-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PT-14717: permissions for properties (#716)
- Loading branch information
Showing
15 changed files
with
256 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
src/VirtoCommerce.CatalogModule.Data/Authorization/CustomPropertyRequirement.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
using VirtoCommerce.CatalogModule.Core; | ||
using VirtoCommerce.Platform.Security.Authorization; | ||
|
||
namespace VirtoCommerce.CatalogModule.Data.Authorization | ||
{ | ||
public class CustomPropertyRequirement : PermissionAuthorizationRequirement | ||
{ | ||
public CustomPropertyRequirement() : base(ModuleConstants.Security.Permissions.CatalogCustomPropertyEdit) | ||
{ | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
111 changes: 111 additions & 0 deletions
111
src/VirtoCommerce.CatalogModule.Web/Authorization/CustomPropertyRequirementHandler.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Threading.Tasks; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.AspNetCore.Mvc; | ||
using Microsoft.Extensions.Options; | ||
using VirtoCommerce.CatalogModule.Core.Model; | ||
using VirtoCommerce.CatalogModule.Core.Model.Search; | ||
using VirtoCommerce.CatalogModule.Core.Search; | ||
using VirtoCommerce.CatalogModule.Data.Authorization; | ||
using VirtoCommerce.Platform.Core.Security; | ||
using VirtoCommerce.Platform.Security.Authorization; | ||
|
||
namespace VirtoCommerce.CatalogModule.Web.Authorization | ||
{ | ||
public sealed class CustomPropertyRequirementHandler : PermissionAuthorizationHandlerBase<CustomPropertyRequirement> | ||
{ | ||
private readonly IProductSearchService _productSearch; | ||
private readonly MvcNewtonsoftJsonOptions _jsonOptions; | ||
public CustomPropertyRequirementHandler(IOptions<MvcNewtonsoftJsonOptions> jsonOptions, IProductSearchService productSearch) | ||
{ | ||
_productSearch = productSearch; | ||
_jsonOptions = jsonOptions.Value; | ||
} | ||
|
||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomPropertyRequirement requirement) | ||
{ | ||
await base.HandleRequirementAsync(context, requirement); | ||
|
||
if (!context.HasSucceeded) | ||
{ | ||
var userPermissions = context.User.FindPermissions(requirement.Permission, _jsonOptions.SerializerSettings); | ||
|
||
if (userPermissions.Count != 0) | ||
{ | ||
return; | ||
} | ||
switch (context.Resource) | ||
{ | ||
case IEnumerable<CatalogProduct> products when await CustomPropertyChanged(products): | ||
case CatalogProduct product when await CustomPropertyChanged(new[] { product }): | ||
context.Succeed(requirement); | ||
break; | ||
} | ||
} | ||
} | ||
|
||
private async Task<bool> CustomPropertyChanged(IEnumerable<CatalogProduct> products) | ||
{ | ||
var searchCriteria = new ProductSearchCriteria | ||
{ | ||
ObjectIds = products.Select(x => x.Id).ToArray(), | ||
SearchInVariations = true, | ||
ResponseGroup = ItemResponseGroup.WithProperties.ToString(), | ||
Take = products.Count() | ||
}; | ||
var sourceProducts = (await _productSearch.SearchAsync(searchCriteria)).Results; | ||
|
||
foreach (var changedProduct in products) | ||
{ | ||
var sourceProduct = sourceProducts.FirstOrDefault(x => x.Id == changedProduct.Id); | ||
if (sourceProduct == null || !CustomPropertiesChanged(sourceProduct.Properties, changedProduct.Properties)) | ||
{ | ||
return false; | ||
} | ||
} | ||
|
||
return true; | ||
} | ||
|
||
private static bool CustomPropertiesChanged(IList<Property> source, IList<Property> changed) | ||
{ | ||
if (source.Count(x => x.Id == null) != changed.Count(x => x.Id == null)) | ||
{ | ||
return false; | ||
} | ||
|
||
foreach (var sourceProperty in source.Where(x => x.Id == null)) | ||
{ | ||
var changedProperty = changed.FirstOrDefault(x => x.Name == sourceProperty.Name); | ||
if (changedProperty == null || !CustomPropertyValuesChanged(sourceProperty, changedProperty)) | ||
{ | ||
return false; | ||
} | ||
} | ||
|
||
return true; | ||
} | ||
|
||
private static bool CustomPropertyValuesChanged(Property source, Property changed) | ||
{ | ||
if (source.Values.Count != changed.Values.Count) | ||
{ | ||
return false; | ||
} | ||
|
||
foreach (var sourceValue in source.Values) | ||
{ | ||
var changedValue = changed.Values.FirstOrDefault(x => x.Id == sourceValue.Id); | ||
if (changedValue == null | ||
|| changed.Name != sourceValue.PropertyName | ||
|| changed.ValueType != sourceValue.ValueType) | ||
{ | ||
return false; | ||
} | ||
} | ||
|
||
return true; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.