classlib/ExpenseTracker.Application/Transactions/Queries/Get/GetTransactionQueryAuthorizer.cs

using MediatR.Behaviors.Authorization;
using ExpenseTracker.Application.Common.Authorization;
using ExpenseTracker.Application.Common.Exceptions;
using ExpenseTracker.Application.Common.Interfaces.Repositories;
using ExpenseTracker.Application.Common.Interfaces.Services;
using ExpenseTracker.Application.Common.Models;

namespace ExpenseTracker.Application.Transactions.Queries.Get;

public class GetTransactionQueryAuthorizer : AbstractRequestAuthorizer<GetTransactionQuery>
{
    private readonly ISessionUserService _sessionUserService;
    private readonly IAccountRepository _accountRepository;
    private readonly ITransactionRepository _transactionRepository;

    public GetTransactionQueryAuthorizer(
        ISessionUserService currentUserService,
        IAccountRepository accountRepository,
        ITransactionRepository transactionRepository)
    {
        _sessionUserService = currentUserService;
        _accountRepository = accountRepository;
        _transactionRepository = transactionRepository;
    }

    public override void BuildPolicy(GetTransactionQuery request)
    {
        UseRequirement(new MustBeAuthenticatedRequirement
        {
            IsAuthenticated = _sessionUserService.IsAuthenticated
        });

        var accountId = _transactionRepository.Queryable.FirstOrDefault(e => e.Id == request.Id)?.AccountId;
        var requiredUserId = _accountRepository.Queryable.FirstOrDefault(e => e.Id == accountId)?.UserId;

        UseRequirement(new MustBeInRolesWhenInteractingWithUnOwnedEntityRequirement
        {
            UserId = _sessionUserService.Id,
            UserRoles = _sessionUserService.Roles,
            RequiredUserId = requiredUserId,
            RequiredRoles = new[] { IdentityRoles.Administrator.ToString() }
        });
    }
}