + public AddTrainCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(AddTrainCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Trains/Commands/DeleteTrain/DeleteTrainCommandAuthorizer.cs b/src/Application/Trains/Commands/DeleteTrain/DeleteTrainCommandAuthorizer.cs index 9e888b6..8b3be6d 100644 --- a/src/Application/Trains/Commands/DeleteTrain/DeleteTrainCommandAuthorizer.cs +++ b/src/Application/Trains/Commands/DeleteTrain/DeleteTrainCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Trains.Commands.DeleteTrain; @@ -9,23 +9,34 @@ public class DeleteTrainCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public DeleteTrainCommandAuthorizer(SessionUserService sessionUserService) + public DeleteTrainCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(DeleteTrainCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicel = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicel?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Trains/Commands/UpdateTrain/UpdateTrainCommandAuthorizer.cs b/src/Application/Trains/Commands/UpdateTrain/UpdateTrainCommandAuthorizer.cs index 6a5f59c..01985f6 100644 --- a/src/Application/Trains/Commands/UpdateTrain/UpdateTrainCommandAuthorizer.cs +++ b/src/Application/Trains/Commands/UpdateTrain/UpdateTrainCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Trains.Commands.UpdateTrain; @@ -9,23 +9,34 @@ public class UpdateTrainCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public UpdateTrainCommandAuthorizer(SessionUserService sessionUserService) + public UpdateTrainCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(UpdateTrainCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Trains/Queries/GetTrain/GetTrainQueryAuthorizer.cs b/src/Application/Trains/Queries/GetTrain/GetTrainQueryAuthorizer.cs index dc417e7..e471e0d 100644 --- a/src/Application/Trains/Queries/GetTrain/GetTrainQueryAuthorizer.cs +++ b/src/Application/Trains/Queries/GetTrain/GetTrainQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Trains.Queries.GetTrain; @@ -9,23 +9,34 @@ public class GetTrainQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetTrainQueryAuthorizer(SessionUserService sessionUserService) + public GetTrainQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetTrainQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicel = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicel?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/Trains/Queries/GetTrainsPage/GetTrainsPageQueryAuthorizer.cs b/src/Application/Trains/Queries/GetTrainsPage/GetTrainsPageQueryAuthorizer.cs index 5ce63f8..a8acb71 100644 --- a/src/Application/Trains/Queries/GetTrainsPage/GetTrainsPageQueryAuthorizer.cs +++ b/src/Application/Trains/Queries/GetTrainsPage/GetTrainsPageQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.Trains.Queries.GetTrainsPage; @@ -9,23 +9,34 @@ public class GetTrainsPageQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetTrainsPageQueryAuthorizer(SessionUserService sessionUserService) + public GetTrainsPageQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetTrainsPageQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var company = _unitOfWork.CompanyRepository + .GetOneAsync( + e => e.Guid == request.CompanyGuid, e => e.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = company?.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/VehicleEnrollmentSearch/Queries/SearchAll/SearchAllQueryAuthorizer.cs b/src/Application/VehicleEnrollmentSearch/Queries/SearchAll/SearchAllQueryAuthorizer.cs index fbc4307..4032b4b 100644 --- a/src/Application/VehicleEnrollmentSearch/Queries/SearchAll/SearchAllQueryAuthorizer.cs +++ b/src/Application/VehicleEnrollmentSearch/Queries/SearchAll/SearchAllQueryAuthorizer.cs @@ -1,6 +1,4 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; -using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application @@ -9,25 +7,8 @@ namespace cuqmbr.TravelGuide.Application public class SearchAllQueryAuthorizer : AbstractRequestAuthorizer { - private readonly SessionUserService _sessionUserService; - - public SearchAllQueryAuthorizer( - SessionUserService sessionUserService) - { - _sessionUserService = sessionUserService; - } - public override void BuildPolicy(SearchAllQuery request) { - UseRequirement(new MustBeAuthenticatedRequirement - { - IsAuthenticated= _sessionUserService.IsAuthenticated - }); - - UseRequirement(new MustBeInRolesRequirement - { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles - }); + UseRequirement(new AllowAllRequirement()); } } diff --git a/src/Application/VehicleEnrollmentSearch/Queries/SearchShortest/SearchShortestQueryAuthorizer.cs b/src/Application/VehicleEnrollmentSearch/Queries/SearchShortest/SearchShortestQueryAuthorizer.cs index 055a5d4..0141b59 100644 --- a/src/Application/VehicleEnrollmentSearch/Queries/SearchShortest/SearchShortestQueryAuthorizer.cs +++ b/src/Application/VehicleEnrollmentSearch/Queries/SearchShortest/SearchShortestQueryAuthorizer.cs @@ -1,6 +1,4 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; -using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application @@ -9,25 +7,8 @@ namespace cuqmbr.TravelGuide.Application public class SearchShortestQueryAuthorizer : AbstractRequestAuthorizer { - private readonly SessionUserService _sessionUserService; - - public SearchShortestQueryAuthorizer( - SessionUserService sessionUserService) - { - _sessionUserService = sessionUserService; - } - public override void BuildPolicy(SearchShortestQuery request) { - UseRequirement(new MustBeAuthenticatedRequirement - { - IsAuthenticated= _sessionUserService.IsAuthenticated - }); - - UseRequirement(new MustBeInRolesRequirement - { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles - }); + UseRequirement(new AllowAllRequirement()); } } diff --git a/src/Application/VehicleEnrollments/Commands/AddVehicleEnrollment/AddVehicleEnrollmentCommandAuthorizer.cs b/src/Application/VehicleEnrollments/Commands/AddVehicleEnrollment/AddVehicleEnrollmentCommandAuthorizer.cs index 38f64d6..cf7e8db 100644 --- a/src/Application/VehicleEnrollments/Commands/AddVehicleEnrollment/AddVehicleEnrollmentCommandAuthorizer.cs +++ b/src/Application/VehicleEnrollments/Commands/AddVehicleEnrollment/AddVehicleEnrollmentCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.VehicleEnrollments @@ -10,23 +10,51 @@ public class AddVehicleEnrollmentCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public AddVehicleEnrollmentCommandAuthorizer(SessionUserService sessionUserService) + public AddVehicleEnrollmentCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(AddVehicleEnrollmentCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicle = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.VehicleGuid, e => e.Company.Account, + CancellationToken.None) + .Result; + + var employees = _unitOfWork.EmployeeRepository + .GetPageAsync( + e => request.EmployeeGuids.Contains(e.Guid), + e => e.Company.Account, + 1, request.EmployeeGuids.Count, CancellationToken.None) + .Result.Items; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicle?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); + + foreach (var employee in employees) + { + UseRequirement(new MustBeObjectOwnerOrAdminRequirement + { + UserRoles = _sessionUserService.Roles, + RequiredGuid = employee.Company.Account.Guid, + UserGuid = _sessionUserService.Guid + }); + } } } diff --git a/src/Application/VehicleEnrollments/Commands/DeleteVehicleEnrollment/DeleteVehicleEnrollmentCommandAuthorizer.cs b/src/Application/VehicleEnrollments/Commands/DeleteVehicleEnrollment/DeleteVehicleEnrollmentCommandAuthorizer.cs index 4f9c61f..d880e73 100644 --- a/src/Application/VehicleEnrollments/Commands/DeleteVehicleEnrollment/DeleteVehicleEnrollmentCommandAuthorizer.cs +++ b/src/Application/VehicleEnrollments/Commands/DeleteVehicleEnrollment/DeleteVehicleEnrollmentCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.VehicleEnrollments.Commands.DeleteVehicleEnrollment; @@ -9,23 +9,34 @@ public class DeleteVehicleEnrollmentCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public DeleteVehicleEnrollmentCommandAuthorizer(SessionUserService sessionUserService) + public DeleteVehicleEnrollmentCommandAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(DeleteVehicleEnrollmentCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicelEnrollment = _unitOfWork.VehicleEnrollmentRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Vehicle.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicelEnrollment?.Vehicle.