classlib/ExpenseTracker.Application/Users/Commands/Create/CreateUserCommandAuthorizer.cs

using MediatR.Behaviors.Authorization;
using ExpenseTracker.Application.Common.Authorization;
using ExpenseTracker.Application.Common.Exceptions;
using ExpenseTracker.Application.Common.Interfaces.Services;
using ExpenseTracker.Application.Common.Models;

namespace ExpenseTracker.Application.Users.Commands.Create;

public class CreateUserCommandAuthorizer : AbstractRequestAuthorizer<CreateUserCommand>
{
    private readonly ISessionUserService _sessionUserService;

    public CreateUserCommandAuthorizer(ISessionUserService currentUserService)
    {
        _sessionUserService = currentUserService;
    }

    public override void BuildPolicy(CreateUserCommand request)
    {
        UseRequirement(new MustBeAuthenticatedRequirement
        {
            IsAuthenticated = _sessionUserService.IsAuthenticated
        });

        UseRequirement(new MustBeInRolesRequirement
        {
            UserRoles = _sessionUserService.Roles,
            RequiredRoles = new string[] { IdentityRoles.Administrator.ToString() }
        });
    }
}