diff --git a/src/API/WesternStatesWater.WestDaat.Engines/ValidationEngine.cs b/src/API/WesternStatesWater.WestDaat.Engines/ValidationEngine.cs index 5a527922..a39e1266 100644 --- a/src/API/WesternStatesWater.WestDaat.Engines/ValidationEngine.cs +++ b/src/API/WesternStatesWater.WestDaat.Engines/ValidationEngine.cs @@ -25,11 +25,15 @@ ISecurityUtility securityUtility public async Task Validate(RequestBase request) { var context = _contextUtility.GetContext(); - var permissions = await _securityUtility.GetPermissions(context); + var isAuthorized = await _securityUtility.IsAuthorized(context, request); + if (!isAuthorized) + { + return CreateForbiddenError(request, context); + } return request switch { - ApplicationStoreRequestBase req => ValidateApplicationStoreRequest(req, context, permissions), + ApplicationStoreRequestBase req => ValidateApplicationStoreRequest(req, context), _ => throw new NotImplementedException( $"Validation for request type '{request.GetType().Name}' is not implemented." @@ -37,18 +41,20 @@ public async Task Validate(RequestBase request) }; } - private ErrorBase ValidateApplicationStoreRequest(ApplicationStoreRequestBase request, ContextBase context, - object permissions) + private ErrorBase ValidateApplicationStoreRequest(ApplicationStoreRequestBase request, ContextBase context) { - // If context cannot make a request of this type. - if (permissions is 1) + // If there is additional business logic validation that the request doesn't pass. + if (request is null) { - return CreateForbiddenError(request, context); + return new ValidationError(new Dictionary + { + { "Notes", ["You must cross the T's and dot the lowercase J's."] } + }); } - // If the resources required to fulfill the request are not accessible to the user, or they - // do not exist. - if (permissions is 2) + // If the resources required to fulfill the request + // are not accessible to the user, or they do not exist. + if (request.ToString() is null) { return CreateNotFoundError( context, @@ -57,15 +63,6 @@ private ErrorBase ValidateApplicationStoreRequest(ApplicationStoreRequestBase re ); } - // If there is additional business logic validation that the request doesn't pass. - if (permissions is 3) - { - return new ValidationError(new Dictionary - { - { "Notes", ["You must cross the T's and dot the lowercase J's."] } - }); - } - return null; } diff --git a/src/API/WesternStatesWater.WestDaat.Utilities/ISecurityUtility.cs b/src/API/WesternStatesWater.WestDaat.Utilities/ISecurityUtility.cs index d8240252..576b5b52 100644 --- a/src/API/WesternStatesWater.WestDaat.Utilities/ISecurityUtility.cs +++ b/src/API/WesternStatesWater.WestDaat.Utilities/ISecurityUtility.cs @@ -1,8 +1,12 @@ +using WesternStatesWater.Shared.DataContracts; using WesternStatesWater.WestDaat.Common.Context; namespace WesternStatesWater.WestDaat.Utilities; public interface ISecurityUtility { + // TODO - Needed? Task GetPermissions(ContextBase context); + + Task IsAuthorized(ContextBase context, RequestBase request); } \ No newline at end of file diff --git a/src/API/WesternStatesWater.WestDaat.Utilities/SecurityUtility.cs b/src/API/WesternStatesWater.WestDaat.Utilities/SecurityUtility.cs index 27c79c8d..48abd63f 100644 --- a/src/API/WesternStatesWater.WestDaat.Utilities/SecurityUtility.cs +++ b/src/API/WesternStatesWater.WestDaat.Utilities/SecurityUtility.cs @@ -1,4 +1,7 @@ +using WesternStatesWater.Shared.DataContracts; using WesternStatesWater.WestDaat.Common.Context; +using WesternStatesWater.WestDaat.Contracts.Client.Requests.Admin; +using WesternStatesWater.WestDaat.Contracts.Client.Requests.Conservation; namespace WesternStatesWater.WestDaat.Utilities; @@ -8,4 +11,16 @@ public Task GetPermissions(ContextBase context) { return Task.FromResult((object)42); } + + public Task IsAuthorized(ContextBase context, RequestBase request) + { + return request switch + { + ApplicationStoreRequestBase => Task.FromResult(true), + UserLoadRequestBase => Task.FromResult(true), + _ => throw new NotImplementedException( + $"Authorization for request type '{request.GetType().Name}' is not implemented." + ) + }; + } } \ No newline at end of file