dotnet-digital-ops/DigitalOps.Authority/Services/CQAuthorizationService.cs

43 lines
1.7 KiB
C#
Raw Normal View History

2025-01-02 15:10:52 -05:00
using System.Reflection;
using DigitalOps.Authority.Attributes;
using OpenHarbor.CQRS.Abstractions.Discovery;
using OpenHarbor.CQRS.Abstractions.Security;
using OpenHarbor.CQRS.DynamicQuery.Discover;
namespace DigitalOps.Authority.Services;
public class CQAuthorizationService(IQueryDiscovery queryDiscovery, UserIdentityService userIdentityService) : IQueryAuthorizationService, ICommandAuthorizationService
{
public async Task<AuthorizationResult> IsAllowedAsync(bool isQuery, Type queryOrCommandType, CancellationToken cancellationToken)
{
// determine subject type.
Type subjectType = queryOrCommandType;
if (isQuery)
{
var queryMeta = queryDiscovery.FindQuery(queryOrCommandType);
if (queryMeta != null && queryMeta is DynamicQueryMeta dqMeta)
{
subjectType = dqMeta.DestinationType;
}
}
// allow guest calls.
var allowGuestAttributes = subjectType.GetCustomAttribute<AllowGuestAttribute>(true);
if (null != allowGuestAttributes)
return AuthorizationResult.Allowed;
if (false == userIdentityService.IsAuthenticated())
return AuthorizationResult.Unauthorized;
var isAllowed = await userIdentityService.IsAuthorizedAsync(cancellationToken);
return isAllowed ? AuthorizationResult.Allowed : AuthorizationResult.Forbidden;
}
Task<AuthorizationResult> IQueryAuthorizationService.IsAllowedAsync(Type queryType,
CancellationToken cancellationToken)
=> IsAllowedAsync(true, queryType, cancellationToken);
Task<AuthorizationResult> ICommandAuthorizationService.IsAllowedAsync(Type commandType, CancellationToken cancellationToken)
=> IsAllowedAsync(false, commandType, cancellationToken);
}