using MediatR.Behaviors.Authorization; using ExpenseTracker.Application.Common.Authorization; using ExpenseTracker.Application.Common.Exceptions; using ExpenseTracker.Application.Common.Interfaces.Repositories; using ExpenseTracker.Application.Common.Interfaces.Services; using ExpenseTracker.Application.Common.Models; using ExpenseTracker.Domain.Entities; using ExpenseTracker.Domain.Enums; namespace ExpenseTracker.Application.Transactions.Commands.Update; public class UpdateTransactionCommandAuthorizer : AbstractRequestAuthorizer { private readonly ISessionUserService _sessionUserService; private readonly ITransactionRepository _transactionRepository; private readonly IAccountRepository _accountRepository; public UpdateTransactionCommandAuthorizer( ISessionUserService currentUserService, ITransactionRepository repository, IAccountRepository accountRepository) { _sessionUserService = currentUserService; _transactionRepository = repository; _accountRepository = accountRepository; } public override void BuildPolicy(UpdateTransactionCommand request) { UseRequirement(new MustBeAuthenticatedRequirement { IsAuthenticated = _sessionUserService.IsAuthenticated }); var requiredUserId = _transactionRepository.Queryable .Join( _accountRepository.Queryable, t => t.AccountId, b => b.Id, (transaction, account) => new Transaction { Id = transaction.Id, Account = account, } ) .FirstOrDefault(e => e.Id == request.Id)?.Account.UserId; UseRequirement(new MustBeInRolesWhenInteractingWithUnOwnedEntityRequirement { UserId = _sessionUserService.Id, UserRoles = _sessionUserService.Roles, RequiredUserId = requiredUserId, RequiredRoles = new[] { IdentityRoles.Administrator.ToString() } }); } }