58 lines
2.1 KiB
C#
58 lines
2.1 KiB
C#
using MediatR.Behaviors.Authorization;
|
|
using ExpenseTracker.Application.Common.Authorization;
|
|
using ExpenseTracker.Application.Common.Exceptions;
|
|
using ExpenseTracker.Application.Common.Interfaces.Repositories;
|
|
using ExpenseTracker.Application.Common.Interfaces.Services;
|
|
using ExpenseTracker.Application.Common.Models;
|
|
using ExpenseTracker.Domain.Entities;
|
|
using ExpenseTracker.Domain.Enums;
|
|
|
|
namespace ExpenseTracker.Application.Transactions.Commands.Update;
|
|
|
|
public class UpdateTransactionCommandAuthorizer : AbstractRequestAuthorizer<UpdateTransactionCommand>
|
|
{
|
|
private readonly ISessionUserService _sessionUserService;
|
|
private readonly ITransactionRepository _transactionRepository;
|
|
private readonly IAccountRepository _accountRepository;
|
|
|
|
public UpdateTransactionCommandAuthorizer(
|
|
ISessionUserService currentUserService,
|
|
ITransactionRepository repository,
|
|
IAccountRepository accountRepository)
|
|
{
|
|
_sessionUserService = currentUserService;
|
|
_transactionRepository = repository;
|
|
_accountRepository = accountRepository;
|
|
}
|
|
|
|
public override void BuildPolicy(UpdateTransactionCommand request)
|
|
{
|
|
UseRequirement(new MustBeAuthenticatedRequirement
|
|
{
|
|
IsAuthenticated = _sessionUserService.IsAuthenticated
|
|
});
|
|
|
|
var requiredUserId = _transactionRepository.Queryable
|
|
.Join(
|
|
_accountRepository.Queryable,
|
|
t => t.AccountId,
|
|
b => b.Id,
|
|
(transaction, account) =>
|
|
new Transaction
|
|
{
|
|
Id = transaction.Id,
|
|
Account = account,
|
|
}
|
|
)
|
|
.FirstOrDefault(e => e.Id == request.Id)?.Account.UserId;
|
|
|
|
UseRequirement(new MustBeInRolesWhenInteractingWithUnOwnedEntityRequirement
|
|
{
|
|
UserId = _sessionUserService.Id,
|
|
UserRoles = _sessionUserService.Roles,
|
|
RequiredUserId = requiredUserId,
|
|
RequiredRoles = new[] { IdentityRoles.Administrator.ToString() }
|
|
});
|
|
}
|
|
}
|