43 lines
1.7 KiB
C#
43 lines
1.7 KiB
C#
|
using System.Reflection;
|
||
|
using DigitalOps.Authority.Attributes;
|
||
|
using OpenHarbor.CQRS.Abstractions.Discovery;
|
||
|
using OpenHarbor.CQRS.Abstractions.Security;
|
||
|
using OpenHarbor.CQRS.DynamicQuery.Discover;
|
||
|
|
||
|
namespace DigitalOps.Authority.Services;
|
||
|
|
||
|
public class CQAuthorizationService(IQueryDiscovery queryDiscovery, UserIdentityService userIdentityService) : IQueryAuthorizationService, ICommandAuthorizationService
|
||
|
{
|
||
|
public async Task<AuthorizationResult> IsAllowedAsync(bool isQuery, Type queryOrCommandType, CancellationToken cancellationToken)
|
||
|
{
|
||
|
// determine subject type.
|
||
|
Type subjectType = queryOrCommandType;
|
||
|
if (isQuery)
|
||
|
{
|
||
|
var queryMeta = queryDiscovery.FindQuery(queryOrCommandType);
|
||
|
if (queryMeta != null && queryMeta is DynamicQueryMeta dqMeta)
|
||
|
{
|
||
|
subjectType = dqMeta.DestinationType;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// allow guest calls.
|
||
|
var allowGuestAttributes = subjectType.GetCustomAttribute<AllowGuestAttribute>(true);
|
||
|
if (null != allowGuestAttributes)
|
||
|
return AuthorizationResult.Allowed;
|
||
|
|
||
|
if (false == userIdentityService.IsAuthenticated())
|
||
|
return AuthorizationResult.Unauthorized;
|
||
|
|
||
|
|
||
|
var isAllowed = await userIdentityService.IsAuthorizedAsync(cancellationToken);
|
||
|
return isAllowed ? AuthorizationResult.Allowed : AuthorizationResult.Forbidden;
|
||
|
}
|
||
|
|
||
|
Task<AuthorizationResult> IQueryAuthorizationService.IsAllowedAsync(Type queryType,
|
||
|
CancellationToken cancellationToken)
|
||
|
=> IsAllowedAsync(true, queryType, cancellationToken);
|
||
|
|
||
|
Task<AuthorizationResult> ICommandAuthorizationService.IsAllowedAsync(Type commandType, CancellationToken cancellationToken)
|
||
|
=> IsAllowedAsync(false, commandType, cancellationToken);
|
||
|
}
|