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/VehicleEnrollments/Commands/UpdateVehicleEnrollment/UpdateVehicleEnrollmentCommandAuthorizer.cs b/src/Application/VehicleEnrollments/Commands/UpdateVehicleEnrollment/UpdateVehicleEnrollmentCommandAuthorizer.cs index ad1f9d1..ddc7bef 100644 --- a/src/Application/VehicleEnrollments/Commands/UpdateVehicleEnrollment/UpdateVehicleEnrollmentCommandAuthorizer.cs +++ b/src/Application/VehicleEnrollments/Commands/UpdateVehicleEnrollment/UpdateVehicleEnrollmentCommandAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.VehicleEnrollments @@ -10,24 +10,51 @@ public class UpdateVehicleEnrollmentCommandAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; public UpdateVehicleEnrollmentCommandAuthorizer( - SessionUserService sessionUserService) + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(UpdateVehicleEnrollmentCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicleEnrollment = _unitOfWork.VehicleEnrollmentRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Vehicle.Company.Account, + CancellationToken.None) + .Result; + + var employees = _unitOfWork.EmployeeRepository + .GetPageAsync( + e => request.EmployeeGuids.Contains(e.Guid), + e => e.Company.Account, + 1, request.EmployeeGuids.Count, CancellationToken.None) + .Result.Items; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicleEnrollment?.Vehicle.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); + + foreach (var employee in employees) + { + UseRequirement(new MustBeObjectOwnerOrAdminRequirement + { + UserRoles = _sessionUserService.Roles, + RequiredGuid = employee.Company.Account.Guid, + UserGuid = _sessionUserService.Guid + }); + } } } diff --git a/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollment/GetVehicleEnrollmentQueryAuthorizer.cs b/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollment/GetVehicleEnrollmentQueryAuthorizer.cs index a026fff..32e3d60 100644 --- a/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollment/GetVehicleEnrollmentQueryAuthorizer.cs +++ b/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollment/GetVehicleEnrollmentQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.VehicleEnrollments @@ -10,23 +10,34 @@ public class GetVehicleEnrollmentQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetVehicleEnrollmentQueryAuthorizer(SessionUserService sessionUserService) + public GetVehicleEnrollmentQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetVehicleEnrollmentQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicelEnrollment = _unitOfWork.VehicleEnrollmentRepository + .GetOneAsync( + e => e.Guid == request.Guid, e => e.Vehicle.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicelEnrollment?.Vehicle.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } } diff --git a/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollmentsPage/GetVehicleEnrollmentsPageQueryAuthorizer.cs b/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollmentsPage/GetVehicleEnrollmentsPageQueryAuthorizer.cs index 4d69da0..ec0cbaa 100644 --- a/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollmentsPage/GetVehicleEnrollmentsPageQueryAuthorizer.cs +++ b/src/Application/VehicleEnrollments/Queries/GetVehicleEnrollmentsPage/GetVehicleEnrollmentsPageQueryAuthorizer.cs @@ -1,6 +1,6 @@ using cuqmbr.TravelGuide.Application.Common.Authorization; +using cuqmbr.TravelGuide.Application.Common.Persistence; using cuqmbr.TravelGuide.Application.Common.Services; -using cuqmbr.TravelGuide.Domain.Enums; using MediatR.Behaviors.Authorization; namespace cuqmbr.TravelGuide.Application.VehicleEnrollments.Queries.GetVehicleEnrollmentsPage; @@ -9,23 +9,34 @@ public class GetVehicleEnrollmentsPageQueryAuthorizer : AbstractRequestAuthorizer { private readonly SessionUserService _sessionUserService; + private readonly UnitOfWork _unitOfWork; - public GetVehicleEnrollmentsPageQueryAuthorizer(SessionUserService sessionUserService) + public GetVehicleEnrollmentsPageQueryAuthorizer( + SessionUserService sessionUserService, + UnitOfWork unitOfWork) { _sessionUserService = sessionUserService; + _unitOfWork = unitOfWork; } public override void BuildPolicy(GetVehicleEnrollmentsPageQuery request) { UseRequirement(new MustBeAuthenticatedRequirement { - IsAuthenticated= _sessionUserService.IsAuthenticated + IsAuthenticated = _sessionUserService.IsAuthenticated }); - UseRequirement(new MustBeInRolesRequirement + var vehicles = _unitOfWork.VehicleRepository + .GetOneAsync( + e => e.Guid == request.VehicleGuid, e => e.Company.Account, + CancellationToken.None) + .Result; + + UseRequirement(new MustBeObjectOwnerOrAdminRequirement { - RequiredRoles = [IdentityRole.Administrator], - UserRoles = _sessionUserService.Roles + UserRoles = _sessionUserService.Roles, + RequiredGuid = vehicles?.Company.Account.Guid, + UserGuid = _sessionUserService.Guid }); } }