using EnumsNET;
using System.Collections.Generic;
using AyaNova.Biz;
namespace AyaNova.Api.ControllerHelpers
{
internal static class Authorized
{
///
/// User has any role limited or full
///
///
///
///
internal static bool HasAnyRole(IDictionary HttpContextItems, AuthorizationRoles CheckRoles)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasAnyRole(currentUserRoles, CheckRoles);
}
///
/// User has any role limited or full
///
///
///
///
internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AuthorizationRoles CheckRoles)
{
if (currentUserRoles.HasAnyFlags(CheckRoles))
return true;
return false;
}
///
/// READ FULL RECORD (not just name and id)
///
///
///
///
internal static bool IsAuthorizedToReadFullRecord(IDictionary HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return IsAuthorizedToReadFullRecord(currentUserRoles, objectType);
}
///
/// READ FULL RECORD (not just name and id)
///
///
///
///
internal static bool IsAuthorizedToReadFullRecord(AuthorizationRoles currentUserRoles, AyaType objectType)
{
//NOTE: this assumes that if you can change you can read
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).ReadFullRecord))
return true;
return false;
}
///
/// CREATE
///
///
///
///
internal static bool IsAuthorizedToCreate(IDictionary HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return IsAuthorizedToCreate(currentUserRoles, objectType);
}
///
/// CREATE
///
///
///
///
internal static bool IsAuthorizedToCreate(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn))
return true;
return false;
}
///
/// MODIFY
///
///
///
///
///
internal static bool IsAuthorizedToModify(IDictionary HttpContextItems, AyaType objectType, long ownerId = -1)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems);
return IsAuthorizedToModify(currentUserRoles, currentUserId, objectType, ownerId);
}
///
/// MODIFY
///
///
///
///
///
///
internal static bool IsAuthorizedToModify(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = -1)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (ownerId != -1)
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
return true;
return false;
}
///
/// DELETE
///
///
///
///
///
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool IsAuthorizedToDelete(IDictionary HttpContextItems, AyaType objectType, long ownerId = 1)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems);
return IsAuthorizedToDelete(currentUserRoles, currentUserId, objectType, ownerId);
}
///
/// DELETE
///
///
///
///
///
///
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool IsAuthorizedToDelete(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = 1)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
return true;
return false;
}
}
}//eons