diff --git a/Svrnty.CQRS.Grpc.Generators/GrpcGenerator.cs b/Svrnty.CQRS.Grpc.Generators/GrpcGenerator.cs index ae87ba7..e6b7c87 100644 --- a/Svrnty.CQRS.Grpc.Generators/GrpcGenerator.cs +++ b/Svrnty.CQRS.Grpc.Generators/GrpcGenerator.cs @@ -2291,6 +2291,7 @@ namespace Svrnty.CQRS.Grpc.Generators sb.AppendLine("using Google.Protobuf.WellKnownTypes;"); sb.AppendLine($"using {rootNamespace}.Grpc;"); sb.AppendLine("using Svrnty.CQRS.Abstractions;"); + sb.AppendLine("using Svrnty.CQRS.Abstractions.Security;"); sb.AppendLine(); sb.AppendLine($"namespace {rootNamespace}.Grpc.Services"); @@ -2321,6 +2322,17 @@ namespace Svrnty.CQRS.Grpc.Generators sb.AppendLine(" using var scope = _scopeFactory.CreateScope();"); sb.AppendLine(" var serviceProvider = scope.ServiceProvider;"); sb.AppendLine(); + sb.AppendLine(" // Authorization check"); + sb.AppendLine($" var authorizationService = serviceProvider.GetService();"); + sb.AppendLine(" if (authorizationService != null)"); + sb.AppendLine(" {"); + sb.AppendLine($" var authResult = await authorizationService.IsAllowedAsync(typeof({command.FullyQualifiedName}), context.CancellationToken);"); + sb.AppendLine(" if (authResult == AuthorizationResult.Unauthorized)"); + sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.Unauthenticated, \"Unauthorized\"));"); + sb.AppendLine(" if (authResult == AuthorizationResult.Forbidden)"); + sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.PermissionDenied, \"Forbidden\"));"); + sb.AppendLine(" }"); + sb.AppendLine(); sb.AppendLine($" var command = new {command.FullyQualifiedName}"); sb.AppendLine(" {"); foreach (var prop in command.Properties) @@ -2425,6 +2437,7 @@ namespace Svrnty.CQRS.Grpc.Generators sb.AppendLine("using Microsoft.Extensions.DependencyInjection;"); sb.AppendLine($"using {rootNamespace}.Grpc;"); sb.AppendLine("using Svrnty.CQRS.Abstractions;"); + sb.AppendLine("using Svrnty.CQRS.Abstractions.Security;"); sb.AppendLine(); sb.AppendLine($"namespace {rootNamespace}.Grpc.Services"); @@ -2455,6 +2468,17 @@ namespace Svrnty.CQRS.Grpc.Generators sb.AppendLine(" using var scope = _scopeFactory.CreateScope();"); sb.AppendLine(" var serviceProvider = scope.ServiceProvider;"); sb.AppendLine(); + sb.AppendLine(" // Authorization check"); + sb.AppendLine($" var authorizationService = serviceProvider.GetService();"); + sb.AppendLine(" if (authorizationService != null)"); + sb.AppendLine(" {"); + sb.AppendLine($" var authResult = await authorizationService.IsAllowedAsync(typeof({query.FullyQualifiedName}), context.CancellationToken);"); + sb.AppendLine(" if (authResult == AuthorizationResult.Unauthorized)"); + sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.Unauthenticated, \"Unauthorized\"));"); + sb.AppendLine(" if (authResult == AuthorizationResult.Forbidden)"); + sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.PermissionDenied, \"Forbidden\"));"); + sb.AppendLine(" }"); + sb.AppendLine(); sb.AppendLine($" var handler = serviceProvider.GetRequiredService<{query.HandlerInterfaceName}>();"); sb.AppendLine($" var query = new {query.FullyQualifiedName}"); sb.AppendLine(" {"); @@ -2736,6 +2760,7 @@ namespace Svrnty.CQRS.Grpc.Generators sb.AppendLine("using Microsoft.Extensions.DependencyInjection;"); sb.AppendLine($"using {rootNamespace}.Grpc;"); sb.AppendLine("using Svrnty.CQRS.Abstractions;"); + sb.AppendLine("using Svrnty.CQRS.Abstractions.Security;"); sb.AppendLine("using Svrnty.CQRS.DynamicQuery.Abstractions;"); sb.AppendLine("using PoweredSoft.DynamicQuery.Core;"); sb.AppendLine(); @@ -2768,6 +2793,17 @@ namespace Svrnty.CQRS.Grpc.Generators sb.AppendLine(" using var scope = _scopeFactory.CreateScope();"); sb.AppendLine(" var serviceProvider = scope.ServiceProvider;"); sb.AppendLine(); + sb.AppendLine(" // Authorization check"); + sb.AppendLine($" var authorizationService = serviceProvider.GetService();"); + sb.AppendLine(" if (authorizationService != null)"); + sb.AppendLine(" {"); + sb.AppendLine($" var authResult = await authorizationService.IsAllowedAsync(typeof({dynamicQuery.QueryInterfaceName}), context.CancellationToken);"); + sb.AppendLine(" if (authResult == AuthorizationResult.Unauthorized)"); + sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.Unauthenticated, \"Unauthorized\"));"); + sb.AppendLine(" if (authResult == AuthorizationResult.Forbidden)"); + sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.PermissionDenied, \"Forbidden\"));"); + sb.AppendLine(" }"); + sb.AppendLine(); // Build the dynamic query object if (dynamicQuery.HasParams)